ARCHIVED - Horizontal Internal Audit: Travel and Hospitality in Small Departments and Agencies

This page has been archived.

Horizontal Internal Audit
Travel and Hospitality
in Small Departments and Agencies

April 2009

Internal Audit Sector
Office of the Comptroller General

Table of Contents

Executive Summary

Detailed Findings and Recommendations

Annexes

Executive Summary

Introduction

The Treasury Board (TB) Policy on Internal Audit requires that the Comptroller General conduct horizontal and other audits of small departments and agencies (SDAs) each year. This report on Travel and Hospitality expenditures presents the results of the first such audit, led by the Internal Audit Sector of the Office of the Comptroller General.

The principal authoritative references governing travel on government business are the Treasury Board Travel Directive, Special Travel Authorities, and Supplementary Travel Policy. Provision is made for the reimbursement of reasonable travel expenses, such as for transportation and accommodation, necessarily incurred while travelling on government business.

Specific provisions are also made in the Terms and Conditions of Employment for Full-Time Governor-in-Council Appointees. Additionally, certain SDAs have latitude to set travel rules that may differ from those applicable to the public service in general.

With respect to hospitality provided by the Government of Canada, applicable principles and requirements are provided in the Treasury Board Hospitality Policy. This Policy is intended to ensure that hospitality is extended in an appropriate, economical and consistent manner to facilitate government business or when it is considered suitable as a matter of courtesy.

Audit Objective and Scope: The objective of this audit was to assess the extent to which business travel and hospitality expenditures incurred by SDAs were being administered in accordance with applicable authoritative requirements. To accomplish this, the audit examined evidence relative to the following lines of enquiry:

• Governance: The management framework governing the administration of travel and hospitality expenditures is effectively structured, and operates efficiently.
• Internal Control: Administrative controls over travel and hospitality expenditures ensure compliance with applicable policies and directives.
• Risk Management: Risk identification, assessment and mitigation support the sound administration of travel and hospitality expenditures.

The scope of this engagement included travel and hospitality expenditure claims and reimbursements during fiscal year 2005/06 and the first five months of 2006/07 across all 44 Small Departments and Agencies as defined by the Treasury Board Policy on Internal Audit. For the purposes of this defined scope, total travel expenditures amounted to approximately $31M and hospitality expenditures, approximately $1.3M. The audit sample of over 500 claims included transactions totalling $1.7M.

Overall Assessment

Having a compliance focus, this audit identified a number of matters warranting attention to achieve and demonstrate consistently sound administration of travel and hospitality expenditures within and across Small Departments and Agencies (SDAs). The audit does not recommend additional internal controls, however it does emphasize a requirement for greater consistency in the application of existing controls.

It was observed that a significant percentage of travel and hospitality claims lacked pre-authorization, and, particularly in the case of hospitality, the support for claims was often not sufficient. Also observed were lapses in compliance with legislated requirements for payment authorization as specified by the Financial Administration Act (FAA).

It was further noted that many of those charged with the administration of travel were understandably challenged by the complexities regarding travel entitlements for Governor-In-Council (GIC) appointees. In limited instances, Deputy Heads approved their own travel claims. In the same vein, administrators expressed uncertainty about the definition of hospitality and the appropriate handling of claims. For both travel and hospitality, these factors affected the quality of internal review and validation procedures.

The audit also observed good practices. In several organizations, claims involving non-compliance were normally returned to claimants or otherwise escalated; a reasonable exception being issues involving low dollar amounts. Further, and recognizing that the principal focus of the audit was on the control framework, the auditors did not observe any obvious patterns of abuse of travel or hospitality in the sample examined.

To summarize:

• Governance of SDA travel and hospitality expenditures is reasonable overall, but should be strengthened through clarification of the application of policies and directives to individual agencies, including any unique/specific provisions that may be in effect.
• Internal control of SDA travel and hospitality expenditures must be improved to achieve and demonstrate consistent compliance with policy, regulations and, particularly, the FAA.
• Risk management is reasonable overall in that, for the most part, clear and material cases of non-compliance were returned to claimants or otherwise escalated. Continued monitoring is required.

Statement of Assurance

In my professional judgment as the Audit Director responsible for auditing across and within Small Departments and Agencies, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the conclusions presented in this report. They are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The conclusions are only applicable to the entities examined.

Expense claims were examined across a specific number of organizations using a risk-based methodology involving a large sample of transactions. The audit evidence gathered is, in my view, sufficient to support the reported conclusions for this internal audit.

Assurance can be given that, overall, for the SDAs included within the audit, there are reasonable governance structures and risk management processes relative to the administration of travel and hospitality expenditures. There is also an internal control foundation upon which to ensure improved compliance.

Strengthening the following practices would improve the overall level of policy compliance and process transparency:

1. pre-authorization of travel and hospitality events;
2. clearly communicated and understood (i.e. within SDAs) definition/explanation of policy and standards for GIC-appointee travel;
3. appropriate documentation on file supporting expense claims; and,
4. appropriate FAA certifications.

The extent of observed weaknesses varied across SDA organizations. Only a small number of entities were deficient relative to several of the audit criteria tested. This unevenness in the level of compliance and practices, translated into varying levels of risk within the SDA community. Further, based on the sample of transactions across the 21 SDAs examined, the auditors did not observe any obvious patterns of abuse. Generally, internal audits are not specifically designed to detect forms of abuse but rather, to add value and improve organizations' operations by addressing the effectiveness of risk management, control and governance processes. 'Good practices' were also identified and these have been included in the report for reference by other small departments and agencies.

Main Findings

Policy Interpretation: The leadership of many of the SDAs addressed by the audit includes Governor-in-Council (GIC) appointees. These appointments may involve different terms and conditions (e.g. for full and part-time GIC appointees). Additionally, certain of the SDAs included within the audit, have the authority to set travel and hospitality provisions that are specific to the organization. The inherent complexities associated with the unique entitlements and flexibilities pose difficulties for those charged with administering travel and hospitality. There was difficulty experienced within some SDAs as to what requirements applied to whom. This resulted in inconsistencies. While the auditors did not observe any obvious patterns of abuse, the observed circumstances weakened the ongoing internal validation and challenge processes, placing particular reliance on the integrity of individuals and their understanding of norms and entitlements.

The auditors also observed that personnel in a majority of SDAs were uncertain in their understanding of the Hospitality Policy. Issues varied from whether entire events constituted hospitality under the Policy, whether meals in certain circumstances represented hospitality, and what portions of events fell under the definition of hospitality and should have been treated accordingly.

Pre-Authorization of Claims: Travel and hospitality claims were frequently not pre-authorized. In other cases, signatures remained undated; this precluded assurance that authorization actually took place in advance of the travel or hospitality event. Thirty-three percent (33%) of the travel claims the auditors tested did not have a pre-authorization signature.

For reasons of practicality, SDA Deputy Heads are normally permitted to pre-authorize their own travel. As a good business practice, some Deputy Heads had their senior financial or administrative officer pre-authorize their travel. However, in the majority of instances there was no pre-authorization. More importantly, however, in 6% of all cases tested, the claimant Deputy Heads signed to approve their own claims.

Support for Reimbursement of Claims: In a number of instances, insufficient evidence was on file and the auditors were unable to reconcile travel amounts claimed to entitlements or to actual expenses incurred. For 14% of the travel claims examined, there was insufficientevidence to support approved expenses. Regarding hospitality claims tested, one in ten (10%) did not record the circumstances of the event (breakfast, lunch, diner, reception, refreshment, or beverages) and, for 18% of the claims examined, the number and category of persons attending was not recorded.

Payment of Claims: A number of concerns arose with respect to approval/certification of claims pursuant to the FAA. Four percent (4%) of paid travel claims examined were not approved pursuant to S. 34 of the Act and 3% were approved by the claimant. A further 6% were approved electronically in a manner that did not meet the requirements of the Treasury Board Policy on Electronic Authorization and Authentication.

In the case of hospitality, 9% of paid claims examined were not certified pursuant to FAA S. 34 and 4% were approved by a participant.

Main Recommendations

Governor in Council Appointees: Departments and agencies should ensure that the specific travel expense entitlements and supporting documentation applicable to GIC appointees within their respective organizations are clearly communicated to the appointees and explained to those responsible for the administration of travel expenses and claims. Such communication and explanation should include specific reconciliation to pertinent policy and regulations, including the identification of any provisions that are unique to the SDA.

Travel & Hospitality Administration: The officer responsible for financial administration within the respective SDAs should provide, or reinforce, direction and monitoring to ensure appropriate rigour in the administration of travel and hospitality. This will include a requirement for appropriate pre-authorization and subsequent certification of claims by delegated authorities. Payments should not be authorized in the absence of applicable supporting documents.

Hospitality Policy Interpretation: The Treasury Board Secretariat should supplement the Hospitality Policy with guidance and examples to assist interpretation. SDAs are responsible for ensuring that the applicable requirements are clearly communicated and understood by their employees and GIC Appointees and that clarification is sought as required.

Training: SDAs should ensure that sufficient training is provided for their employees that addresses the FAA, Travel Directive and Hospitality Policy, the Special Travel Authorities, Terms and Conditions of Employment for Full-time Governor in Council Appointees, Payments and Settlements Requisitioning Regulations 1997, SDA-specific authorities and delegation instruments.

Electronic Authorization: SDAs should consult with the Office of the Comptroller General and the Chief Information Officer Branch, to ensure that processes for electronic authorization of travel and/or hospitality claims meet applicable requirements to achieve and demonstrate compliance with the TB Policy on Electronic Authorization and Authentication, and, correspondingly, the Financial Administration Act.

Management Action Plans: The SDAs that were observed to experience a concentration of gaps relative to the audit assessment criteria, are being requested to provide the Office of the Comptroller General with management action plans relative to the above recommendations. Similarly, the responsible Sector(s) within the Treasury Board Secretariat have been requested to provide plans regarding recommendations, as applicable.

Subsequently, the final audit report will be provided to all SDAs along with a request that they review and consider the applicability of the full set of recommendations, and take action, as appropriate. Future monitoring and horizontal internal audit plans will include provision for follow-up to assess the documentation, quality and results of such review.

The SDA Community

The Treasury Board Policy on Internal Audit outlines two criteria to define organizations as SDAs:

1. Fewer than 500 full-time equivalents; and,
2. A reference-level of less than $300 million per year. ^[1]

At the time of the audit, the population of SDAs consisted of 44 departments and agencies. Collectively, the Deputy Heads of the 44 SDAs managed approximately $730 million and 4,500 full-time equivalent (FTE) positions.

SDAs are an important part of government operations and impact many sectors, including: environment, labour relations, economy, telecommunications, transportation, agriculture, energy and resources, human rights and finance. SDAs also include judicial, quasi-judicial, investigative and regulatory mandates.

Governance, internal control and the risk management environments within the SDA community can be unique. For example: the governance structure for many SDAs includes a board or council, that is a decision-making body, with provincial or regional representation; the Chairperson may be a Governor-in-Council (GIC) appointee, either part-time or full-time, and may be the Deputy Head. Board members may be full-time or part-time GIC appointees, and service agreements for financial oversight and formal agreements may exist with larger departments.

Operational governance is generally horizontal and there are fewer branches or divisions of responsibilities (for example, Human Resources, Corporate Services, Finance, or Information Technology). This means that a single manager may be responsible for several major areas of SDA operations. It also means that, depending on the size of the SDA and the corresponding budget, segregation of duties may be more limited and other forms of control, such as routine supervisory controls, may be affected by scale. As a result of these unique elements, risk identification, assessment and mitigation are important aspects of the management of these smaller organizations.

Audit Objective and Scope

The objective of the audit was to provide assurance as to whether government travel and hospitality expenditures are being administered in accordance with applicable policies and directives.

The principles and requirements governing travel are outlined in the Treasury Board's Travel Directive, Special Travel Authorities, Supplementary Travel Policy and the Privy Council Office Terms and Conditions of Employment for Full-Time Governor-in-Council Appointees.

The purpose of these documents is to provide for the reimbursement of reasonable expenses such as transportation, accommodation, meals and incidental expenses that are necessarily incurred during travel on government business.

The Government of Canada extends hospitality in accordance with the requirements and principles outlined in the Hospitality Policy. The Hospitality Policy is intended to ensure that hospitality is extended in an appropriate, economical and consistent manner to facilitate government business, or when it is considered suitable as a matter of courtesy.

The following lines of enquiry - consistent with the current Policy on Internal Audit – were examined in reference to the applicable travel and hospitality policies, directives, guidance and associated legislation:

• Governance: The management framework governing travel and hospitality expenditures is effectively structured and operates efficiently.
• Internal Control: Administrative controls over travel and hospitality expenditures ensure compliance with applicable policies and directives.
• Risk Management: Risk identification, assessment and mitigation support the administration of travel and hospitality expenditures.

The scope of the audit included the examination of a sample of travel and hospitality expenditure claims and reimbursements taken from fiscal year 2005/06 and the first five months of 2006/07 from all 44 SDAs for this engagement. The sample included 401 travel claims and 115 hospitality claims.

Audit Approach

Criteria

Audit tools and testing procedures were developed and applied for each of the criteria for this audit and included the gathering of evidence and analysis related to the criteria listed in Annex 5. They pertain to governance, internal control and risk management.

Sampling

A risk-based approach was used to establish a sample of claims for audit. The first step involved analysis of total travel and hospitality expenditures across all 44 SDAs from data supplied by the Financial Management Reporting System of Public Works and Government Services Canada (PWGSC). This was undertaken to determine; total expenditures, average travel expendituresper full-time equivalent (FTE); and average hospitality expenditures per FTE.

After completing this analysis, the audit team undertook a preliminary review of the 23 SDAs for which the defined risk attributes were relatively lower – this consisted of: a survey; a walkthrough of the travel and hospitality expense management processes; a review of a small number of expense claims; and, detailed interviews covering risk management, internal controls and governance processes. Intervieweesincluded the head of finance, responsibility or cost centre managers, and travelers.

The final sample of claims (including additions and adjustments in the field) within the remaining 21 SDAs was made up of 401 travel claims and 115 hospitality claims. Claims were selected judgementally in the field by the auditors to ensure coverage of key issues such as larger claims and claims that represented a cross-section of claimants (e.g. GIC Appointees, management, staff and contractors). The auditors examined claims to establish trends and patterns in terms of governance processes, internal controls, and risk management.

Testing Methodology

Procedures, guidelines and practices for the governance, control, and risk management of our sample of travel and hospitality expenditures were examined, as were monitoring and reporting mechanisms. Individual expenditures were examined for data completeness, reasonableness, accuracy, validity and compliance with applicable legislation, policies, and directives.

To maintain consistency in the approach for both governance and risk management issues, auditors used the same instruments and methodology (primarily interview and document review) that were used in the initial assessment of SDAs judged to involve lower risk during the planning phase of the audit. This provided a common basis for reporting results from both the preliminary review and detailed conduct phases of the audit.

For internal control issues, the auditors undertook a directed selection of the allocated number of claims per SDA in the field. This approach allowed for the greatest coverage with regard to specific audit issues and ensured that items of particular interest (e.g. larger amounts, frequent travelers, overseas travelers, payee, type, etc.) were assessed. Formal audit test tools guided the examination of each transaction.

Travel and Hospitality Audit Coverage

Type of Claim	Travel: # of Claims	Travel: Values ($)	Hospitality: # of Claims	Hospitality: Values ($)
Claims for all SDAs	89,803	$30,556,206	6,972	$1,318,298
Claims for the SDAs Audited	84,333	$26,862,993	5,964	$1,106,225
Sample Selected for Testing	401	$1,404,804	115	$305,841

---

^[1] Except Agents of Parliament named in the Policy – which are treated as large departments or agencies.

Detailed Findings and Recommendations

Introduction

This section presents detailed findings for the horizontal audit of the management of SDA travel and hospitality expenditures. Findings are based on the evidence and analysis from both our initial analysis of risk and the subsequent detailed transaction testing.

The detailed findings and recommendations pertaining to travel and to hospitality are presented separately.

Governance of Travel and Hospitality Expenditures

Finding 1: Travel For Governor-in-Council (GIC) Appointees

The audit found significant differences across SDAs in the practices and processes followed for travel by GIC appointees. Entitlements and requirements regarding travel expenditures for both full-time and part-time GIC appointees were not clearly communicated, understood and applied within SDAs.

A characteristic of the SDA community is its employment of GIC appointees to assist in the fulfillment of core mandates and activities. Many SDAs have a board or council composed of GIC appointees – a senior decision-making body with provincial, regional or sectoral representation. GIC appointees are active in conducting the business of the organization and, in a number of instances, hold the position of Chairperson or Deputy Head of the organization. It was important to examine expenditure transactions for these individuals as they are an integral part of the SDA community. Travel expenditures for GIC appointees are governed by the following four documents:

• Treasury Board Travel Directive
• Treasury Board Special Travel Authorities (for Deputy Heads, GIC appointees, the Executive Group, and persons on contract);
• Treasury Board Supplementary Travel Policy (for Executive and Excluded Groups); and
• Terms and Conditions of Employment for Full-Time Governor in Council Appointees as set by the Privy Council Office.

In assessing compliance with the requirements stated in these documents, the auditors undertook interviews with selected SDA management and staff, and examined the supporting documentation for a sample of travel events. The auditors considered audit test results against the:

• Nature of the SDA roles and responsibilities;
• Coordination of travel-related activities;
• Communication of risk and control information; and,
• Promotion of ethics and values.

Business travel in the Government of Canada normally falls under the Travel Directive. However, SDAs that are separate employers have the authority to set their own specific travel rules that are not necessarily fully consistent with the Travel Directive, Special Travel Authorities and Supplementary Travel Policy. Separate employers that have established their own rules need to clearly communicate the intended application of such travel rules (i.e. declare formally in the annual Departmental Performance Report).

While the Special Travel Authorities provide for heads of all departments and agencies to have discretion over certain travel expenditures, they also require Deputy Heads and senior GIC appointees to make bookings through the Government Travel Service (GTS). Notwithstanding, the auditors found that business travel arrangements for executive and excluded groups varied considerably among SDAs in terms of the interpretation and application of the various directives and other authorities. For example, some GIC appointees booked commercial flights without using GTS. In addition, explanations for apparent exceptions to established policies and directives were not available on file.

Travel administrators indicated some confusion stemming from a combination of the number of travel rules that apply, as well as difficulties in interpreting and applying these rules to actual travel events. For example:

• The Special Travel Authorities states that, "Deputy Ministers (1-4) and GC 8-11 and GCQ 8-11 (GIC classification levels) may use business class travel at their discretion, but must book through the government travel service."
• The Terms and Conditions of Employment for Full-Time Governor in Council Appointees states that, "The standards and conditions governing travel on government business are prescribed in the TB Travel Directive, Special Travel Authorities and Travel Administration Guide. The provisions in these documents apply to all Governor-in-Council appointees except those employed in organizations which have the authority to establish their own. The provisions are mandatory and represent reimbursement of reasonable expenses…"
• The Terms and Conditions of Employment for Full-Time Governor in Council Appointees also indicates that DM1-4 and GC/GCQ 8-10 must use the Government Travel Service.
• The Terms and Conditions documentalso states those appointees at the GC/GCQ-3 level or higher – who occupy positions outside the National Capital Region – and all appointees at the GC/GCQ-4 or higher, may be authorized to use business class when distance and circumstances warrant.

For those SDAs that have the authority to set their own travel rules, the requirements must be clear and understood by all employees. Unclear rules make it difficult to ensure compliance.

Recommendation

SDAs ensure that the requirements applicable to travel expenditures for all classes of GIC appointees within their respective organizations are clearly communicated, understood and consistently applied. In addition, every department or agency should ensure that a clear and specific statement of allowable travel expenditures (reconciled to applicable policies and directives) is established and provided to potential claimants and to those responsible for the administration and payment of claims.

Internal Control over Travel Expenditures

Finding 2: Pre-Authorization of Travel Expenditures

The audit found that travel was frequently not pre-authorized or that signatures were undated so as to preclude assurance that the authorization actually took place in advance of the travel. Thirty-three percent (33%) of the 401 travel claims tested did not have a pre-authorization signature. SDA Deputy Heads' travel was not pre-authorized for 62% of travel claims tested. A further 9% showed a signature that was not dated.

The Travel Directive requires SDAs to authorize and determine when business travel is necessary and to ensure that all such travel is consistent with the provisions of the Directive. Business travel must be authorized in advance, in writing, to ensure that all travel arrangements are in compliance with the provisions of the Directive. Only in special circumstances will travel be authorized after-the-fact.

The examination of SDA travel claims included an assessment of pre-authorization systems and practices. It was found that, in many cases, travellers did not receive pre-authorization for travel – that is, the document did not include signatures, dates or both. At times, travel authorization was provided after the event date.Travel in these instances was undertaken without authority in keeping with the Directive to ensure that the travel was necessary or that the traveler's needs were met.

The Travel directive requires that travel be pre-authorized. The absence of pre-authorization may result in uninsured travel, in unplanned expenditures, or travel expenditures without due regard for prudence and probity. We recognize that circumstances will arise whereby it may be difficult for Deputy Heads to obtain pre-authorization of travel. However, where travel is planned well in advance, it would be prudent for Deputy Heads to seek pre-authorization from an appropriate officer.

Recommendation

Travel be pre-authorized (and dated) by an appropriately delegated authority. Those responsible for processing travel claims for payment should monitor and flag circumstances where travel has not been pre-authorized. To the extent practicable, Deputy Heads ensure that their travel is pre-authorized by an appropriate officer.

Finding 3: Authorization of Deputy-Head Travel

In a few instances, the claimant Deputy Heads signed to approve their own claims.

The examination of travel claims included consideration of pre-authorization and claim reimbursement. Auditors found 6% of Deputy-Head travel claims tested was approved by the claimant for payment. Under the Account Verification Policy, the segregation of duties is a requirement and fundamental control – having different people requesting versus approving an expenditure – that must be respected to promote transparency and ensure that government officials are not approving expenditures from which they can personally benefit, directly or indirectly. The senior officer responsible for financial administration could be an appropriate authority to approve these types of expenditures.

Although travel expenditures will be disclosed on the organization's web site, Deputy Heads should not approve their own claims.

Recommendation

Deputy Heads ensure that their travel claims are approved by an appropriate officer who can demonstrate accountability for assuring that travel is in accordance with applicable directives.

Finding 4: Support for Reimbursement of Travel Claims

The audit found that there was insufficientdocumentation on file to support approved expenses for 14% of travel claims examined.

To meet the expectations of the Travel Directive, travellers are required to complete and submit travel expense claims with necessary supporting documentation as soon as possible after the completion of travel. For travel situations exceeding one month, the traveller may submit interim expense claims prior to the completion of the trip.

The auditors examined travel claims to determine if there was adequate information on file to support the expenses claimed. In a number of instances, it was found that insufficient evidence was on file and the auditors were unable to reconcile amounts claimed to expenses incurred. For example, in a number of instances, hotel rates claimed exceeded the posted government rate but were approved without supplementary explanation.

While the total value of such claims was not high, the absence of supporting documentation or explanation for decisions taken makes it difficult for SDAs to demonstrate that claims are compliant with the Travel Directive or other government requirements. For example, an occurrence was noted whereby an individual used a personal vehicle to travel over 3,200 kilometres (return) to attend a conference. No supporting documentation or explanation was provided about the relative cost and reasonable justification as to why this method of transportation was approved in place of commercial air travel.

Given the high visibility of government travel, payment of unsupported travel claims may affect the ability of SDAs to monitor their expenditures and may reflect on organizational reputation.

Recommendation:

All documents and justification supporting travel claims be included in the expense claim file and payments not be authorized in the absence of reasonable supporting documents.

Finding 5: Travel Claim Payments

The audit found that 13% of travel claims examined had not been formally certified pursuant to FAA Section 34 to attest that the travel costs were incurred on government business and that the amounts claimed were in accordance with entitlement (4% were not certified/signed; 6% were certified electronically; and, 3% were certified by the claimant). It was also found that 10% of FAA Section 34 certifications, and 12% of FAA Section 33 certifications to requisition payment, were not dated. It is difficult to authenticate the delegated authority so exercised.

The Travel Directive requires SDAs to establish an appropriate delegation framework to comply with the Directive and to verify and approve travel expense claims before reimbursement. The Financial Administration Act requires claims to be certified pursuant to Section 34 (i.e. demonstrating that the travel represented a legitimate business requirement and that the amounts claimed for reimbursement were in accordance with entitlements) and certified pursuant to Section 33 to requisition payment. Both certifications are to be provided by appropriate and separate delegated authorities.

Auditors examined the systems and practices used by SDAs to ensure that travel claims are approved for payment and subsequently paid in keeping with the FAA. The audit noted that, in a number of instances, the Table of Delegations, identifying who is authorized to approve and request payment, had either not been updated to reflect organizational changes, was in draft form (i.e. not signed by the Minister), or that persons lacking the necessary delegated authority provided certifications pursuant to FAA Sections 34 and/or 33. For example, one SDA was using a delegation of authorities table that was approved and dated in 1991.

Again, while the total value of such claims was not high, this represents non-compliance with the Travel Directive, the FAA, and/or the Special Travel Authorities.

In some instances, expense management services are shared between an SDA and a portfolio department. In these circumstances, inconsistencies were noted in the application of FAA signing authorities or related practices. To ensure appropriate expenditure oversight between SDAs and portfolio departments, financial accountabilities and responsibilities must be specified in the form of a Memorandum of Understanding respecting the timing and details of the approval of claims (FAA Section 34) and the requisitioning of payment (FAA Section 33).

Recommendation:

Travel expenditures must be appropriately certified by a delegated officer pursuant to the applicable sections of the Financial Administration Act. Further, in support of due diligence and good administrative practice, authorizing signatures should be dated.

Internal Control of Hospitality Expenditures

Finding 6: Pre-Authorization and Approval of Hospitality Claims

The Hospitality Policy, the Policy on Delegation of Authorities and the FAA require approval to initiate expenditures (Section 32). The FAA also covers the legislative expectations for certifying expenditures (Section 34) and for requisitioning payment (Section 33). The FAA requires formally delegated authorities to certify that legitimate hospitality expenditures have been incurred and that those expenditures are to be reimbursed.

The examination of SDA hospitality claims included an assessment of pre-authorization and post-event payment practices. The auditors found that, in many cases, hospitality functions were not pre-authorized. At times, hospitality was authorized after the event. There were several instances where hospitality claims over $1,000 were missing appropriate approval.

These instances represent non-compliance with the Hospitality Policy, the FAA, the Policy on Account Verification and the Payments and Settlements Requisitioning Regulations 1997.

Recommendations:

When reasonable and required, hospitality expenditures should be pre-authorized and the authorizing signature dated. Hospitality claims that are not pre-authorized should include the justification for payment on file.

A delegated officer should properly authorize all hospitality expenditures, in writing.

Finding 7: Hospitality Event Documentation

The audit found that for 10% of the hospitality claims examined, the circumstances of the event were not recorded, and that for 18% of the claims, the number and category of persons attending had not been recorded.

The Hospitality Policy requires that specific information be recorded including the circumstances (breakfast, lunch, dinner, reception, refreshment, or beverages), form or purpose, cost, location, number of attendees listed by category, and approvals by delegated officials.

Hospitality claims were examined to determine whether SDAs had recorded the essential information required under the Hospitality Policy. A number of instances were noted across several SDAs where the required information was not recorded on the documents considered for the claim. In a number of instances, the auditors were unable to determine the circumstances of the hospitality event or who had participated. Without an indication of the number of attendees, it was impossible to determine the average cost per person of the hospitality and if maximums were exceeded. In many cases, it was also difficult to identify the number of public servants and others in attendance. A hospitality claim without an indication of circumstance or purpose makes it difficult to reliably determine if the hospitality was related to government business.

A number of SDAs have amended their hospitality process to formally record both event pre-authorization and expense approval. Authority for initiating hospitality is specifically provided through financial delegation instruments. Pre-authorization of hospitality events offers an opportunity to demonstrate spending transparency that supports early planning and performance benefits in addition to strengthening overall accountability and due diligence.

Recommendation:

The circumstances and details concerning the nature, and the number of recipients of hospitality should be included as part of the hospitality expense claim as this information forms part of the basis for approval.

Finding 8: Uncertainty When Implementing the Hospitality Policy

Administrators within a majority of small departments and agencies were uncertain in their understanding and application of the Hospitality Policy.

Administrators in a majority of small departments and agencies visited expressed uncertainty about the correctness of their understanding and application of the Hospitality Policy. The issues varied from whether entire events constituted hospitality under the Policy, whether meals in certain circumstances represented hospitality, whether non-food and beverage offerings fell under the definition of hospitality, what portions of events represented hospitality and should be treated accordingly, and how elements of the Policy are to be interpreted with respect to GIC appointees.

While the materiality of hospitality spending is relatively small, the events represent key SDA interactions with representatives in their respective industries/sectors and are significant in respective SDA mandates and service delivery, such as product reviews, information sessions or hearings.

The auditors also noted instances where the provisions of alcoholic beverages were not in keeping with the Hospitality Policy. The Policy states that non-alcoholic beverages may be offered to employees required to work through “breaks” otherwise called “coffee breaks”, when justified by management. The policy does not address situations where alcoholic beverages are acceptable specifically but does states that “Functions that are exceptions to the policy outlined above must have the prior approval of the minister or deputy head.” Inclusion of alcohol as part of the hospitality event, and the rationale for its inclusion, should be clearly stated.

Recommendation:

SDAs are responsible for ensuring that applicable requirements are clearly communicated and understood within the organization and that clarification be sought as required.

SDAs should ensure that sufficient training is provided for applicable employees that addresses, with appropriate focus and emphasis, the FAA, Travel Directive and Hospitality Policy, the Special Travel Authorities, Terms and Conditions of Employment for Full Time Governor in Council Appointees, Payments and Settlements Requisitioning Regulations 1997, and SDA-specific authorities and delegation instruments.

Risk Management of Travel and Hospitality Expenditures

Overall, evidence was found that a good foundation of processes and systems was in place to manage risk with respect to travel and hospitality expenditures. However, the consistent observance of these existing systems and processes could be strengthened in terms of the consistency of their day-to-day application. This is particularly so in the case of travel by the most senior personnel.

Publicized events over the past few years have raised awareness of the importance of managing risks and ensuring oversight of expenditures incurred by the most senior people working in small departments and agencies. As noted earlier, the audit did not observe any obvious instances or patterns of abuse, but did find that the quality and rigour of challenge and verification requires strengthening. The consequences of problems with respect to travel and/or hospitality expenditures for Governor-in-Council appointees and Deputy Heads are simply too important in terms of reputation, and demonstrated integrity of the public service.

Similarly, with respect to travel and hospitality in general, the difficulties observed tended to be concentrated in a limited number of organizations, and, on the whole, did not point to any major breakdowns. Instead, they involved relatively smaller lapses that risk becoming common practice. Accordingly, there is room to build on the existing base of risk management and internal control to ensure that this does not occur.

Good Practices

Good Governance

Training and Orientation: SDAs generally provide new employees with on-the-job training or orientation regarding travel and hospitality. A range of practices for sharing knowledge with administrative assistants and expense claim verifiers exists including annual half-day presentations or refreshers, one-on-one training and detailed on-the-job training. Comprehensive in-house training documentation also exists covering many aspects of financial administration including signing authorities, coding, commitments, expense vouchers and related policies.

Communication: Communication of changes regarding the Travel Directive and Hospitality Policy and other related items is normally provided via e-mail. Many SDAs formally post and update their intranets with pertinent information such as changes in the Directive or the Policy, travel rates and the SDA process for completing expense claims.

Values and Ethics: The auditors observed that several organizations have developed their own document based on the TB Values and Ethics Code for the Public Service, with information specific to their mandate and industry.

SDA-Specific Policies: Some SDAs have developed agency-specific travel and/or hospitality policies. These documents, while reflecting TB policies, also accommodate the particular needs of their organizations.

Improving Internal Control

Travel Related Checklists: When completing an expense claim, travelers use such checklists for quick reference. The completed checklist is then appended to the claim and acts as a reference for those approving, verifying and requisitioning payment on the claim. Several SDAs have established a practice for review of completed travel claims that includes a one-page 'Payment Checklist FAA 33' and a post-payment account verification process to optimize internal controls. The control process is based on compliance with the Travel Directive and the Account Verification Policy.

Electronic Authorization: Several SDAs use automated travel systems. Authorizations pursuant to FAA Sections 32, 33 and 34 are usually provided electronically with documents initialled to reflect Section 33 certification. Some SDAs have systems that issue Travel Authorization Numbers (TAN), while others allow users to verify specimen signature cards, delegated authorities, and acting authorities for vacation/leave from their desktop. Certifications under FAA Sections 34 and 33 require undisputable authorizations (the Government of Canada accepts only those electronic authorizations processed by digital signature) and in some instances, SDAs are progressing towards meeting these requirements.

SDAs currently using automated systems should include a 'wet' or ink signature and date as formal FAA Section 34 and 33 certification until a digital signature is implemented. Consultation with the Chief Information Officer Branch and the Office of the Comptroller General on how best to comply with this requirement is advised.

Deputy Head Authorization: Several SDAs ensure that all Deputy Head travel activities are pre-authorized by the Senior Financial Officer (or other senior officer). While Deputy Heads are allowed to pre-authorize their own travel activity, they must not also authorize FAA Section 34. To support due diligence and prudent action, it is a good practice to have an SFO or other senior officer pre-authorize Deputy Head travel activity.

Quick Reference to Current Financial Authorities: Several SDA in-house electronic systems track and verify financial authorities. This allows users to quickly and accurately verify delegated authorities, acting authorities and signatures. Many SDAs have added separate acting authority pages to their financial authority instruments that clearly identify the period and limitation of each acting authority.

Verification of Claims: SDAs use a variety of methods to record that (independent) verification of expense claims has been applied, including: complete of the verification section of the travel or hospitality expense form, sign and date a 'Verification Completed' stamp marked on the claim, or sign and date that the claim has been verified.

Managing Known Risks

Taking Action on Audit Findings: For SDAs that had conducted audits of travel and hospitality (or other audits that covered expense management of travel and hospitality) in the past 3 years (9 SDAs in total), it was found that related action plans were implemented and that these SDAs generally had fewer compliance issues than other SDAs. These audited SDAs also noted an overall reduction in the level of effort regarding the processing of travel and hospitality claims.

Annexes

Annex 1:  Designated Small Departments and Agencies

1. Assisted Human Reproduction Agency of Canada
2. Canada Emission Reduction Incentives Agency
3. Canada Industrial Relations Board
4. Canadian Artists and Producers Professional Relations Tribunal
5. Canadian Centre for Occupational Health and Safety
6. Canadian Environmental Assessment Agency
7. Canadian Forces Grievance Board
8. Canadian Human Rights Commission
9. Canadian Human Rights Tribunal
10. Canadian Intergovernmental Conference Secretariat
11. Canadian International Trade Tribunal
12. Canadian Polar Commission
13. Canadian Radio-television and Telecommunications Commission
14. Canadian Transportation Agency
15. Commission for Public Complaints Against the RCMP
16. Copyright Board of Canada
17. Financial Consumer Agency of Canada
18. Financial Transactions and Reports Analysis Centre of Canada
19. Hazardous Materials Information Review Commission
20. Indian Residential Schools Resolution Canada
21. Law Commission of Canada
22. Military Police Complaints Commission
23. NAFTA Secretariat - Canadian Section
24. National Battlefields Commission
25. National Energy Board
26. National Farm Products Council
27. National Parole Board
28. National Round Table on the Environment and the Economy
29. Northern Pipeline Agency Canada
30. Office of the Communications Security Establishment Commissioner
31. Office of the Correctional Investigator of Canada
32. Office of the Secretary to the Governor General
33. Office of the Superintendent of Financial Institutions
34. Patented Medicine Prices Review Board
35. Public Service Labour Relations Board
36. Public Service Staffing Tribunal
37. RCMP External Review Committee
38. Registrar of the Supreme Court of Canada
39. Registry of the Competition Tribunal
40. Security Intelligence Review Committee
41. Status of Women Canada
42. Transportation Appeal Tribunal of Canada
43. Transportation Safety Board of Canada

Annex 2: Detailed Examination List – 21 SDAs

1. Canada Industrial Relations Board
2. Canadian Environmental Assessment Agency
3. Canadian Human Rights Commission
4. Canadian Intergovernmental Conference Secretariat
5. Canadian Polar Commission
6. Canadian Radio-television and Telecommunications Commission
7. Canadian Transportation Agency
8. Commission for Public Complaints Against the RCMP
9. Financial Transactions and Reports Analysis Centre of Canada
10. Indian Residential Schools Resolution Canada
11. National Energy Board
12. National Farm Products Council
13. National Parole Board
14. National Round Table on the Environment and the Economy
15. Office of the Correctional Investigator of Canada
16. Office of the Secretary to the Governor General
17. Office of the Superintendent of Financial Institutions
18. Security Intelligence Review Committee
19. Status of Women Canada
20. Transportation Appeal Tribunal of Canada
21. Transportation Safety Board of Canada

Annex 3: Summary Table of Test Results by Finding

Report Finding: Description	Findings / Claims Tested	Percentage of Findings	Page Reference
Finding 2: Pre-Authorization for Travel	167/401	42%	12
Finding 3: DH Travel Pre-Authorization	43/69	62%	13
Finding 4: Supporting Documents for Travel Claims	57/401	14%	14
Finding 5: FAA s.34 for Travel Claims Incomplete	91/401	23%	15
Finding 5: FAA s.33 for Travel Claims not Dated	51/401	12%	15
Finding 6: FAA s.34 for Hospitality Claims Incomplete	36/115	31%	16
Finding 7: Circumstance of Hospitality Documented	12/115	10%	17
Finding 7: Hospitality Event Attendee Details	21/115	18%	17

Annex 4: Links to Applicable Policies, Directives, Guidance

Web Site References (links current as of 12 Aug 08)

Account Verification Policy
Financial Administration Act
Guidance: Proactive Disclosure of travel and hospitality expenses
Hospitality Policy
Payments and Settlements Requisitioning Regulations, 1997
Policies and Guidelines for Ministers' Offices
Policy on Active Monitoring
Policy on Commitment Control
Policy on Delegation of Authorities
Policy on Electronic Authorization and Authentication
Policy on Payment Requisitioning and Payment on Due Date
Policy on Using Traveller Cheques, Travel Cards and Travel Accounts
Special Travel Authorities
Terms and Conditions of Employment for Full Time Governor in Council Appointees
Travel Directive
Values and Ethics Code for the Public Service

Annex 5: Travel and Hospitality Audit Criteria

Annex 5 - textual version

Annex 6:  Management action plan

The following table presents the list of recommendations as well as a description of the actions being taken to address them.

Recommendations	Management Action
Governor in Council Appointees: Departments and agencies should ensure that the specific travel expense entitlements and supporting documentation applicable to GIC appointees within their respective organizations are clearly communicated to the appointees and explained to those responsible for the administration of travel expenses and claims. Such communication and explanation should include specific reconciliation to pertinent policy and regulations, including the identification of any provisions that are unique to the SDA.	Organizations have improved their travel and hospitality procedures with regards to GIC appointees. As an example, pre-authorizations and section 34 approvals are authorized by an independent senior official (such as the SFO). One organization has debriefed their GIC appointees on the preliminary findings of this audit and provided further explanation of travel and hospitality requirements. Another organization is planning to provide written guidance to all future GIC appointees to clarify responsibilities for travel entitlements.
Travel & Hospitality Administration: The officer responsible for financial administration within the respective SDAs should provide, or reinforce, direction and monitoring to ensure appropriate rigour in the administration of travel and hospitality. This will include a requirement for appropriate pre-authorization and subsequent certification of claims by delegated authorities. Payments should not be authorized in the absence of applicable supporting documents.	All organizations accepted the travel and hospitality administration recommendation and are in the process of strengthening compliance in this area; in particular corrective action with respect to authorizations. Pre-authorization (S32) – Measures to strengthen pre-authorization in organizations include: travel and hospitality pre-authorization forms, flagging of claims which are not pre-authorized, training sessions, increased awareness of pre-authorization requirements, and increased monitoring. Organizations have also taken steps to ensure deputy heads and GIC appointee's expenditures are pre-authorized by an independent delegated senior official. Funds release (S33) and S34 Verification – Corrective actions to strengthen this area include the provision of additional training and awareness to managers regarding authorizations being signed and dated. S34 Supporting documentation – Improved procedures and training to financial administration staff have been implemented to ensure compliance with section 34 verification. As an example in one organization, financial officers have been asked to increase the level of attention paid to supporting documentation; claimants are contacted to obtain missing documentation, and a manager's approval must be provided along with a written explanation of the expense. All training on travel and hospitality administration procedures is on-going and procedure improvements have been implemented as of the end of the fiscal year 07/08. Organizations have updated their delegation of authorities chart. Updated delegation charts should be approved by the end of the fiscal year 09/10 with updates being made as necessary e.g. with a change of Minister or Chairperson.
Hospitality Policy Interpretation: SDAs should ensure that the applicable requirements are clearly communicated and understood by their employees and GIC Appointees and that clarification is sought as required.	Organizations have adopted measures to communicate hospitality policy entitlements including: recognizing the requirement for full proactive disclosure for hospitality expenses; ensuring forms include number of attendees, purpose, details, cost; increasing requirements for supporting documentation; training and information sessions for managers and written clarification on hospitality policy for GIC appointees. These actions will be complete by the end of 2008.
Training: SDAs should ensure that sufficient training is provided for their employees that addresses the FAA, Travel Directive and Hospitality Policy, the Special Travel Authorities, Terms and Conditions of Employment for Full-time Governor in Council Appointees, Payments and Settlements Requisitioning Regulations 1997, SDA-specific authorities and delegation instruments.	All organizations responding indicated that they would provide their employees with further training in the form of meetings, information sessions, or individual training, on the Financial Administration Act, Travel Directive, and Hospitality Policy. All training sessions should be completed by the end of the fiscal year 08/09.
Electronic Authorization: SDAs should consult with the Office of the Comptroller General and Chief Information Officer Brach, to ensure that processes for electronic authorization of travel and/hospitality claims meet applicable requirements to achieve and demonstrate compliance with the TB Policy on Electronic Authorization and Authentication, and, correspondingly, the Financial Administration Act.	This recommendation was directed to three organizations. Two organizations have been working with their electronic service providers to ensure compliance with TBS policies. The third organization did not agree with the auditor's observations. Although they do complete FAA Section 34 electronically, they complete their verification in compliance with the Communications Security Establishment process and do not believe change from this practice is necessary.