Targeted Annual Core Control Self-Assessment Audit in Small Departments (Fiscal Year 2022–2023)
August 2024
Office of the Comptroller General
On this page
- Executive summary
- Background
- Audit objectives and scope
- Approach and methodology
- Finding 1: Self-assessments results accuracy
- Finding 2: Level of compliance observed for transfer payment and delegation
- Finding 3: Sampling approaches
- Overall conclusion
- Management response
- Conformance with professional standards
- Appendix A: Way forward –over a 5-year cycle
- Appendix B: Applicable legislation and policy instruments
- Appendix C: Lines of enquiry and criteria
- Appendix D: List of small departments
- Appendix E: Recommendations by department
- Appendix F: General guidance for all small departments
Executive summary
-
In this section
Background
In the fall of 2022, 42 small departments (SD) were required to provide the Office of the Comptroller General (OCG) the results of their core control self-assessments, approved by their chief financial officer, in the policy areas of delegation of spending and financial authorities and transfer payments.
After receiving these self-assessments, the OCG provided SDs with the consolidated results of these self-assessments and information on horizontal findings. The OCG then launched an audit to independently verify the accuracy of the self-assessments results in a targeted sample of 3 SDs and provide insights to help address common challenges and risks related to these policy sectors.Footnote 1 The SDs scoped into this audit were:
- Polar Knowledge Canada (POLAR)
- Women and Gender Equality (WAGE)
- Royal Canadian Mounted Police External Review Committee (RCMP-ERC)
SDs that were not included in this audit are encouraged to assess whether the recommendations and general advice in this report apply in their own contexts, and develop their own management action plans and follow up on them internally, where appropriate.
Why this is important
Canadians expect the Government of Canada’s financial resources to be well managed in the delivery of programs and safeguarded through balanced controls that enable flexibility and manage risk. As accounting officers under the Financial Administration Act, deputy heads are accountable for ensuring that delegation of authorities and transfer payments are organized to deliver departmental objectives in compliance with government policies and procedures, which set the requirements for sound stewardship of public funds.
Key findings
- Regarding accuracy, the audit found that overall self-assessment compliance ratings reported by the 3 SDs for both areas examined were not significantly overstated.
- In the area of transfer payments, high compliance ratings were generally observed for the SDs audited. Exceptions mainly related to the alignment of funding agreements with program terms and conditions.
- Compliance in the area of delegation of spending and financial authorities varied more widely from high to low across the SDs audited. Opportunities for improvements identified mainly revolved around the annual monitoring of delegation instruments and related training.
- The rigour of sampling approaches adopted by the 3 SDs to complete their self-assessments also varied widely. One SD self-assessed all their transactions while the other two SDs were unable to fully demonstrate what sampling methodology they had adopted for their self-assessments, given the lack of supporting documentation.
Conclusion
Overall, the audit found that the SD self-assessments results examined had a high level of accuracy in the area of transfer payments and that opportunities for improvements regarding compliance with government policies were more prevalent in the area of delegation of spending and financial authorities.
Based on the key findings in this report, recommendations were issued in the following areas (see Appendix E for the list of recommendations):
- Annual monitoring of delegation instruments
- Mandatory training for the delegation of spending and financial authorities
- Alignment of the funding agreements with the terms and conditions of their respective programs
Additionally, general guidance was issued for all SDs participating in the self-assessment in the following areas (see Appendix F for the list of general guidance):
- Segregation of duties when completing the self-assessment tools
- Considering the risk of overestimation in self-assessing compliance levels
- Leveraging existing best practices from other SDs
- Following self-assessment sampling guidelines issued by the OCG, and retaining supporting documentation
Background
The Office of the Comptroller General (OCG) Audit Operations’ (AO) mandate under the Treasury Board Policy on Internal Audit includes leading internal audit engagements focusing on small departments (SD) that do not have their own internal audit function. There are 42 SDs currently covered under this mandate. These departments vary greatly in both size and sectors of activity.Footnote 2
Historically, one of the ways that OCG delivered on this mandate was by conducting deep-dive core controls audits (CCA) in 1 SD at a time. This approach made it challenging to service all SDs in a timely manner and provided limited coverage of risks year-over-year from a community perspective. Over time, it became apparent that a renewed, more proactive approach was needed—one that emphasized upfront tooling, coupled with a broader and more timely coverage of risks.
As a first step to implementing a renewed approach, OCG designed and rolled out a series of mandatory tools to help all SDs self-assess their internal core controls in 14 key financial management policy areas using a common methodology. All SDs are required to provide the results of their self-assessments using these tools to OCG gradually over a 5-year period starting with the two following areas in fiscal year 2022–23: delegation of spending and financial authorities, and transfer payments.
The second and final step to implement this renewed approach is conducting annual OCG audits of these self-assessments to:
- verify the accuracy of self-assessment results provided by SDs every year over a 5-year period in a targeted risk-based sample of departments
- help address government-wide barriers through enhanced line of sight and understanding of common challenges and risks
This report presents the key findings, recommendations and general advice that stem from the completion of OCG’s first annual targeted audit cycle, which focused on delegation of spending and financial authorities and transfer payments.
