Internal Audit of Arrangements with Other Government Departments

Final Report
December 2011

Acronyms and Abbreviations

Executive summary

The internal audit of arrangements with other government departments was part of the 2011-14 Risk-Based Audit Plan. For the purpose of this audit, arrangements with other government departments consist of the Memorandum of Understanding (MOU) on Operations and Support at Missions with the Department of Foreign Affairs and International Trade (DFAIT), and administrative arrangements with other federeal government departments.

The audit objective is to provide reasonable assurance that adequate and effective management control frameworks are in place for managing both the MOU with DFAIT, and for monitoring the execution of administrative arrangements with other government departments (OGDs).

The Agency was a signatory, along with 22 OGDs, to an MOU with DFAIT that provides the framework for the delivery of common services abroad. In 2010-11, the Agency also had 34 active administrative arrangements, with a value of $178 million, with 18 federal government departments involved in Canadian International Development Agency (CIDA) programming (Appendix A). An administrative arrangement is a financial instrument for the provision of goods or services between government departments, including federal, provincial, territorial and municipal departments.

The Agency lacked a formally defined committee governance structure as well as clear roles and responsibilities for its overseas operations. In response, the Business Modernization Initiative (BMI), and in particular, the Enhanced Field Presence (EFP) Unit, undertook a number of initiatives to enhance the management control framework for overseas operations. These include strengthening the Agency's representation on DFAIT governance committees, proposing the creation of an International Operations Unit and re-activating CIDA's Field Operations Committee.

For administrative arrangement monitoring, the Agency has developed policy, guidelines and associated tools. Project development officers and analysts had a clear and consistent understanding of their roles and responsibilities as they relate to implementation and monitoring of an administrative arrangement. However, the monitoring of risk and performance management in administrative arrangements could be improved.

The report provides further details on our observations, including related findings and recommendations. The list of recommendations and the corresponding management action plan are presented in Appendix C.

Audit Conclusion

The Agency's management control framework for managing the MOU with DFAIT was informal and lines of accountability were unclear. Furthermore, Service Delivery Standards (SDS), which specify the common services provided at Canadian missions by DFAIT, were not monitored. However, the Agency has been working on various initiatives to formalize accountabilities, roles and responsibilities for managing overseas operations.

The management control framework for monitoring administrative arrangements with other federal government departments was adequately designed and generally effective. However, monitoring strategies for risk and performance need to be developed.

Statement of Assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusion provided and contained in this report. The audit conclusion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with management. The conclusion is applicable only to the entity examined. The evidence was gathered in compliance with Treasury Board policy, directives and standards on internal audit and conforms with the International Standards for Professional Practice of Internal Auditing of the Institute of Internal Auditors. The evidence gathered was sufficient to provide senior management with proof of the conclusion derived from the internal audit.

Chief Audit Executive

1.0 Background

The audit of arrangements with other government departments was part of the 2011-14 Risk-Based Audit Plan recommended by the Audit Committee and approved by the President on March 25, 2011. For the purpose of this audit, arrangements with other government departments consist of the MOU with DFAIT and administrative arrangements with other federal government departments.

CIDA has a long history of working with a wide range of OGDs either as executing agencies or with their significant involvement and collaboration in CIDA programming. The Agency works with OGDs in the development of Canadian policy to improve coherence in government policies affecting developing countries. OGDs also provide common services to the Agency.

The provision of funds from CIDA's Grants and Contributions vote to an OGD must be done in accordance with the Treasury Board (TB) Policy on Interdepartmental Charging and Transfers Between Appropriations.

The Agency had 34 administrative arrangements with 18 other federal government departments with a total value of $178 million funded through Grant and Contribution Vote. Administrative arrangements are managed by the Multilateral and Global Programs Branch, the Partnerships with Canadians Branch, and the Geographic Programs Branch. The latter manages 80% of the total value of these administrative arrangements.

The Agency has a field presence in about 45 countries^{Footnote 1}. Common services provided by DFAIT to the Agency, which is governed by the TB Policy on Common Services, consist of the infrastructure, staff and services required for Canadian representatives abroad to deliver the Agency's mandate.

On April 27, 2009, CIDA's President signed an Interdepartmental MOU on Operations and Support at Missions with DFAIT. The MOU regulates the services which DFAIT is mandated to provide to signatory government departments with programs at Canadian missions. The aim of the MOU is to ensure services to partner departments at missions are provided by DFAIT in an effective, transparent, consistent and fair manner.

2.0 Audit Objective, Scope, Approach and Criteria

2.1 Objective

To provide reasonable assurance that adequate and effective management control frameworks are in place for managing both the MOU with DFAIT, and for monitoring the execution of administrative arrangements with OGDs.

2.2 Scope

The audit examined whether an effective management control framework was in place to manage the 2009 MOU with DFAIT, and ensure value for money.

The audit examined the Agency's aid transfers to OGDs for administrative arrangements active in 2010-11.

The audit also followed up on the results of the 2007 internal audit of administrative arrangements with OGDs and, as such, the focus was on establishment and execution of an appropriate and effective monitoring plan for these arrangements.

Aid transfers to crown corporations, and provincial and municipal government departments, was excluded from this audit.

2.3 Approach and Methodology

The internal audit of arrangements with OGDs was conducted in accordance with TB policy, directives and standards on internal audit, and conforms to the International Standards for Professional Practice of Internal Auditing of the Institute of Internal Auditors. The evidence gathered was sufficient to provide senior management with proof of the conclusions derived from the internal audit.
The audit approach and methodology for the audit included, but was not limited to:

• Review of related policies, guidelines and instructions;
• Consultations with external stakeholders and internal interviews;
• Review and analysis of a sample of ten administrative arrangement files;
• Testing related processes through field staff survey; and
• Gathering and analysis of information received.

2.4 Audit Criteria

Audit criteria are the benchmarks used to assess the adequacy and effectiveness of the management control framework in place for the management of arrangements with OGDs. The criteria were developed after conducting a risk assessment as part of the audit planning process. The audit criteria were discussed with and agreed upon by the auditees, and are presented in Appendix B.

3.0 Main Audit Findings and Recommendations

Memorandum of understanding

Management Control Framework

The TB Policy on Common Services states that federal government departments receiving common services are accountable for adopting a way of operating which is cost-effective, business-like, and responsive to the operational requirements of the department. Departments must also clearly determine the goods and services they requested (i.e. what, when, and where), and ensure that they are receiving them in a timely and efficient manner.

Accountabilities, Roles and Responsibilities

DFAIT has 22 committees, councils and/or boards responsible for the governance of the mission network. The accountabilities, roles and responsibilities of the committees are clearly defined. CIDA representation on these committees is a key element of its management control framework. The Agency has recently enhanced its representation by having representatives on twelve committees, and has identified two more committees where its representation would be important. Representatives on the committees are from a cross-section of the Agency.

For its overseas operations, the Agency lacked both a formally defined committee governance structure and roles and responsibilities. Issues relating to overseas operations are reviewed and discussed at various committees including Management Board, business modernization committees and the Field Operations Committee (FOC). The FOC was re-activated in September 2011, chaired by the Director, EFP and with appropriate representation from across the Agency. Although FOC has terms of reference, these have not been formally reviewed and approved by a senior Agency management committee.

In 2009, when the Business Operations Group was dissolved, the EFP informally assumed responsibility for the administration and management of the MOU, but no formal responsibility has been established. Elements associated with field operations are spread across branches and, as a result, lines of accountability are blurred. A proposal has been made by EFP to the Business Modernization Implementation and Strategy Committees to create an International Operations Unit (IOU). These committees endorsed the establishment of the IOU, including its proposed mandate to manage the MOU, and the conversion of the EFP Unit into the IOU. Endorsement at the Corporate Management Committee and approval at Management Board is being pursued. EFP anticipated the IOU may be fully operational by April 2012.

There was no formally defined communications strategy to receive and share information and decisions emanating from DFAIT and CIDA committees.

Risk Management

The TB Framework for the Management of Risk states effective risk management equips federal government organizations to respond actively to change and uncertainty by using risk-based information to enable more effective decision-making.

A formal risk assessment was carried out for the decentralization initiative as part of the Agency's Blueprint for Enhanced Field Presence. However, there had not been a formal risk assessment of the risks directly related to the MOU, which provides the framework for the provision of services by DFAIT to the Agency at about 45 Canadian missions abroad.

Monitoring

The TB Policy on Common Services states that federal government departments, as users of common services, are accountable for developing appropriate operating policies and monitoring procedures to assure proper use of common service authorities. The audit found the Agency did not have formal monitoring procedures in place.

Service Delivery Standards (SDS), which detail the services provided at missions, and the related standard, are contained in Annex E of the MOU. The Mission Service Delivery Standards Guide identifies the common services to be provided by DFAIT, the respective roles and responsibilities of parties concerned, and the related service delivery standards participating departments should expect. The guide further states that the Head of Mission and Management Consular Officer have the overall responsibility to establish and manage mission specific SDS. These standards must also be reviewed and approved by the missions' Committee on Mission Management, which is comprised of all program managers. It also states that SDS should be reviewed annually at the mission level.

Only 1 of 12 Heads of Aid who responded to a field staff survey undertook monitoring. The survey also found that only 4 of 19 Canada-Based Staff were aware of the SDS specific to the mission, and only 3 had copies.

There was no formal mechanism in place to collect and report on feedback received from field staff. There was no clear understanding by Canada-Based Staff of how to report issues. As part of the 2011 pre-departure briefing for employees being posted to the field, only 20 of the 56 employees attended the half-day course on the MOU on common services abroad. This course was not mandatory, but highly recommended by the Agency.

Value for Money

Interviews revealed that DFAIT could not provide the Agency with basic post level financial cost information. The combination of not conducting formal monitoring, out-of-date SDSs and not having the required financial information from DFAIT did not allow the Agency to determine whether it was receiving value for money from the MOU.

Recommendation 1

The Vice-President, Business Modernization, should develop a formal management control framework for the Memorandum of Understanding (MOU) with DFAIT. The management control framework should include, but not be limited to:

• An appropriate governance structure;
• Clearly defined and communicated accountabilies, roles and responsibilities; and
• A formal risk assessment of the MOU and related mitigation strategy.

Recommendation 2

The Vice-President, Business Modernization, should develop, implement and communicate appropriate monitoring procedures to allow the Agency to monitor the quality and level of services being provided by DFAIT.

Administrative arrangements with other federal government departments

Management Control Framework

Policies, Directives and Guidelines

The Government has several policy documents designed to assist departments and agencies in developing and managing administrative arrangements, including the TB Policy on Interdepartmental Charging and Transfers Between Appropriations, the TB Policy on Common Services, the TB Policy on Special Revenue Spending Authorities, and Section 10.7.6 of the Receiver General Manual, which explains how to enter into transactions when an OGD administers a CIDA program. Agency guidance includes the Terms and Conditions for International Development Assistance, as well as Chapter 7 of the Contracting Guide for Managers in CIDA.

Program performance measurement and risk management at the Agency are guided by the Result-Based Management (RBM) Policy Statement and associated tools. The Investment Monitoring and Reporting Tool is designed and integrated into the Agency's information system. The tool provides the option of assessing progress on each outcome in the past fiscal year.

Within the Agency, there are directives in place to monitor contribution agreements and other arrangements, as well as to conduct account verification.

Roles and Responsibilities

Chapter 7 of the Contracting Guide for Managers in CIDA specifies that administrative arrangements should contain a clear delineation of the respective responsibilities of the parties involved, in order to ensure a whole-of-government approach is used for efficient and effective monitoring.

Roles and responsibilities for project monitoring by CIDA and its partner OGDs were generally specified within administrative arrangements. Furthermore, development officers and analysts had a clear and consistent understanding of their role and responsibilities as they relate to implementation and monitoring of administrative arrangements.

Risk Monitoring

Integrated risk management, one of the three components of CIDA's RBM policy, promotes a continuous, proactive, and systematic process to understand, communicate, and manage risk in a cohesive and consistent manner. It requires ongoing assessment of risks and ensuring they are adequately monitored and reviewed.

Within the Agency, numerous tools, templates, guides, tip sheets, and resources have been developed and compiled to assist employees in utilizing RBM. These tools, including risk management tools, are readily available to employees on the Agency's intranet.

Training is offered to support the implementation of RBM within the Agency, and the aforementioned tools are used by development officers and analysts in overseeing and monitoring administrative arrangements.

Of the ten administrative arrangement files reviewed, nine contained a risk management strategy. However, of these only three had a risk management strategy identifying how each risk would be monitored on an ongoing basis during project implementation.

The annual Management Summary Report (MSR) is one of the tools the Agency recently launched to support the implementation of its RBM strategy. It summarizes an investment's performance over the reporting period. It includes information on the total amount disbursed since the start of the project, the total amount disbursed in the reporting period, whether or not the investment is on track, a performance rating for the current year, and an updated risk register.

In 2010-11, of the seven administrative arrangement projects subject to the requirement that a MSR be prepared, six included a MSR, but only one had an updated risk register.

Performance Monitoring

The TB Management Accountability Framework requires relevant information on results be collected and used to make departmental decisions. The Agency uses RBM to better manage its international development programming from start to finish.

Reporting requirements were established in administrative arrangements, and the Agency was receiving reports on performance information from its OGD partner departments, as stipulated in each agreement. However, there was not always evidence the reports had been reviewed by development officers. Furthermore, there was no strategy for monitoring activities established for any of the administrative arrangement projects reviewed. Development officers stated additional guidelines for monitoring performance would be helpful.

Lessons Learned

A large part of successfully implementing and utilizing the RBM strategy involves reporting and integrating lessons learned into future programming. CIDA's MSR template includes a section in which development officers or analysts can input lessons learned; guidance is also available to Agency employees on how to capture lessons learned and incorporate them into the MSR.

Lessons learned were generally captured by development officers and analysts in the annual MSR. Development officers and analysts stated lessons learned were often shared on an informal basis amongst colleagues within the same division.

Recommendation 3

The Vice-President, Strategic Policy and Performance Branch, in collaboration with program branches, should ensure that adequate guidance is provided to staff on how to use tools in the development of risk and performance monitoring strategies for administrative arrangements with federal government departments.

Basis of Payment and Incremental Costs

The TB Policy on Interdepartmental Charging and Transfers Between Appropriations states that cost transfers between OGDs are restricted to incremental costs. There should be no charging for or recovery of imputed or fixed costs, as such costs are included in the appropriation of an OGD supplying the goods and services. To this end, Chapter 7 of the Contracting Guide for Managers in CIDA states that managers intending to sign an administrative arrangement with an OGD must ensure the Agency will only be charged direct incremental costs, or obtain proof from the OGD of its TB authority to charge fees over and above these costs.

In each of the administrative arrangements examined, allowable, eligible costs were defined under the Basis of Payment section of the agreements. Basis of payment are determined by CIDA's Grants, Contributions and Contracting Management Division and Legal Services Branch, in consultation with the partner OGD. Development officers and analysts used the Agency's procedures and tools governing account verification and advance payments when transferring funds to OGDs. Of the ten administrative arrangements reviewed, seven included expenses for salaries and fringe benefits of OGD staff as eligible costs. In five of those seven arrangements, there was no supporting documentation on file detailing the conditions under which these costs would be reimbursed by the Agency.

Project development officers did not always understand the concept of direct incremental cost, and there were no guidelines available to verify and monitor the incremental cost charged by an OGD.

Without clearly defined incremental costs, there is a risk the Agency may not be appropriately charged for the salary and fringe benefit costs it is reimbursing to OGDs as required under the terms of administrative arrangements. There is also the risk CIDA's grants and contributions funding may be used for OGD's salary, operations and maintenance costs, which may not be in compliance with the OGD's Appropriations Act and the TB's Transfer Payment Policy.

Recommendation 4

The Chief Financial Officer should ensure the conditions under which the OGDs can recover operational costs are clearly specified in each administrative arrangement, to ensure proper monitoring and compliance with TB policies.

Appendix A: Administrative Arrangements between CIDA and Other Federal Government Departments-as of March 31, 2011

Appendix B: Audit Criteria

MOU with DFAIT

1. A framework to govern the MOU is developed, communicated and implemented.
2. Business needs are identified, assessed and clearly communicated to DFAIT.
3. Common Services provided to the Agency's field operations outlined in the MOU, and the Mission Service Delivery Standards (SDS), are monitored adequately and in a timely manner.

Administrative Arrangements with Other Government Departments

1. Roles and responsibilities for overseeing and monitoring the execution of administrative arrangements are clearly defined, communicated and understood.
2. Guidelines for monitoring administrative arrangements are developed, communicated and referenced by development officers and managers.
3. A risk-based monitoring strategy is developed and implemented on an ongoing basis.
4. Monitoring results are used in program management decision-making process.

Appendix C: List of Recommendations and Management Action Plan