Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Report on Audit of Pay and Related Benefits


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Audit Results

1. Accuracy and Compliance of Pay Transactions

Overall, pay transactions processed in RPS during the period audited were accurate and in compliance with the relevant legislation, regulations, terms and conditions of employments, collective agreements, and Treasury Board policies and directives.

IAEB performed detailed audit test procedures on the pay transactions processed for the fiscal year 2007-08 for a random sample of 67 employees, which consisted of a total of 4,634 individual pay transactions. The objective of these tests was to provide assurance that the amounts paid to those employees during 2007-08 were calculated accurately according to the terms and conditions of employment for the employee's classification, and in compliance with Treasury Board policies and directives applicable under the particular circumstances of employment.  Refer to Table II above for details on the characteristics of the sample selected.  It was found that there was an accuracy rate of greater than 99.5% of the transactions tested.

2. Adequacy and Effectiveness of the Control Framework

2.1 Access Security Controls

Access security controls to RPS are in place and in use. However, neither active monitoring nor verification is performed of all of the user/identifier employees' names and their corresponding level of access rights to RPS.

The online pay sub-system of RPS has embedded access security controls.  These include:  individual log-on using unique user/identifier by employee name and password corresponding to only one of the four levels of access rights to the system: initiation, verification, authorization of a pay transaction, or inquiry.  These access security controls ensure that access to RPS is restricted to authorized users only.  The audit found that, although the access security controls are in place and in use, there is neither active monitoring nor verification performed by an independent officer of all of the user/identifier employees' names and their corresponding level of access rights to RPS.

The Personnel-Pay Input Manual (PPIM) published by the Compensation Sector of PWGSC provides departments with the required instructions and procedures for preparing, verifying, and authorizing batching input to RPS.  Chapter 17 describes all of the responsibilities of the departmental Security Access Control Officer (SACO) including, among others, actioning requests for new passwords; maintaining adequate records of processed request forms; investigating and correcting password irregularities; cancelling passwords and/or related alternate; and verifying twice a year that each user/identifier belongs to the correct individual and reviewing the assigned system access.

At the time of the audit, the activities performed by the departmental SACO were limited to transmitting to PWGSC the online pay access requests received by the CAB group's managers and to filing them.  At the request of IAEB, the departmental SACO provided a report, which was obtained from PWGSC, listing all of the user/identifier employees' names with access to the online pay sub-system of RPS.  IAEB performed a limited analysis of this report which revealed that, at the time this report was prepared, out of a total of 43 user/employee names listed, eight belonged to individuals who were not current employees and two of those had departed for a period greater than 180 days.  Consequently, at the time of this audit, eight former employees continued to have access rights to RPS when they should have been revoked.

Recommendation:

1. It is recommended that the Assistant Secretary, CSS ensure that verification be performed of RPS user/employee access rights listings to ensure their validity and appropriateness.  The verification should be carried out at least twice a year by a designated departmental officer independent from the CAB group and its results be reported to and monitored by senior management of HRD.  (High Priority).

2.2 Controls over Pay Recoveries from and Pay Reimbursements to Other Government Departments

The Controls over the pay recoveries from and the pay reimbursements to Other Government Departments (OGD) have weaknesses.

Pay recoveries from and reimbursements to, OGDs result in the following circumstances:

  • time lag between employee transfers among departments and the actual transfer of pay files to the hiring department; and
  • when an employee is seconded to and from another department.

The Secretariat (the creditor department) recovers the amount it disbursed to pay salary from an OGD (the debtor department) using an IS(settlement between any two-government departments that operate within the Consolidated Revenue Fund) in the following two situations:

  • Employee departs the Secretariat and is appointed by another department. The Secretariat recovers from another department the pay disbursements/expenses it continues to pay to its former employee up until the time when the employee's file is transferred out to, and processed in to the other department' s RPS pay list; and
  • Employee is seconded out to work in another department. The Secretariat recovers from another department the pay disbursements/expenses it continues to pay to its employee for the duration of the period set in the secondment agreement.

The Secretariat (the debtor department) pays and reimburses an OGD (the creditor department) using an IS in the following two situations:

  • Employee is appointed to a position in the Secretariat from another department.  The Secretariat reimburses the new employee's former employer for the pay expenses that this department continues to pay up until the time when the new employee's file is transferred to, processed by, and added to the Secretariat's RPS pay list; and
  • Employee seconded in the Secretariat from another department. The Secretariat reimburses the salary to the other department for the duration of the period set in the secondment agreement.

IAEB found that the controls over pay recoveries from OGD and pay reimbursements to other OGD have weaknesses.  At the time of the audit, there were no written departmental detailed procedures describing the processes to follow with regards to pay recoveries and pay reimbursement to ensure their accurate, documented, authorized and timely processing.

IAEB also found errors in the sample of transactions audited.  Within the overall sample of the 67 pay files subject to detailed audit test procedures (see Table II above for a description of the sample), there were 28 cases where pay recoveries from another department or pay reimbursements to another department had been or should have been processed by the Secretariat.

Out of 28 cases, 11 had one or more errors of the following types:

  • incomplete information corroborating and documenting the amount to recover or reimburse;
  • immaterial calculation errors caused by a design error in the model used to calculate the number of days to pay the other department or to recover from the other department; and
  • non-recovery from another department or reimbursement to another department, where FMD had not been notified by the fund center manager to do so.

The total accumulated net impact of the errors found was minimal - an overstatement of $675.89 of the Secretariat's pay expenses for fiscal year ended March, 31 2008.  It should be noted that no employees received additional or less money because of the errors identified.  The errors related only to departmental transactions.

Recommendation:

2. It is recommended that the Assistant Secretary, CSS ensure that detailed written procedures for the processing of pay recoveries and pay reimbursement be developed and communicated.  The procedures should cover all of the elements of the overall process, describing and defining the responsibilities of the various players involved with these particular types of pay related transactions. (High Priority)

2.3 Pay Expenditure Authorization

Controls for fulfilling responsibility under section 33 of the FAA were found to be inadequate.  Specifically, signatures were not verified as per section 34 of the FAA.  However, IAEB has been informed that this issue has since been addressed.

The Policy on Delegation of Authorities states that departments must delegate payment authority under section 33 of the FAA to positions classified as "financial officers" who can independently verify how managers exercise their spending authority under section 34 of the FAA.  In addition, departments must establish adequate controls to ensure that a specimen signature document is prepared as soon as a new employee is appointed to a position with delegated authorities.  Specimen signature documents and delegation documents must be available in all locations where the signatures will have to be recognized and honoured.

For the period under audit, in CAB, compensation advisors processing the various pay transactions were not validating the signatures under section 34 of the FAA against the signature cards of managers authorizing these transactions because they did not have access to signature cards.  The pay transactions included human resources activities such as inputting the following into RPS: newly appointed employees for inclusion on the Secretariat's pay list; the new salary rate and period when an employee is appointed in an acting position; and the data necessary to issue the performance pay to an employee.

These control issues were raised by IAEB in a separate audit of Leave and Overtime and recommendations were developed and approved.  Management has since informed IAEB that the issues pertaining to sections 33 and 34 have been rectified.

Overall Conclusion

IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat for the period examined was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities.  Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the RPS and IAEB makes specific recommendations to address these.