Archived information
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Internal Audit of Financial Management
Final Report
March 25, 2011
Table of Contents
Acronyms and Abbreviations
- CFO
- Chief Financial Officer
- CFOB
- Chief Financial Officer Branch
- CIDA
- Canadian International Development Agency
- CRP
- Corporate Risk Profile
- FMA
- Financial Management Advisor
- Gs&Cs
- Grants and Contributions
- IBP
- Integrated Business Planning
- MAF
- Management Accountability Framework
- MB
- Management Board
- MRRS
- Management, Resources and Results Structures
- PAA
- Program Activity Architecture
- RPAC
- Resource Planning and Allocation Committee
- RPP
- Report on Plans and Priorities
- TB
- Treasury Board of Canada
Executive Summary
Background
The internal audit of financial management was part of the 2010-13 Risk-Based Audit Plan recommended by the Audit Committee and approved by the President on May 28, 2010.
In 2009, the Treasury Board of Canada (TB) issued a suite of financial management policies and directives as part of its financial management policy renewal. Together with the Financial Administration Act, they provide clarity on the government's expectations relating to the adequacy and performance of financial management, process, practices and controls in federal departments and agencies.
The TB Policy on Financial Management Governance in particular sets out the roles and responsibilities of the Deputy Head, Chief Financial Officer (CFO), and Senior Branch Management for the stewardship, management and oversight of public resources. This audit focused on financial management at the strategic and corporate level.
Within the Canadian International Development Agency (CIDA), the Chief Financial Officer Branch (CFOB) is a key steward for the overall management and oversight of financial resources. As such, CFOB is the Office of Primary Interest in this audit.
Audit Objective
To provide reasonable assurance that CIDA's financial management practices support resource management, strategic planning, decision-making, and financial risk management.
Audit Conclusion
The audit concluded that, in general, the Agency is in compliance with the financial management requirements as set out by Treasury Board in the Policy on Financial Management Governance. The Agency has an effective governance structure to support its financial management through senior management committees and a strong risk management framework.
Opportunities exist to enhance integrated business planning and resource management practices in place at the Agency.
Statement of Assurance
In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusion provided and contained in this report. The audit conclusion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with management. The conclusion is applicable only to the entity examined. The evidence was gathered in compliance with Treasury Board policy, directives and standards on internal audit and conforms with the International Standards for Professional Practice of Internal Auditing of the Institute of Internal Auditors. The evidence gathered was sufficient to provide senior management with proof of the conclusion derived from the internal audit.
Chief Audit Executive
Audit team members
- Natalie M. Lalonde
- Shirley Wang
- Stelios Togias
- Imbert Legros
- Valérie Colomer
- With support from external resources
1.0 Background
The internal audit of financial management was part of the 2010-13 Risk-Based Audit Plan recommended by the Audit Committee and approved by the President on May 28, 2010. This is the first of a series of overarching audits planned for the next few years at the Agency.
In 2009, TB issued a suite of financial management policies and directives as part of its financial management policy renewal. Together with the Financial Administration Act, they provide clarity on the government's expectations relating to the adequacy and performance of financial management, processes, practices and controls in federal departments and agencies.
The TB Policy on Financial Management Governance (effective April 1, 2009) sets the roles and responsibilities with respect to financial management governance and capabilities, and is designed to ensure strong financial management of public resources, reinforce the principles of probity and prudence, and contribute to better decision-making. This new policy expands on requirements of departmental officials' roles and responsibilities for financial management governance that must be exercised for the stewardship, management and oversight of public resources. Within CIDA, the CFOB is responsible for the overall management and stewardship of financial resources and for delivering high quality, cost-effective, and responsive financial, contracting, integrated business planning, administration, security, and accommodation services.
2.0 Audit Objective, Scope, Approach and Audit Criteria
2.1 Objective
To provide reasonable assurance that CIDA's financial management practices support resource management, strategic planning, decision-making, and financial risk management.
2.2 Scope
The audit focused on CIDA's financial management at the strategic and corporate levels to allow the Office of the Chief Audit Executive to determine the extent to which a critical financial management foundation is in place to support resource management, strategic planning, decision-making, and financial risk management.
The audit work focused mainly on the 2009-10 fiscal year, with prior and current year information used to support and complete work as required. The audit team worked with the Preliminary Survey of Business and Management Infrastructure team to share information to ensure minimal duplication of effort and the least interruption to the auditees' regular operations.
2.3 Approach and Methodology
The internal audit of financial management was conducted in accordance with TB policy, directives and standards on internal audit and conforms to the International Standards for Professional Practice of Internal Auditing of the Institute of Internal Auditors. The evidence gathered was sufficient to provide senior management with proof of the conclusion derived from the internal audit.
The audit methodology included, but was not limited to:
- Consultations and validation through interviews and a survey;
- Documentation review and analysis; and
- Testing procedures for key areas identified (judgmental sampling methodology was used).
2.4 Audit Criteria
Audit criteria were developed after an extensive review of the results of the preliminary phase and the risk and control assessment, and were based on the Office of the Comptroller General's Core Management Controls. The auditees were given the opportunity to validate and approve the following audit criteria:
- The Agency's governance structure supports effective financial management through clearly stated priorities, plans and timely decision-making.
- The Agency has an effective budgeting process in place to support the timely financial resources allocation and approval of branch and divisional resources necessary to deliver on expected results.
- Financial information and management practices are effectively integrated into the Agency's strategic planning, monitoring and reporting processes.
- The Agency's risk management is integrated in the course of assessment and allocating resources.
3.0 Main Audit Findings and Recommendations
Governance
Financial Management Governance Committees
TB Policy on Financial Management Governance states that government organizations should have a sound financial management governance structure to foster the prudent stewardship of public resources in the delivery of their mandate.
The audit found that the Agency has established appropriate governance committees that are responsible for the financial oversight and challenge function in the organization. The Resource Planning and Allocation Committee (RPAC) is a senior forum for collective consideration of CIDA's annual budget process and Integrated Business Plan (IBP), whereby all budgeting and major proposals regarding the allocation and re-allocation of resources in support of CIDA's agenda, and budgetary dimension of all major reporting documents are reviewed. Management Board (MB) is the overarching senior forum, which determines and guides the Agency's strategic direction, and is the official decision-making committee on all corporate matters, including key financial management issues.
The review of a sample of records of discussions showed that the committees were operating within their mandates and that issues moved effectively to and from the MB and RPAC.
The financial information provided to committees was found to be timely, sufficient and relevant to the issues discussed. Members of those committees indicated that the information provided to them was adequate and that the decision-making process was appropriate.
Roles and Responsibilities
The TB Policy on Financial Management Governance states that all stakeholders should be aware and have a clear understanding of their roles, responsibilities and accountabilities for financial management and stewardship of public resources. Senior managers have direct responsibility for their respective branches, and play a wider role as part of the management team of the Agency as a whole.
In March 2009, the CFO provided an overview of the CFO Model to MB, highlighting the essential requirements of the model, and detailing the roles and responsibilities of all financial stakeholders. Since then, there has been significant turnover in senior branch management and in the CFOB, including the CFO. Interviews conducted with senior management indicated that not all have had formal briefings by the CFO, as it relates to financial management.
Recommendation 1:
The Chief Financial Officer should ensure that all senior departmental staff is kept current on changes to roles and accountabilities as they relate to financial management.
Planning
The TB Policy on Financial Management Governance requires the Agency to ensure that the strategic planning process adequately considers issues associated with financial risks, financial sustainability, governance, resource allocation and performance monitoring. A good strategic plan adds value to an organization by identifying priorities and management goals. It also lays out corporate strategies to improve program and service delivery, to mitigate risk and to achieve better results.
Externally, and within the Government of Canada, CIDA reports its annual plan through its Report on Plans and Priorities (RPP) which sets out, at a high level, and by priority, the Agency's mandate and its resource allocation and expected results.
More recently, CIDA initiated an internal annual IBP process, led by CFOB, that links corporate and branch level planning, and that takes into account the key challenges faced by the organization in the allocation of resources. The Agency is currently in its third integrated business planning cycle and is preparing the corporate IBP for 2011-12. The audit found that the process has matured with each successive IBP, including considerable improvements in the timeliness of the exercise. Interviews with senior managers indicated a sound level of satisfaction with respect to progressive improvements in the IBP process and report. This steady progress denotes that, as intended, with time, the IBP will increase its usefulness as a management tool.
Although three-year notional budgets are provided in each Branch's IBP template, it has been noted that the 2009-10 and 2010-11 Corporate IBP processes only included the plans for the upcoming year for both the operating expenses and grants and contributions (Gs&Cs). A longer-term planning horizon at the Agency level can provide a blueprint for responding to the many changes and pressures. The Agency's senior management indicated that with the completion of the reviews of Countries of Focus and the Multilateral Effectiveness, a further step towards strategic planning practices was taken in 2010, under the lead of CFOB, to compile information in a corporate-level commitment matrix to support multi-year planning activities related to Gs&Cs for 2010-13. The 2010-11 Gs&Cs budget was managed through this tool and a recent update is being used as the basis for the 2011-12 IBP exercise.
The policy requirements of Program Activity Architecture (PAA) are set out in Section 6.1.1.2 of the TB Policy on Management, Resources and Results Structures (MRRS). Among other things, A PAA is required to "explain in sufficient detail to reflect how a department allocates and manages its resources to achieve their intended results".
The Agency's current PAA is well articulated within the 2010-11 IBP, including identifying, at the branch level, expected results by program activity. However, the 2010-11 IBP, as a roll-up of Branch plans, lacks the specifics of non-financial targets for progress toward those expected results. As well, the planned resource allocation (budget) at the branch level by program activity was not reflected into the Corporate IBP. Defining the targets and the resource allocation sets the base level to monitor achievement through the year. Including this information will assist management to have a better perspective of where the Agency stands with respect to achieving its financial and non-financial targets in relation to the PAA.
The IBP links planning at the branch and corporate levels. Other processes within the planning continuum, such as the program commitment matrix, RPP, Annual Reference Level Update, Main Estimates, also require similar information. Opportunities exist to create greater efficiencies and consistency in the overall planning exercise, by integrating these various processes both from a timing and coordination perspective, by minimizing possible duplication in the gathering of needed information and by comparing the results of the IBP bottom-up to the Main Estimates and RPP figures.
In accordance with the planning process set out in the TB Policy on Financial Management Governance, periodic performance monitoring should be in place to measure progress toward the achievement of expected results throughout the year, while linking resource expenditure to results, ideally by PAA. This would also be expected to be done in an integrated manner with other Agency's monitoring and reporting exercises.
Recommendation 2:
The Chief Financial Officer should ensure that the Integrated Business Plan process includes resource allocations at the branch level aligned with the Program Activity Architecture, as required by TB Policy on MRRS.
Recommendation 3:
The Chief Financial Officer, in collaboration with the Vice-President (VP), Strategic Policy and Performance Branch (SPPB), should take the steps required to achieve further integration of planning and reporting processes, ensuring that annual financial and non-financial targets for the achievement of program results are established, subject to ongoing performance monitoring and internal management reporting.
Stewardship
Financial Management Policies and Directives
The TB Policy on Financial Management Governance states that the CFO is the key steward with respect to relevant legislation, regulations, policies, directives and standards related to financial management and should develop, communicate and maintain the departmental financial management framework.
The Financial Management Advisors (FMAs) provide advice and support to branches on planning, control and resource management, financial and performance reporting and analysis, grant and contribution programming, as well as financial accounting, policy and control. FMAs are co-located within the branches they serve and report to the CFOB. This structure is designed to maximize efficiency and consistency in the delivery of financial services across the Agency and to align with the updated CFO model.
The CFOB maintains, regularly updates, and communicates a full suite of financial management policies, guidelines, financial bulletins and financial services within the Agency. The audit also noted a good practice of weekly meetings between senior FMAs, which provide an opportunity for information dissemination and discussion.
Financial Disbursements
As part of its management of funding agreements and the discharge of its accountabilities for the appropriate stewardship of public funds, CIDA must exercise due diligence with respect to all investments. CIDA's initial and ongoing due diligence assessments must reflect the requirements of the various Government of Canada acts, regulations and policies.
At the international level, the Agency is part of a larger development community that includes aid agencies from other donor countries, development banks, United Nations and other multilateral institutions, civil society and non-government organizations, and the governments of recipient countries. CIDA is continuously influenced by international developments, which are dynamic and changing in nature. In addition to its regular development activities, the Agency must have the ability to respond swiftly to serious and often unpredictable humanitarian crises.
Within the Government of Canada, the nature and timing of how funds for international assistance are provided may lead to a certain amount of programming being carried out in the last few months of the fiscal year. For example, the CFO has indicated that the amount of the Agency's residual holdback is not confirmed until October. Further, the International Aid Envelope (IAE) increment, received annually until 2010-11, was transferred through the Supplementary Estimates Process that takes place in the last quarter of the fiscal year. These factors contribute directly to the Agency's year-end spending pattern.
In order to meet these challenges, the Agency has built a certain level of flexibility into the budgeting process to ensure it is responsive to any unanticipated funding requirements in a timely manner. The audit noted, for the past three years, an increasing trend in total disbursements occurring during the month of March.
The audit also noted that the CFOB and Agency senior management are aware of the spending patterns of the organization. In order to minimize risks associated with year-end disbursements, the Branch has put in place monitoring and oversight mechanisms that are exercised through the year with the full participation of senior management. This includes annual mid-year and third quarter reviews. A Gs&Cs monitoring Committee has been established to ensure that the Agency's commitments are met by conducting year-end weekly and daily budget reviews to support decision-making with respect to the allocation and reallocation of financial resources.
Financial Risk Management
The Agency's Corporate Risk Profile (CRP) plays a central role in ensuring risk-informed decision-making and contributing to the Agency's risk-smart culture. It shows how CIDA management perceives, assesses and manages risk. Senior management has been engaged through regular risk assessment sessions, the revision of risk information and the review of risk responses.
The most recent Management Accountability Framework (MAF) assessment (2009-10) gave CIDA a strong rating in continuous improvement and acceptable rating for senior management accountability, implementation and integration as it relates to effectiveness of corporate risk management.
The Agency has a risk tolerance methodology both at the corporate and program levels, which combines integrated risk management and results-based management in the same unit to reduce complexity and increase awareness of risk related matters. Risk assessments are carried out for country programs, for TB submissions and for project initiatives. Updates of the CRP are linked to the schedule of fiduciary risk assessment.
To adequately manage financial risk, the Agency developed a new risk management tool for standardizing fiduciary risk assessments for all types of recipients, which will allow the administrative requirements for recipients to be proportionate to the level of risks specific to both the program and the recipients' risk profiles.
Within the IBP, branches are required to identify key risks and to provide key response strategies to those risks. These risks and strategies are directly linked to the CRP. As well, there is a section in the IBP, titled Addressing Risks, which further discusses risk management in the Agency and the expectations for branches and employees.
The Agency has established a risk management process that identifies, updates and addresses financial risks. Three of the twelve risks identified in the CRP are financial risks, and the budget development and approval process considers the Agency's key risks as outlined in its CRP.
Appendix 1: List of Recommendations and Management Action Plan
Recommendation | Responsibility | Proposed Management Measures | Target Date |
---|---|---|---|
1. The Chief Financial Officer should ensure that all senior departmental staff is kept current on changes to roles and accountabilities as they relate to financial management. | CFO | CFOB management will meet with program branch management teams to ensure a better mutual understanding of the role and accountability of senior management staff related to financial management. | June 30, 2011 |
CFO will send a communiqué to remind senior management staff of the key financial and contracting management directives, policies, guidelines, processes and tools currently available on Entre-Nous. | September 30, 2011 | ||
CFO will prepare a New Senior Manager Package to provide early, accurate information to any incoming branch heads. The package will complement the meetings that CFO already schedules with new branch heads. | October 31, 2011 | ||
2. The Chief Financial Officer should ensure that the Integrated Business Plan process includes resource allocations at the branch level aligned with the Program Activity Architecture, as required by TB Policy on MRRS. | CFO | CFOB will include financial information by program activity in the 2011-12 IBP and will evaluate options to include actual spending by program activity in the monthly financial management report. This information would allow for monitoring of the IBP as well as the Main Estimates and Report on Plans and Priorities. | October 31, 2011 |
3. The Chief Financial Officer, in collaboration with the Vice-President (VP), Strategic Policy and Performance Branch (SPPB), should take the steps required to achieve further integration of planning and reporting processes, ensuring that annual financial and non-financial targets for the achievement of program results are established, subject to ongoing performance monitoring and internal management reporting. | CFO | The CFO will work with the VP/SPPB to improve the coordination of the planning and reporting requirements. In 2011-12, the organization will pilot linking financial and non-financial information on one low-income country and one middle-income country, including monitoring through regular budget reviews. Branches will also be required to monitor progress throughout the year against CIDA's strategic priorities identified in their IBP. | March 31, 2012 |