Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Horizontal Internal Audit of High Risk Expenditure Controls in Large Departments and Agencies


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Background

The Treasury Board Policy on Internal Audit requires the Comptroller General to lead horizontal audits in large departments and agencies (LDAs). Horizontal audits are designed to address risks that transcend individual departments in order to report on the state of governance, controls and risk management across the Government of Canada. This report presents the results of the horizontal audit of high-risk expenditure controls.

Expenditure controls in the Government of Canada are governed by the Treasury Board Account Verification policy and the Policy on Active Monitoring and by the Financial Administration Act (FAA).[2]

The objective of the Account Verification policy is to ensure that accounts for payment and settlement are verified in a cost-effective and efficient manner while maintaining the required level of control. Account verification processes must be designed and conducted in a way that will maintain probity while taking into consideration the varying degrees of risk associated with each payment. This policy also requires that account verification practices be monitored to ensure that varying levels of controls exist over high- and low‑risk transactions and that these practices are being carried out as designed. Aspects of both the FAA and the Policy on Active Monitoring are important considerations in complying with the Account Verification policy. For example, active monitoring enables LDAs to use new information and changing conditions to accordingly revise their risk management strategies. The two sections of the FAA that are most relevant to the Account Verification policy are section 34, "Payment for work, goods or services," and section 33, "Requisitions."

Payment for work, goods and services (section 34) must be certified by someone with delegated authority from the minister. Certifying for section 34 implies that the work, good or service has been received in accordance with the terms and conditions established between the Government of Canada and the supplier of the work, good or service. Section 34 is typically delegated to project authorities — those generally responsible for completing the operations in line with the mandate of the department or agency.

After section 34 has been certified, payment requisitions are typically forwarded to the finance function, where someone with delegated section 33 authority will provide quality assurance to further certify requirements such as the following: the payment is in accordance with the budgeted amount, the section 34 authority has discharged his or her responsibilities appropriately, no signing officer will personally benefit from the payment, financial coding is done accurately, and other relevant policies have been respected. The certification of section 33 serves as official documentation to support the release of the funds. A risk management approach can be applied to the above responsibilities. For high-risk payments, however, all the requirements of quality assurance should be met; for low‑risk transactions, reliance on the certification of the project authority may help reduce some of the time-consuming tasks associated with quality assurance.

Effective risk management over expenditure controls requires that the appropriate level of management in a department or agency determine which types of payments are of higher risk and should accordingly be subject to more thorough quality assurance in the section 33 verification process. To ensure appropriate monitoring, those transactions deemed lower-risk should be subject to more rigorous review on a sampled basis. This will ensure that the processes designed for lower-risk transactions are resulting in sufficient due diligence and that any new risks can be identified. Under the Policy on Active Monitoring, LDAs must develop an early notice capability to detect and communicate unacceptable risks, vulnerabilities, control failures and deficiencies requiring remedial action. Effective risk management therefore allows for a more efficient use of the resources responsible for quality assurance requirements.