Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Financial & Administrative Audit - Chief Executive Officer Directorates

Final Report
December 2010

Prepared by:
Interis Consulting Inc.

Table of Contents

Summary

1. Background

2. Objectives and Scope

3. Methodology

4. Statement of Assurance

5. Conclusion

6. Observations and Recommendations

6.1. Management Control Framework (MCF)
6.2. Hospitality and Food Expenses
6.3. Telecommunication
6.4. Payments to Suppliers
6.5. Contracting
6.6. The Use of Acquisition Cards
6.7. Expenditures on Travel
6.8. Inventory
6.9. Coding

Report presented to the Parks Canada Audit Committee at the meeting of March 16th, 2011 and approved by the Chief Executive Officer.

Printable Version (PDF: 479 Kb)


Note: To read the PDF version you need Adobe Acrobat Reader on your system.

If the Adobe download site is not accessible to you, you can download Acrobat Reader from an accessible page.

If you choose not to use Acrobat Reader you can have the PDF file converted to HTML or ASCII text by using one of the conversion services offered by Adobe.



Summary

Parks Canada Agency (Parks Canada, PCA) conducts cyclical audits of key financial, administrative and management practices in the field units, service centers and various branches at the national office and in the regions. The audits are based on compliance with the policies and practices of the Treasury Board (TB) and the Parks Canada Agency. Besides the Chief Executive Officer’s office, this report covers 5 other groups reporting directly to the CEO but managing separate fund centers. The nature and the reduced number of transactions taking place within these entities allowed for their grouping under one audit. This report complete the first cycle of financial and administrative audits conducted at Parks Canada.

The mandate of the Office of Internal Audit and Evaluation at Parks Canada is to provide independent assessments of risk management strategies and practices, management control frameworks and practices, and information used for decision-making and reporting in accordance with the TB Policy on Internal Audit. These assessments are provided through audit engagements, where the internal auditor is required to issue a report that contains an overall conclusion in relation to specific and suitable criteria.

The objective of this audit is to provide senior management and the audit committee with assurance that the financial information and administrative procedures within the Chief Executive Officer Directorates are consistent with the financial, administrative and management practices and policies in place at Parks Canada.

The audit included a review of the management control framework (MCF) for financial management as well as key processes in the following financial areas: hospitality and food expenses, telecommunication, payments to suppliers, contracting, use of acquisition cards, travel expenses, inventory and financial coding. This audit covered the period from January 1, 2010 to Nov 9, 2010.

The audit methodology consisted of a review of relevant vouchers and documentation, interviews with PCA staff at the National Office and at the Ontario Service Centre, and testing of transaction controls in the financial areas noted above. A site visit was conducted at the Ontario Service Centre in Cornwall, between November 5, 2010 and November 9th, 2010.

In general, we determined that adequate and appropriate financial and administrative controls are in place and functioning within the CEO’s Directorates. However, some changes and improvements are required regarding the review process prior to payment approval of invoices, and in the areas of Inventory Management, Telecommunications, Contracting and Travel to strengthen the system and controls in place and increase the level of compliance with TBS and PCA policies.

Audit Report Rating Summary:
Ref. Management Process Rating
6.1 Management Control Framework Blue - Minor improvements needed
6.2 Hospitality and Food Expenses Green - Controlled
6.3 Telecommunication Yellow - Moderate improvements needed
6.4 Payments to Suppliers Blue - Minor improvements needed
6.5 Contracting Yellow - Moderate improvements needed
6.6 Acquisition Cards Green - Controlled
6.7 Travel Yellow - Moderate improvements needed
6.8 Inventory Orange - Significant improvements needed
6.9 Coding Green - Controlled

Below is our list of recommendations to the Chief Executive Officer Directorates:

Management Control Framework

1)
Key financial transaction processes and procedures (such as those discussed in Sections 6.2 through 6.9) should be documented, shared and consistently applied within the Directorates by administrative staff. They should be consistent with PCA and TB policies and act as a reference for all administrative staff.

Telecommunication

2)
To conform to the Policy on the Use of Cellular and Other Mobile Wireless Devices, managers should ensure that:

  • they are documenting user requirements for cellular phones prior to the purchase being authorized;
  • employees are signing the Acknowledgement of User Responsibility Form when they receive their cellular device.
The user requirements and acknowledgement of user responsibility documentation should be included with the folder for the acquired devices.

3)
Individual users and managers should consistently sign or initial their personal telecom invoice’s call list on a monthly basis to indicate that they have reviewed and approved the amount of personal calls to be reimbursed, if necessary, to the government (even when there are no personal calls on a particular month’s invoice).

Payments to Suppliers

4)
For all expenses over $1,000 the Financial Officer should ensure that the payment file documentation is strengthened to ensure that evidence supporting the commitment of funds such as a Purchase Order, contract or contract amendment is included in the payment file and properly approved under S.32 of the FAA, prior to authorizing payment.

Contracting

5)
In collaboration with the chief financial officer, a clarification should be made regarding the appropriate method of delegation and the level of authority to grant or amend a contract to avoid any confusion in the practice of power of authorities.

6)
For sole source contracts, justification must be maintained on file. The administrative officer must ensure that proper documentation is included on all files providing justification and advantages of signing the contract on a sole source basis.

Travel

7)
The Administrative Officer should ensure that a Travel Authority and Advance (TAA) is:
  • Properly authorized prior to trip including the name of the traveler and estimated cost.
  • Approved by the appropriate manager under Sec.34 prior to the trip.

Inventory

8)
Each Administrative Officer within the CEO’s Directorates should ensure that:
  • All inventory, by fund centre, is recorded and maintained in STAR;
  • Periodic inventory counts are planned, count procedures are established, and counts are executed; and,
  • Managers monitor and periodically report to their Administrative Officer on inventory items valued between $1,000 and $10,000 and attractive items valued at less than $1,000 within their cost centre.

1. Background

Parks Canada Agency (Parks Canada, PCA), an agency of the federal government, is mandated to protect and present Canada’s nationally significant natural areas and commemorate significant aspects of Canadian history. The agency’s key accountabilities are to ensure the ecological and commemorative integrity of Canada’s systems of national heritage places and to strengthen pride in Canada’s natural and cultural heritage.

The mandate of the Office of Internal Audit and Evaluation at Parks Canada is to provide independent assessments of risk management strategies and practices, management control frameworks and practices, and information used for decision-making and reporting in accordance with the Treasury Board Secretariat’s Policy on Internal Audit. These assessments are provided through audit engagements, where the internal auditor is required to issue a report that contains an overall conclusion in relation to specific and suitable criteria.

Parks Canada conducts cyclical audits of key financial, administrative and management practices in the field units, service centers and various branches at the national office and in the regions. The audits are based on compliance with the policies and practices of the Treasury Board Secretariat (TBS) and the Parks Canada Agency. The Financial and Administrative Audit of the Chief Executive Officer Directorates was conducted as part of this cyclical audit program.

At the time of the audit, there were four permanent directorates in the Chief Executive Officer (CEO) group:

  • The Office of the CEO of Parks Canada;
  • Ombudsman;
  • Office of Internal Audit and Evaluation;
  • Aboriginal Affairs Secretariat;

Two additional directorates, the Ontario Priority Initiatives group, and the Group of Heads of Federal Agencies were also included. The former will cease to exist as of January 2011. The latter is the secretariat of the community located with the Agency for the duration of Parks Canada’s CEOs chairmanship of the community (i.e., until, the end in 2013).

All employees of the CEO Directorates, with the exception of the ombudsman, work at the National Office in Gatineau, Quebec including administrative staff. Financial Officers are located in the Ontario Service Centre in Cornwall, Ontario, where financial processing is completed.

2. Objectives and Scope

As part of the annual review process, the objective of this audit is to provide senior management and the audit committee with assurance that the financial information and administrative procedures within the CEO’s Directorates are consistent with the financial, administrative and management practices and policies in place at Parks Canada.

The scope of the audit included the following topic areas across all organizational elements that fall under the Chief Executive Officer Directorates:

  • Management Control Framework (MCF)
  • Hospitality and Food Expenses
  • Telecommunication
  • Payments to Suppliers
  • Contracting
  • Acquisition Cards
  • Expenditures on Travel
  • Inventory
  • Coding

Financial elements within these topic areas were tested for compliance with the Financial Administration Act.

It should be noted that the audit did not involve accessing or disclosure of confidential of information retained by the Office of the Ombudsman (i.e., the focus was on operations within the office). In addition, as the Office of Internal Audit and Evaluation forms part of the CEO’s Directorates, in order to preserve impartiality, personnel from that office were not involved in the audit conduct or report writing except for the production of the management response to the recommendations.

3. Methodology

Parks Canada Agency developed the audit program for this audit, however to ensure impartiality, the audit was conducted by an independent third party. Interis followed a standard audit methodology during the conduct and reporting of this engagement, which is consistent with TBS’ Internal Audit Policy and the Institute of Internal Auditor’s (IIA) professional standards. The methodology used has three main phases:

  • Phase 1: Planning
  • Phase 2: Fieldwork
  • Phase 3: Reporting

Planning: Interis employed the audit program and audit tools (interview guides, testing checklists and criteria descriptions) already developed by Parks Canada for this audit.

Fieldwork: During the fieldwork phase, a series of interviews with relevant PCA staff was conducted across all organizational elements that fall under the Chief Executive Officer Directorates to understand roles and responsibilities assess the level of awareness and understanding of relevant PCA policies and procedures, and assess compliance of processes in use to documented procedures, roles and responsibilities.

In addition, testing of sample transactions, including inspection, observation, enquiry, confirmation, computation and analysis were performed in accordance with the audit program. The transaction sample used sorted data from STAR and is based on a proportional and judgmental selection for transactions relating to the areas covered in the audit. The documentation supporting the items selected was tested at the Ontario Service Centre in Cornwall and examined on site. The visit was made to the OSC between November 5th and 9th to examine the items processed there. Additional testing of remaining contracts was carried out at the National Office between November 18th and the 22nd.

Findings were analyzed and conclusions, impacts and recommendations were developed. The analysis, conclusions and recommendations are supported by sufficient, quantifiable and/or persuasive evidence, all of which are organized into comprehensive working papers, for the review and retention of Parks Canada. All working papers were prepared in accordance with the IIA’s professional standards related to the Performance of Work and were reviewed internally for their compliance with these standards.

Reporting: During the reporting phase, the audit report was prepared in accordance with Parks Canada’s Office of Internal Audit and Evaluation reporting standards and format. Constructive solutions to identified weaknesses are recommended and linked to the findings outlined in this report. Our observations and recommendations have been made in accordance with the Audit Reporting Rating System described below.

Audit Report Rating System
Red Unsatisfactory Controls are not functioning or are nonexistent. Immediate management actions need to be taken to correct the situation.
Orange Significant improvements needed Controls in place are weak. Several major issues were noted that could jeopardize the accomplishment of program/operational objectives. Immediate management actions need to be taken to address the control deficiencies noted.
Yellow Moderate improvements needed Some controls are in place and functioning. However, major issues were noted and need to be addressed. These issues could impact on the achievement of program/operational objectives.
Blue Minor improvements needed Many of the controls are functioning as intended. However, some minor changes are necessary to make the control environment more effective and efficient.
Green Controlled Controls are functioning as intended and no additional actions are necessary at this time.

4. Statement of Assurance

The audit engagement was planned and conducted to be in accordance with the Internal Audit Standards for the Government of Canada.

5. Conclusion

In general, we determined that adequate and appropriate financial and administrative controls are in place and functioning within the CEO Directorates. However, some changes and improvements are required regarding the review process prior to payment approval of invoices, and in the areas of Inventory Management, Telecommunications, Contracting and Travel to strengthen the system and controls in place and increase the level of compliance with TBS and PCA policies.

6. Observations and Recommendations

6.1. Management Control Framework (MCF)

Blue Minor improvements needed Many of the controls are functioning as intended. However, some minor changes are necessary to make the control environment more effective and efficient.


To ensure that senior management has an appropriate control framework for the effective and efficient management of: Human and material resources, Financial management, Risk management, and the production of information useful for decision-making, we used the following audit criteria:

C1-
Information critical to the achievement of operational objectives is identified, collected, processed and transmitted quickly to the persons concerned.
C2-
Staff members’ roles and responsibilities, specifically those relating to control, are clearly identified, documented and communicated.
C3-
Business and operational plans are prepared in cooperation with the stakeholders concerned and adequately establish the budget parameters, human and material resource needs, and security needs.
C4-
The control environment in place is conducive to sound and effective management.
C5-
The control activities conducted allow for shortcomings to be identified quickly and for corrective measures to be taken within a reasonable timeframe.
C6-
Operational risks are assessed formally, on a regular basis.
C7-
The control activities conducted ensure proper management of financial staff.
C8-
There are sufficient finance team members capable of achieving operational objectives.

6.1.1. Observations

Executive management discusses and establishes short- and long-term policies for the Agency during regular meetings and then updates the strategic business plan as required. Once adopted, information critical to the achievement of operational objectives is identified and communicated through the PCA business plan.

Policies, guidelines and work instructions are communicated to staff members through emails and are available on the Agency’s intranet site. Changes to policies are received by managers in formal written communiqués and are provided to administrative staffs who discuss them with employees.

Parks Canada produces and provides numerous policies, guidelines, work instructions and checklist documents to guide staff in their daily operational responsibilities. There are no PCA-wide procedural manuals that document all administrative procedures and requirements; however Financial Officers and Administrative staff have developed their own guidelines to promote consistency in services and to facilitate transition during employee changeovers. In some divisions within the Directorates, recent additions to staff have been provided checklists which identify key policies and procedures that they need to learn to perform their positions effectively. New staff is supported in learning and using appropriate policies and procedures by more experienced administrative staff through discussion in meetings and through informal day-to-day assistance. A general “open door policy” is also accepted within the Directorates and staff indicated no hesitation in approaching each other when questions arise. The administrative activities of some new staff did however reveal minor inconsistencies in the procedural conduct necessary to ensure policy and procedural compliance and consistency across the CEO Directorates.

For day-to-day operations, managers and staff rely heavily on administrative staff, financial managers and procurement officers to obtain verbal information on procedural requirements. Managers expressed satisfaction with the timeliness of information provided to them from support staff. Meetings within each organizational unit are held to inform staff of the status of projects, emerging priorities and realignment of resources, etc. Administrative staffs at the Directorates hold frequent meetings where the ongoing business policy and procedural changes are reviewed and discussed. Manager’s performance agreements include provisions on delivery of objectives and meeting projections. The CEO Directorates organizational chart is updated on a regular basis and maintained within a formal software based solution (Nakisa). At the time of the audit the current chart was relatively up to date. It should be noted; however, that organizational changes have recently been completed within the CEO’s Directorates and the organizational chart will be modified to reflect these changes.

6.1.2. Findings

Various components of the Management Control Framework are well documented. Managers and staff have a working knowledge of PCA policies and guidelines, their goals and objectives, as well as their roles and responsibilities.

Some divisions of the CEO Directorates do have checklists for new staff or those looking for reference, but these practices are not consistently applied throughout the Directorate.

There is a lack of consistent procedural documentation to guide new administrative staff on their roles and responsibilities across the Directorates. As a result, the application of procedures was observed to be inconsistent, particularly among newer staff who were still learning their respective roles and responsibilities. In terms of telecommunication, the policy requires that users identify their personal calls and that managers perform some form of monitoring. No procedure has been developed for this purpose to ensure consistency in practices and facilitate the work for newcomers. A similar situation exists for inventory management. Some groups have lists of manual inventories, excel spreadsheet or simply visual. No method of control is in place to ensure inclusion in the STAR financial system for all purchases requiring entry into the system.

Other opportunities for improvement were noted during the audit that requires management attention. These are discussed in detail in sections 6.2 to 6.9.

6.1.3. Recommendations

1)
Key financial transaction processes and procedures (such as those discussed in Sections 6.2 through 6.9) should be documented, shared and consistently applied within the Directorates by administrative staff. They should be consistent with PCA and TB policies and act as a reference for all administrative staff.

Management response:
Agree.
Fund center managers will ensure that processes and procedures regarding telecommunications, payment to suppliers, contracting, travel and inventory are documented and consistent across the different groups. Executive and administrative assistants will meet by the end of April 2011 to establish consistent practices and these will be in place for the 2011-2012 fiscal year.

6.2. Hospitality and Food Expenses

Green Controlled Controls are functioning as intended and no additional actions are necessary at this time.

To determine whether financial control mechanisms are in place for the audit period to mitigate the risk of non-compliance with the Parks Canada Agency policy on hospitality expenses, we have used the following audit criteria:

C1-
Hospitality functions take place in appropriate venues.
C2-
Financial limitations set out for hospitality expenses are respected.
C3-
Hospitality functions are approved by the appropriate authority prior to the event.
C4-
The recipients of hospitality are consistent with the Parks Canada Agency policy.
C5-
Payments made for hospitality functions comply with Parks Canada Agency provisions.

6.2.1. Observations

It is government policy to extend hospitality in an economical, consistent and appropriate way when it will facilitate government business or is considered desirable as a matter of courtesy. Senior managers have been required since December 2003 by the Government of Canada to publish hospitality expenses on their organization’s Web site.

Hospitality is used to provide non-alcoholic beverages (i.e. coffee, juice) at official PCA functions and certain types of meetings. Hospitality expenditures do not include food, except for pre-approved strategic management meetings where it is demonstrated that it is more efficient to provide food instead of interrupting the meeting for lunch and breaks. Otherwise, government employees that are on travel status receive a daily meal allowance to cover food costs. No other costs are to be charged to hospitality. Requests for hospitality functions must be approved at the appropriate level before the activity takes place using the appropriate form which explains the nature and scope of the planned activity. The completed document must be signed and submitted with the payment request. Where approval by the Minister (>$5,000) or by the CEO (between $1,500 and $5,000) is required, requests for approval of hospitality must be submitted sufficiently in advance to ensure that authorization is received before the activity is held.

6.2.2. Findings

  • Administrative and financial staff is well aware of policies and procedures related to hospitality and food expenses.
  • A review of STAR found that there were no expenses incurred in 2010 greater than $5,000. Interviewees indicated that such expenses are rarely incurred due to the nature of the operations within the CEO Directorates.
  • Results of testing hospitality and food transactions were as follows;
    • In all hospitality transactions tested (100%) an e-mail trail or direct memo was included in the documentation pre-authorizing the event.
    • In 1 of 6 (16%) hospitality expenses tested, there was no list of recipients or attendees on file. While this is not a requirement within PCA, best practices across government suggest that administrative staff of the CEO Directorates should ensure that a list of recipients or attendees is included with each claim for hospitality expenses related to events or meetings paid for by the Directorates.
    • Of those transactions tested, no hospitality fees were incorrectly entered in the food account.
    • Expenses related to the Community of Federal Agencies (CFA) were appropriately charged back to the CFA Suspense Account.

All hospitality expenses tested were substantiated with the purpose and need for the meeting or food purchase (S.32).

6.2.3. Recommendation

No Additional Recommendations.

6.3. Telecommunication

Yellow Moderate improvements needed Some controls are in place and functioning. However, major issues were noted and need to be addressed. These issues could impact on the achievement of program/operational objectives.

To provide assurance to senior management that processes and controls are in place to reduce the risk of non-compliance with the Parks Canada Agency’s Policy on the Use of Cellular Phones and Other Wireless Devices, we have used the following audit criteria:

C1-
The designated manager or authority is to document user needs for wireless telecommunications devices and services.
C2-
All requests for procurement, use and service charges are coordinated by the designated administrative authority.
C3-
The procurement process for the devices complies with guidelines.
C4-
Non-standard requests are submitted at the manager’s recommendation to the Chief Information Officer (CIO) for approval.
C5-
The allocation of the communication devices was authorized by a manager at level A or higher and complies with effective standards.
C6-
Managers ensure that users under their responsibility are familiar with the Policy on the Use of Wireless Devices and that users agree to comply with the policy before devices are allocated.
C7-
Devices are used in compliance with current policy and guidelines.
C8-
Personal calls are identified and tallied and any resulting charges are reimbursed by the user in accordance with policy provisions.
C9-
Administrative authorities responsible for managing wireless services in the Directorate have developed internal procedures for this policy.
C10-
Designated managers and authorities regularly review employee usage.

6.3.1. Observations

Parks Canada’s Policy on the Use of Cellular and Other Mobile Wireless Devices came into force on October 1, 2008. Its purpose is to ensure more cost-effective and appropriate use of wireless devices. To this effect, Public Works and Government Services Canada (PWGSC) has implemented a new procurement process and a new acquisition agreement.

The policy concerns both acquisition and use of these devices. Any request for purchase, modification or cancellation must be sent to the designated administrative authority. In this particular case, it’s the Information Technology from the Office of the CIO. The acquisition must be made from the suppliers listed in the new PWGSC agreement, unless an exception is made. User needs must be documented in order to allow the designated administrator to recommend an appropriate and adequate service. Further to the recommendations, the user’s manager must approve or cancel the request. A non-standard request is possible if it is well documented and approved by the Chief Information Officer (CIO). Once the CIO’s approval has been obtained, the designated administrator informs PWGSC and obtains its consent to proceed with acquisition of the device.

The use of cell phones and wireless devices is also regulated. Devices must be used for the Agency’s activities and services, emergency calls and limited personal use. Personal calls must be controlled and identified by users on their monthly statement. A threshold of $30 per year for personal use is considered reasonable. Data on personal use is compiled twice a year, in September and March. However, if the $30 threshold is reached in September, the employee must reimburse all personal use expenses for the first six months and in March must reimburse all personal use expenses for the last six months of the fiscal year. The roles and responsibilities of the employee and his or her manager are set out in the policy.

The employee must take all necessary measures to ensure the integrity and security of the Agency’s information when using wireless mobile devices to send information. He or she must also comply with guidelines as well as local, provincial and federal laws on the use of wireless devices.

The manager must ensure that the employee is familiar with the Policy on the Use of Cellular and Other Mobile Wireless Devices so that he or she may use the device appropriately.

Lastly, the Office of the Chief Information Officer and the user’s manager or supervisor must conduct random checks of how wireless devices are used.

6.3.2. Findings

  • Administrative and financial staff is well aware of policies and procedures related to telecommunications expenses.
  • Management indicated in interviews that they are aware of the personal use policy and understand the process to identify and reimburse personal calls on their Blackberries and cell phones.
  • Results of testing telecommunications transactions were as follows;
    • For 7 of 25 (28%) usage transactions there was no evidence of tracking of personal calls by the user on file (no list of personal calls nor no formal information that no personal calls were made)
    • For 1 of 2 (50%) purchase transactions there was no justification of user requirements on file. The Acknowledgement of the User Responsibility form was also not included in the file.

As a best practice, users should be asked to sign a form acknowledging the policies in force with respect to the use of wireless devices before they are given the device. This formality will encourage the user and manager to meet their respective responsibilities and obligations. For comparison, this practice was observed with respect to Acquisition Cards.

6.3.3. Recommendations

2)
To conform to the Policy on the Use of Cellular and Other Mobile Wireless Devices, managers should ensure that:
  • they are documenting user requirements for cellular phones prior to the purchase being authorized;
  • employees are signing the Acknowledgement of User Responsibility Form when they receive their cellular device.
The user requirements and acknowledgement of user responsibility documentation should be included within the folder for the acquired devices.

Management response:
Agree
Starting immediately management will ensure that requirements for users to have a cellular phone or device are documented prior to purchase and that employees sign an acknowledgment of user responsibility form when they receive a device and that this is retained on file. The directorate will develop a common form and approach as per management response 1.

3)
Individual users and managers should consistently sign or initial their personal telecom invoice’s call list on a monthly basis to indicate that they have reviewed and approved the amount of personal calls to be reimbursed, if necessary, to the government (even when there are no personal calls on a particular month’s invoice).

Management response:
Agree
Starting immediately all users who are not already doing so will sign or initial their personal telecom invoices and maintain a running total of their personal call usage based on standard templates. Managers’ signatures approving payment of invoices with details of personal calls will constitute evidence of review and approval of amounts to be reimbursed if necessary.

6.4. Payments to Suppliers

Blue Minor improvements needed Many of the controls are functioning as intended. However, some minor changes are necessary to make the control environment more effective and efficient.

To confirm whether due diligence is being exercised in the management of payments to suppliers and to provide assurance to senior management that financial processes and controls were in place to mitigate the risk of non-compliance to TB and PCA policies and practices, we have used the following audit criteria:

C1-
Policies, guidelines and procedures regarding the purchase of/payment for goods and services from suppliers exist at the CEO Directorates and they adhere to TB and PCA policies.
C2-
Adequate training/instruction is provided at all levels to ensure awareness and understanding of the policies and procedures.
C3-
Adherence to the policies and procedures is monitored.
C4-
Procurement of goods and services is appropriately initiated and authorized, and funds are properly committed in the financial system.
C5-
Goods and services on suppliers’ invoices are matched to PO/contract specifications.
C6-
Price and quantities on invoices are agreed to POs/contracts
C7-
Section 34 FAA is signed by appropriate delegated authority.
C8-
Advances and progress payments are made only when in accordance with the terms of the contract.

6.4.1. Observations

In accordance with Section 32 of the FAA a Purchase Order (PO) or contract/agreement should be attached to the invoice and must be approved by an authorized manager. When a supplier’s invoice is received it is forwarded to the appropriate manager, who must certify the invoice under FAA S.34, authorize the supporting vouchers and assign the appropriate financial coding.

Finance staff is responsible for ensuring that all required documentation related to the invoice is present and that the authorized signatures are present prior to making payment. If there are questions, or if there are instances of non-compliance with policies, the manager responsible for the expenditure is contacted and the justifications are appended to the payment records. This practice ensures the legitimacy of the expenditures. Once the invoices have been authorized, the invoices and supporting documentation are sent for payment processing.

The Ontario Service Centre (OSC) processes all of the payments on behalf of the CEO Directorates. The OSC staff review the completeness of the supporting documentation submitted with invoices before the invoice is paid. More specifically, the following procedures are performed by the OSC Finance Officers:

  • Invoice documentation is received by mail from the CEO Directorates and is sorted based on the type of expenditure and the required processing time.
  • Documents are reviewed for: completeness, quantities of goods or services received are in accordance with contract; accuracy of general ledger coding, and the appropriate authorized signatures pursuant to S.34 FAA have been obtained to process the payment. If information is missing or coding is incorrect the OSC finance officer calls or e-mails the related manager for clarification or to obtain the missing supporting documents. Once satisfied with the accuracy and completeness of the documentation and coding, the finance officer transfers the invoice and supporting documents to the S.33 FAA payment officer.
  • The cheque run is sent to Public Works Government Services (PWGSC) electronically. Once done, the invoices included in the cheque run are stamped “PAID”.

Managers have obtained training courses before they can receive the financial delegation authority. The delegations are described in the Agency’s Delegation of Authority Document.

6.4.2. Findings

  • All managers, finance officers and administrative officers have received the appropriate level of training to carry out their roles.
  • Results of testing of Payment to Supplier transactions were as follows;
    • 2 of 10 (20%) transactions did not have a Purchase Order or Contract Agreement attached to the invoice, and therefore S.32 Authorization was not available. As a result, the audit team was unable to assess whether the invoice details agreed with a P.O. or Contract with respect to the nature of the good/service, the quantity, or the price/rate being charged.
    • 1 of 10 (10%) of transactions had no S.34 FAA signature

6.4.3. Recommendations

4)
For all expenses over $1,000 the Financial Officer should ensure that the payment file documentation is strengthened to ensure that evidence supporting the commitment of funds such as a Purchase Order, contract or contract amendment is included in the payment file and properly approved under S.32 of the FAA, prior to authorizing payment.

Management response:
Agree
Starting immediately evidence of properly approved commitment of funds for all payments will be included in file.

6.5. Contracting

Yellow Moderate improvements needed Some controls are in place and functioning. However, major issues were noted and need to be addressed. These issues could impact on the achievement of program/operational objectives.

To confirm whether due diligence is being exercised in the contracting practices and to provide assurance to senior management that financial processes and controls were in place in the Chief Executive Officer (CEO) Directorates to mitigate the risk of non-compliance to TB and PCA policies and practices, we used the following audit criteria:

C1-
Guidelines and procedures related contracting practices at the CEO Directorates exist, and adhere to TB and PCA policies and directives.
C2-
Adequate training/instruction is provided at all level to ensure awareness and understanding of contracting policies and procedures.
C3-
Adherence to contracting policies and procedures is monitored.
C4-
Management reporting related to contracting activities is generated and used in monitoring/supervising contracting activities.
C5-
There is an identified need to enter into the contract
C6-
The appropriate method of contracting is used.
C7-
Contracting is conducted fairly with due regard for economy.
C8-
Nature of work to be performed or good to be delivered is defined in contracts.
C9-
There are terms and conditions in contracts to mitigate risk of non-performance.
C10-
Contracts are approved by individuals with delegated authority.

6.5.1. Observations

The Chief Executive Officer (CEO) Directorates use several methods for contracting including standing offers, hiring temporary resources, purchase orders, competitive sourcing and non-competitive sourcing. All contracting transactions greater than $5,000 are processed by Contracts Officers located at National Office or at the Ontario Service Center in Cornwall. Contracts less than $5,000 can be administered directly through the Directorate, without the involvement of the Finance & Administration group. The Finance & Administration group can (and often do) however provide ongoing advice and direction to managers regarding Parks Canada Agency contracting requirements. For example, they work with operational managers in the development of statements of work or assist managers with developing evaluation criteria and terms of reference. This ensures that there is a consistent and fair contract award process for the goods or services required.

Parks Canada uses an Instrument of Delegation for managers, which describes the authorities and their terms, conditions and limitations. This provides them with financial signing authority within limits and in accordance with relevant statutes, regulations and directives.

The Delegated Authorities’ charts stipulate the following:

  1. Section 32 of the FAA requires certification that funds are available, prior to entering into a commitment.
  2. Section 34 Spending Authority and section 33 Payment Authority for any particular payment are not to be exercised by the same person;
  3. A person with delegated authority may not re-delegate that authority to another person;
  4. Where contracting authority is delegated to a Contracts and Procurement Officer, he/she exercises Section 41 of the FAA contracting authority on behalf of the Minister. This authority must only be exercised when the manager responsible for the budget authorizes the expenditure.

The latest statement can be interpreted differently which creates some confusion in the exercise of the delegation. For example a cost centre manager may have Section 34 but has not been formally allocated a financial budget, moreover, appears to go against the 3rd statement.

In practice, forms used like Requisition for goods and services require a signature under section 32. If the section is signed by a manager with authority under Section 34 (with or without financial budget), this signature is considered as a delegation of authority to the contracting officer. There is no indication or stipulation that the manager transfers his delegation of authority to the contracting officer under section 41 by signing the form Requisition for goods and services. In some cases reviewed, the contracting officer has signed the contract under the financial authority (S-32) and also under approval of the contract. The same situation exists with call-up against a standing offer where the contracting officer has signed under section 32 and under approved for the minister. The section 41 does not appear on any of the documents mentioned increasing the confusion in the verification of appropriate level of delegation.

Clarification should be done to identify the appropriate method of delegation and the level of authority to grant or amend a contract.

The PCA contracting target performance appraisals include a target on achieving an 80/20 ratio of competitive contracts versus non-competitive contracts. All sole source contracts are required to be supported by a documented sole source justification. Annually a listing of all contracts is summarized at year end.

6.5.2. Findings

The audit focused on temporary help, professional services, and goods contracts. We found that:

  • Training and contracting tools, such as contract templates and Procurement and Finance Procedures guides, are available to managers to assist them with contracting activities.
  • Administrative staff have received training on the use of the Temporary Help Standing Offer.
  • Results of Contracts testing were as follows;
    • 1 transaction for an amount of $89 000 selected from the non competitive contracts files did not provide adequate sole source justification.
    • In 6 of 36 (18%) contracts tested the Contracting and Procurement Officer had signed both the contracting approval and the financial approval. As the financial authority lies in the hands of the project authority (budget holder), financial approval for the contract should have been signed by the project authority.
    • In 3 of 3 (100%) contracts with amendments those amendments were signed by the Contracting and Procurement Officer for both contracting approval and financial approval. As the financial authority lies in the hands of the project authority (budget holder), financial approval for the amendment should have been signed by the project authority.

6.5.3. Recommendations

5)
In collaboration with the Chief Financial Officer, a clarification should be made regarding the appropriate method of delegation and the level of authority to grant or amend a contract to avoid any confusion in the practice of power of authorities.

Management response:
Agree
Management representatives met with the CFO and contracting staff on February 12, 2011 and clarified that:
  • Contracting officers will only proceed with a contract following written approval by the budget manager or his/her delegate that funds are available (section 32)
  • Contracting officers will ensure that budget managers review and approve the contract document prior to sending to the contractor
  • Contractors will certify their acceptance of the contract in writing for both competitive and sole source contracts. In the case of call-ups using an established procurement tool such as a Supply Arrangement or Standing Offer, the Contractor certifies their acceptance by responding to the call-up with a proposal.
Contracting officials are reviewing the contract approval documents with a view of clarifying the wording of the various signature blocks.

6)
For sole source contracts, justification must be maintained on file. The administrative officer must ensure that proper documentation is included on all files providing justification and advantages of signing the contract on a sole source basis.

Management response:
Agree
Starting immediately all sole source contracts will include proper justification and a rational of using this procurement mechanism.

6.6. The Use of Acquisition Cards

Green Controlled Controls are functioning as intended and no additional actions are necessary at this time.

To determine whether due diligence is being exercised in the financial process relating to Acquisition Card and whether controls in place are adequate to ensure compliance with policies, we have used the following audit criteria:

C1-
Guidelines and procedures governing acquisition cards exist in the CEO Directorates and comply with TB and PCA policies and directives.
C2-
Appropriate training and instruction is provided at all levels to ensure that staff are informed of and understand policies and procedures governing acquisition cards.
C3-
An acquisition card coordinator is designated; procedures for issuing and cancelling acquisition cards are in place; and a log is maintained of cards issued and cancelled.
C4-
Acquisition Card limits and other restrictions are periodically examined to ensure that the planned use is reasonable.
C5-
Compliance with the policies and procedures governing acquisition cards is monitored.
C6-
Purchases are made by the cardholder only and are within approved operating and credit limits.
C7-
Expenditures are verified for accuracy and compliance with TB and PCA directives relating to acquisition card use.
C8-
Purchases are reconciled with the acquisition card statement of account each month.
C9-
A person other than the cardholder provides valid S.34 FAA certification.
C10-
Acquisition Card transactions are processed and paid on time to avoid interest charges.

6.6.1. Observations

The National Acquisition Card coordinator has the responsibility for reporting and monitoring, using the Bank of Montreal (MasterCard) Acquisition Card internet site, on behalf of the CEO directorates.

The issue of a new Acquisition Card to an employee involves the following process which is facilitated by the National Acquisition Card coordinator:

  • The employee completes an application which is reviewed and approved by the employee’s manager who has S.34 delegated authority.
  • The employee’s manager decides the amount of credit limit required for the Acquisition Card based on anticipated usage and estimated financial need.
  • The application is submitted to the Acquisition Card coordinator and a request is made on-line to Bank of Montreal to issue a card to the employee.
  • A card is sent to the Acquisition Card coordinator. The employee is given an Acknowledgement of Obligations Form including a list of authorized and prohibited purchases. The Acknowledgement of Obligations Form is signed by the cardholder and his manager, returned to the Acquisition Card coordinator and the acquisition card is physically issued to the named employee.

When there is a change to the policy, updates are sent out by e-mail. In addition, the Directorate’s administrative staff are advised of any policy changes through regular team meetings.

The process for the use and payment of Acquisition Card statements is as follows.

  • The employee makes a purchase using the card, obtains a receipt for the item purchased and records the details of the purchase into a monthly log sheet which is matched to the receipts and statement.
  • Financial coding of the expenditure on the log is done by the administrative staff or the manager or the cardholder.
  • The cardholder’s manager signs S.34 after review of the monthly register including the financial coding and the MasterCard statement with supporting invoices. The completed log with attached MasterCard statement and supporting invoices are sent for payment processing.
  • The finance officers ensure that all supporting documentation is appended to the monthly statement and that it includes S.34 FAA authorization. They review the financial coding for accuracy and completeness and ensure that the balance of the card has not been paid in the past month. If they find errors or omissions, such as the financial coding is missing or incorrect, a note is sent to the cardholder to obtain the required information. Once all information is present and correct, the invoice is marked for payment.

6.6.2. Findings

The audit team reviewed seven (7) Acquisition Card statements for five (5) employees. The files were reviewed to ensure that they included a completed monthly register signed by both the employee and the employee’s manager (S.34) and were supported by Acquisition Card statements and invoices. In addition, the statements were reviewed to determine if any interest costs were incurred. All statements were found to be in compliance with policies and procedures.

Overall, the controls in place for the issuance, use and payment of Acquisition Card statements are adequate to ensure compliance with the acquisition card policy.

6.6.3. Recommendations

No Additional Recommendations.

6.7. Expenditures on Travel

Yellow Moderate improvements needed Some controls are in place and functioning. However, major issues were noted and need to be addressed. These issues could impact on the achievement of program/operational objectives.

To determine whether due diligence is being exercised in the financial process relating to travel and whether controls in place are adequate to ensure compliance with policies, we have used the following audit criteria:

C1-
Guidelines and procedures governing travel expenses exist in CEO Directorates and comply with TB and PCA policies and directives.
C2-
Appropriate training and instruction is provided at all levels to ensure that staff are informed of and understand policies and procedures governing travel.
C3-
Compliance with the policies and procedures governing travel is monitored.
C4-
Travel and travel advances are properly authorized prior to travel (general or individual authorization), with S.34 FAA certification.
C5-
Travel advances are reasonable and not given to travel cardholders, and payment is approved by a person authorized under S.33 FAA.
C6-
Travel claims comply with the TBS Travel Directive, and expenditures are verified for accuracy and eligibility.
C7-
Travel claims include S.34 FAA certification.
C8-
Individual Travel Cards (ITCs) are used only for eligible business travel.

6.7.1. Observations

The use of the AMEX travel card is encouraged and many CEO Directorates staff use one rather than relying on travel advances. Cards that are not required are cancelled to reduce the risk of their use for ineligible purchases. When employees leave the organization, a departure form must be completed and signed by the Travel Card Coordinator, who cancels the card directly on the AMEX Web site. The form is then returned to the supervisor when the employee leaves.

When an employee travel requirement is approved by a manager, the employee fills out a Travel Authority and Advance (TAA) Form – or includes a copy of their blanket authority on travel (approved by the CEO or PCX)– and obtains the Fund Centre Manager’s signature before making the arrangements for travel. If travel is done by air or by train, a Travel Authorization Number (TAN) is required to be obtained by the employee and used in booking the travel through Amex. TAN numbers are issued by the Agency Travel Coordinator. The administrative staff from each group records information (e.g. the date, name of the traveler, etc.) about the trip into a Travel Authorization Number Register at the time of issuing the TAN. An AMEX statement is received once a month based on travel purchased through the system. The expenses are listed and summarized on a cover sheet and S34 is signed by the Fund Centre Managers. The statement and signed cover sheet are sent for payment processing. Travel Expense Claim and Record of Travel Expenses forms are prepared and supported by necessary receipts, signed and sent to the Cost Centre Manager. Travel Expense Claims are authorized (S.34) by the Cost Centre Manager responsible and then forwarded for payment processing. TAN numbers on the TAA and Travel Expense claims from the employee, along with Cost Centre AMEX statements for flights are reconciled by administrative staff.

Blanket Travel Authority has been over recent years reduced to only few key employees of the Directorates (e.g. CEO) to enhance monitoring of travel expenses.

6.7.2. Findings

  • All travel expenses were adequately substantiated and reasonable.
  • Results of testing travel expense transactions were as follows:
    • 12 of 26 (46%) transactions did not include a TAA or blanket travel authority on the file;

6.7.3. Recommendation

7)
The Administrative Officer should ensure that a Travel Authority and Advance (TAA) is:
  • Properly authorized prior to trip including the name of the traveler and estimated cost.
  • Approved by the appropriate manager under Sec.34 prior to the trip.
Management response:
Agree
Starting immediately all travel authorities will include the name of the traveler the estimated costs and be signed by the appropriate manager under section 34 prior to the trip.

6.8. Inventory

Orange Significant improvements needed Controls in place are weak. Several major issues were noted that could jeopardize the accomplishment of program/operational objectives. Immediate management actions need to be taken to address the control deficiencies noted.

To determine if the inventory process is exercised with due diligence and if controls in place are adequate to ensure compliance with TB and PCA policies and practices, we used the following audit criteria:

Assets between $1,000 and $10,000 and attractive items valued below $1,000

C1-
Items listed in the directive, acquired after April 1, 2007, are recorded in the financial system.
C2-
The separation of duties pertaining to the inventory management process is adequate.
C3-
The physical inventory was taken in the past 24 months.
C4-
Measures are in place to ensure that purchased items are entered in the inventory, regardless of the purchasing mechanism used.

Assets valued above $10,000

C5-
Acquisitions information is recorded in the Asset Management System.
C6-
Acquisitions are entered in the STAR financial system in a timely manner.
C7-
The physical inventory is taken on a regular basis.
C8-
The separation of duties pertaining to the inventory management process (buyer, book entries, record keeping, and availability) is adequate.

6.8.1. Observations

Items valued between $1,000 and $10,000 as well as attractive items valued at less than $1,000 should be formally tracked and recorded in the STAR financial management system in the Chief Executive Officer (CEO) Directorates, by each fund centre. This fact was confirmed during interviews with stakeholders and through review of documentation provided to the audit team. The majority of items that would fall into this category at the CEO Directorates would be computers, printers, cell phones, blackberries, cameras, and other portable devices.

The Office of the Chief Information Officer (CIO) lists and tracks IT assets for their own purposes but the responsibility to comply with the PCA Inventory Management Policy remains with the individual cost centre managers. Most administrative officers stated that they do not have formal procedures, rules, or guidelines in place with regards to inventory management, and no regular inventory counts are taken of these assets.

Interviewees did however indicate that there are a very limited number of “attractive” assets below $1,000 (in some cases none) within the Directorates, and since administrative officers are personally aware of the assets held by each employee within their team, should an employee leave PCA, the administrative officer ensure the employee handed in their assets on their last day.

Interviewees also indicated that each manager is responsible for authorizing the purchase and use of up to two possible types of assets of behalf of each of their employees: one employee laptop and cell phone for each employee.

6.8.2. Findings

Items valued between $1,000 and $10,000 and attractive items valued at less than $1,000 are not formally tracked and recorded in the STAR system in CEO Directorates.

Visual and personal knowledge by Administrative Officers of the assets in the possession of individual employees was universally reported as the only control in use to track inventory items. Inventory records (e.g. a list of cell phones for each team) that had been used in the past have become out-dated and were not being regularly maintained.

Interviewees indicated that inventory items valued at over $10,000 do not exist within the CEO Directorates. As a result audit criteria 5-8 (e.g. those criteria dealing with inventory items over $10,000) were not evaluated.

Regardless of the small volume of inventory items within the CEO Directorates, the audit team concludes that the processes and controls related to inventory of items valued between $1,000 and $10,000 and attractive items valued at less than $1,000 are weak and should be strengthened in order to reduce financial and other risks to the CEO Directorates and Parks Canada Agency.

6.8.3. Recommendations

8)
Each Administrative Officer within the CEO Directorates should ensure that:
  • All inventory, by fund centre, is recorded and maintained in STAR;
  • Periodic inventory counts are planned, count procedures are established, and counts are executed; and,
  • Managers monitor and periodically report to their Administrative Officer on inventory items valued between $1,000 and $10,000 and attractive items valued at less than $1,000 within their cost centre.
Management response:
Agree
An administrative assistant in each fund center will be trained on the use of the STAR plant maintenance module for recording inventory by March 31, 2011. All relevant inventory will be identified and record in STAR by July 31, 2011. In the interim, paper or electronic (i.e., spreadsheet inventories will be created for each fund center where they do not yet exist). New items will be added to the inventory as they are acquired.

6.9. Coding

Green Controlled Controls are functioning as intended and no additional actions are necessary at this time.

To confirm whether the financial coding is being implemented as expected, due diligence is being exercised in the management of financial coding, and to provide assurance to senior management that classification and coding of financial transactions is accurate, we used the following audit criteria:

C1-
Coding guidelines and procedures at the CEO Directorates exist.
C2-
Adequate training/instruction is provided at all levels to ensure awareness and understanding of coding procedures.
C3-
Adherence to the chart of accounts is monitored.
C4-
Coding is done by individuals with proper knowledge.
C5-
Coding is validated when entered into SAP (financial system).

6.9.1. Observations

Coding guidelines, including the Chart of Accounts as well as procedures, including authorities and responsibilities for financial coding exist within the CEO Directorates. Interviewees indicated that applicable policies for the financial administration of the Directorate are easily available on the intranet and they were able to correctly identify where to find PCA policies and procedures for reference purposes.

All staff with coding responsibilities that were interviewed indicated they had received training for their financial management duties (through F101 and F201), and confirmed that they follow PCA guidelines, based on the posted Chart of Accounts, for coding of financial transactions.

Transaction testing confirmed that financial coding on all invoices tested was accurate and followed the PCA Chart of Accounts. Further, financial coding of expenditures was done by administrative staff or the appropriate manager, each with valid authority to sign S.34 and each transaction tested included accurate invoice/document names and identification codes, transactions were posted into the right G/L account, and activity codes on each invoice/document for each transaction were accurate.

The Account Verification and Sampling policy lays out the framework to ensure that accounts for payment and settlement are verified in a cost-effective and efficient manner while maintaining the required level of control. It applies a risk-based approach to monitoring and verification including a post-verification to be performed on a selected sample of low risk transactions. Testing confirmed that the most relevant aspects of each selected transaction are being reviewed by finance staff prior to payment. Transactions that are considered high dollar value, high-risk or sensitive in nature are being excluded from the sampling populations and are being examined 100% at the payment stage to verify the accuracy of financial coding.

Finance officers were observed to review the financial coding for accuracy and completeness. Only after all information is present and correct is the invoice marked for payment. Adequate testing of financial coding, through a risk-based approach to sampling and verification, exists and provides reasonable assurance that adherence to financial coding processes is monitored.

6.9.2. Findings

PCA staff have access to accurate and consistent guidelines and procedures for the accurate coding of financial transactions and appropriate due diligence is being exercised in the management of financial coding.

There is adequate training for all employees within the Directorates to carry out their financial coding responsibilities. In addition, there are sufficient forums and methods for communicating and obtaining support from others when needed.

Financial coding on all invoices tested was accurate and followed the PCA Chart of Accounts, and those transactions were correctly coded as entered into STAR (SAP Financial system).

6.9.3. Recommendations

No Additional Recommendations.