Appendix A depicts in more detail how the previously mentioned renewed 5-year approach works year-over-year.
Appendix B outlines the relevant legislative and Treasury Board policy framework governing the areas of delegation of spending and financial authorities and transfer payments.
Appendix C provides further detail about what aspects of compliance with the above legislative and Treasury Board policy framework were examined by the self-assessments and the audit.
Appendix D is the list of the SDs that completed the self-assessment tools.
Audit objectives and scope
-
In this section
Objectives
The objectives of this audit were to:
- verify the accuracy of a sample of SD self-assessments results in the areas of delegation of authorities and transfer paymentsFootnote 3
- provide related insight to help address common challenges and risks
Scope
In the fall of 2022, 42 SDs were required to provide OCG the results of their self-assessments (covering fiscal year 2021–22) in the areas of delegation of authorities and transfer payments using the prescribed OCG tool. Micro-organizations were required to provide their self-assessment only in the area of delegation of authorities.
Three SDs were selected for this audit based on a risk assessment completed by the OCG team. To ensure a certain level of diversity and representativeness of the audit sample, the following criteria were considered:
- recency of past OCG audit coverage
- size of department
- sector of activity
- self-assessment results
The three SDs selected for the targeted audit were the following:
- Polar Knowledge Canada (POLAR), a regulatory agency and, in terms of size, a small SD
- Women and Gender Equality (WAGE), a medium-sized policy advisory organization
- Royal Canadian Mounted Police External Review Committee (RCMP-ERC), an investigative body categorized as a micro-organizationFootnote 4
The audit scope excluded the self-assessments provided to OCG by the other SDs and SDs that have their own internal audit function (including a departmental audit committee).
Approach and methodology
-
In this section
The approach for this audit was to assess the documentation that was provided by each of the three participating SDs to support their self-assessed ratings. For each of these departments, follow-up interviews were conducted with senior-level departmental representatives who had key financial management responsibilities. The criteria and sub-criteria used to assess compliance in the areas of delegation of authorities and transfer payments were identical to those used by the SDs for their self-assessment and are listed in Appendix B.
OCG also reviewed the sampling approaches adopted by the SDs audited to determine whether they aligned with the sampling guidance OCG provided when the tools were initially rolled out. Given that the audit objective was limited to assessing the accuracy of self-assessment results, no additional samples were drawn by OCG when sampling guidelines were not followed by SDs. Because of the small sample size, audit results provide only a limited indication of the overall reliability of self-assessments completed by all 42 participating SDs and as such, quantifiable statistical extrapolations are not possible. Additionally, in smaller organizations, there may be fewer available samples to test, which may lead to individual sample results having a significant impact on the overall departmental results.
The compliance rating scale below was used for both the self-assessments and the audit. This scale is also consistent with the one used over the past decade in previous OCG deep-dive traditional core control audits. To make it easier to compare results over time and to help SDs identify areas where progress has been made, the same scale will be used for the duration of OCG’s five-year strategy.
Compliance rating scale
- Low: Less than 80% compliance
- Medium: Less than 90% compliance and greater than or equal to 80% compliance
- High: Greater than or equal to 90% compliance
Finding 1: a higher level of accuracy was observed for the self-assessment results for transfer payments, while more significant variances were observed for those related to delegation of spending and financial authorities
Given that the SDs were given detailed information on the self-assessment tools prior to their launch and that the criteria and compliance rating scales used in both the audit and self-assessments were very similar to those used by OCG over the past decade, it was expected that the self-assessments completed by SDs would yield generally accurate results when compared to audit results. Nevertheless, some variances were expected given the inherent differences between independent audits and self-assessments.
Key takeaways
- The OCG audit and SD self-assessment results for transfer payments were highly accurate, while variances were found to be much more prevalent for the area of delegation of spending and financial authorities.
- Where variances were observed, the general tendency was for SDs to self-assess their compliance at a higher level, when compared to the audit results, in both areas assessed.
- Overall, most of the variances identified in both areas were not deemed of significantFootnote * magnitude.
Detailed findings
Transfer payments
Transfer payments are one of the government’s key instruments to further its broad policy objectives and priorities that include monetary payments or transfers of goods, services, or assets to third parties, including Crown corporations, made by the Government of Canada on the basis of appropriations.
The Treasury Board policy framework provides direction on transfer payments within government and aims to ensure that transfer payment programs are:
- designed and delivered to address government priorities in achieving results for Canadians
- managed with integrity, transparency and accountability in a manner that is sensitive to risks
- focused on citizens and recipients
The 2 SDs that were audited for this area were WAGE and POLARFootnote 5
Figure 1 depicts the average compliance results by sub-criteria in the areas of:
- funding
- segregation of duties
- expenditure initiation/commitment authority
- transfer payment management
- certification authority
More specifically, figure 1 shows the comparison between the average results of the targeted departments’ self-assessment ratings, their actual audit ratings, and how they compare to the average ratings amongst all 42 departments’ self-assessment ratings.
