ARCHIVED - Horizontal Internal Audit: Travel and Hospitality in Small Departments and Agencies

• Previous Page
• Table of Contents
• Next Page

This page has been archived.

Executive Summary

Introduction

The Treasury Board (TB) Policy on Internal Audit requires that the Comptroller General conduct horizontal and other audits of small departments and agencies (SDAs) each year. This report on Travel and Hospitality expenditures presents the results of the first such audit, led by the Internal Audit Sector of the Office of the Comptroller General.

The principal authoritative references governing travel on government business are the Treasury Board Travel Directive, Special Travel Authorities, and Supplementary Travel Policy. Provision is made for the reimbursement of reasonable travel expenses, such as for transportation and accommodation, necessarily incurred while travelling on government business.

Specific provisions are also made in the Terms and Conditions of Employment for Full-Time Governor-in-Council Appointees. Additionally, certain SDAs have latitude to set travel rules that may differ from those applicable to the public service in general.

With respect to hospitality provided by the Government of Canada, applicable principles and requirements are provided in the Treasury Board Hospitality Policy. This Policy is intended to ensure that hospitality is extended in an appropriate, economical and consistent manner to facilitate government business or when it is considered suitable as a matter of courtesy.

Audit Objective and Scope: The objective of this audit was to assess the extent to which business travel and hospitality expenditures incurred by SDAs were being administered in accordance with applicable authoritative requirements. To accomplish this, the audit examined evidence relative to the following lines of enquiry:

• Governance: The management framework governing the administration of travel and hospitality expenditures is effectively structured, and operates efficiently.
• Internal Control: Administrative controls over travel and hospitality expenditures ensure compliance with applicable policies and directives.
• Risk Management: Risk identification, assessment and mitigation support the sound administration of travel and hospitality expenditures.

The scope of this engagement included travel and hospitality expenditure claims and reimbursements during fiscal year 2005/06 and the first five months of 2006/07 across all 44 Small Departments and Agencies as defined by the Treasury Board Policy on Internal Audit. For the purposes of this defined scope, total travel expenditures amounted to approximately $31M and hospitality expenditures, approximately $1.3M. The audit sample of over 500 claims included transactions totalling $1.7M.

Overall Assessment

Having a compliance focus, this audit identified a number of matters warranting attention to achieve and demonstrate consistently sound administration of travel and hospitality expenditures within and across Small Departments and Agencies (SDAs). The audit does not recommend additional internal controls, however it does emphasize a requirement for greater consistency in the application of existing controls.

It was observed that a significant percentage of travel and hospitality claims lacked pre-authorization, and, particularly in the case of hospitality, the support for claims was often not sufficient. Also observed were lapses in compliance with legislated requirements for payment authorization as specified by the Financial Administration Act (FAA).

It was further noted that many of those charged with the administration of travel were understandably challenged by the complexities regarding travel entitlements for Governor-In-Council (GIC) appointees. In limited instances, Deputy Heads approved their own travel claims. In the same vein, administrators expressed uncertainty about the definition of hospitality and the appropriate handling of claims. For both travel and hospitality, these factors affected the quality of internal review and validation procedures.

The audit also observed good practices. In several organizations, claims involving non-compliance were normally returned to claimants or otherwise escalated; a reasonable exception being issues involving low dollar amounts. Further, and recognizing that the principal focus of the audit was on the control framework, the auditors did not observe any obvious patterns of abuse of travel or hospitality in the sample examined.

To summarize:

• Governance of SDA travel and hospitality expenditures is reasonable overall, but should be strengthened through clarification of the application of policies and directives to individual agencies, including any unique/specific provisions that may be in effect.
• Internal control of SDA travel and hospitality expenditures must be improved to achieve and demonstrate consistent compliance with policy, regulations and, particularly, the FAA.
• Risk management is reasonable overall in that, for the most part, clear and material cases of non-compliance were returned to claimants or otherwise escalated. Continued monitoring is required.

Statement of Assurance

In my professional judgment as the Audit Director responsible for auditing across and within Small Departments and Agencies, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the conclusions presented in this report. They are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The conclusions are only applicable to the entities examined.

Expense claims were examined across a specific number of organizations using a risk-based methodology involving a large sample of transactions. The audit evidence gathered is, in my view, sufficient to support the reported conclusions for this internal audit.

Assurance can be given that, overall, for the SDAs included within the audit, there are reasonable governance structures and risk management processes relative to the administration of travel and hospitality expenditures. There is also an internal control foundation upon which to ensure improved compliance.

Strengthening the following practices would improve the overall level of policy compliance and process transparency:

1. pre-authorization of travel and hospitality events;
2. clearly communicated and understood (i.e. within SDAs) definition/explanation of policy and standards for GIC-appointee travel;
3. appropriate documentation on file supporting expense claims; and,
4. appropriate FAA certifications.

The extent of observed weaknesses varied across SDA organizations. Only a small number of entities were deficient relative to several of the audit criteria tested. This unevenness in the level of compliance and practices, translated into varying levels of risk within the SDA community. Further, based on the sample of transactions across the 21 SDAs examined, the auditors did not observe any obvious patterns of abuse. Generally, internal audits are not specifically designed to detect forms of abuse but rather, to add value and improve organizations' operations by addressing the effectiveness of risk management, control and governance processes. 'Good practices' were also identified and these have been included in the report for reference by other small departments and agencies.

Main Findings

Policy Interpretation: The leadership of many of the SDAs addressed by the audit includes Governor-in-Council (GIC) appointees. These appointments may involve different terms and conditions (e.g. for full and part-time GIC appointees). Additionally, certain of the SDAs included within the audit, have the authority to set travel and hospitality provisions that are specific to the organization. The inherent complexities associated with the unique entitlements and flexibilities pose difficulties for those charged with administering travel and hospitality. There was difficulty experienced within some SDAs as to what requirements applied to whom. This resulted in inconsistencies. While the auditors did not observe any obvious patterns of abuse, the observed circumstances weakened the ongoing internal validation and challenge processes, placing particular reliance on the integrity of individuals and their understanding of norms and entitlements.

The auditors also observed that personnel in a majority of SDAs were uncertain in their understanding of the Hospitality Policy. Issues varied from whether entire events constituted hospitality under the Policy, whether meals in certain circumstances represented hospitality, and what portions of events fell under the definition of hospitality and should have been treated accordingly.

Pre-Authorization of Claims: Travel and hospitality claims were frequently not pre-authorized. In other cases, signatures remained undated; this precluded assurance that authorization actually took place in advance of the travel or hospitality event. Thirty-three percent (33%) of the travel claims the auditors tested did not have a pre-authorization signature.

For reasons of practicality, SDA Deputy Heads are normally permitted to pre-authorize their own travel. As a good business practice, some Deputy Heads had their senior financial or administrative officer pre-authorize their travel. However, in the majority of instances there was no pre-authorization. More importantly, however, in 6% of all cases tested, the claimant Deputy Heads signed to approve their own claims.

Support for Reimbursement of Claims: In a number of instances, insufficient evidence was on file and the auditors were unable to reconcile travel amounts claimed to entitlements or to actual expenses incurred. For 14% of the travel claims examined, there was insufficientevidence to support approved expenses. Regarding hospitality claims tested, one in ten (10%) did not record the circumstances of the event (breakfast, lunch, diner, reception, refreshment, or beverages) and, for 18% of the claims examined, the number and category of persons attending was not recorded.

Payment of Claims: A number of concerns arose with respect to approval/certification of claims pursuant to the FAA. Four percent (4%) of paid travel claims examined were not approved pursuant to S. 34 of the Act and 3% were approved by the claimant. A further 6% were approved electronically in a manner that did not meet the requirements of the Treasury Board Policy on Electronic Authorization and Authentication.

In the case of hospitality, 9% of paid claims examined were not certified pursuant to FAA S. 34 and 4% were approved by a participant.

Main Recommendations

Governor in Council Appointees: Departments and agencies should ensure that the specific travel expense entitlements and supporting documentation applicable to GIC appointees within their respective organizations are clearly communicated to the appointees and explained to those responsible for the administration of travel expenses and claims. Such communication and explanation should include specific reconciliation to pertinent policy and regulations, including the identification of any provisions that are unique to the SDA.

Travel & Hospitality Administration: The officer responsible for financial administration within the respective SDAs should provide, or reinforce, direction and monitoring to ensure appropriate rigour in the administration of travel and hospitality. This will include a requirement for appropriate pre-authorization and subsequent certification of claims by delegated authorities. Payments should not be authorized in the absence of applicable supporting documents.

Hospitality Policy Interpretation: The Treasury Board Secretariat should supplement the Hospitality Policy with guidance and examples to assist interpretation. SDAs are responsible for ensuring that the applicable requirements are clearly communicated and understood by their employees and GIC Appointees and that clarification is sought as required.

Training: SDAs should ensure that sufficient training is provided for their employees that addresses the FAA, Travel Directive and Hospitality Policy, the Special Travel Authorities, Terms and Conditions of Employment for Full-time Governor in Council Appointees, Payments and Settlements Requisitioning Regulations 1997, SDA-specific authorities and delegation instruments.

Electronic Authorization: SDAs should consult with the Office of the Comptroller General and the Chief Information Officer Branch, to ensure that processes for electronic authorization of travel and/or hospitality claims meet applicable requirements to achieve and demonstrate compliance with the TB Policy on Electronic Authorization and Authentication, and, correspondingly, the Financial Administration Act.

Management Action Plans: The SDAs that were observed to experience a concentration of gaps relative to the audit assessment criteria, are being requested to provide the Office of the Comptroller General with management action plans relative to the above recommendations. Similarly, the responsible Sector(s) within the Treasury Board Secretariat have been requested to provide plans regarding recommendations, as applicable.

Subsequently, the final audit report will be provided to all SDAs along with a request that they review and consider the applicability of the full set of recommendations, and take action, as appropriate. Future monitoring and horizontal internal audit plans will include provision for follow-up to assess the documentation, quality and results of such review.

The SDA Community

The Treasury Board Policy on Internal Audit outlines two criteria to define organizations as SDAs:

1. Fewer than 500 full-time equivalents; and,
2. A reference-level of less than $300 million per year. ^[1]

At the time of the audit, the population of SDAs consisted of 44 departments and agencies. Collectively, the Deputy Heads of the 44 SDAs managed approximately $730 million and 4,500 full-time equivalent (FTE) positions.

SDAs are an important part of government operations and impact many sectors, including: environment, labour relations, economy, telecommunications, transportation, agriculture, energy and resources, human rights and finance. SDAs also include judicial, quasi-judicial, investigative and regulatory mandates.

Governance, internal control and the risk management environments within the SDA community can be unique. For example: the governance structure for many SDAs includes a board or council, that is a decision-making body, with provincial or regional representation; the Chairperson may be a Governor-in-Council (GIC) appointee, either part-time or full-time, and may be the Deputy Head. Board members may be full-time or part-time GIC appointees, and service agreements for financial oversight and formal agreements may exist with larger departments.

Operational governance is generally horizontal and there are fewer branches or divisions of responsibilities (for example, Human Resources, Corporate Services, Finance, or Information Technology). This means that a single manager may be responsible for several major areas of SDA operations. It also means that, depending on the size of the SDA and the corresponding budget, segregation of duties may be more limited and other forms of control, such as routine supervisory controls, may be affected by scale. As a result of these unique elements, risk identification, assessment and mitigation are important aspects of the management of these smaller organizations.

Audit Objective and Scope

The objective of the audit was to provide assurance as to whether government travel and hospitality expenditures are being administered in accordance with applicable policies and directives.

The principles and requirements governing travel are outlined in the Treasury Board's Travel Directive, Special Travel Authorities, Supplementary Travel Policy and the Privy Council Office Terms and Conditions of Employment for Full-Time Governor-in-Council Appointees.

The purpose of these documents is to provide for the reimbursement of reasonable expenses such as transportation, accommodation, meals and incidental expenses that are necessarily incurred during travel on government business.

The Government of Canada extends hospitality in accordance with the requirements and principles outlined in the Hospitality Policy. The Hospitality Policy is intended to ensure that hospitality is extended in an appropriate, economical and consistent manner to facilitate government business, or when it is considered suitable as a matter of courtesy.

The following lines of enquiry - consistent with the current Policy on Internal Audit – were examined in reference to the applicable travel and hospitality policies, directives, guidance and associated legislation:

• Governance: The management framework governing travel and hospitality expenditures is effectively structured and operates efficiently.
• Internal Control: Administrative controls over travel and hospitality expenditures ensure compliance with applicable policies and directives.
• Risk Management: Risk identification, assessment and mitigation support the administration of travel and hospitality expenditures.

The scope of the audit included the examination of a sample of travel and hospitality expenditure claims and reimbursements taken from fiscal year 2005/06 and the first five months of 2006/07 from all 44 SDAs for this engagement. The sample included 401 travel claims and 115 hospitality claims.

Audit Approach

Criteria

Audit tools and testing procedures were developed and applied for each of the criteria for this audit and included the gathering of evidence and analysis related to the criteria listed in Annex 5. They pertain to governance, internal control and risk management.

Sampling

A risk-based approach was used to establish a sample of claims for audit. The first step involved analysis of total travel and hospitality expenditures across all 44 SDAs from data supplied by the Financial Management Reporting System of Public Works and Government Services Canada (PWGSC). This was undertaken to determine; total expenditures, average travel expendituresper full-time equivalent (FTE); and average hospitality expenditures per FTE.

After completing this analysis, the audit team undertook a preliminary review of the 23 SDAs for which the defined risk attributes were relatively lower – this consisted of: a survey; a walkthrough of the travel and hospitality expense management processes; a review of a small number of expense claims; and, detailed interviews covering risk management, internal controls and governance processes. Intervieweesincluded the head of finance, responsibility or cost centre managers, and travelers.

The final sample of claims (including additions and adjustments in the field) within the remaining 21 SDAs was made up of 401 travel claims and 115 hospitality claims. Claims were selected judgementally in the field by the auditors to ensure coverage of key issues such as larger claims and claims that represented a cross-section of claimants (e.g. GIC Appointees, management, staff and contractors). The auditors examined claims to establish trends and patterns in terms of governance processes, internal controls, and risk management.

Testing Methodology

Procedures, guidelines and practices for the governance, control, and risk management of our sample of travel and hospitality expenditures were examined, as were monitoring and reporting mechanisms. Individual expenditures were examined for data completeness, reasonableness, accuracy, validity and compliance with applicable legislation, policies, and directives.

To maintain consistency in the approach for both governance and risk management issues, auditors used the same instruments and methodology (primarily interview and document review) that were used in the initial assessment of SDAs judged to involve lower risk during the planning phase of the audit. This provided a common basis for reporting results from both the preliminary review and detailed conduct phases of the audit.

For internal control issues, the auditors undertook a directed selection of the allocated number of claims per SDA in the field. This approach allowed for the greatest coverage with regard to specific audit issues and ensured that items of particular interest (e.g. larger amounts, frequent travelers, overseas travelers, payee, type, etc.) were assessed. Formal audit test tools guided the examination of each transaction.

Travel and Hospitality Audit Coverage

Type of Claim	Travel: # of Claims	Travel: Values ($)	Hospitality: # of Claims	Hospitality: Values ($)
Claims for all SDAs	89,803	$30,556,206	6,972	$1,318,298
Claims for the SDAs Audited	84,333	$26,862,993	5,964	$1,106,225
Sample Selected for Testing	401	$1,404,804	115	$305,841

---

^[1] Except Agents of Parliament named in the Policy – which are treated as large departments or agencies.

• Previous Page
• Table of Contents
• Next Page