Canada Border Services Agency
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > About the CBSA > Corporate documents

Institutional links

ARCHIVED - Audit of Acquisition Card Program

Warning This page has been archived.

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Internal Audit Report
January 2010

Table of Contents

Return to Top of Page

Executive Summary

Background

With the approval of the Government of Canada, departments and agencies started using acquisition cards in 1991. The cards were another cost-effective method for them to purchase and pay for low-value and low-risk goods or services. In 1997, Public Works and Government Services Canada renewed contracts with acquisition card-related service providers. In 1998, Treasury Board Secretariat (TBS) issued the Policy on Acquisition Cards, and in 1999 complemented it with the Acquisition Cards Program – Management Guide. TBS introduced the Directive on Acquisition Cards on October 1, 2009 which henceforth replaces its Policy on Acquisition Cards.

The Contracting, Assets and Telecommunications Division (CATD), which is part of the Comptrollership Branch, is responsible for managing the overall Acquisition Card Program at the Canada Border Services Agency (CBSA).

The CBSA's Acquisition Card Program has not been subject to an internal audit to date. However, after the Comptrollership Branch discovered an acquisition card fraud in 2007, the Internal Audit Directorate conducted a preliminary assessment of the risks associated with the overall management of acquisition cards. This audit of acquisition cards, which is part of the CBSA's Three-Year Risk-Based Audit Plan for fiscal years 2008–09 to 2010–11, stems from this assessment.

Objective and Scope

The objective of this audit was to determine whether the CBSA's acquisition card control framework was adequate and functioning as intended.

The scope of the audit was based on the examination of key control mechanisms and the overall management of the Acquisition Card Program. The audit was conducted from May to September 2009.

Statement of Assurance

This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.

Audit Opinion

The audit found that the acquisition card control framework, while still in draft, addresses all major areas recognizing that implementation issues are prevalent. Visible progress in strengthening the framework has been made this past year. Opportunities for improvement are required in the areas of: monitoring of transactions; proper exercise of the requirements under section 32 of the Financial Administration Act (FAA); access to up-to-date guidance for card users; and completeness of all cardholder application files.

Main Observations

An acquisition card control framework has been drafted for the CBSA but not yet approved by senior management. Many of the controls, however, were in place and operating as intended. Acquisition card guidance was provided to cardholders and managers through a 2006 acquisition card policy and the INSight bulletins. Some gaps in guidance were noted and management was in the process of updating the guidance documents to reflect the new Directive on Acquisition Cards from the TBS.

Over the past year, progress had been made to strengthen the process of issuing and controlling acquisition cards. No issues were found with the application process or the physical security of cards. However, the audit noted a number of gaps with respect to the documentation on file for proof of training and acknowledgement of responsibilities. Management had taken action during the course of the audit to address these concerns.

The acquisition card purchase process and reconciliation of the monthly acquisition card statements were working effectively, including managers' certification under section 34 of the FAA. In many cases, pre-authorization of purchases was not approved by the manager in writing. As well, the audit found that the Agency is not maximizing the broader use of the acquisition cards.

Various groups within the CBSA conducted monitoring of the acquisition card purchases. Overall, the approach to monitoring was considered rudimentary and there was a need to develop and implement a coordinated, risk-based process. Payments to the acquisition card service providers were made on a timely basis.

Management Response

The Audit of Acquisition Card Program report was found to be sound and accurate. The audit report recommendations are reasonable and steps have already been taken to address some of them.

It is noteworthy that the draft Key Controls Assessment, dated September 23, 2008, contained many additional areas where improvement could be made. Those sections that were not in the final version of the document were being addressed by the National Acquisition Card Coordinator before the audit was completed.

Return to Top of Page

Introduction

Return to Top of Page

Background

With the support and approval of the Government of Canada, departments and agencies began using acquisition cards in 1991. The cards were a cost-effective method to purchase and pay for low-value and low-risk goods or services. In 1997, Public Works and Government Services Canada renewed the contracts with acquisition card-related service providers. In 1998, Treasury Board Secretariat (TBS) issued the Policy on Acquisition Cards, and in 1999 complemented it with the Acquisition Cards Program – Management Guide. More recently, TBS introduced a Directive on Acquisition Cards effective October 1, 2009 which replaced the 1998 Policy on Acquisition Cards.

As of March 2009, the Canada Border Services Agency (CBSA) had 741 acquisition cards, of which 81% (599 cards) were being used in the regions. In the past three fiscal years, there have been between 60,000 and 65,000 acquisition card transactions annually. These purchases amounted to slightly over $17 million in 2006–07, nearly $23 million in 2007–08, and approximately $20 million in 2008–09.

The Contracting, Assets and Telecommunications Division (CATD), which is part of the Comptrollership Branch, is responsible for managing the overall Acquisition Card Program within the Agency. A National Acquisition Card Coordinator (NACC) was appointed in November 2008 to manage this responsibility; the incumbent works with regional and branch coordinators to meet the needs of their respective areas.

The NACC oversees the issuance of every acquisition card after reviewing the cardholder application. Once the service provider issues the card and upon completion of the required training by the card holder applicant, the NACC forwards the card through the regional or branch acquisition card coordinator to the applicant for acceptance. The NACC is also responsible for developing and distributing the CBSA's acquisition card policies and procedures, designing the training program for cardholders, monitoring card usage, cancelling cards as needed, and reporting on card usage practices and non-compliance cases to senior management within the CBSA.

The Corporate Accounting and Financial Policy Division (CAFPD), which is also part of the Comptrollership Branch, ensures prompt payment of the monthly balances by the National Financial Transactions Centre (NFTC) in Montréal, to the acquisition card issuers. It also manages the reconciliation for acquisition card expenditures.

Responsibility centre managers are responsible for identifying and justifying initial acquisition card applications, approving applications, pre-authorizing the purchases made using the cards, approving purchases in keeping with section 34 of the Financial Administration Act (FAA) and subsequently forwarding requests for payment processing to the NFTC.

Cardholders are individuals under whose name the acquisition card was issued. Acquisition cardholders must use the card in keeping with the Agency's policy and guidelines, and safeguard it in a secure place when the card is not in use.

The Comptrollership Branch has developed an acquisition card control framework, which is discussed below, and further explored in the three process diagrams (Appendix A).

Issuance and control of acquisition cards

When an operational need has been identified, a manager with delegated authority pursuant to section 34 of the FAA identifies and designates employees who should hold an acquisition card. The employee fills out an application and has it approved by the manager, who also determines the required credit limit. The application is reviewed by the regional/branch coordinator for completeness, including approval by the manager. The application is then forwarded to the NACC, who reviews it, and officially approves the issuance of an acquisition card by the financial institution. Whilst the card is issued in the employee name, the Agency is ultimately responsible for any purchases made on the card.

Payment and reconciliation of acquisition card transactions

Cardholders use their cards to make pre-authorized purchases in keeping with policies and procedures. Each purchase amount transaction is entered in the Corporate Administrative System (CAS), then checked against and matched to the monthly card statement. The signing authority reviews and approves the supporting documents, the monthly card statement and the report pursuant to section 34. The complete package is then forwarded to the NFTC, which posts the total expenditures to the cardholders' clearing account in CAS. CAFPD then generates a monthly monitoring report which would show cardholders with unmatched transactions, and their accounts with remaining outstanding balances.

In the report published in 2006 on the Proper Conduct of Public Business, the Office of the Auditor General recommended that the CBSA ensure that acquisition cardholders receive training on their responsibilities associated with acquisition card usage.

The CBSA has not conducted an internal audit of its Acquisition Card Program to date. However, in 2006, the Canada Revenue Agency (CRA), which also shares the CAS with the CBSA, found that acquisition card directives and guidelines were poorly communicated and understood, and that there was no official monitoring and training framework in place. The CBSA, created from the former Canada Customs and Revenue Agency, which became the CRA, did also inherit some of those challenges, when it became an agency in 2003.

In 2007, the Comptrollership Branch discovered an acquisition card fraud whereby the perpetrator had obtained and used the acquisition card fraudulently. Following this incident, the Internal Audit Directorate conducted a preliminary assessment of the risks associated with the overall management of the Acquisition Card Program; this assessment led to this acquisition card audit. The audit was also reflected in the CBSA's Three-Year Risk-Based Audit Plan for fiscal years 2008–09 to 2010–11.

Return to Top of Page

Risk Assessment

A preliminary risk assessment, the objective of which was to facilitate audit planning and identify potential priorities and areas to be monitored, identified the following three main areas of risk:

  • Adequacy of the control framework – risks may not be adequately mitigated.
  • Control effectiveness – the key controls put in place may not be working as intended.
  • Monitoring effectiveness – risk-based monitoring may not be done within the Agency.
Return to Top of Page

Audit Objective and Scope

The objective of this audit was to determine whether the CBSA's acquisition card control framework was adequate and functioning as intended.

The scope of the audit was based on the examination of key control mechanisms and the overall management of the Acquisition Card Program. The audit was conducted from May to September 2009.

A sample of acquisition card purchases made Agency-wide between April 2008 and January 2009 was used to assess whether cards were issued and controlled properly, payments were made promptly, and that accounts were reconciled in keeping with CBSA and TBS policies. The audit also provided an opportunity to confirm whether the purchases were lawful, and that the acquisition card purchase amounts had been reconciled in a timely fashion with the corresponding monthly statements.

The audit team visited the offices where the volume and value of purchases were particularly high: the Innovation, Science and Technology Branch and the Enforcement Branch (Headquarters); and the three selected regions: the Northern Ontario, Greater Toronto and Pacific regions. The audit team also visited the NFTC in Montréal, where the acquisition card transactions are processed for payment; and CAFPD and the office of the NACC.

Return to Top of Page

Approach and Methodology

The following approach was used for the audit:

  • Reviewed the CBSA's and TBS' policies and procedures, and all other relevant documents on acquisition cards;
  • Interviewed members of the CAFPD, the CATD, regional and branch card coordinators, cardholders and their respective responsibility centre managers;
  • Analyzed the mechanisms in the CBSA's acquisition card control framework to determine whether they were working properly;
  • Analyzed a representative sample of the transactions conducted between April 1, 2008 and January 31, 2009 to ensure that the expenditures made using acquisition cards complied with the policy, and procedures were accurate, complete and properly recorded;
  • Examined a random sample of 95 acquisition card application files from 2003–04 to 2008–09 to ensure completeness of required documentations; and
  • Conducted a preliminary analysis of a sample of 24,000 transactions posted in CAS between September and December 2008 to determine low-value purchases made through means other than using an acquisition card.
Return to Top of Page

Audit Criteria

The audit criteria used as part of this audit are summarized in Appendix B.

Return to Top of Page

Statement of Assurance

This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.

Return to Top of Page

Audit Opinion

The audit found that the acquisition card control framework, while still in draft, addresses all major areas recognizing that implementation issues are prevalent. Visible progress in strengthening the framework has been made this past year. Opportunities for improvement are required in the areas of: monitoring of transactions; proper exercise of the requirements under section 32 of the Financial Administration Act (FAA); access to up-to-date guidance for card users; and completeness of all cardholder application files.

Return to Top of Page

Findings, Recommendations and Management Action Plans

Return to Top of Page

Acquisition Card Control Framework

An acquisition card control framework has been drafted for the CBSA but not yet approved by senior management. Many of the controls, however, were in place and operating as intended. Acquisition card guidance was provided to cardholders and managers through a 2006 policy and the INSight bulletins. Some gaps in guidance were noted and management was in the process of updating the guidance documents to reflect the new Directive on Acquisition Cards from the Treasury Board Secretariat (TBS).

It is important for acquisition card usage to be governed by a control framework that includes comprehensive and integrated policy, procedures and guidelines. This means that cardholders and their responsibility centre managers will have a series of appropriate guidance documents and tools to enable them to conduct their administration of the acquisition cards processes in compliance with TBS and CBSA policy and directives.

The CBSA had prepared an acquisition card control framework which includes key controls. The control framework was considered adequate by the audit; however, it had not yet been approved by senior management. Even though the control framework was not officially implemented, many of the controls were in place and operating effectively (Appendix C). It should be noted that significant progress has been made on the acquisition card controls over the past year. Nonetheless some issues still exist with acquisition cards and management had put a plan in place in September 2009 to address those remaining issues.

The audit found that a CBSA policy for acquisition cards in effect during the audit period was dated February 2006. Further guidance to managers and acquisition cardholders was provided through the INSight bulletins as new issues emerged. The 2006 policy included items such as the requirements to follow for obtaining acquisition cards; clarification of the roles and responsibilities of the NACC, the cardholders and their responsibility centre managers; as well as a list of card purchase restrictions and the requirement to monitor card transactions.

Management was in the process of updating its guidance since the TBS had issued a Directive on Acquisition Cards, effective October 1, 2009. In early October 2009, acquisition cardholders and responsibility centre managers have had an updated version of departmental procedures on obtaining, changing, and cancelling acquisition cards, and on their responsibilities if acquisition cards are lost or stolen.

Audit work, such as examining guidance documents and conducting interviews, showed that current guidance was not clear or complete for the following:

  • Pre-authorization requirement under section 32 of the FAA which is also discussed further in the Acquisition Card Purchases section;
  • Restrictions on the use of acquisition cards for high-risk services such as installation costs of security systems and antennas, and for bottled water;
  • Process to account for goods when acquisition cards are used to purchase capital assets. In general, acquisition cards cannot be used to buy capital assets, or parts of capital assets, as they are valued at more than $10,000;
  • Circumstances for using an acquisition card such as expenditures related to a corporate asset;
  • Process to return an acquisition card to the departmental Acquisition Card Coordinator when an employee cardholder leaves;
  • Acquisition cardholders are prohibited from exercising their delegated authority to pay the balance of their acquisition cards concurrently with respect to sections 33 and 34 of the FAA; and
  • Procedure to follow for refunds or credits for purchases made using acquisition cards.

In the absence of effective guidance, the safeguarding and use of acquisition cards may be inadequate or inappropriate and could result in embarrassment and/or financial costs to the CBSA.

Recommendation

1. The Vice-President of the Comptrollership Branch should finalize the acquisition card control framework and provide acquisition cardholders and their responsibility centre managers with a clear, complete and up-to-date policy, procedures and guidelines to address the issues raised in this audit and to be consistent with the new TBS directive.

Management Action Plan Completion Date

Obtain Vice-President approval of the acquisition card control framework:

  • An "audit readiness working group committee" meeting will be held in March 2010, whereby the framework will be distributed to each branch representative for presentation to their respective Vice-President for formal approval/sign-off.
 March 2010
The approved acquisition card control framework will be published on the Comptrollership Web site with other frameworks. May 2010
Create list to accompany CBSA Acquisition Card Policy of what can and cannot be purchased with the acquisition card
  • INSight Bulletin article
  • Publication on Comptrollership intranet site
  • Memo to branch and regional acquisition card coordinators
 January 31, 2010
Update and distribute CBSA Acquisition Card Policy
  • Ensure CBSA policy is updated to reflect changes in TBS acquisition card directives since last policy was released
  • Publish INSight Bulletin articles highlighting changes in CBSA Acquisition Card Policy
  • Send memo to branch and regional acquisition card coordinators highlighting changes to the policy
  • Publish policy on Comptrollership intranet site
 March 31, 2010
Return to Top of Page

Issuance and Control of Acquisition Cards

Over the past year, progress had been made to the process of issuing and controlling acquisition cards. No issues were found with the application process or the physical security of cards. However, the audit noted a number of gaps with respect to the documentation on file for proof of training and acknowledgement of responsibilities. Management had taken action during the course of the audit to address these concerns.

The issuance and control of acquisition cards is important because it ensures that only authorized individuals receive a card and that they have received the appropriate training on using the card appropriately for making purchases through to reconciling of the monthly statements. The control process should also ensure physical security of the acquisition cards and appropriate procedures when cards are cancelled or a person resigns from a position that requires a card.

To ensure that acquisition card application files were complete, the audit examined a random sample of 95 applications approved from fiscal year 2003–04 to 2008–09. The results of this review showed that there were weaknesses in the completeness of the acquisition card files. Appendix D summarizes the test results. During subsequent interviews with cardholders and the NACC, confirmation was received that steps were being taken to complete acquisition card application files on a priority basis and in many cases training was taken, but not documented. In September 2009, the NACC implemented a plan to address the missing documentation on files, commencing with the application files for the most recent years.

The following was noted:

  • Thirteen percent of files contained proof that the acquisition card applicants had received training on the acquisition card policy, which is prerequisite training for obtaining an acquisition card. Most cardholders indicated that they had taken the training even though the documentation was not on file. The NACC provided plans to address the documentation issue by ensuring that cardholders provide proof of training or undertake the required training this fiscal year.
  • Four percent of files contained proof that the applicant had successfully completed the training on Role 37 of the CAS. This training is a new requirement and considered essential for the monthly reconciliation process. Previously, cardholders completed WBRO[ 1 ] training. Successful completion of Role 37 training was also initiated for all acquisition cardholders this fiscal year.
  • During the field visits, the audit team interviewed a total of 26 cardholders on whether or not they had received policy and system (CAS or WBRO) training, prior to obtaining an acquisition card. All 26 cardholders confirmed that they had been provided training on the policy requirements and the use of CAS or WBRO systems.
  • In terms of requests to increase credit limits, 14 of the 17 applicable files contained proper justifications on file.
  • Eighteen and 84 percent of these files contained the forms Employee Acknowledgement of Acquisition Card Responsibilities and the Responsibility Centre Manager Acknowledgement of Acquisition Card Responsibilities, respectively. As previously discussed, work had begun to complete the missing acknowledgement documents. As such, if this form was not received, the NACC confirmed that the cardholder's acquisition card would be temporarily suspended.
  • In terms of applications to change or cancel acquisition cards, 63 files were affected. The audit found that 86 percent contained a completed Acquisition Card Change / Cancellation request (CBSA 102) form.

With respect to the application process for acquisition cards, no issues were noted during the audit and in all cases the manager with the delegated authority had approved the request.

On-site audit visits indicated that there were no instances where inactive acquisition cards were being used. All acquisition cardholders were supervised appropriately by their respective responsibility centre (RC) managers who would have been able to notify of cases of inappropriate use of inactive cards.

Based on interviews conducted in the field, the audit found that the departures of acquisition cardholders were not monitored uniformly within the Agency. The Northern Ontario and Pacific regions had an internal process for ensuring that acquisition cards were returned promptly when the employment of an acquisition cardholder ended in a responsibility centre.

In terms of the monitoring of credit limits on acquisition cards, the audit confirmed that steps had been taken to complete the review of credit limits on acquisition cards. The NACC, in collaboration with the acquisition card coordinator for the Innovation, Science and Technology Branch, launched a review of credit limits on active acquisition cards in that branch. When the review is completed, it should determine whether the credit limits are at a reasonable level, based on the volume of transactions carried out or whether it would be advisable to adjust the limits accordingly. Before this initiative was launched, managers had the discretion to review credit limits on acquisition cards in circulation in their responsibility centres.

The on-site audit visits did not find instances of non-compliance with respect to the safeguarding of acquisition cards when not in use. Recently, INSight Bulletin 25 issued August 2009 has provided further details regarding the requirements in this area. These measures should reinforce and strengthen the safeguarding required for all CBSA acquisition cards.

In summary, the shortcomings found in the files of acquisition cardholders could contribute to increasing the risk of non-compliance with TBS and CBSA policies, result in the inappropriate use of acquisition cards and provide inaccurate information relating to acquisition cardholders.

Recommendation

2. The Vice-President of the Comptrollership Branch should continue the efforts already in progress to ensure the completeness of all acquisition card application files.

Management Action Plan Completion Date
Create checklist in both official languages to verify completeness of files January 31, 2010
Implement checklist  
  • Verify each active file has a completed checklist
 March 31, 2010
  • Contact cardholders or managers for missing documentation if identified
 January 31, 2010
  • Ensure that all new files have a checklist and contain all required documentation
 March 31, 2010
  • Distribute checklist to branch and regional acquisition card coordinators
 March 31, 2010
Return to Top of Page

Acquisition Card Purchases

The acquisition card purchase process and reconciliation of the monthly acquisition card statements were working effectively, including managers' certification under section 34 of the FAA. In many cases, pre-authorization of purchases was not approved by the manager in writing. As well, the audit found that the Agency is not maximizing the broader use of the acquisition cards.

Purchases of goods and services using acquisition cards are made every day at the CBSA. The process is initiated when the cardholder receives a request for purchase. This should include a written authority provided by the responsibility center manager. The cardholder maintains a record and documentation of all purchases, and at month end, reconciles the monthly card statement with entries into the CAS. The cardholder also generates a section 34 report for all purchases, with supporting documentation, for the RC manager's review and approval.

A sample of 137 acquisition card transactions selected from the NFTC between April 1, 2008 and January 31, 2009 were examined in terms of the approvals provided under sections 32 and 34 of the FAA, the month end reconciliation completed by the cardholders and the financial coding of transactions. The results are presented in Appendix E.

The audit found that section 34 certification and the monthly reconciliations of acquisition card statements were completed satisfactorily. No major incidents were noted during the conduct of this audit. Cardholders and their RC managers' knowledge in the use of acquisition cards contribute to the efficiency and the compliance of the CBSA Acquisition Card Program with the regulations in effect.

Given the existence of the Acquisition Card Program since 1991within the federal government, most of cardholders and their RC managers interviewed during the course of the audit possessed a sufficient amount of years of experience and familiarity with the requirements. However, the analysis of acquisition card transactions showed that the pre-authorization process (section 32 of the FAA) was not systematically used for all acquisition card purchases. An examination of supporting documents indicated that fifty-three percent (53%) of transactions were accompanied by written pre-authorization. Based on testimony gathered during interviews conducted in the field, some routine and low-value purchases, such as office supplies, were not necessarily pre-authorized every time or had documented blanket authority given for the year.

From the detailed analysis of the above-mentioned sample and of the supporting documents gathered during field visits, the audit noted coding errors in the use of general ledger accounts by cardholders. As such, the financial coding of some purchases was not reflecting the substance of the transactions and therefore was not corresponding to the definition of the general ledger account used in CAS. This miscoding could distort the accuracy of expenditure reports and/or financial projections on which responsibility centre managers base their budget and operational decisions.

The audit conducted a preliminary analysis of purchases under $5,000 limit, between September and December of fiscal year 2008–09, which were paid for by methods other than acquisition cards, such as cheques or petty cash. The objective was to determine if the Agency was taking full advantage of the acquisition card payment process. During that period close to 24,000 transactions amounting to approximately $5 million had been posted into CAS. The audit noted that the Agency was not taking full advantage of the Acquisition Card Program. The review indicated that about half of these transactions could have been paid using an acquisition card rather than by cheque or through petty cash. Consequently, this may result in costs associated with the issuance and processing of cheques, as well as loss of rebates available through the acquisition card payments.

Overall, the acquisition card purchase process and reconciliation of the monthly acquisition card statements were working effectively. Resolution of the issues identified would further strengthen the controls and improve the financial information of the Agency.

Recommendations

3. The Vice-President of the Comptrollership Branch should take action to ensure responsibility center managers are exercising appropriately their responsibilities under section 32 of the Financial Administration Act.

Management Action Plan Completion Date
Update the Acquisition Card Policy to provide guidance to managers and cardholders to ensure that the responsible manager exercises their delegated section 32 responsibilities prior to purchases being made with the acquisition card. Written authorization should be encouraged for all acquisition card purchases. March 2010


4. The Vice-President of the Comptrollership Branch should review the potential use of the acquisition card for allowable procurements under $5000.

Management Action Plan Completion Date
Communicate with all Agency RC managers to encourage the use of the acquisition card for all allowable procurements under $5,000
  • INSight Bulletin article
  • Publication on Comptrollership Intranet site
  • Memo to branch and regional acquisition card coordinators
 January 31, 2010
Educate cardholders and management
  • Articles for INSight Bulletin
  • Publication of information on Intranet site
  • Memo to branch and regional acquisition card coordinators
  • Communication with management and cardholders to facilitate maximization of acquisition card use
 May 1, 2010
Return to Top of Page

Monthly Payment and Monitoring

Various groups within the CBSA conducted monitoring of the acquisition card purchases. Overall, the approach to monitoring was considered rudimentary and there was a need to develop and implement a coordinated, risk-based process. Payments to the acquisition card service providers were made on a timely basis.

The success of the CBSA's Acquisition Card Program is based on the timely payment of the monthly acquisition card statements and on a risk-based financial transaction monitoring process. This monitoring is important to provide management with assurances that only legitimate purchases are being made with the acquisition card and cardholders are fulfilling their monthly reconciliation responsibilities.

No issues were found with respect to the payment of the monthly acquisition card statement. Payments were timely and enabled the CBSA to take advantage of the rebates offered by the service providers.

The Corporate Accounting and Financial Policy Division (CAFPD) monitored the reconciliation of the accounts of acquisition cardholders. The audit found that all transactions which had not been reconciled within 90 days were brought to the attention of the cardholder, and their RC manager. The cardholder was required to complete the reconciliation within 10 working days. If the situation was not resolved, the CAFPD contacted the office of the NACC to temporarily suspend the acquisition card.

The audit found that payments and the reconciliation process of acquisition card purchases with the monthly card statements was effective. Cardholders and their RC managers were following the required procedures. CAFPD was monitoring the reconciliation process in CAS and communicating the results with the NACC and the regional or branch card coordinators, as necessary.

The monitoring conducted by the office of the NACC was initiated in June 2009 and involved spot checks of acquisition card purchases to verify that purchases were valid. The process was rudimentary and not based on a documented methodology and required development in terms of depth, scope and frequency. Furthermore, analysis of results was not conducted which would help determine the cause and common types of errors that were occurring, so that appropriate corrective measures could be undertaken.

The NFTC conducted risk-based monitoring of all transactions carried out by the Agency as part of their section 33 monitoring. Transactions from acquisition cards were included in their sample. While the results of the monitoring were reported to Comptrollership Branch, the information on the acquisition card transactions was not tracked. As such, the results of this monitoring were not available to the NACC. Although these two monitoring activities were conducted separately, they potentially involved the same transactions. The monitoring results from the CAFPD were shared with the NACC.

The rudimentary post-purchase review and absence of coordinated monitoring could result in duplication of effort, non-permissible purchases being undetected and transactions issues not corrected promptly.

Recommendation

5. The Vice-President of the Comptrollership Branch should review monitoring processes for acquisition cards and implement an approach to monitoring that is coordinated and risk-based.

Management Action Plan Completion Date
Develop a standardized statistical sampling rate June 1, 2010
Develop a standardized monitoring and auditing  method
  • Create a monitoring and auditing standard that neither duplicates or overlooks any key area of auditing and monitoring
 June 1, 2010
Create a communication strategy
  • Develop a communication strategy that will facilitate the sharing of findings and information
 June 1, 2010
Implement standardized monitoring and auditing
  • Train branch and regional acquisition card coordinators on monitoring
  • Review process after first month of complete implementation

June 30, 2010

July 30, 2010
Create internal training manual
  • Create internal training manual for monitoring in order to ensure staffing planning and training
  • Distribute to branch and regional acquisition card coordinators
 January 31, 2010
Return to Top of Page

Appendix A: Acquisition Card Control Framework Process Maps

Appendix A is also available in PDF (29.8 KB) [help with PDF files]

Issuance and Control of Acquisition Cards

  1. Manager with delegated authority selects cardholder and required credit limit
  2. Cardholder completes application form
  3. Application form is approved by manager with delegated authority*
  4. Application reviewed by Regional/Branch Coordinator for completeness and verifies approval by manager with delegated authority
  5. National Acquisition Card Coordinator (NACC) reviews application and authorizes issuance of card*
  6. Credit card company issues acquisition card
  7. NACC monitors activity on the cards and for inactivity of acquisition cards and changes, such as termination, etc.*
  1. Manager with delegated authority selects cardholder and required credit limit
  2. Cardholder completes application form
  3. Application form is approved by manager with delegated authority*
  4. Application reviewed by Regional/Branch Coordinator for completeness and verifies approval by manager with delegated authority
  5. National Acquisition Card Coordinator (NACC) reviews application and authorizes issuance of card*
  6. Credit card company issues acquisition card
  7. NACC checks card and holds until cardholder provides proof of AC Policy and CAS training
  8. Acquisition card forwarded to Branch/Regional Coordinator
  9. Cardholder receives acquisition card and acknowledges responsibilities and ensures safekeeping when not in use
  10. NACC monitors activity on the cards for inactivity of acquisition cards and changes, such as termination, etc.*

* Key controls

Acquisition Card Purchases

  1. The cardholder receives the request and approval for the acquisition (section 32).*
  2. The cardholder makes the acquisition.
  3. The acquisition is accounted for in the CAS.
  4. The cardholder keeps a record of all purchases and reconciles the amounts appearing in the CAS with those on the monthly statement.*
  5. The cardholder prepares a report pursuant to section 34 and submits it to his or her manager along with all supporting documents. The manager will examine these documents and sign the report.*
  6. When it receives approved files, the NFTC charges the acquisitions to the applicable cardholder’s account and to the appropriate expenditure account.

* Key controls

Payment and Reconciliation of Acquisition Card Transactions

  1. The NFTC receives the consolidated monthly statements from credit card companies.
  2. The NFTC pays the full amount on the consolidated statement.
  3. The NFTC classifies the payments in the CAS by Client Departmental Office in the regions or branches.
  4. Regional finance/corporate accounting managers distribute the payments in CAS amount the accounts of various cardholders.
  5. If the payment made matches the expenses declared by the cardholder, the account is considered paid.*
  6. The NACC monitors the use of the card and the types of transactions to ensure compliance with the policy.*
  1. The NFTC receives the consolidated monthly statements from credit card companies.
  2. The NFTC pays the full amount on the consolidated statement.
  3. The NFTC classifies the payments in the CAS by Client Departmental Office in the regions or branches.
  4. Regional finance/corporate accounting managers distribute the payments in CAS amount the accounts of various cardholders.
  5. If the payment made by a cardholder does not match the expenditures reported by this cardholder,
  6. The cardholder must take the necessary steps to solve the problems with his or her account.
  7. Corporate Accounting checks whether there are unresolved issues on the statement and follows up with the cardholder or his or her manager. If the problem persists for more than 90 days, the acquisition card will be suspended.*
  8. The cardholder must take the necessary steps to solve the problems with his or her account.

* Key controls

Return to Top of Page

Appendix B: Audit Criteria

The following audit criteria were used for the audit engagement.

Lines of Enquiry Audit Criteria
1.0 Issuance and control of acquisition cards
  • Policies, procedures or guidelines governing the use of acquisition cards are in place, including criteria to issue cards and establish credit limits.
  • Managers and cardholders have the knowledge in the use and processing of acquisition card transactions.
  • Requests for acquisition cards and their use are warranted.
  • Changes to or cancellation of acquisition cards are promptly completed.
  • Acquisition cards are monitored for inactivity, and appropriate action taken.
  • Acquisition cards are kept secured, when not in use.
2.0 Purchases
  • Acquisition card purchases are approved prior to purchase (section 32 of the FAA).
  • Cardholders and managers perform the verification steps pursuant to section 34 of the FAA.
  • Acquisition card purchases are monitored for compliance with policies, procedures and guidelines.
3.0 Payment and reconciliation
  • Cardholders reconcile acquisition card purchases to their monthly card statement.
  • Monthly consolidated payments to card companies are reconciled to the acquisition purchases verified pursuant to section 34 of the FAA.
  • Corporate Accounting verifies the consolidated statements against the cardholder's monthly statement.

Appendix C: Assessment of the CBSA Acquisition Card Control Framework

Return to Top of Page
  Controls Assessment

I – Issuance and Control of Acquisition Cards
1 Application Process - The coordinator reviews the application form for completeness and validates the manager's signature against the corresponding Delegation of Authority signature card. Satisfactory
2 Card Issuance and Activation - Acquisition card information is jointly verified, and any errors are reported by the manager to his/her respective coordinator who in turn will report to the Designate. Satisfactory
3* NACC verifies the card and holds it until proof of training on AC policy and CAS Role 37 is received from the applicant. Partially Satisfactory
4* Cardholder receives acquisition card and acknowledges responsibilities. Partially Satisfactory
Cardholder ensures safekeeping of the acquisition card when not in use. Satisfactory
5 Making a Change to an Acquisition Card - The coordinator receives the form and ensures its completeness, and verifies the manager's signature relative to the appropriate signature card. In the event that there is an error, the form is sent back to the manager for correction. Partially Satisfactory

II – Purchases
6* Cardholder receives request and approval to purchase (section 32). Partially Satisfactory
Cardholder maintains record of all purchases and reconciles monthly card statement with CAS entries. Satisfactory
Cardholder generates Section 34 Report, provides all supporting documentation for manager's review and signature. Satisfactory
7 Policy Section Approval - Access to the card company Web site is restricted via a unique user login id and password. Satisfactory
8 Acquisition Card Purchases - Upon receipt of the approval package, the manager performs the verification steps (section 34) as outlined in CBSA's Finance Volume - Chapter 8: Account Verification and Payment Requisitioning. Satisfactory
Acquisition Card Reconciliation - The manager then carries out the duties assigned in the Reconciliation Checklist included in the Manager's Responsibilities package. If any errors are discovered the package is returned to the cardholder for correction and once the corrections have been made, the package is resubmitted to the manager for approval. Satisfactory

III – Payment and Reconciliation
9 Monitoring for Policy Compliance – NACC will download transactional information by cardholder from the card company's Web sites and a sample will be selected for testing compliance of purchased goods/services relative with the acquisition card policy. Partially Satisfactory
10* NACC monitors activity on card and for inactive acquisition cards and changes, such as termination, etc. Satisfactory
11* Where payment by cardholder matches the expenditures posted by cardholder, the account is cleared. Satisfactory
12 Investigate Open Items - At the end of each month, the local office and the Regional Accounting Office/Business Management Services Unit are responsible for clearing open item acquisitions made with the acquisition cards. Satisfactory

Legend and Definition of Ratings

*Five additional controls were identified by Internal Audit Directorate upon review of the CBSA acquisition cards control framework, and these were assessed as part of this audit.

  • Satisfactory – Control is functioning as intended.
  • Partially Satisfactory – Control is functioning for some areas but not all, or some elements of control are functioning as intended.
  • Not Satisfactory – Control is not functioning as intended.

Appendix D: Results of the Analysis of the Sample of 95 Acquisition Card Files

Return to Top of Page
  Number of files Percentage
Number of application forms included in cardholder files 50 53%
Number of application forms not included in cardholder files 45 47%
Total selected sample 95 100%
 
Acquisition Card Change/Cancellation Request forms (CBSA 102) not completed 9 14%
Acquisition Card Change/Cancellation Request forms (CBSA 102) completed 54 86%
Total applicable files 63 100%
 
Number of cases where the credit limit was justified 14 82%
Number of cases where the credit limit was not justified 3 18%
Total applicable files 17 100%
 
Number of files containing a training certificate 12 13%
Number of files not containing a training certificate 83 87%
Total files involved 95 100%
 
Number of files containing proof of successful completion of the CAS training 4 4%
Number of files not containing proof of successful completion of the CAS training 91 96%
Total files involved 95 100%
 
Number of files containing Employee Acknowledgement of Acquisition Card Responsibilities (CBSA 105) forms. 17 18%
Number of files missing CBSA 105 forms. 78 82%
Total files involved 95 100%
 
Number of files containing Responsibility Centre Manager Acknowledgement of Acquisition Card Responsibilities forms. 80 84%
Number of files missing Responsibility Centre Manager Acknowledgement ofAcquisition Card Responsibilities forms. 15 16%
Total files involved 95 100%

Appendix E: Summary of the Analysis of the Sample of 137 Transactions

Return to Top of Page
  Number of transactions Percentage
Size of the total sample of transactions 137 100%
 
Review of compliance with section 32 of the FAA:
Authorization documents (section 32) not included in files 78 57%
Authorization documents (section 32) included in files 59 43%
Total number of transactions involved 137 100%
 
Authorization documents (section 32) subsequently obtained:
Verbal authorization 29 37%
Written authorization 14 18%
No response from acquisition cardholders 30 40%
Confirmation of existence of an authorization document, but no copy available 4 5%
No authorization document available 1 1%
Total number of transactions involved 78 100%
 
Other reviews:
Monthly cardholder account statements not included in files 48 35%
Monthly cardholder account statements included in files 89 65%
Total number of transactions involved 137 100%
 
Invoices not included in files 2 1%
Invoices included in files 135 99%
Total number of transactions involved 137 100%
 
Type of errors found:
Incorrect use of general ledger account 12 9%
Acquisition anomalies (high-risk purchases) 5 4%
Weaknesses in the authorization pursuant to section 34 4 3%
Cardholders not keeping written track of transactions in their files 2 1%

Appendix F: List of Acronyms

Acronym Description
CAFPD Corporate Accounting and Financial Policy Division
CAS Corporate Administrative System
CATD Contracting, Assets and Telecommunications Division
CBSA Canada Border Services Agency
FAA Financial Administration Act
NACC National Acquisition Card Coordinator
NFTC National Financial Transaction Centre
RC Responsibility Centre
TBS Treasury Board Secretariat of Canada
WBRO Web Based Rapid Order

Notes

  1. Until March 31, 2008, Web Based Rapid Order (WBRO), an e-procurement tool, was the application used for purchases and reconciliations. [Return to text]
Date Modified: 2010-04-16

Top of Page
Important Notices