Archived information
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Audit Procedures Related to the 2010-2011 Departmental Financial Statements
October 2011
Table of Contents
Executive Summary
In April 2011, the Departmental Audit Committee and the Chief Audit Executive (CAE) reviewed their approach regarding the CAE’s involvement in the review and approval of the 2011 financial statements. Based on an analysis of the nature of expenses recorded in the Department of Foreign Affairs and International Trade’s Statement of Operations and the CAE’s recent findings on materiel management, the Departmental Audit Committee requested that work be performed on the following account balances.
- Payroll and benefit expenses;
- Transfer payment expenses; and
- Tangible capital assets.
Why is this Important?
Departmental Financial Statements are a principle tool for accountability. They demonstrate to Canadians, in a transparent fashion, the use of public funds aligned with priorities. Ensuring the reliability of the information contained within the statements supports sound stewardship.
What did we examine?
The audit approach consisted of:
- Obtaining a high-level understanding of the processes and controls in place for each of the accounts identified above.
- Performing tests of details on transactions recorded by DFAIT; and,
- Assessing the reasonableness of accounts payable balances related to payroll expenditures based on a comparison to prior year account balances.
A sample of transactions in three materially important areas was examined based on a 95% confidence level. The sampling methodology used reflects a risk-based approach to identify the most significant components of these expenditure groups.
Account
Payroll and benefits
Sub-transaction
Canada-Based Staff
Explanation
Represents $487 million of DFAIT’s total payroll expenditures.
Account
Transfer payments
Sub-transaction
Non-assessed transfer payments
Explanation
Non-assessed transfer payments (total amount of $291 million) represent the higher risk transactions within DFAIT.
Account
Tangible capital assets
Sub-transaction
Acquisitions and disposals
Explanation
Amortization expense is automatically calculated; as such, this expense is less susceptible to error. Acquisitions and disposals have a higher risk of being incorrectly recorded.
What did we find?
The audit tests for Payroll and Benefits, Transfer Payments and Tangible Capital Assets were conclusive and no discrepancies or errors were identified. Based on the testing performed, the auditors were satisfied that the transactions tested were appropriately recorded in DFAIT’s financial records.
As part of the engagement, some observations and recommendations related to the overall control environment of the Department were made. The Management Action Plan to address the recommendations is contained in Appendix A.
Conclusion
There were no discrepancies or errors identified in the tests. As such, based on the scope of the work, the auditors found no reason to believe that the populations tested were materially misstated. The transactions tested were appropriately recorded in DFAIT’s financial records.
Statement of Assurance
In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support a high level of assurance on the accuracy of the information in this report. The results are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The results are applicable only to the processes examined. The evidence was gathered in compliance with Treasury Board Policy, Directives, and Standards on internal audit for the Government of Canada.
Original signed by:
Yves Vaillancourt, Chief Audit Executive, October 3, 2011
1.0 Findings
1.1 Payroll and Benefit Expenditures
High-level understanding of processes and controls
Management has documented the processes and control activities related to payroll expenditures. Specifically, the following processes were documented for Canada-Based Staff:
- Employee hirings and terminations;
- Secondments (e.g. inter-departmental settlements);
- Overtime;
- Retroactive pay;
- Severance liability calculation; and
- Timesheet entry.
Overall, the documentation reviewed provides an understanding of the processes and controls used by management related to Canada-Based Staff payroll expenditures. However, the auditors did note that automated controls are not identified in the narrative descriptions but are included in the flowcharts and control matrix, which increases the difficulty in linking the narrative documentation with the control matrix.
In addition, the control matrix does not consider the frequency of the control activity; the identification of the frequency would be useful when developing a sampling strategy for operating effectiveness testing. The control activity should also provide more details (e.g. who, what, where, when, etc.); this would facilitate the development of testing strategies when management will test the design and implementation and operating effectiveness of the key control activities.
Tests of details
We performed tests of details on Canada-Based Staff payroll expenditures, the purpose of which was to assess whether payroll expenditures were valid, recorded at the proper amount and recorded in the proper period (i.e. cut-off testing).
Hirings and terminations typically represent a higher risk of misstatement as these transactions are non-recurring and involve a certain degree of management judgment. As such, the auditors allocated 8 tests to individuals that were hired during the year, and 8 tests for individuals who had a pay termination during the year. The remaining 11 transactions represent employees who were employed by DFAIT throughout the 2011 financial year. Employees were selected based on lists provided by management; these lists identified all hires and terminations in the year, as well as employees who were employed throughout the year. The auditors did not validate the listings provided by management for completeness.
The tests were conclusive and did not identify any errors. Based on the testing performed, the auditors were satisfied that the transactions tested were appropriately recorded in DFAIT’s financial records.
Assessment of accounts payable balance
Management provided us with the accounts payable balances for Canada-Based Staff as at March 31, 2011 and March 31, 2010.The auditors performed analytical procedures on the March 31, 2011 account balance to assess the reasonableness of the year-end balance.
The payroll-related accounts payable balance for Canada-Based Staff as at March 31, 2011 is $25.6 million; the March 31, 2010 balance was $23.9 million; this represents an increase of $1.7 million or 7%. The increase is mainly attributed to:
- A $3.8 million (19%) increase in regular pay; and
- A $2.1 million (60%) decrease in overtime pay.
The auditors inquired with management on these differences. The increase in regular pay ($3.8 million) is related to a number of variances. The most significant variances include:
- an additional day of pay accrual in the 2011 financial year compared to the prior year balance (i.e. employees were paid one day earlier in the 2011 financial year compared to 2010, hence an additional day of pay accrual is required) for an amount of approximately $3.1 million; and
- Inflation increase in payroll for an amount of approximately $350,000 (for example, program and administrative services have a 1.7% increase in rates of pay from the prior year).
The decrease in overtime pay is primarily related to DFAIT’s internal objective to reduce overtime costs within the Department.
Based on the understanding of DFAIT’s activities, the auditors believed that these explanations were reasonable in the context of the overall account balances.
1.2 Non-Assessed Transfer Payments
High-level understanding of processes and controls
The auditors met with DFAIT’s Corporate Accounting group, as well as representatives of DFAIT’s Global Partnership and Global Commerce Support Programs, to gain an understanding of the roles and responsibilities, as well as the processes and controls used by management to record non-assessed transfer payments.
All transactions are processed by the various programs. As such, the programs are responsible for all sub-processes related to non-assessed transfer payments, such as:
- evaluating and accepting funding requests;
- performing contract adjustments;
- issuing payments and advances;
- processing of claim acceptances;
- processing of claim adjustments; and
- recording of transactions.
All payments are processed and approved centrally (Financial Administration Act (FAA) Section 33 requirements) by the Accounting Operations section at HQ. The section provides guidance on how to record transactions if a request is received. The financial management rests within the program. The Grants and Contributions Center of Expertise performs on-going reviews of each transfer payment agreement and ensures that payments issued are in line with each respective agreement. Corporate Accounting’s role is a quality assurance role, performing reconciliations as part of the reporting requirements for Government of Canada departments (such as the Public Accounts of Canada, quarterly financial reporting requirements, etc.).
Tests of Details
The auditors performed tests of details on non-assessed transfer payment expenditures. The purpose was to assess whether these expenditures were valid, recorded at the proper amount and recorded in the proper period (i.e. cut-off testing).
The 2011 transfer payments expense reported to us by management totalled $865.5 million. As the financial system does not segregate between assessed and non-assessed contributions, management performed a manual reconciliation and identified $573.6 million of assessed contributions; as such, the total population for testing purposes totalled $291.9 million. The auditors did not validate the listings provided by management for completeness. The auditors specifically tested:
- The authorization of the commitment (e.g. Section 32 of the Financial Administration Act);
- Whether there was a lawful charge against the contractual requirements (e.g. Section 34 of the Financial Administration Act);
- Whether there was an appropriate payment of the expense (e.g. Section 33 of the Financial Administration Act); and
- Whether the expense was valid, recorded at the proper amount and whether it was recorded in the proper period (i.e. cut-off testing).
A total expense amount of $47.9 million or 16.4% of total non-assessed transfer payment expenses were tested. The total amount tested was based on the sample selected, which reflects the overall non-assessed transfer payment population. The audit tests were conclusive and did not identify any errors. Based on the testing performed, the auditors were satisfied that the expenses tested were appropriately recorded in DFAIT’s financial records.
1.3 Acquisition and Disposal of Tangible Capital Assets
High-level understanding of processes and controls
The auditors met with DFAIT’s Corporate Accounting group, as well as representatives of DFAIT’s Information Technology group and the Contracting Policy, Monitoring and Operations groups, to gain an understanding of the roles and responsibilities, as well as the processes and controls used by management to record tangible capital assets.
All transactions are processed by the various programs. As such, they are responsible for most sub-processes related to tangible capital assets such as:
- purchasing (acquisition);
- maintenance;
- disposal, etc.
Capital asset acquisitions are approved in accordance with DFAIT’s delegation of authority (i.e. FAA Sections 32 and 34). Payments are processed centrally (FAA Section 33 requirements). The auditors were informed that management performs a three-way match on capital asset acquisitions (between the purchase order, the invoice and the goods receipt document). The capitalization of tangible capital assets follows DFAIT’s capital asset policy, which is based on Treasury Board Accounting Standard 3.1 (Tangible capital assets) and 3.1.1 (Software).
Corporate Accounting’s role is a quality assurance role, performing reconciliations as part of the reporting requirements for Government of Canada departments (such as the Public Accounts of Canada, quarterly financial reporting requirements, etc.). In addition, Corporate Accounting reviews the amortization expense which is automatically generated by the financial system; asset managers are not involved or informed of the amortization expense recorded.
The auditors were also informed by program management that there is limited guidance on capitalization criteria of repairs and maintenance expenditures. The auditors were informed that there is no formalized process or criteria to capitalize such costs; this decision is decentralized and is left to the asset manager. In addition, the auditors were informed that there is limited training provided on the accounting for tangible capital assets; some individuals indicated that they would like to obtain additional training in this regard.
Tests of Details
The auditors performed tests of details on acquisitions and disposals of tangible capital assets. The purpose was to assess whether these transactions were properly recorded; the testing did not address the completeness of acquisitions and disposals of tangible capital assets.
Corporate accounting provided a listing of acquisitions and disposals recorded during the 2011 financial year. The amount of acquisitions totalled $129.7 million, and the amount of disposals totalled $4.4 million. The listings provided by management were not validated for completeness.
For acquisitions, the auditors specifically tested:
- The authorization of the commitment (e.g. Section 32 of the Financial Administration Act);
- Whether there was a lawful charge against the contractual requirements (e.g. Section 34 of the Financial Administration Act);
- Whether there was an appropriate payment of the expense (e.g. Section 33 of the Financial Administration Act); and
- Whether the expense was valid, recorded at the proper amount and whether it was recorded in the proper period (i.e. cut-off testing).
For disposals, the auditors tested:
- The approval to dispose the tangible capital asset;
- Whether the disposal was recorded in the correct financial year; and
- If applicable, whether DFAIT received the correct amount from the proceeds on disposal.
The total amount of acquisitions tested was $34.2 million or 26.4% of the cost of all acquisitions, while the total amount of disposals tested was $1.1 million or 24% of the cost of all disposals. The audit tests were conclusive and the auditors did not identify any discrepancies or errors. Based on the testing performed, the auditors were satisfied that the transactions tested were appropriately recorded in DFAIT’s financial records.
2.0 Observations and Recommendations
As a result of performing specified procedures, potential areas for improvement were identified. The following summarizes the findings and recommendations in that regard. Management responses and action plan are contained in Appendix A.
Payroll Expenditures
Testing of the design and implementation of key control activities related to payroll expenditures.
Observation
Although management has documented the key control activities related to payroll expenditures, management has not tested the design and implementation or the operating effectiveness of these key controls.
Our understanding is that DFAIT is planning to test the design and implementation and operating effectiveness of key control activities for Canada-Based Staff payroll expenses in the 2011-2012 financial year.
Impact
Until controls have been tested, there is a risk that the controls identified are not appropriately designed and implemented, or operating effectively.
Recommendation
We recommend that:
- DFAIT complete its testing as planned; and
- Report on the results of the testing to management and the Departmental Audit Committee.
Documentation of the key control activities related to payroll expenditures
Observation
During our assessment of payroll controls and processes, we noted that management’s documentation of key controls (prepared for the purposes of DFAIT’s compliance with the Policy on Internal Controls) incorporates various elements, such as non-financial activities and various processes and procedures. In addition, the control matrices lack information such as the frequency of the control, automated controls and the individuals performing the controls.
Impact
The lack of focused documentation may cause management to test either the wrong controls, or incorrectly test key control activities, which would deviate from the requirement of the Policy on Internal Controls.
Recommendation
As DFAIT continues to document its processes and controls, DFAIT should ensure that
- Automated controls are clearly identified in the documentation and;
- The control matrix identify the frequency that the control activity occurs and provide sufficient information to properly test these controls.
DFAIT should also ensure that the documentation is sufficiently detailed in order to test only the key controls supporting Canada-Based Staff payroll expenses; this will provide senior management with focused results on whether key controls are operating effectively as well as enhance the accountability of control activities within the Department.
Non-Assessed Transfer Payments
Inability to segregate assessed and non-assessed transfer payments
Observation
We noted that DFAIT’s systems are unable to distinguish assessed and non-assessed transfer payments; a manual reconciliation is required, and is primarily based on management’s understanding of DFAIT’s operations.
Impact
While there is no impact on DFAIT’s reporting requirements for the departmental financial statements, the lack of identification of the type of transfer payment increases the difficulty in performing monitoring controls over non-assessed transfer payments.
Recommendation
We recommend that management implement processes to enable the identification of assessed and non-assessed transfer payments in DFAIT’s systems.
Lack of training on accounting for transfer payments
Observation
We noted during our discussions with management within the various programs that there does not seem to be formal training on accounting for transfer payments.
Impact
There is an increased risk that transfer payments may be incorrectly recorded in DFAIT’s financial statements.
Recommendation
We recommend that management assess the training needs of the transfer payment community and address any training requirements accordingly.
Tangible Capital Assets
Lack of clear guidelines for the capitalization of tangible capital assets
Observation
During our discussions with management, we noted that various divisions within DFAIT receive limited guidance on how to apply the capitalization criteria for tangible capital assets (e.g. repairs and maintenance).
Impact
There is an increased risk that expenditures incurred by DFAIT may be incorrectly recorded.
Recommendation
We recommend that DFAIT develop criteria for capitalization of expenditures to ensure the proper recording of tangible capital asset related transactions.
Capital assets do not meet the capitalization threshold
Observation
When examining the list of acquired tangible capital assets, we noted that 131 assets did not meet the capitalization threshold of $10,000, for a total cost of $480,310 (0.37% of total acquisitions).
We also noted during our discussions with management that there is no clear understanding of the bundling policy and criteria related to tangible capital assets.
Impact
There is an increased risk that expenditures incurred by DFAIT may be incorrectly recorded.
Recommendation
We recommend that DFAIT develop criteria related to bundling of tangible capital assets to ensure that transactions are recorded consistently across DFAIT.
Fully depreciated assets written-off without justification
Observation
We noted during our discussions with management that tangible assets are written-off (removed from the capital asset sub-ledger) once the assets are fully depreciated.
Impact
While there is no impact on DFAIT’s net results of operations, there is an increased risk that the note to the departmental financial statements on tangible capital assets may be misstated.
Recommendation
We recommend that DFAIT implement procedures to track tangible capitals to ensure that the capital asset sub-ledger is complete, accurate and include all existing tangible capital asset owned and managed by the Department.
Conclusion
There were no discrepancies or errors identified in the tests. As such, based on the scope of the work, the auditors found no reason to believe that the populations tested were materially misstated. The transactions tested were appropriately recorded in DFAIT’s financial records.
Appendix A: Management Action Plan
Recommendation
We recommend that:
- DFAIT complete its testing as planned; and
- Report on the results of the testing to management and the Departmental Audit Committee.
Management Response and Action
Design effectiveness testing has already begun. Once any design gaps are addressed, operating effectiveness testing will begin.
As required by the Policy on Internal Control, assessment results are reported to management and the Departmental Audit Committee through the Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting.
Responsibility
Financial Policy, Control & Community Development (SMO)
Anticipated Completion Date
June 2012
Recommendation
As DFAIT continues to document its processes and controls, DFAIT should ensure that
- Automated controls are clearly identified in the documentation and;
- The control matrix identify the frequency that the control activity occurs and provide sufficient information to properly test these controls.
DFAIT should also ensure that the documentation is sufficiently detailed in order to test only the key controls supporting Canada-Based Staff payroll expenses; this will provide senior management with focused results on whether key controls are operating effectively as well as enhance the accountability of control activities within the Department.
Management Response and Action
Process documentation (narratives and flowcharts) is designed to provide an overview of a particular business process and includes more information than just the key controls.
The control matrix is designed to then narrow the list of controls down to those which are considered “key” for testing purposes
The internal control matrix identifies and documents the risks related to each of the processes, the corresponding control objectives, the control activities designed to address the identified risks, and cross-references key control points to the process flowcharts. The internal control matrix will record the financial statement assertion addressed, the type of control (are controls manual or automated; preventive or detective; segregation of duties, etc), and the control process owner. All elements are taken together in the determination of which controls are to be considered key for testing purposes.
Key controls are then reviewed to ensure they are designed effectively.
Once all design gaps are addressed, the key controls (only) will be tested for their operational effectiveness. At this point the frequency with which the key control operates will be key to the determination of the sample size and reflected in the testing documentation.
Responsibility
Financial Policy, Control & Community Development (SMO)
Anticipated Completion Date
No further action is required
Recommendation
We recommend that management implement processes to enable the identification of assessed and non-assessed transfer payments in DFAIT’s systems.
Management Response and Action
DFAIT's financial system (IMS) is in compliance with the Government's Chart of Accounts and the TB Directive on the Recording of Financial Transactions in the Accounts of Canada; IMS does not differentiate between assessed and non-assessed transfer payments. The CFO Branch is therefore meeting its financial reporting obligation. Until an official request from Senior Management responsible for G&C programs is received, no action will be taken.
Responsibility
Financial Policy, Control & Community Development (SMO)
Anticipated Completion Date
No further action
Recommendation
We recommend that management assess the training needs of the transfer payment community and address any training requirements accordingly.
Management Response and Action
A DFAIT Focus Group is currently working on a “needs analysis” for the Development of a DFAIT specific course on Financial Management of Grants and Contributions. This initiative is anticipated to be completed this fiscal year.
Responsibility
Grants and Contributions Centre of Expertise (SMFC)
Anticipated Completion Date
March 31, 2012
Recommendation
We recommend that DFAIT develop criteria for capitalization of expenditures to ensure the proper recording of tangible capital asset related transactions.
Management Response and Action
There are capitalization criteria currently in place within the Capital Asset Policy and Guidelines which align with PSAB and TBAS. SMO will perform a complete review of the Capital Assets processes this fiscal year. The review will clarify, streamline and standardize guidance on capitalization. A communication and training strategy will be developed to promulgate the new procedures and guidelines.
Responsibility
Financial Policy, Control & Community Development (SMO)
Anticipated Completion Date
March 31, 2012
Recommendation
We recommend that DFAIT develop criteria related to bundling of tangible capital assets to ensure that transactions are recorded consistently across DFAIT.
Management Response and Action
As part of the capital asset review, SMO will revise the capital asset policy and guidelines to include clear policy requirements concerning the consistent recording of pooled purchases of assets individually valued less than $10,000.
Responsibility
Financial Policy, Control & Community Development (SMO)
Anticipated Completion Date
March 31, 2012