Figure 1 - Text version
| Sub-criteria | 42 SDs average self-assessment ratings | Average of targeted departments’ self-assessment ratings | Average of targeted departments audit ratings |
|---|---|---|---|
| Sub-criteria 1.2 | 100% | 100% | 85% |
| Sub-criteria 1.3 | 100% | 100% | 100% |
| Sub-criteria 2.1 | 92% | 100% | 100% |
| Sub-criteria 3.2 | 98% | 100% | 100% |
| Sub-criteria 5.5 | 96% | 100% | 100% |
| Sub-criteria 5.7 | 82% | 100% | 100% |
| Sub-criteria 6.3 | 98% | 95% | 95% |
| Sub-criteria description | |
|---|---|
| Legend | |
| 1.2 The types of transfer payments selected for the recipient is appropriate under the program terms and conditions. | |
| 1.3 The funding amounts are consistent with federal stacking limits established in program terms and conditions. | |
| 2.1 Segregation of duties exist between individuals responsible for managing transfer payments. | |
| 3.2 Expense (total project funding amount) is approved prior to the approval of funding agreement. | |
| 5.5 Supporting documents for all transfer payments made are properly completed and documented, in accordance with payment and reporting requirements stated in the signed funding agreement. | |
| 5.7 Amendments are signed by the appropriate authority and are performed prior to the end date of the agreement. | |
| 6.3 Certification authority is conducted in a timely manner. | |
In terms of compliance ratings, OCG audit and SD self-assessments results aligned in almost all key areas examined under transfer payments. Alignment was found in:
- stacking limits being consistent with the funding amounts
- segregation of duties existing between individuals
- expenses being approved prior to the approval of the funding agreement
- availability of documentation to support that activities were carried out
- funding agreement amendments being signed by the appropriate authority
- certification authority being conducted in a timely manner
The audit noted that there was only a 7% variance between the SDs’ self-assessed compliance results and the audit results. Variances between audit and self-assessment results mainly revolved around the compliance of funding agreements and programs with their terms and conditions (for example, maximum duration, funding amount and eligible expenditures of the agreements).
Delegation of spending and financial authorities
According to the Directive on Delegation of Spending and Financial Authorities, chief financial officers are responsible for the delegation of spending and financial authorities and its maintenance, and of their management and oversight. This ensures that the Government of Canada’s financial resources are well managed in the delivery of programs to Canadians and safeguarded through balanced controls that enable flexibility and manage risk.
The Guide to Delegating and Applying Spending and Financial Authorities provides departments with information on how, when, what and to whom to delegate spending and financial authorities, in addition to the tools to do so. The Policy on People Management combined with the Policy on Learning, Training, and Development (now archived) provide the guidance for the required delegation training.
The three SDs—RCMP ERC, POLAR and WAGE—were audited for this area.
Figure 2 depicts the average compliance results by sub-criteria in the areas of delegation of spending and financial authorities, and for the area of learning, training, and development. It shows the comparison between the average results of the targeted departments’ self-assessment ratings, their actual audit ratings, and how they compare to the average ratings amongst all 42 departments’ self-assessment ratings.
Figure 2 - Text version
| Sub-criteria | 42 SDs average self-assessment ratings | Average of targeted departments’ self-assessment ratings | Average of targeted departments’ audit ratings |
|---|---|---|---|
| Sub-criteria 1.1 | 98% | 100% | 100% |
| Sub-criteria 1.2 | 86% | 100% | 33% |
| Sub-criteria 1.3 | 88% | 100% | 100% |
| Sub-criteria 1.4 | 96% | 50% | 100% |
| Sub-criteria 2.1 | 93% | 97% | 68% |
| Sub-criteria 2.2 | 92% | 78% | 58% |
| Sub-criteria description | |
|---|---|
| Legend | |
| 1.1 Spending and financial authorities are delegated in writing in accordance with the Directive on Delegation of Spending and Financial Authorities. | |
| 1.2 At a minimum, the delegation of spending and financial authorities are reviewed annually. | |
| 1.3 The delegation chart is updated and submitted for the minister’s signature when there are significant changes or within 90 calendar days of the appointment of a new minister. | |
| 1.4 Financial authorities delegated to other departments are signed by either the minister or the deputy of the minister. | |
| 2.1 Individuals who are granted delegated spending and financial authorities completed the required training prior to exercising their authorities. | |
| 2.2 Individuals who are granted delegated spending and financial authorities revalidated their knowledge at least every five years in order to maintain their delegated authorities. | |
The audit noted that, on average, about half of the SD self-assessed compliance results aligned with the audit results. Areas of alignment between the audit and SD self-assessments results pertain to spending and financial authorities being delegated in writing in accordance with the directive and being submitted for the minister’s signature when there are significant changes or within 90 days of the appointment of a new minister.
The audit concluded that 22% of variances identified between the audit and self-assessment results were significant (that is, high self-assessed compliance rating versus corresponding low audit compliance rating). These variances were observed with respect to learning, training and development where SDs provided delegated financial authorities to individuals before they completed the required training.
Furthermore, another area where there was a significant variance was for annual reviews on financial authorities where 2 SDs had limited documentation to support the completion of the process.
Potential reasons for variances observed between the audit and self-assessment results
Inconsistencies identified between the audit and the self-assessment results may be due to several factors. As is often the case with self-assessments, there may have been a natural inherent tendency to overestimate results. In addition, although the self-assessment tools contain detailed guidelines, they cannot cover all the specific cases that could exist for the 42 SDs, which may lead to discrepancies in the interpretations of policies and directives. Finally, some findings could be explained by SDs not necessarily having timely access to the technical expertise required to conduct a thorough evaluation.
Why this is important
Accurate self-assessments of compliance with government policies not only help support deputy heads in their roles as accounting officers, but also show departments where improvements are most needed to prioritize corrective actions.
Notwithstanding the small sample size for this audit, variances observed between self-assessment results and audit results are an important consideration for all participating SDs (or any other departments using the OCG self-assessment tool) when interpreting their own self-assessment results. For instance, the variances observed as part of this audit may provide an indication of areas where a risk of significant overestimation of compliance assessment by management is more likely.
Conclusion
Overall, the audit found that the self-assessments results provided by SDs were generally accurate in the area of transfer payments. However, the accuracy of self-assessments results in the area of delegation of spending and financial authorities varied more widely.
General guidance for all SDs
- Where possible, departments should consider having self-assessments of compliance completed by a different set of individuals (perhaps from a different section) than those responsible for transaction processing. This could help mitigate the inherent risk of overstatement often associated with self-assessment exercises.
- When relying on self-assessments, consider the risk of overestimation in compliance levels:
- Consider that based on the results of this audit:
- the self-assessed compliance ratings in the area of transfer payments were highly accurate
- the majority of the departments audited tended to self-assess by at least one level of compliance higher than the audit results in the area of delegation of spending and financial authorities
- all available mandatory training from the Canada School of Public Service should be leveraged to help mitigate the risk of overestimation
- referring to the Guide to Delegating and Applying Spending and Financial Authorities might also help address technical questions in the area of delegation and, when in doubt, departments are encouraged to reach out to the Treasury Board of Canada Secretariat with their enquiries (see section 8 of the Directive on Delegation of Spending and Financial Authorities)
- Consider that based on the results of this audit:
Finding 2: for the SDs audited, the level of compliance observed in the area of transfer payments was generally high, while in the case of delegation of spending and financial authorities the level of compliance varied more widely from high to low
SDs are required to adhere to established Treasury Board policies and directives related to delegation of spending and financial authorities and transfer payments (see Appendix A) and ensure that governance, oversight and internal controls over these areas are effective.
Recognizing that all the criteria assessed as part of this audit were anchored in mandatory policy requirements, it was expected that, on average, SD compliance levels would at least be at the “medium” level or higher. Of note, in previous core control audits, compliance for delegation was at the “low” level, while the compliance for transfer payment was at the “medium” level.
The compliance rating scale below was used for both the self-assessments and the audit.
Compliance rating scale
- Low: Less than 80% compliance
- Medium: Less than 90% compliance and greater than or equal to 80% compliance
- High: Greater than or equal to 90% compliance
Key takeaways
- The audit found that the two departments that were audited for transfer payments demonstrated an overall high compliance. However, there is a discernible variance in compliance levels in the delegation area, with results varying from low to high compliance across the three departments audited.
- Figures 3-4 outline the audit results for both areas examined across all three departments audited.
| Areas examined and criteria | Sampled SD 1 | Sampled SD 2 |
|---|---|---|
| Transfer payments – Audit results per areas examined | ||
| The SD has established a funding agreement with the recipient consistent with the requirement of the approved program terms and conditions. | Medium (85%) |
High (100%) |
| Adequate segregation of duties related to the management of transfer payments is appropriate. | High (100%) |
High (100%) |
| Transfer payments are made in accordance with the approved program terms and conditions. | High (100%) |
High (100%) |
| The performance of account verification is done by someone with the delegated authority to do so, is accomplished on a timely basis and verifies the correctness of the payments requested. | High (100%) |
High (100%) |
| The payment and settlement is carried out by someone with proper delegation of authority and for the correct dollar amount and to the right vendor on a timely basis. | High (90%) |
High (100%) |
| Areas examined and criteria | Sampled SD 1 | Sampled SD 2 | Sampled SD 3 |
|---|---|---|---|
| Delegation – Audit results per areas examined | |||
| Delegation instruments are appropriate, current and approved in accordance with the directive. | Low (67%) |
High (100%) |
Low (75%) |
| Employees successfully complete mandatory training in accordance with requirements pertaining to financial management, contracting and human resources. | Medium (81%) |
High (92%) |
Low (17%) |
Detailed findings
Transfer payments
The audit noted that, for POLAR and WAGE, the level of compliance observed for almost all areas was high. However, one area has shown a varied level of compliance. It was noted that the contribution agreements did not always comply with all of the program terms and conditions.
Delegation of spending and financial authorities
The audit found that for the delegation of spending and financial authorities, the level of compliance varied more widely between high and low. A high level of compliance was observed for all 3 SDs regarding their delegation chart, as it was signed by the minister and included the full extent of delegations. Each department had the appropriate level of signature required (either the minister or deputy of the minister) to delegate financial authorities out to other departments. Finally, when applicable, the departments proactively updated the delegated authority charts within 90 calendar days of the appointment of a new minister.
However, the audit found lower levels of compliance as well. As the policy stipulates, departments are to review the delegation of spending and financial authorities at least annually. However, there was limited documentation on file to show that this process was taking place.
Additionally, compliance levels were also slightly lower in areas pertaining to training for the delegation of spending and financial authorities. While SDs did demonstrate that some mandatory training had been completed, supporting documentation was not always kept on file to demonstrate that individuals had completed all the required training relevant to their level of delegated authority. Also, required training courses were not always completed prior to an individual being granted or exercising their delegated authority.
Potential reasons for variations in policy compliance
Inconsistency of audit results between SDs and between the 2 areas may be due to several factors. Transfer payment is a core activity in a department and as such may get more attention, in terms of more resources and a higher level of scrutiny in terms of oversight and public interest. This may inherently lead to a higher-level policy compliance than in back-office areas such as delegation of spending and financial authorities.
The larger SDs in the audit also tended to have higher compliance ratings, which, based on interviews, would be in part because they have more specialized and sometimes dedicated resources to ensure compliance. This would also explain the high compliance level of the transfer payment self-assessments, as they were completed by the largest SDs of the sample. Moreover, the variability in compliance results was also likely partly due to a variability in the degree of formalization of business processes in SDs.
Why this is important
The criteria of the self-assessments stemming from policy instruments and legislation are mandatory requirements that all SDs should comply with. Compliance directly supports deputy heads in their role as accounting officers under the Financial Administration Act. Compliance in both areas also enables departments to address government priorities by demonstrating sound stewardship of public funds through integrity, transparency and accountability.
Conclusion
Overall, the audit found that the level of compliance observed in the area of transfer payments was generally high, while in the case of delegation of spending and financial authorities the level of compliance varied more widely from high to low.
Recommendations
- Small departments should implement a documented annual monitoring process to ensure that delegation instruments, including specimen signature cards, are current and approved in accordance with the Directive on Delegation of Spending and Financial Authorities.
- Small departments should implement a documented process to verify that individuals who are granted delegated spending and financial authorities have:
- completed the required training prior to being granted and exercising their authorities
- revalidated their knowledge at least every 5 years in order to maintain their delegated authorities
- Small departments should establish a formal process to document their verification of funding agreements to ensure their alignment with the terms and conditions of respective programs. These verifications should cover all the following key elements:
- eligible recipients and activities
- maximum duration and funding
- reporting requirements
- any other specific program criteria (that is, eligible expenditures)
General guidance for all SDs
When developing, improving and/or documenting business processes to help further enable and demonstrate compliance in both areas examined, departments could consider reaching out to other SDs of comparable size (or within the same sector of activity) with higher self-assessed compliance ratings to leverage existing practices where appropriate. This could help minimize the level of effort needed.
Finding 3: the rigour of sampling approaches adopted by the 3 SDs to complete their self-assessments varied widely
SDs were expected to be able to fully explain and demonstrate how their transactions were selected for examination as part of their self-assessment.
To help mitigate the risk of human bias as part of this selection process and ensure a certain level of representativity of the sample, OCG provided supporting guidance to SDs. The guidance prescribed a minimum sample size and suggested adopting a blended approach, incorporating a mix of risk-based and random selection.
Key takeaways
- One SD assessed all employees with financial delegation authority as part of their self-assessment pertaining to delegation of spending and financial authorities.
- The two other SDs scoped into the audit were unable to fully explain or demonstrate how their transactions were selected for examination as part of their self-assessments.
Detailed findings
One department was able to examine all of their transactions for their delegation of spending and financial authorities’ self-assessment due to their small population size.
Another department used an external firm for sample selection and was only able to fully demonstrate how their transactions were selected for examination for their self-assessment relating to transfer payments, but were unable to do so for their self-assessment in the area of delegation of spending and financial authorities.
Finally, one department was unable to fully explain or demonstrate how their transactions were selected for examination in either of the self-assessments they completed.
Potential reasons for documentation inconsistencies
In SDs, the workload and impetus to deliver on results for Canadians can be just as significant as in larger organizations, but resources are more limited. Therefore, the importance of ensuring that sampling methodologies for oversight activities are fully documented might not be deemed a priority. Recognizing this context, the self-assessment sampling guidance issued to SDs by OCG could have been more detailed and clearer. OCG will therefore strengthen its guidance in this area before the next round of SD self-assessments.
Why this is important
When departments are unable to fully explain or demonstrate how transactions were selected for examination in their self-assessments, it calls into question the reliability of results given the inherent risks of human bias and inability to prove the extent of the sample’s representativeness.
Furthermore, without a formal sampling approach to help ensure consistency between self-assessment exercises, it will be difficult for departments to gauge their progress over time and assess the effectiveness of corrective actions taken.
In SDs, investing time in formalizing strong sampling approaches would not only help them better support their deputy heads in their role as accounting officer, but could also help optimize the use of limited resources by focusing oversight efforts in key areas of risks.
Conclusion
Overall, the audit found that documentation to verify the sampling approaches adopted by the 3 SDs to complete their self-assessments was limited. The rigour of these sampling approaches varied widely. The SDs should ensure in the future that they can demonstrate that they follow OCG sampling guidance.
General guidance for all SDs
All SDs should ensure that they can demonstrate (with supporting documentation) that the sampling guidelines for self-assessment issued by the OCG have been followed. A detailed procedure on how to perform sampling is provided on the guidance tab of the self-assessment tools. Additional guidance on sampling can also be found in the Guide to Delegating and Applying Spending and Financial Authorities and on the Statistics Canada website (specifically, section 3.2 “Sampling” in the document entitled Statistics: Power from Data!).
Overall conclusion
Overall, the audit found that the SD self-assessment results examined had a high level of accuracy in the area of transfer payments and that opportunities for improvements regarding compliance with government policies were more prevalent in the area of delegation of spending and financial authorities.
Management response
The findings and recommendations of this engagement were presented to the departments that were included in its scope.
Management has agreed with the findings included in this report and will take action to address all applicable recommendations.
Following the audit, the participating SDs formulated and submitted to the OCG a detailed management action plan (MAP) addressing their recommendations, as applicable. These MAPs serve as a commitment to address audit recommendations and showcase a strategic and accountable approach to implementing corrective measures.
Conformance with professional standards
This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Sheri Ostridge, CIA
Assistant Comptroller General and Chief Audit Executive
Internal Audit Sector, Office of the Comptroller General
Appendix A: Way forward – over a 5-year cycleFootnote 6
| First 5 year cycle for Self-Assessments | |||||
|---|---|---|---|---|---|
| Year of Cycle | 1 | 2 | 3 | 4 | 5 |
| Self-assessment submission date to OCG | 2022-23 | 2023-24 | 2024-25 | 2025-26 | 2026-27 |
| Period covered by the self-assessment | 2021-22 | 2022-23 | 2023-24 | 2024-25 | 2025-26 |
| Self-assessment tools areas covered for small departments (medium and large) | 2 areas:
|
3 areas:
|
3 areas:
|
3 areas:
|
3 areas:
|
| Self-assessment tools areas covered for micro-organizations | 1 area:
|
2 areas:
|
2 areas:
|
2 areas:
|
2 areas:
|
| Targeted annual core control self-assessment audit | Sample of small departments (2) | Sample of small departments (2 or 3) | Sample of small departments (2 or 3) | Sample of small departments (2 or 3) | Sample of small departments (2 or 3) |
Appendix B: Applicable legislation and policy instruments
| Policy, directive, standards and guidelines | Description | Effective / archived dates |
|---|---|---|
| Directive on Delegation of Spending and Financial Authorities [2017-04-01] | This directive provides chief financial officers with their responsibilities for delegating, maintaining, managing and overseeing spending and financial authorities. | Effective April 1, 2017 Updated January 18, 2021 |
| Guide to Delegating and Applying Spending and Financial Authorities [2018-05-29) | This guide provides departments with information on how, when, what and to whom to delegate spending and financial authorities, and the tools to do so. The document details spending and financial authorities and the account verification implications for departmental consideration. | Effective May 29, 2018 Updated January 18, 2021 |
| Policy on People Management [2021-04-28] | The policy provides deputies with foundational support in developing and sustaining a high-performing workforce that ensures good governance and service to Canadians, and an inclusive, safe, barrier-free workplace that embodies public service values including respect for people, respect for democracy, integrity, stewardship and excellence in its actions and decisions. | Effective April 1, 2021 Updated April 28, 2021 |
| Policy on Learning, Training, and Development [2020-04-01] | This policy helps the government build a skilled, well-trained and professional workforce; strengthen organizational leadership; and adopt leading-edge management practices to encourage innovation and continuous improvements in performance. | Effective December 1, 2017 Archived April 1, 2020 |
| Directive on Transfer Payments [2012-04-01] | This directive provides departmental managers with the operational requirements for the design and management of transfer payment programs. | Effective October 1, 2008 Archived April 1, 2022 |
| Policy on Transfer Payments [2015-07-08] | This policy explains the roles and responsibilities for the delivery and management of transfer payment programs. | Effective October 1, 2008 Archived April 4, 2022 |
| Financial Administration Act | This act provides for the financial administration of the Government of Canada, the establishment and maintenance of the accounts of Canada and the control of Crown corporations. | Version effective from October 27, 2021, to January 12, 2022 |
Appendix C: Lines of enquiry and criteria
The criteria applied during this engagement are presented in the table below by line of enquiry.
| Line of enquiry | Criteria | Related source(s) |
|---|---|---|
| 1. Delegation instruments are appropriate, current and approved in accordance with the directive. | 1.1 Spending and financial authorities are delegated in writing in accordance with the directive. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] |
| 1.2 At a minimum, the delegation of spending and financial authorities are reviewed annually. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] | |
| 1.3 The delegation chart is updated and submitted for the minister’s signature when there are significant changes or within 90 calendar days of the appointment of a new minister. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] | |
| 1.4 Financial authorities delegated to other departments are signed by either the minister or the deputy of the minister. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] | |
| 2. Employees successfully complete mandatory training in accordance with requirements pertaining to financial management, contracting and human resources. | 2.1 Individuals who are granted delegated spending and financial authorities completed the required training prior to exercising their authorities. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] |
| 2.2 Individuals who are granted delegated spending and financial authorities revalidated their knowledge at least every five years in order to maintain their delegated authorities. | Guide to Delegating and Applying Spending and Financial Authorities [2018-05-29] Directive on Delegation of Spending and Financial Authorities [2017-04-01] |
| Line of enquiry | Criteria | Related source(s) |
|---|---|---|
| 1. The SD has established a funding agreement with the recipient consistent with the requirement of the approved program terms and conditions. | 1.2 The types of transfer payments selected for the recipient is appropriate under the program terms and conditions. | Directive on Transfer Payments [2012-04-01] |
| 1.3 The funding amounts are consistent with federal stacking limits established in program terms and conditions. | Directive on Transfer Payments [2012-04-01] | |
| 2. Adequate segregation of duties related to the management of transfer payments is appropriate. | 2.1 Segregation of duties exist between individuals responsible for managing transfer payments. | Policy on Transfer Payments [2015-07-08] Directive on Delegation of Spending and Financial Authorities [2017-04-01] |
| 3. Transfer payments are made in accordance with the approved program terms and conditions. | 3.2 Expense (total project funding amount) approved prior to the approval of funding agreement. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] Guide to Delegating and Applying Spending and Financial Authorities [2018-05-29] |
| 5. The performance of account verification is done by someone with the delegated authority to do so, is accomplished on a timely basis and the correctness of the payments requested is verified. | 5.5 Supporting documents for all transfer payments made are properly completed and documented, in accordance with payment and reporting requirements stated in the signed funding agreement. | |
| 5.7 Amendments are signed by the appropriate authority and are performed prior to the end date of the agreement. | Policy on Transfer Payments [2015-07-08] | |
| 6. The payment and settlement is carried out by someone with proper delegation of authority and for the correct dollar amount and to the right vendor on a timely basis. | 6.3 Certification authority is conducted in a timely manner. | Directive on Delegation of Spending and Financial Authorities [2017-04-01] Guide to Delegating and Applying Spending and Financial Authorities [2018-05-29] |
Appendix D: List of small departments
List of the small departments with acronym, department name, sector, department size, full-time equivalents (FTEs) and number of self-assessment tools completed.
| Acronym | Department name | Sector | Department size | FTEstable 1 note 8 | Number of self-assessment tools completedtable 1 note 9 |
|---|---|---|---|---|---|
| ATSSC | Administrative Tribunals Support Service of Canada | Courts & Tribunals | Large SD | 660 | 1 |
| ACOA | Atlantic Canada Opportunities Agency | Regional Development Agencies | Large SD | 593 | 2 |
| CED | Canada Economic Development for Quebec Regions | Regional Development Agencies | Medium SD | 370 | 2 |
| CER | Canada Energy Regulator | Regulatory Agencies | Large SD | 545 | 2 |
| CSPS | Canada School of Public Service | Administrative Services | Large SD | 672 | 1 |
| CCOHS | Canadian Centre for Occupational Health and Safety | Policy Advisory | Micro-organization SD | 115 | 1 |
| CHRC | Canadian Human Rights Commission | Investigative Bodies | Medium SD | 270 | 1 |
| CICS | Canadian Intergovernmental Conference Secretariat | Administrative Services | Micro-organization SD | 32 | 1 |
| CanNor | Canadian Northern Economic Development Agency | Regional Development Agencies | Small SD | 120 | 2 |
| CRTC | Canadian Radio-television and Telecommunications Commission | Regulatory Agencies | Large SD | 538 | 1 |
| CTA | Canadian Transportation Agency | Regulatory Agencies | Medium SD | 252 | 1 |
| CRCC | Civilian Review and Complaints Commission for the Royal Canadian Mounted Police | Investigative Bodies | Micro-organization SD | 77 | 1 |
| CB | Copyright Board Canada | Courts & Tribunals | Micro-organization SD | 25 | 1 |
| FPCC | Farm Products Council of Canada | Regulatory Agencies | Micro-organization SD | 22 | 1 |
| FedDev Ontario | Federal Economic Development Agency for Southern Ontario | Regional Development Agencies | Medium SD | 272 | 2 |
| FedNor | Federal Economic Development Agency for Northern Ontario | Regional Development Agencies | Small SD | 85 | 2 |
| FCAC | Financial Consumer Agency of Canada | Courts & Tribunals | Small SD | 209 | 1 |
| FINTRAC | Financial Transactions and Reports Analysis Centre of Canada | Regulatory Agencies | Medium SD | 413 | 1 |
| IRB | Immigration and Refugee Board of Canada | Courts & Tribunals | Large SD | 2095 | 1 |
| IAAC | Impact Assessment Agency of Canada | Regulatory Agencies | Medium SD | 442 | 2 |
| LAC | Library and Archives Canada | Administrative Services | Large SD | 1010 | 2 |
| MGERC | Military Grievances External Review Committee | Courts & Tribunals | Micro-organization SD | 50 | 1 |
| MPCC | Military Police Complaints Commission of Canada | Investigative Bodies | Micro-organization SD | 29 | 1 |
| NBC | The National Battlefields Commission | Administrative Services | Small SD | 59 | 1 |
| NFB | National Film Board | Regulatory Agencies | Medium SD | 382 | 1 |
| NSIRA | National Security and Intelligence Review Agency | Investigative Bodies | Small SD | 100 | 1 |
| NPA | Northern Pipeline Agency Canada (using NRCan processes) | Regulatory Agencies | Micro-organization SD | 4 | 1 |
| FJA | Office of the Commissioner for Federal Judicial Affairs Canada | Courts & Tribunals | Small SD | 66 | 1 |
| OCI | The Correctional Investigator Canada | Investigative Bodies | Micro-organization SD | 41 | 1 |
| - | Office of the Intelligence Commissioner | Investigative Bodies | Micro-organization SD | 10.5 | 1 |
| OSGG | Office of the Secretary to the Governor General | Administrative Services | Large SD | NA | 1 |
| PacifiCan | Pacific Economic Development Canada | Regional Development Agencies | Small SD | 77 | 2 |
| PBC | Parole Board of Canada | Courts & Tribunals | Large SD | 506 | 1 |
| PMPRB | Patented Medicine Prices Review Board Canada | Regulatory Agencies | Small SD | 85 | 1 |
| POLAR | Polar Knowledge Canada | Regulatory Agencies | Small SD | 91 | 2 |
| PrairiesCan | Prairies Economic Development Canada | Regional Development Agencies | Medium SD | 354 | 2 |
| SCC | Registrar of the Supreme Court of Canada | Courts & Tribunals | Small SD | 240 | 1 |
| ERC | Royal Canadian Mounted Police External Review Committee | Investigative Bodies | Micro-organization SD | 22.3 | 1 |
| SNSICP | Secretariat of the National Security and Intelligence Committee of Parliamentarians | Investigative Bodies | Micro-organization SD | 10 | 1 |
| TSB | Transportation Safety Board of Canada | Investigative Bodies | Small SD | 227 | 1 |
| VRAB | Veterans Review and Appeal Board | Courts & Tribunals | Small SD | 101 | 1 |
| WAGE | Women and Gender Equality | Policy Advisory | Medium SD | 332 | 2 |
Table 1 Notes
|
|||||
Appendix E: Recommendations by department
The following table presents the departments to which the recommendations apply and assigns a priority level of high, medium or low to each recommendation. The determination of priority levels was based on the relative priorities of the recommendations and the extent to which the recommendations indicate non-compliance with Treasury Board policies. The full names of departments are provided in the scope section and Appendix D.
| Recommendation | Departments to which this recommendation applies | Priority level |
|---|---|---|
|
POLAR, RCMP ERC | High |
|
POLAR, RCMP ERC | Medium |
|
POLAR | High |
All small departments that were not included in this targeted audit are strongly encouraged to assess whether the recommendations in this report apply to their own contexts and develop their own management action plans and follow up on them internally, where appropriate.
Appendix F: General guidance for all small departments
The following general guidance is provided for all SDs. SDs that were not included in this audit are encouraged to assess whether the general advice in this report applies in their own contexts and take action as appropriate.
Guidance
- Where possible, departments should consider having self-assessments of compliance completed by a different set of individuals (perhaps from a different section) than those responsible for transaction processing. This could help mitigate the inherent risk of overstatement often associated with self-assessment exercises.
When relying on self-assessments, consider the risk of overestimation in compliance levels:
Consider that based on the results of this audit:
- The self-assessed compliance ratings in the area of transfer payments were highly accurate.
- The majority of the departments audited tended to self-assess by at least one level of compliance higher than the audit results in the area of delegation of spending and financial authorities.
- All available mandatory training from the Canada School of Public Service should be leveraged to help mitigate the risk of self-assessing at a higher level.
- Referring to the Guide to Delegating and Applying Spending and Financial Authorities might also help address technical questions in the area of delegation and, when in doubt, departments are encouraged to reach out to the Treasury Board of Canada Secretariat with their enquiries (see section 8 of the Directive on Delegation of Spending and Financial Authorities)
- When developing, improving and/or documenting business processes to help further enable and demonstrate compliance in both areas examined, departments could consider reaching out to other SDs of comparable size (or within the same sector of activity) with higher self-assessed compliance ratings to leverage existing practices where appropriate. This could help minimize the level of effort needed.
- All SDs should ensure that they can demonstrate (with supporting documentation) that the sampling guidelines for self-assessment issued by the OCG have been followed. A detailed procedure on how to perform sampling is provided on the guidance tab of the self-assessment tools. Additional guidance on sampling can also be found in the Guide to Delegating and Applying Spending and Financial Authorities and on the Statistics Canada website (specifically, section 3.2 “Sampling” in the document entitled Statistics: Power from Data!).
© His Majesty the King in Right of Canada, as represented by the President of the Treasury Board, 2024
ISSN: 2818-7997
Page details
- Date modified: