Framework for the Management of Compliance

Notice

We will be updating our design to align with Canada.ca. The policies, directives, standards and guidelines will remain available during and after this update is complete.

Alternate Formats

1. Effective Date

1.1 This Framework takes effect on April 1, 2009.

2. Objectives

2.1 This Framework for the Management of Compliance:

2.1.1 Clarifies the roles of the Treasury Board, the Treasury Board Portfolio, and that of institutions in monitoring and managing compliance with legal and Treasury Board policy requirements;

2.1.2 Assists in ensuring that responses to non-compliance are managed appropriately and consistently;

2.1.3 Facilitates the identification and sharing of approaches to managing compliance;

2.1.4 Connects learning and development to the management of compliance; and,

2.1.5 Encourages innovation and informed risk-taking to achieve results.

3. Context

3.1 Excellence in public service management, as summarized in Treasury Board's Management Accountability Framework and applicable codes of conduct, is achieved through innovative, ethical and integrated management practices that are primarily, but not exclusively set in policies. Public servants understand the importance of public service management excellence, and strive to comply with the policies, rules and standards that define and distinguish their decisions and actions. Public servants reflect the highest values and ethics in their work to serve Canadians.

3.2 Managing compliance encompasses making appropriate rules that are known, understood and followed, and for which the consequences of non-compliance are clear and commensurate with risk and context. Managing compliance is an area of shared responsibility where Treasury Board and government decision-makers have an obligation to ensure that rules are clear and coherent, and public servants have an obligation to know and understand the rules and abide by them.

3.3 A tenet of public sector management holds that the means by which an objective is achieved is as important as the objective itself. Legal and Treasury Board policy requirements, including applicable codes of conduct, underpin a minimum standard of behaviour and conduct that, in the opinion of legislators and Ministers, is necessary to safeguard the public trust.

3.4 The Framework for the Management of Compliance, along with the "Foundation Framework for Treasury Board Policies" and the "Risk Management Framework", is one of the key architectural elements of the Treasury Board suite of policies. It establishes principles for managing compliance that apply to all instruments in the Treasury Board policy suite. These principles are reflected in a suggested set of considerations that deputy heads and the Treasury Board Portfolio are expected to normally take into account when deciding on the response to non-compliance with legal and Treasury Board policy requirements and when advising the Treasury Board.

3.5 Examples of consequences to non-compliance are also included in the Framework (Appendices C and D), recognizing that decisions on the appropriate response to non-compliance can be both complex and sensitive and therefore must be examined on a case by case basis. These examples supplement and provide further specificity to consequences outlined in individual Treasury Board policy instruments.

3.6 The size and complexity of government, and the number and scope of legal and policy requirements, means that immediate, full compliance is sometimes a challenge. Treasury Board expects and accepts that institutions and employees will be compliant with new Treasury Board policy requirements within reasonable time frames, and that a transition period is necessary for new Treasury Board policy requirements.

3.7 Where it occurs, non-compliance can result from a variety of factors, including: lack of knowledge and training, gaps in oversight, inaccurate and incomplete interpretation and application of policies and, in some circumstances, culpable misconduct.

3.8 The management of compliance in government differentiates between non-culpable and culpable behaviour. Honest mistakes should be redressed by means intended to realign behaviour and improve performance within expected norms and objectives while culpable behaviour is not tolerated and corrective measures, including disciplinary actions where merited, will be taken.

3.9 A robust compliance management approach identifies the best methods (including training and education) to align behaviour with expectations. It supports innovation and creativity, and provides feedback for continuing reassessment, refinement and development of legal and Treasury Board policy requirements.

4. Definitions

4.1 Definitions used in the interpretation of this framework are provided in Appendix A.

5. Relationship to Other Treasury Board Frameworks

5.1 The Framework for the Management of Compliance supports the Management Accountability Framework and complements the "Foundation Framework for Treasury Board Policies", specifically sub-section 5.4 focusing on oversight and consequences, and provides the basis for managing compliance to which other Treasury Board frameworks and mandatory policy instruments align.

6. Scope

6.1 The Framework for the Management of Compliance is systemic in scope and applies to legal and Treasury Board policy requirements.

6.2 While not designed to alter or add particular consequences to specific situations of non-compliance, the Framework serves as a statement of intent that implicates institutions and the individuals who represent them. The Framework assumes that all individuals to whom legal or Treasury Board policy requirements apply, are collectively responsible for compliance with those requirements.

6.3 In their capacity as Accounting Officers, deputy heads need to be cognizant of all applicable legal and policy requirements incumbent upon their institutions above and beyond those requirements falling within the ambit of this Framework.

7. Principles

7.1 The effective management of compliance hinges upon having informed management and employees throughout the various levels of an institution. It is also dependent on the ability of management to integrate the spirit and intent of policies within management culture and its overall plan to achieve management excellence against expectations set out in the Management Accountability Framework. In particular, the Framework is based on the following principles or prerequisites which seek to maximize compliance:

7.1.1 Legal and Treasury Board policy requirements are clear, coherent and reflective of a risk-based approach to managing compliance;

7.1.2 Legal and Treasury Board policy requirements are integrated into the approval processes, procedures and control systems of institutions;

7.1.3 All individuals in the institution are informed of legal and Treasury Board policy requirements that relate to their areas of decision-making. They are knowledgeable and have access to relevant information in order to make decisions that are reflective of legal and Treasury Board policy requirements. They understand these requirements thus facilitating or enabling consensus and consent on the need for compliance;

7.1.4 Compliance with legal requirements and Treasury Board policy is monitored, with the focus of monitoring determined on the basis of risk;

7.1.5 Potential situations of non-compliance are examined; and,

7.1.6 Actual situations of non-compliance are met with appropriate responses.

8. Core Responsibilities in Managing Compliance

8.1 Deputy heads are responsible for, amongst other things:

8.1.1 Embodying public service values and ethics and fostering an organizational culture reflective of the values contained in Treasury Board's applicable codes of conduct;

8.1.2 Ensuring compliance with legal and Treasury Board policy requirements within their institutions while fostering an organizational environment conducive to innovation and informed risk-taking to deliver better value to Canadians;

8.1.3 Ensuring fair, consistent, and transparent application of labour relations practices within their institutions;

8.1.4 Ensuring that employees are properly trained and have access to learning opportunities and relevant information to increase their awareness and knowledge of applicable legal and Treasury Board policy requirements;

8.1.5 As part of good people management, ensuring that performance management is aligned with government priorities and business plans including compliance considerations. Deputy heads should refer to the performance management policies and associated directives and guidelines for the tools that are available to them to address performance management issues;

8.1.6 Establishing a robust environment of internal controls and sound management practices that are transparent, understood and supported in the institution;

8.1.7 Monitoring internal management practices and, where issues arise, taking action to maintain a robust environment of internal control;

8.1.8 Taking appropriate corrective action necessary to restore compliance; and,

8.1.9 Advising the Secretary of the Treasury Board of any knowledge or reason to believe that significant non-compliance with a legal or Treasury Board policy requirement has occurred that could undermine or negatively impact the institution or the government.

8.2 The Treasury Board Portfolio is responsible for:

8.2.1 Appraising the state of compliance with legal and Treasury Board policy requirements across government and taking appropriate action as necessary to align behaviour with these requirements. In doing so the Treasury Board Portfolio will use information derived from various sources listed in section 10.1;

8.2.2 Ensuring that Treasury Board policy instruments are clear, coherent and reflective of due considerations of risk;

8.2.3 Developing approaches to training and education that are intended to increase awareness and knowledge of legal and Treasury Board policy requirements;

8.2.4 Identifying and sharing examples of effective practices to promote improvements and consistency in compliance management across government; and,

8.2.5 Formulating advice to Treasury Board in respect of any additional follow-up that may be necessary in order to ensure a comprehensive response to situations involving non-compliance.

8.3 Managers and employees are responsible for taking the necessary steps to keep themselves informed of legal and Treasury Board policy requirements that relate to their areas of decision-making and availing themselves of training and educational opportunities.

9. Responding to Non-Compliance

Deputy heads

9.1 Deputy heads, when responding to non-compliance, need to ensure that the nature of the consequences and their severity are commensurate with the nature of the non-compliance. The full response may be composed of several different consequences that could include elements of learning and development, performance, discipline, reporting of suspected offences to the responsible law-enforcement agency, institutional actions, and specific consequences that may be outlined in legal requirements, applicable codes of conduct, and individual Treasury Board policy instruments.

9.2 In considering the possible mix of consequences, a deputy head needs to balance various considerations including the following:

9.2.1 What is the impact? This includes consideration of the seriousness of harm or potential harm, such as the impact on resources, the workforce,reputation of government, and assets including loss, waste and misallocation of funds, or whether there was personal gain;

9.2.2 Is there a history of non-compliance? The compliance history should be considered including previous cases and seriousness of non-compliance, as well as whether the non-compliance is isolated to one individual or organizational unit within the institution or reflective of a systemic problem;

9.2.3 Was there intent? Was the behaviour culpable or non-culpable? Consideration should be given as to whether there was knowing and deliberate contravention of legal or policy requirements; and,

9.2.4 Are there other circumstances? Consideration should be given to whether, in instances of non-compliance, the public good, including the interest of taxpayers, was ultimately served or harmed.

9.3 For specific requirements and guidance on:

9.3.1 Learning and Development: Deputy heads should refer to the "Policy on Learning Development and Training" and associated directives and guidelines, with particular focus on knowledge standards and required training;

9.3.2 Institutional actions: To address matters internal to the institution, such as management structures and control systems, deputy heads should refer to the relevant Treasury Board policies when developing a response. In addition, deputy heads may wish to consult with the Treasury Board Portfolio in formulating options;

9.3.3 Discipline, the taking of administrative action, or in situations where the presence of the employee or employees at work could undermine or impede the investigation: Deputy heads should refer to the Policy on Labour Relations and associated guidelines (e.g., Guidelines for Discipline, Guidelines for Demotion/Termination of Employment for other reasons). These instruments set out a range of possible administrative and disciplinary measures that are reflective of a graduated, progressive scale to allow for the tailoring of an action appropriate to a given situation; and,

9.3.4 The actions to be taken if criminal activity is suspected: Deputy heads should refer to the Government Security Policy and associated directives.

9.4 In addition to determining the level and type of consequence that may be warranted, deputy heads should also examine how the non-compliance came to light in order to assess the adequacy of internal control systems and whether there are any management performance issues that need to be addressed within the institution.

Treasury Board Portfolio

9.5 The Treasury Board Portfolio, when responding to situations of significant non-compliance, should use the series of questions set out in section 9.2 of this Framework, along with the following additional questions, to assess the adequacy of the deputy head's response and to determine whether any consequences should be considered by the Treasury Board:

9.5.1 Has compliance been restored? Consideration should be given to the actions taken to restore compliance and if compliance has not been restored that the risks to the government are properly mitigated;

9.5.2 What steps has the deputy head taken to mitigate the risks of a recurrence? Is the likelihood of a recurrence high and, if so, what are the risks to the government in the event of a recurrence; and,

9.5.3 What is the institution's general level of management performance? Consideration should be given to whether there is evidence of a potential systemic problem within the institution or whether the non-compliance is an isolated incident. Consideration will also be given as to whether, as a whole, the institution either has a positive record in the performance of its management functions or it has made satisfactory progress in improving its management functions.

9.6 The consequences applied by the Treasury Board and its Portfolio are undertaken with a view to supporting the deputy head in restoring compliance within the institution or to mitigate the risks and associated costs of control failure, mismanagement or wrongdoing until controls and compliance are restored.

9.7 If insufficient information is available to answer these questions, the Treasury Board Portfolio may require that the deputy head commence a review process, such as by way of an audit, in accordance with the scope determined by the Portfolio or the Portfolio may commence its own review process of the matter, refer the matter to the Office of the Auditor General, or if criminal behaviour is suspected, refer the matter to the appropriate body for criminal investigation.

Deputy heads and Treasury Board Portfolio

9.8 Additional criteria that may be taken into consideration by a deputy head or the Treasury Board Portfolio are listed at Appendix B, including, where practicable, consideration of any underlying causes. While not exhaustive, deputy heads and the Treasury Board Portfolio may also refer to Appendix C for examples of institutional consequences and to Appendix D for examples of administrative and disciplinary action with regard to individuals.

9.9 These criteria will help deputy heads and the Treasury Board and its Portfolio to determine the most appropriate response to restore compliance, what consequences if any should be applied, and how to mitigate the risks of a recurrence.

Consequences

9.10 In order to foster knowledge, acceptance, ability and effective compliance with legal and Treasury Board policy requirements, consequences, that are clear and commensurate with risk and context of a given situation, should be employed.

9.11 Possible consequences range from suasion (e.g. maintaining a dialogue) to restraint (e.g. reorganization of an institution or termination of employment). Consequences can be applied internally or externally, and involve officials, deputy heads and, in more significant cases, the Treasury Board and responsible Ministers.

9.12 The following sets out the range of consequences to which deputy heads and the Treasury Board Portfolio should refer in determining or recommending responses to address non-compliance.

Suasion

Engaging in discussions aimed at aligning or realigning behaviour with legal and policy requirements in response to potential or actual low impact situations of non-compliance. Discussions can take place at a variety of levels amongst officials. This process is largely informal although there may be a need for increased monitoring through vehicles such as the Management Accountability Framework.

Consent

Occurs where suasion has resulted in an agreed-to course of action that needs to be made transparent, requires formal commitment and documentation of follow-up and resolution.

The level of commitment may be detailed in letters at the officials' level that could include the deputy head. In some cases, Treasury Board consideration of the proposed measures may be sought.

Suasion and consent differ in terms of the level of formality of the process but both are characterized by cooperation between parties.

Counteraction

Recourse is needed to impose remedial or corrective actions when more collaborative approaches have failed and when consequences of non-compliance need to be demonstrated. Consequences encompass a range of interventions - imposing or denying certain actions or privileges - that would compel the undertaking of prescribed activities.

Implicit in this approach is the absence of demonstrated responsibility for ensuring policy compliance, or persistent failures in control functions.

Restraint

Restraining institutions or individuals involves the curtailment or removal of authority or responsibility to such an extent that they are unable to perform certain actions. Institutions can be restrained from continuing in their current state, for example, where Treasury Board suspends operations pending corrective reorganization.

10. Monitoring and Reporting

10.1 The Treasury Board Portfolio will use information gathered through a range of sources that include: reporting on compliance under this Framework and renewed Treasury Board policies, Management Accountability Framework assessments, internal and horizontal audits, Auditor General reports, evaluations, Treasury Board submissions, and other reports to Parliament to gauge the state of compliance management in the government.

11. Enquiries

The Treasury Board of Canada Portfolio is responsible for the policy instruments to which this Framework applies.

Please direct any enquiries related to this framework to:

Priorities and Planning Sector Email: tbs-sct@tbs-sct.gc.ca
Treasury Board of Canada Secretariat Telephone: 613-957-2400
Ottawa ON K1A 0R5 Facsimile: 613-952-1010


Appendix A: Definitions

Deputy Head (Administrateur général)
Means the deputy head or chief executive officer of any portion of the federal public administration, or the person who occupies any other similar position, however called, in the federal public administration.
Legal Requirement (Prescription juridique)
The powers, duties or functions emanating from a source of law related to the management of the federal public administration.
Treasury Board Policy Requirement (Exigence stratégique du Conseil du Trésor)
Mandatory requirements issued by the Treasury Board, the President of the Treasury Board, or by other properly authorized officials, through decisions, codes of conduct, policies, directives and standards.
Treasury Board Portfolio (Portefeuille du Conseil du Trésor)
The Treasury Board of Canada Secretariat and the Canada School of Public Service comprise the Treasury Board Portfolio.

Appendix B: Considerations for Managing Compliance

The following list provides examples of criteria that may be taken into consideration by a deputy head or the Treasury Board Portfolio to help determine the most appropriate consequences to restore compliance.

When considering the institution:

  • Is an internal control framework in place?
  • Were the internal controls working effectively?
  • What was internal audit's involvement?
  • Does the institution have sufficient capacity?
  • Has the institution responded?
  • Was the response timely?
  • Is this a new institution or recently reorganized?
  • Is the policy or regulation new?
  • Was adequate training available?
  • Were roles and responsibilities clear?

When considering the individual(s):

  • What was the intent i.e., was the behaviour culpable or non-culpable?
  • Did the individual(s) try to ensure he/she/they were trained, knowledgeable and understood the responsibilities?

When considering the event(s):

  • What was breached?
  • Is this a complex area?
  • Was it in an accepted high risk area?
  • Was the behaviour or decision well informed by risk?
  • Is this a critical function (Criticality)?
  • Where practicable, are the underlying causes understood?
  • Are there extenuating circumstances?
  • What is the frequency of occurrence?
  • Is this evidence of broader failure?
  • How was the non-compliance discovered?

When considering the outcomes:

  • What was the impact (includes reputation of institution or government)?
  • Was additional legal risk created?
  • Was the safety and well-being of employees or Canadians at risk?
  • To the extent possible, would the proposed response also address any existing underlying causes?
  • Was some form of public benefit derived?
  • Is there evidence of personal gain?
  • What was the value of financial loss or misuse (i.e., materiality)?

Appendix C: Consequences for Institutions

The following provides examples of consequences.

Minimal Consequences

Suasion

  • Work collaboratively
  • Ensuring control systems are effective
  • Affirm Senior Financial Officer responsibilities
  • Include observations in Management Accountability Framework

Moderate Consequences

Consent

  • Commit to training and education
  • Internal re-organization
  • Increase reporting requirements

More Severe Consequences

Counteraction

  • Impose redress measures
  • Impose conditions on funding
  • Direct Cabinet discussion

Most Severe Consequences

Restraint

  • Freeze allotments
  • Constrain high value transactions
  • Constrain authorities
  • Recommend reorganization of the institution
  • Place institution in "receivership"

Appendix D: Consequences for Individuals

The following provides examples of consequences.

Minimal Consequences

Suasion

  • Training and education
  • Persuasion
  • Coaching/mentoring

Moderate Consequences

Consent

  • Reassignment
  • Transfer or deployment
  • Observations in performance appraisal

More Severe Consequences

Counteraction

  • Disciplinary Reprimand (oral or written)
  • Suspension
  • Financial penalties
  • No performance pay
  • Removal of security classification
  • Demotion
  • Changes in delegated authority
  • Unsatisfactory performance rating

Most Severe Consequences

Restraint

  • Termination of employment
  • Prohibit from contracting
  • Disqualify from Public Service employment
Date modified: