Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The objective of the audit was to assess the adequacy and effectiveness of processes in place to identify higher risk transactions, which consequently enable more efficient account verification practices.
| Objectives |
Criteria |
| Risk assessment processes are designed to identify high-risk payments for focused attention and verification. |
- The organization has established and documented appropriate internal policies specific to the account verification process.
- The organization's direction and approach to risk management are formally articulated and documented.
- The documented risk identification process is rigorous; it considers risks at both the entity level and the activity level, and assesses internal and external sources of risk.
- All appropriate levels of management are involved in analyzing risks.
- All appropriate functional areas — for example, line managers, internal auditors, security, and legal representatives — are involved in the analysis of risk.
- Risk information is regularly presented to and discussed at established management and/or oversight committee meetings.
|
| Verification processes are designed to ensure that payments are verified in a cost-effective and efficient manner while maintaining the level of control required under the Account Verification policy. |
- The organization has an entity-specific account verification policy. It also has appropriate and adequate account verification procedures.
- Other financial management policies and procedures are maintained by the organization.
- Financial management policies and procedures are regularly and effectively communicated within the organization.
- Responsibility for monitoring compliance with financial management laws, policies and authorities is clear and communicated through, for example, job descriptions, organization charts, or division or branch mandates.
- Compliance monitoring is appropriately and effectively applied through a documented risk-based quality assurance process,
including a documented sampling strategy.
- Reports to the oversight body include clear statements that compliance has been maintained or that breaches have been noted.
|
| Monitoring processes exist to inform the organization, on an ongoing basis, of the effectiveness of the account verification processes. |
- In accordance with the Policy on Active Monitoring, organizations actively monitor their management practices and controls using a risk-based approach.
- Management review is ongoing and timely.
- Significant control breakdowns are reported to management in a timely way.
- The organization's internal audit group periodically assesses the account verification process.
- Recommendations are considered and deficiencies are investigated and resolved in a timely fashion.
|
This page has been archived.