Archived information
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Audit of Revenue and Cash Handling Controls
Foreign Affairs and International Trade Canada
Office of Audit, Evaluation and Inspection
August 2013
Table of Contents
Executive Summary
The objective of the audit is to ensure that all funds received by DFAITFootnote 1 are appropriately controlled, deposited and accounted for, in an accurate and timely manner. The audit assessed whether:
- Management controls are well designed and operating effectively to minimize losses due to abuse, mismanagement, errors, frauds, omissions and other irregularities.
- All money received is registered, deposited and recorded in departmental and Receiver General Accounts in a timely manner in accordance with applicable requirements, regulations or legislation.
- Progress had been made on recommendations from the 2009 Audit of Cash and Banking.
Why is this Important?
DFAIT processed and controlledFootnote 2 approximately $258 million in fiscal year 2011-2012 within Canada and at its missions abroad. To ensure prudent stewardship of public funds, proper safeguards and controls are required to be in place.
DFAIT is redesigning the way it delivers its financial services in missions abroad with the delivery of financial services from Common Service Delivery Points (CSDPs). These CSDPs are to provide financial support to partner missions thereby establishing an effective and efficient delivery of corporate services abroad. This audit will help to provide an assessment of the controls within this new administrative environment.
This audit was identified in the 2012-2015 Risk-Based Audit Plan. The audit was included as a result of control issues reported in previous audits and investigations, of recent changes to mission accounting operations and as part of our continued focus on DFAITs financial management framework.
Key Findings
Financial controls over revenue collections in missions require improvement. While revenues are charged and recorded accurately and supported by acceptable financial records, there are a number of control weaknesses that leave missions vulnerable to losses from omissions, errors or theft. Specifically, there are weak mission level monitoring controls. We note, however, that progress has been made in the development of an automated system for consular revenues collections and in the acceptance of non-cash payments through the Mission On-Line Payment System. Once fully implemented, these two initiatives will significantly reduce risks within missions.
On program revenues, we find that the Department does not have well-designed systems of control for activities related to revenue collection. While export and import permits have an automated system to account for goods coming in and out of the country, other programs have not designed controls to reflect proper accounting and recording processes. For example:
- The department does not have systems in place to consistently record revenues collected for the International Experience Canada Program in a timely and accurate manner. This revenue is re-spendable and once it is collected and recorded in DFAIT’s financial system it is available for forecasting and budgeting for the balance of the fiscal year. In addition, revenue recognition practices are critical to the accurate reporting of revenues in DFAIT’s financial system and on DFAIT’s Financial Statements.
- The Trade Fairs and Mission Programs do not have clear instructions and procedures for revenue collection and is not accounting for and recording revenues using the proper authorities. This has resulted in DFAIT collecting revenues in excess of those authorized by authorities. Effective procedures and guidance need to be in place to ensure that DFAIT is collecting revenues for all authorized activities and is using the proper authorities to account for these revenues.
In completing this audit, we also reviewed whether recommendations made in the 2009 Internal Audit of Cash and Banking had been fully addressed. Progress has been made against most of the issues identified in 2009; however, the implementation of key monitoring controls remains an area of concern. Improvements to the guidance provided over monitoring controls will help in the development and training of Management Consular Officers and ensure that these officials can be held accountable for the management of mission finances.
Finally, there have been significant changes to the financial working environment within missions with the introduction of Common Service Delivery Points. This will require that the CFO Branch, who has the overall accountability and responsibility for the finance function of the department, develop a new control framework which defines this environment and which educates Heads of Missions, Management Consular Officers and Deputy Management Consular Officers on their monitoring responsibilities within this new environment.
Conclusion
The audit found that missions are recording revenues accurately with appropriate financial support. There are however control weaknesses that leave missions vulnerable to losses. Systems have not been well designed to account for program revenues and DFAIT cannot ensure that revenues from these programs are recorded accurately in the Financial Statements. Some progress has been made on recommendations from previous audits however, improvements are still required.
Statement of Assurance
In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support a high level of assurance on the accuracy of the information in this report. The results are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The results are applicable only to the processes examined. The evidence was gathered in compliance with Treasury Board Policy, Directives, and Standards on Internal Audit for the Government of Canada.
Yves Vaillancourt
Inspector General and Chief Audit Executive
1.0 Background
The Department of Foreign Affairs and International Trade (DFAIT) collects and handles revenue and cash within Canada and at missions abroad for the delivery of services and programs. The following information is an overview of these revenue activities.
DFAIT provides services at its embassies, consulates, high commissions and other government offices. Services are provided and delivered to Canadian citizens, other federal government departments and co-located partners. The majority of revenues and cash collected and handled abroad comes from consular services and Citizenship and Immigration Canada (CIC).
Consular services are provided by DFAIT to Canadians for the issuance of passports, emergency documents and the provision of legal and notary services. These services provide critical support to Canadians living and travelling abroad, many of whom have no other place to turn in the event of an emergency. Revenues from consular services delivered at missions in 2011-2012 totalled approximately $17.2 million. While payment methods vary from mission to mission, most missions accept cash for these services.
In many DFAIT offices abroad, employees of CIC collect revenues for the provision of services. These include fees for temporary and permanent residence applications and other legal documents. These funds are recorded and deposited by DFAIT on behalf of CIC. Revenues recorded from these services totalled $226 million in 2011-2012. The majority of these revenues are paid by certified cheques, bank drafts or through Visa Application CentresFootnote 3 (VACs). Limited cash is collected for these transactions.
Finally, and in addition to the services listed above, there are three programs delivered by DFAIT that charge user fees to cover some or all of their costs.
The first program is International Experience Canada (IEC). IEC enters into bilateral reciprocal agreements with countries around the world to offer cultural exchange opportunities for Canadians and foreign citizens. This program gives Canadians an opportunity to travel, live and work abroad and gives foreign citizens an opportunity to travel, live and work in Canada. Participants in the program pay a participant fee to cover the costs of processing applications.
The second program is DFAITs Trade Mission and Fairs Program. Each year, the Government of Canada holds trade missions in foreign counties to promote our trade interests. The Government also participates in trade and education fairs both within Canada and in other countries to promote Canadian programs. Individuals representing Canada’s business and education sectors are invited to accompany Canadian officials to these missions and fairs by paying a participation fee to cover their costs.
The third program is DFAIT’s Import and Export Control Program. DFAIT issues permits to businesses and individuals for the importing and exporting of certain goods into and out of the country. These permits allow the Government of Canada to both control the flow of goods to and from Canada and to track and report on its imports/exports in order to meet its legislative, regulatory and international obligations for specific goods and technologies.
About Revenue Controls:
The requirements for the controls over the handling of revenues have been established by the Government of Canada through the Financial Administration Act and related Treasury Board Policies and Directives. In addition, DFAIT has specific departmental policies and procedures related to revenue controls.
Revenues collected by DFAIT are either respendable or non-respendable. Respendable revenues are revenues provided under a revolving fundFootnote 4 or a net-votingFootnote 5 authority and are netted against the costs of operations. Non-respendable revenues are returned to the Government of Canada Consolidated Revenue Fund.
About the Audit:
This audit was identified in the 2012-2015 Risk-Based Audit Plan. The audit was included as a result of control issues reported in previous audits and investigations, of recent changes to mission accounting operations and as part of our continued focus on DFAITs financial management framework.
The following methods were used to gather audit evidence in order to conclude on audit criterion listed in Appendix B of this report:
- review of DFAIT policies and directives on cash and revenue management;
- process and control mapping of revenue and cash handling practices;
- conduct of transaction tests within eight Missions and at Headquarters;
- review of reconciliations for revenues at Missions and Headquarters; and,
- conduct of interviews with Finance, Headquarters and Mission staff.
The audit assessed the handling of funds recorded from April 1, 2010 to March 31, 2013. More detail can be found in Appendix A – About the Audit.
2.0 Observations and Recommendations
2.1 Revenue Control Framework in Missions
Monitoring controls within missions are not effective.
An effective financial framework in missions requires clearly designed and documented procedures to ensure roles and responsibilities are well understood, to hold individuals accountable and to ensure controls are in place and well-designed. In addition, DFAIT is obligated by legislation to charge specific fees for consular services. Revenues must be reported on a timely basis and in the correct period to ensure the accuracy of DFAIT’s financial reporting and to properly budget in the case of re-spendable revenues. An effective set of controls over the processing and security of funds reduces the risk of loss of funds due to misappropriation, errors, or theft. Lastly, monitoring controls need to be well designed and implemented to manage risks, to serve as mitigation controls where preventive controls are not effective and to manage employee performance.
The audit, therefore, examined whether missions:
- have documented operating policies and procedures for the collection, recording, and deposit of funds;
- have clear roles and responsibilities for the design and implementation of controls over revenues and cash held abroad (including the design of monitoring of controls) that were well understood and applied;
- are billing accurately and have proper supporting documentation;
- are recording revenues on a timely basis and in the proper period; and,
- have well-designed internal controls over the processing and security of funds held in missions and departmental bank accounts.
There are limited operational procedures in most missions for revenue collection as well as for revenue processing, billing, safeguarding and recording.
A comprehensive set of documented operating procedures is not in place in any of the missions tested. Clearly defined and documented operating procedures that are regularly monitored allow management to identify key controls, hold employees accountable, monitor compliance and ensure an effective audit trail from receipt of funds to deposit in departmental bank accounts.
In one mission, the audit team found that there are some documented procedures in place for the accounting section. However, upon reviewing transactions, the auditors found that the documented procedures are not being followed in many cases. The auditors discussed these findings with the accountant and the Deputy Management Consular Officer (DMCO). They indicated that documented procedures are not always followed due to staff absences and other operational demands. They also indicated that there is no monitoring of compliance with these procedures by the Management Consular Officer (MCO) or DMCO.
Mission level monitoring controls are not well designed or implemented and roles and responsibilities for these controls are not clear and effective.
The Chief Financial Officer Branch is responsible for providing functional direction and advice to missions abroad on accounting operations through the establishment of policies and appropriate internal control frameworks. The MCOs within the International Platform Branch are responsible for the implementation of internal controls within missions.
Revenue Certification
Missions need monitoring controls in place to ensure that revenues collected over the counter or through the mail, are recorded in the financial records and deposited in the bank and to identify issues that would require further investigation.
All of the eight missions we visited use the “IMS Section 34/33 line item details report” to confirm and sign off indicating that the daily consular revenues collected were deposited to the accounting section and recorded in the financial systems. This IMS report was not designed to be used as a revenue collection report. Rather it is an expense report and is missing key information needed to certify revenue collection and recording.
In one mission, the audit team discussed the report with the DMCO and asked her how she used the report to certify that all revenues were collected. The DMCO indicated that she was unaware of the purpose of the certification control and was signing the line-item report because she was told to do so upon her arrival at the mission.
Segregation of Duties
A key control within any financial framework is effective segregation of duties between the collection, recording and depositing of revenues. Many missions have limited human resources in their consular and accounting sections. In some cases, there is only one individual responsible for the collection and deposit of daily revenues from the consular section to the bank. In addition, even where there are two individuals and opportunity to properly segregate duties, our tests showed that the duties are not properly segregated as a result of employees being absent, required to meet operational demands or other duties.
Given this lack of proper segregation of duties, missions should have well-designed monitoring controls to mitigate the risks related to the absence of segregation. In most missions tested, this was not the case. Specifically, there is no monthly reconciliation of revenue collections to bank deposits and the MCOs or DMCOs cannot confirm that all revenues collected were deposited into the bank. Monitoring of deposits to and from the accounting section would provide a mitigation control, but this is not implemented in most missions tested.
In one mission, the audit team found that there was only one individual in the accounting section who is responsible for collecting revenues from the consular section and preparing the bank deposit. Revenues are recorded into a cash log by the accountant upon receipt of cash from the consular section. There is no monitoring of this cash log. If any of the daily deposits from the consular section were not recorded in the cash log and deposited to the bank, there is no control that would identify this anomaly.
Petty Cash Monitoring
MCO’s are required to conduct periodic surprise petty cash counts. These sudden tests to reconcile cash on hand against financial records ensure that cash is properly managed by the petty cash custodian and reduces the risks of malfeasance. The importance of this control is further evidenced by the fact that auditors found multiple instances of petty cash that did not reconcile during site visits. However, no significant overages or shortages were observed.
Bank Account Reconciliations
Some missions continue to have challenges with the submission of bank account reconciliations within the required ten business day timeframe. In over half of the missions audited, bank reconciliations were not submitted within this timeframe. The reasons noted for the delay in timely bank account reconciliations included attending to other priorities, employee absences and turnover of Canada-Based Staff due to regular rotation.
Overall, the audit found that these weaknesses in monitoring controls leave missions vulnerable to loss of funds by employees.
Revenues are appropriately billed to clients and supported by proper financial documentation.
Missions are billing at the correct rates as set out by legislation and regulations. They are also effectively monitoring exchange rates and there is sufficient supporting documentation for each revenue transaction. With only minor exceptions, revenue for consular and immigration services is being recorded to the correct account.
Revenues are not recorded on a timely basis and in the proper period.
In four of the eight missions audited, revenues are not being entered into the financial IMS system on a timely basis. As well, cash is not deposited from the consular section to the accounting section on a timely basis. Finally, year-end revenues for immigration and/or consular are not coded in the proper fiscal year. Revenues should be deposited to the accounting section and recorded in the financial system on a minimum weekly basis. This ensures that there is an accurate and up to date record in the financial systems, reduces risks of errors due to loss of information, allows DFAIT to appropriately budget in the case of re-spendable revenue.
In many cases, there is a lack of monitoring of revenue recording and depositing within the mission. As well, awareness of the importance of completing year end procedures is very limited. Although procedures detailing how to record revenues at year end are sent from Headquarters Finance each year and discussions on year end procedures are held with mission staff, there continues to be challenges with respect to accounting for revenues in the proper period.
Cash and financial instruments in missions are physically secure.
Most missions have effective security controls for cash held in missions, cash transported outside of missions, and cash held in departmental bank accounts. Most missions secure cash in safes where there is limited access, have proper controls over departmental bank accounts and make arrangements for the security of cash and individuals when making deposits to the bank. We recommend improvements in some missions with respect to the frequency of these deposits and to keep better information on who has access to safe keeping areas.
Progress has been made in the development of standard tools and the automation of the revenue collection process.
The systems for the collection of consular revenues vary from mission to mission. Many missions are still using a manual receipt process while others are using an automated one. In general, automated systems provide better controls over funds when the benefits exceed the costs of implementation. The consular division of DFAIT is developing a financial module that will automate the consular process for all missions. This is expected to be rolled out to all missions in 2013-2014.
There are no standardized payment methods for services delivered in missions.
In all eight missions, payment methods are dependent on the individual preferences of the Mission or were inherited from previous management. This means that financial administration decisions related to payment method is influenced by management of the day rather than moving to standardized department-wide payment systems. As the acceptance of cash is considered a higher risk for malfeasance and generally requires more controls and monitoring at an additional cost than other forms of payment, we note that there is no policy or there is no tracking of the use of cash within these missions.
Risk related to the acceptance of cash payment is expected to be significantly reduced with the introduction of the Mission On-Line Payment System (MOPS) which will allow clients to pay by credit card. In addition to reducing the use of cash within missions, the MOPS will be able to record revenue directly into DFAITs financial system without additional work from mission accountants therefore increasing efficiencies. The On-line system is being rolled out to all missions in 2013-2014.
While clients will have the option to pay by credit card within missions, there are no requirements or policies that make it mandatory. Due to the efficiencies gained through credit card payments and the reduced risks to missions, the CFO branch should consider making credit card payments mandatory while recognizing that this will not be feasible in all countries due to local laws and banking systems.
Improvements are required in the CFO Branch’s monitoring of financial controls within missions.
The Financial Operations directorate at DFAIT Headquarters monitors mission bank account reconciliations, conducts periodic asset and liability reviews, and conducts some on-site reviews of controls. While these processes provide useful information, our audit results indicate that there is a need to review the approach to monitoring of mission financial operations that is currently being done. We found issues within missions regarding the timely recording and depositing of revenues, weaknesses in mission monitoring controls and weaknesses in segregation of duties. Without an effective system of monitoring, the Financial Operations Directorate cannot effectively exercise its oversight role and monitor risks within missions.
Recommendations
- Financial Operations (SMF) should develop a guide of standardized monitoring controls to be conducted and documented by MCOs and DMCOs in all missions. Consideration needs to be given to tailored controls needed for Common Service Delivery Point missions, the recipients of these Common Services and for Stand Alone Missions and whether missions have automated or manual revenue collection systems.
- Financial Operations (SMF) should review its process for the monitoring of mission financial controls and the use of cash within missions to ensure it focuses on all risk areas.
- Financial Operations Directorate (SMF) in conjunction with the International Platform Branch (ACM) should strongly promote the use of the Mission On-Line Payment System in all missions.
2.2 Program Revenues
Systems and processes to account for program revenues are not well-designed.
The audit team examined whether there were effective controls in place to bill, document, collect and record revenues earned from clients under three separate programs: Import and Export Permits Program, International Experience Canada and, Trade Fairs and Missions.Footnote 6 Programs are administered centrally through DFAIT Headquarters, within missions or a combination of both.
DFAIT is responsible for administering the import and export program under the Export and Import Permits Act. The Act gives DFAIT the authority to grant or deny applications for import or export permits on the import control list, export control list and on the Automatic Firearms Country Control List. DFAIT collected approximately $2.5 million in revenues in each of the past two years for the issuance of these permits. Revenue from permits issued is non-respendable.
International Experience Canada (IEC) is a program that was established to promote reciprocal international cultural exchanges through travel, life and work experience between Canadian youth and youth from other countries based on bilateral agreements. According to the User Fee Act, any IEC applicant who applies to enter Canada under the International Experience Canada (IEC) program shall, if the application is approved, pay a participation fee of 150 dollars. IEC is managed on an annual participation quota basis. As well, each year, IEC Headquarters is responsible for negotiating annual participation quota of each country through a bilateral arrangement with Canada. Currently, there are 32 countries which have an international arrangement. IEC is one of DFAIT’s net-voting activities. The revenue collected is re-spendable against the costs of operations. In 2011-2012 approximately $9.5 million was collected in participation fees for this activity.
DFAIT’s Trade Commissioner Service helps Canadian companies and organizations globally through trade fairs, trade missions and international business development services. These include Minister led trade missions to other countries, participation in domestic and international education fairs and participation in business development fairs. Businesses and individuals pay participation fees to DFAIT for their involvement in these events. Revenue collected from these activities is re-spendable. According to the Public Accounts, DFAIT has approved $3.1 million re-spending authority under international commerce for fiscal years 2010-11 and 2011-12.
Controls are in place to ensure that export and import permit clients are billed at the correct rates, funds are collected and safeguarded, and revenues are recorded in a timely manner.
Over 95% of revenues are generated through permits issued by the Export and Import Control System, which is an electronic system that allows clients to register and apply for permits. Permits are generally issued within four hours of application and the system automatically determines whether fees apply, as not all permits issued are subject to fees. The audit team found that controls were in place for the billing and collection of revenues and monitoring of receivables. There are system controls that limit access and ensure the accuracy and completeness of data.
Approval authority and procedures for permit refunds are not clear.
Documented procedures indicate that DFAIT Finance is responsible for deciding if permit fees should be refunded to the applicant, and that the Trade Controls and Technical Barriers Bureau (TIA) may advise Finance on the refund decision. The TIA Bureau managers can also override any DFAIT Finance credit decisions. It is not clear who has the authority to issue refunds.
In practice, the audit team observed that refund decisions are approved by the accounts receivable team without official instructions/criteria or advice from permit officers in the TIA bureau. Accounts receivable officers do not possess detailed knowledge of these activities to make refund decisions. Based on data obtained from the system, $96,000 of permits were cancelled in fiscal year 12/13. Without clear procedures, criteria and documented authorities for permit cancellations, the Department cannot ensure that all permit refunds are valid and authorized.
The basis of revenue recognition for IEC revenue is inconsistent.
Revenue recognition determines the accounting period in which revenues and expenses are recognized. According to the principle of revenue recognition, revenues are recognized when they are realised or realisable and are earned (usually when services are rendered) no matter when cash is received.
IEC collects participation fees from clients to offset the cost of administration of applications to the program. There are two stages of application reviews that each participant must pass before being accepted into the program. DFAIT employees at Headquarters or Missions review the initial application for required information and proof of payment. Once this is confirmed, the client’s information is given to Citizenship and Immigration Canada (CIC) for an admissibility review. If clients are accepted by CIC, they receive a letter of introduction to the program. This letter of introduction is the critical step in the process. Once it is issued, participants can no longer receive a refund. This step is therefore considered the revenue recognition point for the program or the point at which revenues should be recorded into DFAIT’s financial system.
Auditors observed inconsistencies in revenue recognition practices for IEC revenues. In the missions that use electronic bank transfers, participation fees are recorded as revenue by mission finance upon the fees received by the mission bank account. Therefore, the practice of recording revenue in IMS for these missions is made on a cash basis rather than on an accrual basis in accordance with Treasury Board Accounting Standards.
For the missions using non-negotiable financial instruments (certified cheques) as the payment option, the auditors observed different ways of recognizing revenue. In one mission, the auditors observed that certified cheques were required at the time of application and only processed once clients passed the two-stage assessment process.
In another mission, the financial instruments were forwarded to the Mission’s Finance section to deposit and recorded as revenue in IMS after DFAIT’s eligibility criteria assessment had been completed but before CIC confirmed the admissibility assessment.
IEC revenue is re-spendable and once it is collected and recorded in DFAIT’s financial system, it is available for forecasting and budgeting for the balance of the fiscal year. In addition, revenue recognition practices are critical to the accurate reporting of revenues in DFAIT’s financial system and in DFAIT’s Financial Statements. It is therefore important to recognize these revenues in a timely and accurate manner.
DFAIT does not properly account for revenue collected from trade events.
There are three types of trade events organized by DFAIT:
- The Canada Trade Missions Bureau organizes Minister-led and senior level international business missions abroad as well as Minister-initiated incoming missions. The Bureau collects participation fees from participating companies and individuals;
- Education Fairs are mission-organized education fair events and activities that are held abroad to promote Canada’s education brand and to attract students to study in Canada. Each fair invites various Canadian schools and/or institutes to participate and fees are collected to cover the fair costs; and
- The Trade Commissioner Service holds trade events in Canada and abroad. The auditors were able to obtain a list of 480 trade events which DFAIT held or participated in for 2012-13.
Participation fees from all three types of trade events are collected and recorded to a Specified Purpose Account (SPA). The auditors have reviewed both the nature and type of revenues collected and believe that these revenues constitute net-voting activities. The Treasury Board Directive on Specified Purposes Accounts states that SPAs cannot be used to replace or to avoid seeking the authorities required for cost-recovery activities.
Using an SPA Account instead of a net-voting process has resulted in DFAIT being unable to report on how much money was collected for these activities as well as confirm through control processes that net-voting authorities were not exceeded. The goal of net-voting activities is to ensure that revenues collected by the government are only used to offset related expenditures in a given year. The maximum amount of revenue that the government is allowed to collect and re-spend is authorized in the main estimates. Revenues that exceed the authority must be placed in a separate frozen allotment and departments are responsible for any shortfall between approved re-spending authority and the related expenditures.
According to DFAIT's public accounts and DFAIT’s Reports on Plans and Priorities, DFAIT has an approved net-voting re-spending authority for trade fairs and missions of $3.1M. The auditors analyzed SPAs for these activities and have concluded that DFAIT has collected more than $3.1M for trade fairs and missions in 2013/2014. DFAIT therefore needs to separately account for any revenues received above $3.1M. Additionally, DFAIT is not reporting any revenues for these activities in their financial statements or the public accounts.
The auditors found limited procedures and guidance on how to account for trade fairs and missions revenue. While some programs such as Minister-led trade missions have created their own processes for revenue collection, others such as education fairs and mission-led trade events have limited instructions for revenue collection are often unsure how or if they should collect revenues for these trade events.
Recommendations
- The International Experience Canada Directorate (GLE), in conjunction with the Financial Operations Directorate should review its processes for the recording of revenue and ensure that a consistent revenue recognition point is used for all revenue collection and recording locations.
- The Trade Controls and Technical Barriers Bureau (TIA) should review, revise and formalize a refund policy with appropriate officials involved in the refund decisions.
- The Corporate Finance, Planning and Systems Bureau (SMD) in conjunction with the Financial Resource Planning and Management Bureau (SWD) should review its revenue collection processes for all programs to ensure there are procedures, instructions and proper authorities in place to collect, manage and account for revenues collected.
2.3 Follow-Up
Progress has been made since the 2009 Audit of Cash and Banking; however, improvements are still required.
The audit examined whether progress had been made on recommendations from the 2009 Internal Audit of Cash and Banking. The objective of the 2009 audit was to assess the effectiveness and adequacy of controls over cash and banking activities at missions abroad in order to provide reasonable assurance regarding compliance with applicable Treasury Board policies.
Findings from the audit indicated that improvements were required to enhance controls over policy and procedural guidance, consistency in applying controls over handling of cash, and monitoring. Recommendations were made on the enforcement of policies and procedures, the authorization of bank account transactions, the clarification of roles and responsibilities, the management and use of cash accounts and relationships between Headquarters and Missions.
Actions are completed and progress has been made in most areas.
Most of the recommendations from the 2009 audit have been acted upon and new policies and processes are in place. In addition, our current audit found stronger controls over the safeguarding of funds, the use of electronic fund transfers from headquarters, and in the exercise of Section 33 and Section 34 authorities as required by the Financial Administration Act. There is also strong support from Headquarters to the missions through on-site training. Lastly, the relationship between CIC and DFAIT has been strengthened with the development of a Memorandum of Understanding and standardized financial processes.
Improvements are required to ensure that the Management Consular Officer accountability is properly exercised.
As indicated earlier the Chief Financial Officer Branch is responsible for providing functional direction and establishing policies and appropriate internal control frameworks. The MCOs within the International Platform Branch are responsible for the implementation of these internal control frameworks in missions.
The reconciliation and monitoring of bank accounts was identified as an issue in the 2009 Audit of Cash and Banking and this continues to be a challenge in many missions based on the results of this audit. This reconciliation is a key control and is critical to identifying anomalies that would require follow-up and/or investigation.
In one mission, the audit team found that bank reconciliations were not completed for a ten month time period due to an extended absence of the accountant. This is a concern as Bank Reconciliations are a key in ensuring that all funds are properly accounted for and deposited into the bank. The Financial Operations Directorate took some steps to support the mission through the use of temporary duty staff during this time period. However, this instance showed that employee absences have a significant impact on mission operations. Given that bank reconciliations are a key control for the financial operations of the mission, we expected that missions would have plans in place to ensure that bank reconciliations are completed even in the absence of the employees, but this was not the case.
The Financial Operations Directorate is doing some monitoring of these reconciliations on a monthly basis. However, they stated that they have limited resources to be able to conduct detailed analysis given the size and scope of DFAITs network of 170 missions.
Additionally, the management and use of petty cash was found to be an issue in both audits. While new procedures have been developed for petty cash since the 2009 audit, missions are still not implementing some basic controls around these funds.
These two issues underline the importance of having well designed monitoring controls in missions performed on a timely basis by knowledgeable MCOs. The development of standardized monitoring controls, as recommended by this audit, will help in the training and development of these Consular Officers and ensure that their accountability over mission finances is recognized and strengthened.
New controls and processes will need to be designed due to organizational changes in the mission administrative environment.
Since 2009, financial management at missions has undergone significant changes. Many missions have moved a portion of their financial service function to Common Service Delivery Points where bank reconciliations and financial transaction processing will be completed at a centralized location. The goal of these delivery points is to increase efficiencies as well as increase controls over financial transactions. While the focus of the current audit is not to conduct an assessment of the implementation of these changes, it is clear from our audit that more work is required to ensure that proper controls are in place and to further educate MCOs and Heads of Missions (HOMs) on their accountability and responsibilities over Finance in this new environment.
For example, in one mission, the audit team was informed by the HOM that he used his monthly review of bank reconciliations to help monitor mission finances. Now that this reconciliation is no longer performed in his mission, he was unsure of how he could continue his monitoring role.
In the design of mission monitoring controls, the Financial Operations Directorate will have to educate HOMs and MCOs on how they can exercise their responsibilities within this new environment.
Recommendation
- The Financial Operations Directorate should review the training and guidance provided to HOMs and MCOs over internal controls in the new administrative environment to ensure they can effectively exercise their responsibilities.
Appendix A: About the Audit
Audit Objective
The objective of the audit is to ensure that all funds received by DFAIT are appropriately controlled, deposited and accounted for, in an accurate and timely manner. The audit assessed whether:
- Management controls are well designed and operating effectively to minimize losses due to abuse, mismanagement, errors, frauds, omissions and other irregularities.
- All money received is registered, deposited and recorded in departmental and Receiver General Accounts in a timely manner in accordance with applicable requirements, regulations or legislation.
- Progress had been made on recommendations from the 2009 Audit of Cash and Banking.
Methodology
In order to provide assurance about effectiveness of revenue and cash handling controls, the following methods were used to gather audit evidence in order to conclude on each audit criterion:
- Review DFAIT policies and directives on cash and revenue management;
- Process and control mapping of revenue and cash handling practices;
- Conduct a series of transaction tests within selected Missions and Headquarters;
- Review reconciliations for revenues at Missions and Headquarters; and,
- Conduct interviews with Finance, Headquarters and Mission staff.
Scope
- The audit assessed the handling of funds recorded from April 1, 2010 to January 31, 2013. The complete process from the time of receipt of funds to recording in the Departmental Financial Statements will be included.
- The scope included the management and control over bank accounts at eight missions abroad.
- During the planning phase of the audit, it was determined that DFAIT’s collection of funds from other government departments for common services provided will be examined in a separate audit.
- The Audit followed-up on recommendations made in the 2009 Internal Audit of Cash and Banking.
Excluded elements in this Audit:
- In both the development of the Risk-Based Audit Plan and the planning stage of this audit, it was determined that a follow-up on the 2009 Audit of Passport Fees and the 2009 Audit of Cash and Banking would be valuable in assessing the progress that DFAIT had made on the implementation of management actions and the impact of these actions on controls.
After completing the mission work and work at headquarters, we determined that in order to effectively conclude on progress made and actions implemented regarding the Audit of Passport Fees, we would be required to do verification of processes within Canada-based Passport Service Centers. This is not something that was foreseen at the start of this audit, but determined upon completion of the audit work in missions. As a result, the follow-up on the Audit of Passport Fees was scoped out of this audit.
- Funds transferred from Headquarters to Missions and from Missions to Headquarters were originally included in the scope of this audit. However, after completion of the audit work in missions, the audit team found that only two out of the eight sampled missions had physical cash transfers between Headquarters and Missions. Additionally, controls related to missions fund transfers were covered in the 2013 Audit of Diplomatic Bag Services. The audit team therefore did not conclude on the effectiveness of controls related to these transfers for this audit.
Appendix B: Audit Criteria
Governance and Risk Management Processes
There are effective governance and risk management procedures over revenue and cash handling controls.
- There are effective policies and procedures over the management of revenue and the handling of cash.
Core Management Control Area: ST - 5 - There is a risk-based approach to the management of funds in missions abroad.
Core Management Control Area: RM 4 & 5 - Roles, responsibilities and procedures for the establishment, implementation and monitoring of controls over revenue and cash held abroad are clear and effective.
Core Management Control Area: G-2 & 6
Billing, Collection, Recording, Depositing and Safeguarding of Funds
There are effective controls over the billing, collection, depositing, recording and safeguarding of funds.
- All services provided are billed to clients accurately at the correct rates as set out by legislation and regulations.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20 - There are documented records for all revenues collected.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20 - Accounts receivables are effectively monitored on a regular basis and adjustments are approved.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20 - All revenues are recorded accurately in the period they were earned in compliance with legislation and policies.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20 - There are effective controls for all transfers of funds between individuals within missions, funds held at missions, funds transferred into and out of missions, and funds held in departmental bank accounts.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20 - There is effective segregation of duties between those responsible for billing, collecting, depositing and safeguarding funds.
Core Management Control Area: ST – 10, ST – 11, ST – 12, ST – 13, ST – 14, ST – 16, ST – 18, ST - 20
Follow-Up
Management has taken appropriate action to address recommendations made in previous audits.
- Recommendations from the 2009 Internal Audit of Cash and Banking have been fully implemented.
Core Management Control Area: -
Appendix C: Missions within the Scope of Audit
Mission | Annual Revenues (DFAIT & CIC) | Mission Revenue Ranking | Perceived Corruption Ranking (Scale of 1 -182) (1 – Cleanest / 182 - Highly Corrupt) | Common Service Provider / Receiver of Financial Services |
---|---|---|---|---|
1. Manila, Philippines | $11.7M | 4 | 129 | Future Provider |
2. New York (Consular General), U.S.A. | $4.9M | 2 | 24 | Provider for New York (U.N.) / Boston / Minneapolis |
3. Bogota, Columbia | $2.6M | 23 | 80 | - |
4. Caracas, Venezuela | $2.4M | 26 | 172 | - |
5. Lagos, Nigeria | $1.8M | 40 | 143 | - |
6. Bangkok, Thailand | $1.6M | 36 | 80 | - |
7. Taipei, Taiwan | $0.7M | 61 | 32 | - |
8. Guangzhou, China | $0.3M | 70 | 75 | Receiver from Beijing |
Appendix D: DFAIT Handled Funds within the Scope of the Audit
Fund Type | Description | Type of Revenue | Total Collected 2011-2012 ($M) | Approx. $ Collected in Canada 2011-2012 ($M) | Approx. $ Collected in Missions 2011-2012 ($M) |
---|---|---|---|---|---|
Specialized Consular Service Fees | Legal and notary service fees paid by clients at missions. | Respendable Net-Voting | $3.5 | - | $3.5 |
Citizenship and Immigration Canada Fees | Fees paid by clients to Citizenship and Immigration Canada within our missions abroad and deposited and recorded by DFAIT employees. | Non-DFAIT Revenue | $226.0 | - | $226.0 |
Consular Service Fees | Administration Fee paid by clients for issuance of passports. | Non-Respendable | $97.5 | $94.5 | $3.0 |
Passport Fees | Operating Fee paid by clients for issuance of passports. | Respendable Revolving Fund | $289.0 | $278.3Footnote 7 | $10.7 |
International Experience Canada | Participation fees paid by individuals from other countries who want to work in Canada and take part in this program. | Respendable Net-Voting | $9.5 | $4.75 | $4.75 |
Trade Missions | Participation fees paid by organizations who wish to accompany Canadian representatives on Trade Missions. | Respendable Net-Voting | $3.1 | $3.1 | - |
Import and Export Permit Fees | Fees paid by individuals for exporting/ importing goods. | Non-Respendable | $2.5 | $2.5 | - |
Appendix E: Management Action Plan
Audit Recommendation | Management Action | Area Responsible | Expected Completion Date |
---|---|---|---|
1. Financial Operations (SMF) should develop a guide of standardized monitoring controls to be conducted and documented by Management Consular Officers (MCOs) and Deputy Management Consular Officer(DMCOs) in all missions. Consideration needs to be given to tailored controls needed for Common Service Delivery Point missions, the recipients of these Common Services and for Stand Alone Missions and whether missions have automated or manual revenue collection systems. | Following the regionalization, the new processes and internal controls that are part of the Common Service Delivery Model, and based on the controls imbedded in the system which enforces a greater segregation of duties, SMF will develop procedures, tools and/or checklists for both client missions and CSDP. The controls will be adapted on the local conditions of the missions, CSDP and stand-alone missions. | Director, Financial Operations (SMF) | April 2016 |
2. Financial Operations (SMF) should review its process for the monitoring of mission financial controls and the use of cash within missions to ensure it focuses on all risk areas. | Following the regionalization, the new processes and internal controls that are part of the Common Service Delivery Model, and based on the controls imbedded in the system, SMF will develop a new monitoring framework. The monitoring framework will be based on the risk assessment. This risk will be impacted greatly by the regionalization which enforces a greater segregation of duties. | Director, SMF | April 2016 |
3. Financial Operations (SMF) in conjunction with the International Platform Branch (ACM) should strongly promote the use of the Mission On-Line Payment System (MOPS) in all missions. | Corporate Finance, Planning and Systems Bureau (SMD) and the International Platform Branch will continue to encourage the use of MOPS at mission as primary method of payment; however, the department cannot make this method of payment mandatory for 2 reasons:
| Director, SMF | Complete |
4. The International Experience Canada Directorate (GLE), in conjunction with the Financial Operations (SMF) should review its processes for the recording of revenue and ensure that a consistent revenue recognition point is used for all revenue collection and recording locations. | Manager, Foreign Operations (SMFB) in conjunction with International Experience Canada Unit (GLEE) will integrate Kompass to the Mission Online Payment Service (MOPS), this will enable the capacity of accepting credit card payment via online web channels. We recommend that the implementation be completed and affective before the next wave of applications. We also recommend that this be the only method of payment used for any online applications. This should address this recommendation if all applications are treated online. | Director, SMF Deputy Director, International Experience Canada Unit (GLEE) | Complete |
5. The Trade Controls and Technical Barriers Bureau (TID) should review, revise and formalize a refund policy with appropriate officials involved in the refund decisions. | The TID bureau will review the guideline for permit refunds in consultation with Trade Controls Policy (TIC), Export Controls Division (TIE), and Softwood Lumber Controls (TNC) that includes clear authorities and accountabilities. | Director General, Trade Controls and Technical Barriers Bureau (TID) | December 2015 |
6. The Corporate Finance, Planning and Systems Bureau (SMD) in conjunction with the Financial Resource Planning and Management Bureau (SWD) should review its revenue collection processes for all programs to ensure there are procedures, instructions and proper authorities in place to collect, manage and account for revenues collected. | Financial Management Advisory Services (SWA) will work with the program branch to ensure the proper authorities are in place and perform an analysis to determine whether funds collected should be accounted for as revenue, or remain in a specified purpose account. Financial Operations Domestic and International (SMF) will record these transactions accordingly once the analysis is done and recommendations have been made. Corporate Accounting, Financial Policies and Controls (SMO) will work with both SWA and SMF on an as-needed basis to provide advice for any accounting or financial policy related issue associated with net-voted revenue or special purpose accounts. | Director General, Corporate Finance, Planning and Systems Bureau (SMD) and Director General Financial Resource Planning and Management Bureau (SWD) | Complete |
7. Financial Operations (SMF) should review the training and guidance provided to Heads of Missions (HOMs) and Management Consular Officers (MCOs) over internal controls in the new administrative environment to ensure they can effectively exercise their responsibilities. | In the new reality of regionalization, SMF has started to review the training and the guidance provided to MCOs and HOMs as part of the pre-posting training offered in May/June 2013. Further review of the training needs, topics, material and appropriate tools and methods (in class, VC, at post, etc.) to deliver these training and guidance will be done before the next pre-posting. SMF is also in contact with the Planning, Reporting and Coordination Division (AAP) to redefine training needs for MCOs in the new financial environment at missions. | Director, SMF | Complete |