Audit Report for the Core Control Audit

December 2017

Office of the Comptroller General

Why It Is Important?

The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policy and procedures.

Core control audits provide deputy heads with assurance regarding the effectiveness of core controls over financial management in their respective organizations. By doing so, core control audits inform deputy heads of their organizations’ level of compliance with the requirements contained in selected financial legislation, policies and directives.

About the Financial Transactions and Reports Analysis Centre (FINTRAC)

Created in 2000, FINTRAC is Canada's financial intelligence unit mandated to facilitate the detection, prevention and deterrence of money laundering and the financing of terrorist activities, while ensuring the protection of personal information under its control. It is one of several domestic partners in Canada’s anti-money laundering and anti-terrorist financing (AML/ATF) regime. Its financial intelligence and compliance programs strive to disrupt the ability of criminals and terrorist groups that seek to abuse Canada’s financial system and to reduce the profit incentive of crime.

FINTRAC is an independent agency reporting to the Minister of Finance. According to its Departmental Performance Report, FINTRAC had estimated planned spending of $59.7 million and 365 full-time equivalents during fiscal year 2016–17.

Core Control Audit Objective and Scope

The objective of this audit was to ensure that core controls over financial managementFootnote 1 within FINTRAC result in compliance with key requirements contained in the selected financial legislation, policies and directives.

The scope of the audit included financial transactions, records and processes conducted by FINTRAC. Transactions were selected from April 1, 2016 to September 30, 2016. The audit examined a sample of transactions for each of the selected policies and directives. The Appendix provides a complete list of policies and directives included in the scope of the audit.

Conformance with Professional Standards

This audit engagement was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Mike Milito, MBA, CIA, CRMA
Assistant Comptroller General, Internal Audit Sector
Office of the Comptroller General of Canada

Audit Findings and Conclusion

Overall, the audit found FINTRAC to be compliant with the requirements of the TB financial management policies and directives that were examined.

The findings resulting from the control testing performed indicate that FINTRAC has established effective control practices over expenditure initiation, account verification and payment across all of the financial management policies and directives that were examined.

This is the second core control audit completed for FINTRAC; the first having been completed in 2014. This CCA was undertaken as a pilot project that adopted the OCG’s revised approach and methodology for core control audits. While this audit applied a different methodology for assessing compliance, it found that FINTRAC’s control performance results improved in all of the areas examined in this audit relative to the 2014 results.

Detailed findings have been communicated by way of a management letter to FINTRAC.

The section below discusses the audit findings by thematic area and FINTRAC’s control performance in these areas.

Delegation of Financial Authority

The objective of the Directive on Delegation of Financial Authorities for Disbursements is to ensure that appropriate financial and operational management controls are applied to the delegation of financial authorities associated with the expenditure process.

The audit found that FINTRAC was compliant with the requirements of the Directive. FINTRAC implemented its Delegation of Financial Authorities Instrument effective January 1, 2016. The audit also found that FINTRAC’s Delegation of Financial Signing Authority Matrix along with employee specimen signature cards were valid for the audit scope period, and included all relevant departmental cost centres under their respective authority.

Financial Management Governance

The objective of the Policy on Financial Management Governance is to strengthen public sector financial management and its leadership thereby contributing to appropriate stewardship of public resources, effective decision-making, and efficient policy and program delivery.

The audit found that FINTRAC was compliant with the requirements of the Policy. The role of FINTRAC’s Chief Financial Officer is also aligned with the key expectations of the Policy, notably where they act as the key financial management steward and provide the Deputy Head with reasonable assurance that appropriate measures have been taken to maintain an effective system of internal control to help ensure effective financial management.

Contract Management

The objective of the Contracting Policy is to acquire goods and services in a manner that enhances access, competition and fairness and results in best value.

Overall, the audit found that FINTRAC was compliant with the requirements of the Contracting Policy whereby it ensured access, competition and fairness through its procurement processes. We found that FINTRAC used the sole-source contracting method appropriately in all but one instance where a supply arrangement for professional services could have been used. We have provided a recommendation for this finding.

All other sole source, competitive, standing offer and supply arrangement contract methods were found to have been used appropriately relative to the nature of the contract, and were properly documented. Contracts greater than $10,000 complied with the Guidelines on the Proactive Disclosure of Contracts.

Expenditure Initiation

The objective of the Directive on Expenditure Initiation and Commitment Control is to ensure that managers exercise expenditure initiation within authorized limits and that appropriate financial and operational controls are applied to the decision-making process in spending public funds.

Overall, the audit found that FINTRAC was compliant with the requirements of the Directive whereby documentation was on file to support approvals by delegated authorities across each of the policy and directive areas examined.

The audit found some exceptions where some acquisition card and pay administration transactions were not pre-approved. For some acquisition card transactions, cardholders did not obtain pre-approval prior to using their acquisition card for expense amounts that exceeded their pre-approved delegated authority limit. We have provided a recommendation for this finding.

For some pay administration transactions, some letters of offer for acting assignments were not signed prior to the employee’s start date and pre-approval for some overtime transactions were not documented prior to the overtime being worked. We have provided a recommendation for these findings.

Account Verification

The objective of the Directive on Account Verification is to ensure that accounts for payment are verified in a cost-effective and efficient manner while maintaining the required level of control to ensure prudent management of financial resources.

The audit found that FINTRAC was compliant with the requirements of the Directive whereby documentation was on file to support expense approval by delegated authorities across each of the financial management policies and directives examined. For all transactions examined, individuals who signed pursuant to Section 34 of the Financial Administration Act had the delegated financial authority to do so. Expense approvals were supported by required confirmation of receipt documentation (e.g., invoices, packing slips, credit card statements and reconciliations, travel expense reports with receipts, hospitality receipts/invoices, and letters of offer).

Travel and Hospitality Expenditures

The objective of the National Joint Council Travel Directive and the Directive on Travel, Hospitality, Conference and Event Expenditures is to ensure that expenditures are managed with prudence and probity, and represent the most economical and efficient use of funds to support the department’s core mandate.

Overall, the audit found that FINTRAC was compliant with the requirements of these directives with regard to exercising financial due diligence and controls. Expenses examined for travel (e.g., hotels, air fare, accommodations and per diem meal allowances) supported FINTRAC’s mandate and respected the limits established by the National Joint Council Travel Directive.

In one instance, a traveller exceeded the established city rate limit by not selecting accommodation from a pre-approved supplier. Pre-approved suppliers were available and closer to the traveller’s training venue and at a lower cost. We have provided a recommendation for this finding.

Recommendations

The Deputy Head of the Financial Transactions and Reports Analysis Centre should ensure that:

  1. Cardholders obtain pre-approval prior to using their acquisition cards for expense amounts that exceed their pre-approved delegated authority limit.
  2. Applicable and available standing offers and/or supply arrangements are considered and evaluated relative to procurement needs and requirements before issuing a sole-source contract.
  3. Travellers select their accommodation from the pre-approved list of suppliers and respect the city rate limits in compliance with the National Joint Council Travel Directive, with any exceptions justified, approved and documented in the traveller’s file.
  4. Pay administration transactions are pre-approved; specifically:
    • Letters of offer are signed prior to the start date of employment, including acting assignments.
    • Employee overtime requests and approval should be documented prior to the hours being worked.

Management Response

FINTRAC management has accepted the audit findings and has developed an action plan to address the recommendations. It is expected that the management action plan will be fully implemented by the end of the 1st quarter of FY 2018–19.

The results of the audit report and management action plan have been discussed with FINTRAC’s Deputy Head and with the Small Departments Audit Committee. The Office of the Comptroller General of Canada will follow-up on the implementation of the management action plan.

Appendix A: Policies and Directives Tested

Areas Tested

Date Modified: