Targeted Annual Core Control Self-Assessment Audit in Small Departments (Fiscal Year 2023–2024)
October 2025
Office of the Comptroller General
Executive summary
This report outlines the findings of the Targeted Annual Core Control Self-Assessment Audit in Small Departments (SDs) for Library and Archives Canada (LAC) and the Financial Consumer Agency of Canada (FCAC) in the areas of procurement, payables at year-end (PAYE) and receivables management.
The audit found that:
- In the area of procurement, opportunities for improvement were noted with respect to documentation supporting non-competitive contracts, due diligence when procuring with the same vendor, proactive disclosure and procurement management frameworks. These results were partially aligned with the SDs’ self-assessed results.
- Both SDs had high compliance ratings in PAYE and receivables management, consistent with their self-assessed results. Noted exception related to timely execution of certification authority.
Background
The Office of the Comptroller General (OCG) Audit Operations’ mandate under the Treasury Board Policy on Internal Audit includes leading internal audit engagements focusing on SDs that do not have their own internal audit function.
In 2021, the OCG implemented a renewed approach to conduct assurance engagements in SDs. This included the roll‑out of a series of self-assessment tools addressing key financial management policy areas, requiring SDs to gradually submit their results over a 5-year period. Following the submission of results, the OCG conducts annual targeted audits to validate self-assessments in a sample of SDs.
This report presents the key findings, recommendations and general advice that stem from the completion of the OCG’s second targeted annual audit cycle, focused on procurement, PAYE and receivables management.
Audit objectives and scope
The objectives of this audit were to:
- verify the accuracy of a sample of SD self-assessment results in the areas of procurement, PAYE and receivables management
- provide related insight to help address common challenges and risks
The two SDs selected for the targeted audit were the following:
- Library and Archives Canada (LAC)
- Financial Consumer Agency of Canada (FCAC)
Further details on the scope, approach, methodology and criteria assessed in this audit are included in Appendix A.
Conformance with professional standards
This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Sheri Ostridge, MEd, CIA
Assistant Comptroller General and Chief Audit Executive
Internal Audit Sector, Office of the Comptroller General
Finding 1: Procurement
What was expected and why it is important
ЅDs are required to adhere to established Treasury Board policies and directives related to procurement. Procurements must be managed in a manner that demonstrates sound stewardship and best value consistent with the Government of Canada’s commitment to Indigenous reconciliation and its socioeconomic‑objectives including greening government, supporting small- and medium-sized еnterprises and improving accessibility. Procurements should be managed in a manner that is fair, open and transparent, and meets public expectations in matters of prudence and probity. SDs are expected to implement procedures to:
- effectively manage non-competitive and competitive procurement and retain key documentation
- have contracts approved by an individual with the appropriate authority in a timely manner
- proactively disclose contracts over $10,000
- establish a procurement management framework
Effective controls over procurement are essential to ensure that procurement helps departments provide programs and services to Canadians, stand the test of public scrutiny, facilitate access, encourage competition and achieve best value to the Crown in the spending of public funds.
Establishing a procurement management framework also helps ensure that procurements are ϲonducted with integrity and comply with the suite of procurement instruments and the Values and Ethics Code for the Public Sector. Procurement management frameworks help organizations support employees involved in pгocurement, assess and manage risks, monitor performance and make informed dеcisions.
What was found
Тhe audit noted that for both SDs, there were many areas where the level of compliance observed was high. Notably, for competitive procurement, in most cases:
- the statement of work, work description and evaluation criteria were open, fair and transparent
- the contractor was evaluated and selected in accordance with the terms and conditions of the bid
- expenditure initiation was appropriate
- expenses were approved by an individual with the appropriate authority and prior to the signing of the contract
Non-competitive procurement
The audit found that, for non-competitive procurement, statements of work and best value analyses were not always sufficiently documented and substantiated. In some cases, the following was found:
- The vendor’s proposal was used as the statement of work
- Best value analysis did not identify how and why the vendor achieved best value for the department
Collectively, these gaps create a potential perception of bias towards one vendor and restrict the search for alternatives.
There were two instances where a call-up against a non-competitive standing offer issued by Public Services and Procurement Canada (PSPC) was self-assessed as a competitive contract. While recognizing the shared responsibilities between the SD and PSPC, in one of those instances, the SD ultimately did not have the appropriate documentation to support the justification for the non‑competitive contract that was established.
Due diligence when procuring with the same vendor
In both SDs, there was evidence suggesting a potential risk of contract splitting. More specifically, there were consecutive contracts put in place with the same vendor for similar deliverables. Had these multiple contracts been combined, they would have exceeded the sole source justification limits of $25,000 for goods and $40,000 for services. In another instance, a department awarded consecutive competitive contracts to the same vendor for similar work where that vendor was the sole bidder. Both contracts were exactly at the departmental procurement limit and, had they been combined, Treasury Board approval would have been required.
It would have been prudent to conduct additional due diligence to ensure the openness, fairness and transparency of the procurement process in situations where there were consecutive contracts with the same vendor.
Contract approvals
While the contracts were frequently approved by an appropriate authority, there were a few instances in one SD where the lack of available documentation made it impossible to determine whether the appropriate authority was exercised.
Proactive disclosure
While all contracts for both SDs were proactively disclosed, the disclosed information by one SD, including contract values and timelines, was inconsistent across most contracts, leading to reduced transparency and accountability. To help mitigate this risk, and subsequent to the audit, the SD introduced additional reviews over its proactive disclosure activities, extending up to the Chief Financial Officer.
Procurement management framework
The audit found that neither SD had a procurement management framework in place during the scope period. During the audit, it was noted that both departments developed procurement management frameworks that generally align with required elements. These procurement management frameworks are projected to be fully implemented in fiscal year 2025–26.
Potential reasons for variations in policy compliance
The Government of Canada procures a wide range of goods and services, with each type of procurement having its own set of requirements and challenges. As such, there is a high level of complexity related to procurement. In SDs, given the limited resources, navigating the various complex processes and procedures in procurement can be challenging.
Accuracy between self-assessment ratings and audit ratings
When comparing the self-assessment ratings and the audit ratings for procurement, one SD had 93% accuracy while the other had 87% accuracy.
Finding 2: Payables at year-end and receivables management
What was expected and why it is important
SDs are required to adhere to established Treasury Board policies and directives related to PAYE and receivables management and to ensure that governance, oversight and internal controls over these areas are effective.
Compliance in these areas directly supports deputy heads in their role as accounting officers under the Financial Administration Act. Balanced controls in both areas enable departments to address government priorities in managing risk and financial resources. This is achieved by demonstrating sound stewardship of public funds through integrity, transparency and accountability.
What was found
Overall, the audit noted high compliance with the established criteria in the areas of PAYE and receivables management in both SDs.
PAYE
The audit found high compliance in most areas of PAYE:
- PAYE were properly established, recorded and settled in the appropriate payable account in almost all cases
- Certification authority was performed by the appropriate delegated authority in almost all cases, and expenses were properly supported with proof of execution and cost
There were a few instances where certification authority was not completed in a timely manner, which may cause delays in processing payments to the vendors.
Receivables management
The audit found high compliance in most areas of receivables management. For example, the collection and recording of the sampled receivables were accurate, a process was in place to take timely actions (including write-off) when a receivable was not settled in full, and procedures were implemented to demonstrate that receivables were minimized to the extent possible and that duties were segregated. Documentation was provided that shows debtors were informed of payment terms.
In one instance, it was determined that the operational requirement for granting credit was not documented and that a credit policy was not in place. As a result, customers were allowed up to 30 days to settle their invoices. Despite the transactions being of low materiality, without a proper credit policy in place, credit may be granted in situations outside of the departments’ operational requirements and acceptable levels of risk.
Potential reasons for high policy compliance
Both areas of PAYE and receivables management are core operational activities within the two SDs. Based on interviews conducted during the audit, these areas have dedicated and specialized teams of individuals with multiple years of experience.
Accuracy between self-assessment ratings and audit ratings
When comparing the self-assessment ratings and the audit ratings for PAYE, one SD had 100% accuracy while the other had 91% accuracy.
For receivables management, one SD had 100% accuracy while the other had 94% accuracy.
Recommendations
- FCAC and LAC should ensure that their procurement processes include steps to develop and retain key documentation, including but not limited to:
- a statement of work defined prior to vendor selection and contract award
- an analysis of how and why the vendor achieves best value for the department
- due diligence when procuring with the same vendor
- FCAC should formalize its process to ensure that contracts are properly disclosed with the appropriate information. For example, this could include a post-verification of the disclosed contracts.
- LAC should implement a procurement management framework that aligns with required elements as defined in the Directive on the Management of Procurement.
General guidance for all small departments
Throughout the targeted audit, some opportunities to strengthen the process for delegating spending and financial authorities were observed. It could be beneficial for SDs to implement an annual monitoring process to ensure that delegation instruments are current and approved in accordance with the Directive on Delegation of Spending and Financial Authorities. Specimen signature cards should also contain the appropriate information, including the relevant authorities, the areas of responsibility and the effective dates.
Management response
The findings and recommendations of this engagement were presented to the departments that were included in its scope. Management has agreed with the findings included in this report and will take action to address all applicable recommendations.
Appendix A: Lines of enquiry and levels of compliance
In the fall of 2023, 42 SDs were required to provide the OCG the results of their self-assessments (covering fiscal year 2022–23)Footnote 1 in the areas of procurement, PAYE and receivables management using the prescribed OCG tools. The audit assessed the documentation provided by the participating SDs to support the ratings from their individual self-assessments. As required, follow-up interviews were conducted with senior level‑departmental representatives with key financial management responsibilities.
The OCG also reviewed the sampling approaches adopted by the audited SDs to determine whether they aligned with the sampling guidance provided in the tools. The OCG did not select additional samples for the audit. Due to the small sample size (two departments), the audit results provide only a limited indication of the overall reliability of self-assessments completed by all 42 participating SDs and, as a result, quantifiable statistical extrapolations are not possible.
The tables below present the criteria and the audit results of the two SDs evaluated in the areas of procurement, PAYE and receivables management. The criteria for assessment were derived from mandatory policy requirements and selected based on emerging risks, rather than in a sequential order, to provide a comprehensive view of each assessed financial management policy area. The criteria and sub-criteria assessed in this audit were identical to those used by the SDs for their self-assessment.
To facilitate result comparisons, the following compliance rating scale was used for both the self-assessments and the audit:
- Low: Less than 80% compliance
- Medium: Less than 90% compliance and greater than or equal to 80% compliance
- High: Greater than or equal to 90% compliance
| Line of enquiry | Criteria | SD 1 | SD 2 | Related source(s) |
|---|---|---|---|---|
| 1. There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contracts Regulations. |
1.1 Non-competitive: Statement of work is defined prior to vendor selection and contract award. 1.2 Non-competitive: Justification for non-competitive contracts (sole sourcing) is appropriately documented and substantiated. 1.3 Non-competitive: Analysis is performed to achieve best value. 1.4 Non-competitive: There is no evidence of contract splitting. |
Medium (81%) | Low (50%) | |
| 3. Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. |
3.2 Competitive: For competitive processes, the statement of work (SOW), work description and evaluation criteria are open, fair and transparent. 3.3 Competitive: Contractors, goods or services were evaluated and selected in accordance with the terms and conditions of the bid. |
High (100%) | High (90%) | Directive on the Management of Procurement [] |
| 4. Funds commitment availability is certified by someone with the delegated authority prior to the expenditure at the value expected to be incurred. (section 32 of the Financial Administration Act). |
4.1 Expense is approved by the appropriate delegated authority. 4.2 Expense is approved prior to the signing of the contract. |
High (95%) | High (95%) |
Directive on Delegation of Spending and Financial Authorities [ ] Guide to Delegating and Applying Spending and Financial Authorities [ ] |
| 5. Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract. |
5.1 The contracts are signed by someone with the appropriate delegated authority (transaction authority). 5.5 Contract and/or amendments are issued before goods or services are received. 5.6 Contract amendments are justified and substantiated. 5.7 Contract amendments are approved by authorized officers. 5.8 Contract amendments are issued before contract expiry date. |
Low (75%) | High (97%) | Directive on the Management of Procurement [ ] Directive on Delegation of Spending and Financial Authorities [ ] Guide to Delegating and Applying Spending and Financial Authorities [ ] |
| 8. Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements | 8.1 Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. | High (100%) | Low (25%) | |
| 9. A procurement management framework was established and includes key elements. |
9.1 A procurement management framework was established. 9.2 The established procurement management framework is aligned with required elements as defined in the Directive on the Management of Procurement. |
Low (0%) |
Low (0%) |
Directive on the Management of Procurement [] |
| Line of enquiry | Criteria | SD 1 | SD 2 | Related source(s) |
|---|---|---|---|---|
| 1. Payables at year-end is properly established. |
1.1 Payables to outside organizations and individuals resulting from operations up to and including in each fiscal year are recorded in the appropriate payable account. 1.2 Settlement of recorded payables are charged to the appropriate payable account. |
High (94%) | High (100%) | Directive on Accounting Standards: GC 5100 Payables at Year-End [ ] Directive on Delegation of Spending and Financial Authorities [ ] |
| 2. Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (section 34 of the Financial Administration Act). |
2.1 Certification authority is performed by the appropriate delegated authority. 2.2 Expense certified is properly supported with proof of execution and cost. 2.3 Certification authority is conducted in a timely manner. |
Medium (88%) | High (100%) |
Directive on Accounting Standards: GC 5100 Payables at Year-End [ ] Directive on Delegation of Spending and Financial Authorities [ ] Guide to Delegating and Applying Spending and Financial Authorities [ ] |
| Line of enquiry | Criteria | SD 1 | SD 2 | Related source(s) |
|---|---|---|---|---|
| 1. Governance of receivables |
1.1 Receivables are minimized, to the extent possible, by requiring payment in advance or at the time that goods and services are provided. 1.2 Credit is granted only when it is an operational requirement. 1.3 Debtors are fairly treated and informed of their rights and obligations under applicable acts, regulations, policies and directives. 1.4 Appropriate segregation of duties is implemented between individuals who have responsibilities for receipts, deposits, recording of public money, credit granting, invoicing, collections and debt write-offs. |
Low (75%) | High (100%) | Directive on Public Money and Receivables [] |
| 2. Collection of receivables | 2.1 Timely and cost-effective collection actions are taken to pursue receivables. | High (100%) | High (100%) | Directive on Public Money and Receivables [] |
| 3. Recording of receivables | 3.1 Receivable transactions are recorded promptly and accurately in the departmental accounts. | High (100%) | High (100%) | Directive on Public Money and Receivables [] |
| 4. Debt deletion | 4.1 Timely actions are taken for write-off, remission or forgiveness of debts, or waiver of interests or administrative charges, when a receivable is not settled in full. | High (100%) | High (100%) | Directive on Public Money and Receivables [] |