This page has been archived.
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
December 2008
Pursuant to section 34 of the Financial Administration Act (FAA) and the Treasury Board (TB) Policy on Delegation of Authorities, signing authorities are delegated to the Canada Border Services Agency's (CBSA) various levels of management to enable them to administer programs and manage expenditures under their jurisdiction.
CBSA managers with delegated authority, the Comptrollership Branch, the branch management services units (BMSUs) and their regional equivalents, and the National Financial Transaction Centre (NFTC) all play significant roles in ensuring that section 34 of the FAA is performed in accordance with the relevant legislation, policies and directives.
The Audit Committee approved the Audit of Delegated Authority Under Section 34 of the Financial Administration Act as part of the internal audit plan for 2006-2007 that addressed compliance. No previous audits of this area have been conducted by the Internal Audit Directorate.
Planning of the audit started in late July 2006 and was suspended following notification in August 2006 of the Office of the Comptroller General's (OCG) horizontal audit on delegation of financial authorities. The CBSA was included in the OCG's Phase I review but was not selected for the more detailed assessment of Phase II. As a result, the CBSA's Internal Audit Directorate recommenced this audit to review compliance of delegated authorities under section 34 of the FAA.
The objective of the audit was to provide assurance on the following:
The audit scope included selected headquarters branches and regions to ensure adequate and representative coverage. Three CBSA branches and three regions were subject to the audit. The audit included a review of a sample of transactions representing the period from April 1, 2007, to September 30, 2007; interviews with various levels of management with delegated authority; and a review of the administrative processes at the BMSUs and regional finance offices. Audit fieldwork was substantially completed in August 2008.
The audit scope did not include a review of section 32 or 33 of the FAA. Travel, hospitality and fleet management were also excluded since separate audits of these areas have been planned or have previously taken place.
This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.
The CBSA's practices on administering and exercising delegated authorities under section 34 of the FAA were generally compliant with the applicable legislation, policies and directives. Controls should be strengthened to ensure transactions are authorized with sufficient and appropriate documentation on file.
CBSA policies, directives and procedures for the administration of section 34 of the FAA were appropriately documented and communicated. In addition, CBSA policies and procedures were found to be consistent with governing legislation and TB policies and directives. Roles and responsibilities with respect to purchase order preparation and documentation retention standards were not clearly defined or understood. Training and desktop tools specific to section 34 certifications were found to be insufficient to allow managers to appropriately exercise their delegated authorities. Sampled specimen signature documents were properly completed, updated, signed, distributed and aligned with the incumbents' delegated authority. Audit transaction testing illustrated that transactions were generally compliant with the audit criteria; the largest area of non-compliance related to not maintaining sufficient and appropriate documentation on file to support section 34 certifications.
The audit recommended that the Vice-President of the Comptrollership Branch establish and communicate a written directive on when purchase orders should be prepared, consider ways to strengthen section 34 certification training and desktop tools, and ensure that the CBSA Finance and Administration Manual is updated to include a reference to supporting documentation that BMSUs and regional finance offices should retain on file.
The Comptrollership Branch agrees with the recommendations in this report.
Pursuant to section 34 of the Financial Administration Act (FAA) and the Treasury Board (TB) Policy on Delegation of Authorities, signing authorities are delegated to the Canada Border Services Agency's (CBSA) various levels of management to enable them to administer programs and manage expenditures under their jurisdiction. The Minister of Public Safety and the President of the CBSA formally delegate and communicate spending and payment authorities through the financial delegation matrix. There are approximately 1,500 incumbents with delegated financial authorities throughout the CBSA and these authorities are communicated through specimen signature documents (SSDs).
The Comptrollership Branch is ultimately responsible for ensuring compliance with legislative and TB requirements. This branch is responsible for policies, procedures and controls related to the administration and exercise of delegated authorities and it also develops and maintains financial delegation instruments.
Primary responsibility for verifying individual expenditures and payments rests with incumbents who have been delegated the authority to confirm and certify entitlement, pursuant to section 34 of the FAA. These incumbents are responsible for certifying that work, goods or services have been received for the payment requested, that the charge is reasonable and correct, and that the payee is entitled to payment. Each transaction that undergoes section 34 certification must be coded to indicate the type of transaction and the responsibility or cost centre identifies the area where the expenditure was incurred.
The branch management services units (BMSUs), established in 2005 for each headquarters (HQ) branch or the equivalent regional finance office, are responsible for preparing SSDs for incumbents with financial signing authorities and for providing the support to administer and manage those functions related to the performance of section 34 of the FAA.
Once the section 34 certification has been properly executed and the information is inputted into the Corporate Administrative System (CAS) by the BMSU or regional office, all documentation is forwarded to officers having delegated payment authority under section 33 of the FAA. The National Financial Transaction Centre (NFTC) in Montréal currently has full payment authority for HQ and all CBSA regions, except the Pacific Region. Full payment authority for the Pacific Region is to be transferred to the NFTC by October 2008. For HQ and the remaining regions, the NFTC has ultimate responsibility for verifying individual expenditures, which includes providing assurance on the adequacy of the section 34 certification before payment is issued.
Prior to exercising delegated authority under section 34 of the FAA, new managers must undergo a five-day mandatory classroom course provided by the Canada School of Public Service. Before December 2006, managers had the option to take the five-day course or an online training course.
CBSA expenditures for the 2006-2007 fiscal year and for the first half of the 2007-2008 fiscal year were as follows:
Table 1 -- CBSA Total Expenditures
Fiscal Year 2006-2007 | Fiscal Year 2007-2008 | |||||
---|---|---|---|---|---|---|
April 1 to September 30 | % | October 1 to March 31 | % | April 1 to September 30 | % | |
Salaries | $377,821,935 | 76% | $401,779,787 | 65% | $388,253,341 | 73% |
Capital and operations and maintenance (O&M) | $120,018,643 | 24% | $215,571,603 | 35% | $141,039,617 | 27% |
Total | $497,840,578 | $617,351,390 | $529,292,958 |
Source: CAS
The Audit Committee approved this audit as part of the internal audit plan for 2006-2007 that addressed compliance. No previous audits of this area have been conducted by the Internal Audit Directorate.
Planning of the audit started in late July 2006 and was suspended following notification in August 2006 of the Office of the Comptroller General's (OCG) horizontal audit on delegation of financial authorities. The CBSA was included in the OCG's Phase I review but was not selected for the more detailed assessment of Phase II. As a result, the CBSA's Internal Audit Directorate recommenced this audit to review compliance of delegated authorities under section 34 of the FAA. The focus of the audit was to provide assurance that the exercise of section 34 certification was compliant with relevant directives and to evaluate whether controls were in place to ensure transactions were appropriately authorized and coded to the financial systems.
To assist in audit planning and to determine potential priorities and areas of audit, a risk assessment of the exercise of delegated authorities under section 34 of the FAA was conducted.
Based on the preliminary assessment of risks, the audit noted the following potential risk areas:
Roles and responsibilities -- There is a risk that roles and responsibilities have not been identified and communicated or that they are not well understood given the recent organizational restructuring involving the creation of BMSUs and the centralization of the section 33 function at the NFTC; this may result in non-compliance and increased error rates.
Training -- There is a risk that delegated managers and their support staff have not received adequate training to enable them to properly carry out section 34 certifications or to clearly understand the ramifications of not doing so.
There is a risk that the policies and procedures on section 34 certification are not complete, properly communicated or well understood by delegated authorities and support staff; this may result in non-compliance and inadequate controls over expenditures.
There is a risk that monitoring and reporting is inadequate to ensure compliance and reliability of data, and to identify problems and corrective measures.
The objective of the audit was to provide assurance on the following:
The audit scope included selected HQ branches and regions to ensure adequate and representative coverage. Three HQ branches (Comptrollership; Innovation, Science and Technology; and Strategy and Coordination) and three regions (Northern Ontario, Pacific and Quebec) were selected for audit examination. The examination included a review of the performance of section 34 certification at different levels of management and related administrative processes at the BMSUs and regional finance offices. A sample of transactions, representing the period from April 1, 2007, to September 30, 2007, from the selected branches and regions was examined. Expenditures at the selected branches and regions represented approximately 50% ($266.8 million) of CBSA expenditures for the sampling period. Audit fieldwork was substantially completed in August 2008.
The audit scope did not include a review of commitments under section 32 of the FAA or the final verification process conducted by officers performing the account verification and payment function under section 33 of the FAA. The Audit Committee approved, as part of the CBSA's three-year risk-based audit plan, a separate audit on section 33 of the FAA for the 2008-2009 fiscal year.
Transactions related to travel, hospitality and fleet management were the subject of recent CBSA internal audits and therefore were also excluded from the audit scope. In addition, acquisition cards were excluded from this audit because they will be reviewed as a separate future audit.
The audit approach included a documentation review, interviews with key personnel, site visits and an examination of sampled transactions.
The documents reviewed included relevant legislation, TB policies and directives, CBSA policies and procedures, and other relevant documentation on the delegation of financial signing authorities. These included the Financial Administration Act, the CBSA Finance and Administration Manual and the CBSA Financial Administration Control Framework. SSDs were also reviewed to ensure that they were properly completed, updated, signed, distributed and aligned with the incumbents' delegated authority.
Key personnel in the Comptrollership Branch and other HQ branches were interviewed to gain an understanding of the audit area and to identify risks. A random selection of 37 delegated managers at different levels of the organization were interviewed. The purpose of these interviews was to gain an understanding of managers' roles and responsibilities under section 34 of the FAA, of training received, of transaction review activities and of the use of relevant policies, procedures and directives.
Site visits and interviews were conducted at the NFTC and with selected BMSUs at HQ and their equivalents in selected regions to observe, review and examine the administration of delegated authority under section 34 of the FAA.
A statistical sample of 142 transactions representing the period from April 1, 2007, to September 30, 2007, was reviewed to assess the accuracy, completeness and compliance of section 34 certifications with the FAA. The sample size for individual branches and regions was determined based on their percentage of the total expenditures in the population of transactions for the sampling period.
The following lines of enquiry and audit criteria were developed based on the results of the risk assessment analysis, the Criteria of Control (COCO) model[ 1 ] and Management Accountability Framework (MAF) elements.[ 2 ]
Line of enquiry | Audit criteria |
---|---|
Governance and Accountability |
|
Compliance with Legislation, Policies and Procedures |
|
This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.
The CBSA's practices on administering and exercising delegated authorities under section 34 of the FAA were generally compliant with the applicable legislation, policies and directives. Controls should be strengthened to ensure transactions are authorized with sufficient and appropriate documentation on file.
Policies, directives and procedures for the administration of section 34 of the FAA were documented and communicated. Roles and responsibilities with respect to purchase order preparation and documentation retention standards were not clearly defined or understood.
The TB Policy on Delegation of Authorities states that policies, directives and procedures for administering section 34 of the FAA should be in place and communicated to employees in both official languages. According to the COCO model, management authority, responsibility and accountability should be clearly defined and communicated. The FAA requires that delegated managers review appropriate evidence prior to exercising section 34 approval.
Bilingual policies, procedures and directives relating to section 34 of the FAA were available to all employees on the CBSA and TB Web sites. In addition, the Comptrollership Branch developed the Financial Administration Control Framework and a roles and responsibilities document that clearly outline the requirements for all individuals involved in the exercise of section 34 certification. However, based on the audit's review of policies, procedures and directives and on interviews with the selected HQ BMSUs and regional finance offices, the roles, responsibilities and accountabilities defined and communicated through these documents were not always understood.
For example, interviews indicated that there was an inconsistent understanding of the dollar amount for which a purchase order would be required. Further inquiries were made with two regional offices and it was found that different threshold limits were used to prepare purchase orders. One region was using a threshold limit of $5,000 while the other was using $1,500. The Comptrollership Branch advised that the limit was $250; however, there was no supporting policy or directive reference for this limit.
There is currently a gap in directives relating to when a purchase order should be prepared. As a result of this gap, there is a risk that purchase orders may not be prepared on a consistent basis. As discussed in detail in Section 3.5, there is another gap in directives related to the fact that documentation retention standards have not been defined or communicated in any TB or CBSA directive.
Recommendation
The Vice-President of the Comptrollership Branch should establish and communicate a written directive on the dollar value for which a purchase order should be prepared.
Management Action Plan | Completion date |
---|---|
Corporate Accounting and Financial Policy Division A CBSA directive will be written in consultation with the Contracting, Assets and Telecommunications Division to establish a dollar amount for which a purchase order would be required. |
December 31, 2008 |
The directive will be sent to branch managers and financial contacts in a communiqué. | December 31, 2008 |
Although all delegated managers interviewed completed the mandatory training, they did not all feel confident in exercising their roles and responsibilities under section 34 of the FAA.
The COCO model states that employees should have the necessary skills, knowledge and tools to support the achievement of organizational objectives. It follows that in order to appropriately exercise their delegated signing authorities, managers should be provided with sufficient training and/or desktop tools, such as checklists. Training and tools should be sufficient to allow managers to verify whether the goods and/or services were received or rendered as intended when they are signing under section 34 of the FAA.
According to the TB Policy on Delegation of Authorities, managers must undergo training prior to exercising their delegated authorities. The current requirement is a five-day classroom training course provided by the Canada School of Public Service. Before December 2006, managers had the choice of participating in either the five-day course or an online training course.
Audit interviews were conducted with approximately 10% of managers with delegated signing authority [ 3 ] in the sampled branches and regions to confirm their participation in and understanding of section 34 certification training. All interviewees had undergone mandatory training; however, the majority of interviewees were not satisfied with the training they received, especially those that had only participated in the online training course. The online training course was not sufficiently detailed to provide them with a strong understanding of their roles and responsibilities under section 34 of the FAA. Interviewees who had taken the five-day classroom course were more confident in their understanding of their roles and responsibilities than those who had only done the online training course; however, even the five-day training course only allocated a half day to the discussion of section 34 roles and responsibilities and did not cover the required material thoroughly. Most interviewees felt that supplementary or refresher training in a classroom format would be beneficial to them.
There was a lack of sufficient training and desktop tools available to delegated managers that would have provided them with detailed coverage of the managerial roles and responsibilities required to sign under section 34 of the FAA.
The transaction analysis, described in Section 3.5, illustrates that, for the most part, managers exercised their authority under section 34 appropriately for the transaction sample; however, the areas of non-compliance found in the transaction sample support the above finding and the interview statements made by managers.
As a result of insufficient training and tools, delegated managers may sign off on transactions without understanding the implications or payment may be made for goods and services not received. Furthermore, a lack of understanding of delegated manager roles and responsibilities could lead to non-compliance with the FAA and may result in removal of delegated authorities.
Recommendation
The Vice-President of the Comptrollership Branch should consider ways to strengthen section 34 training and desktop tools, such as checklists, for delegated managers to aid them in performing the section 34 certification.
Management Action Plan | Completion date |
---|---|
Corporate Accounting and Financial Policy Division A checklist will be developed to help delegated managers perform the section 34 FAA certification. |
March 31, 2009 |
Section 34 training will be developed and delivered to regional and HQ financial contacts who will in turn provide training to section 34 delegated managers. | March 31, 2009 |
CBSA policies and procedures were compliant with the governing legislation and TB policies and directives.
CBSA policies and procedures on the administration and exercise of section 34 certification should conform to the FAA and TB policies and directives. Any inconsistencies should be indicated and justified. It is CBSA's responsibility to ensure that the Finance and Administration Manual (FAM) published by the Comptrollership Branch and related bulletins are compliant with the FAA and the TB Policy on Delegation of Authorities.
CBSA policies and procedures were found to be compliant with the FAA and the relevant TB policies. CBSA bulletins were also reviewed and the elements related the exercise of delegated authorities under section 34 certification were consistent with the FAA and TB policies.
Specimen signature documents were properly completed, updated, signed, distributed and aligned with the incumbents' delegated authority.
The TB Policy on Delegation of Authorities and the FAM require that when a new appointee assumes the duties of a position of delegated authority, on an indeterminate or acting basis, that person may exercise the financial signing authorities of the position provided that the incumbent completes the required training and the necessary steps with respect to being issued a specimen signature document (SSD). An SSD is a document signed by the individual delegating authority and the incumbent receiving authority, either for a specified time period or on a standing basis.
The necessary steps for the issuance of SSDs include the following:
The audit reviewed 142 SSDs corresponding to the sampled/transactions and found the following:
As well, interviews conducted with a sample of 37 managers representing different levels of management confirmed that managers understood their roles and responsibilities with respect to the completion, withdrawal, cancellation, amendment, distribution, receipt and use of SSDs.
Sampled transactions were generally compliant under section 34 of the FAA.
The 142 transactions sampled for the audit were evaluated against the criteria outlined in Appendix A, namely that the incumbent had a valid SSD, that the appropriate supporting transaction documentation was maintained on file, that the certification met FAA requirements, that the invoice corresponded to the approval documentation and that the financial coding was appropriate.
As illustrated in Appendix A, sampled transactions were generally compliant with the evaluation criteria:
The audit noted that TB policies and directives did not state which documentation should be retained on file. The FAM did not require the BMSUs or regional offices to retain purchase orders, requisitions, contracts or receipts on file; it required only the invoice as documentation.
Gaps in directives relating to documentation requirements may result in no audit trail for monitoring purposes. An audit trail containing purchase orders, requisitions, contracts and receipts would help substantiate claims that these documents were reviewed prior to performing the section 34 certification, as required under the FAA.
If all steps required to carry out section 34 certification responsibilities are not performed, the consequences to the CBSA would include reputational risk and potential error or fraud. The CBSA may not receive goods or services as intended by the transactions.
Recommendation
The Vice-President of the Comptrollership Branch should ensure that the CBSA Finance and Administration Manual is updated to include a definition of the necessary documentation that should be retained by the branch management services units and regional finance offices to ensure sufficient evidence of section 34 certification is maintained on file.
Management Action Plan | Completion date |
---|---|
Corporate Accounting and Financial Policy Division The CBSA Finance and Administration Manual will be updated to identify the supporting documentation that should be retained by the branch management services units and regional finance offices to ensure sufficient evidence of the section 34 certification is maintained on file. |
March 31, 2009 |
The following table illustrates the results of the analysis conducted on a sample of 142 transactions drawn from the three regions and three branches subject to audit examination:
Transaction Analysis Criteria | Number of Instances of Compliance | % of Total Transactions |
---|---|---|
1. The incumbent had a valid Specimen Signature Document (SSD) | 140 / 142 | 99 % |
2. The following documents were on file: | ||
2a. The requisition | 113 / 142 |
80 % |
2b. The purchase order/contract | 118 / 142 | 83 % |
2c. Proof that goods/services were received/rendered | 118 / 142 | 83 % |
2d. The invoice | 141 / 142 |
99 % |
2e. The section 34 report | 142 / 142 | 100 % |
3. The section 34 certification complied with the following requirements: | ||
3a. The cost centre was valid | 140 / 142 |
99 % |
3b. The signature corresponded to the SSD | 140 / 142 |
99 % |
3c. The name of the incumbent was clearly printed | 120 / 142 |
85 % |
3d. The approved amount was within the incumbent’s limits | 142 / 142 | 100 % |
4. The invoice corresponded to approval documentation as follows: | ||
4a. The vendor information was the same on the purchase order and the invoice | 112 / 113* |
99 % |
4b. The quantity invoiced was the same as the quantity ordered | 113 / 113* |
100 % |
4c. The description of goods/services on the invoice was the same as on the contract/purchase order | 113 / 113* |
100 % |
4d. The invoice price corresponded to the price on the contract/purchase order | 113 / 113* |
100 % |
4e. The GST was correctly calculated | 140 / 142 |
99 % |
4f. The amount invoiced corresponded to the amount on the section 34 report | 142 / 142 |
100 % |
5. Financial coding used was appropriate. | 136 / 142 | 93 % |
* This criterion was evaluated only for the sample of transactions for which a purchase order was found on file. (142-29 = 113 transactions)
Acronym | Description |
---|---|
BMSU | branch management services unit |
CAS | Corporate Administrative System |
CBSA | Canada Border Services Agency |
COCO | Criteria of Control |
FAA | Financial Administration Act |
FAM | Finance and Administration Manual |
HQ | Headquarters |
MAF | Management Accountability Framework |
NFTC | National Financial Transaction Centre |
OCG | Office of the Comptroller General |
SSD | specimen signature document |
TB | Treasury Board |