Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Horizontal Internal Audit of High Risk Expenditure Controls in Large Departments and Agencies

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.





Horizontal Internal Audit
of High Risk Expenditure Controls
in Large Departments and Agencies





Table of Contents



Executive Summary

The objective of the audit was to assess the adequacy and effectiveness of processes in place to identify higher‑risk transactions, which consequently enable more efficient account verification practices. We examined the risk management over expenditure controls and the practices in place in a sample of large departments and agencies (LDAs) in order to determine whether expenditure management was being carried out in a cost‑effective and efficient manner while maintaining the required level of control.

Why This Is Important

In LDAs, effective risk management over expenditure controls allows for appropriate due diligence over transactions that require more rigorous review, and greater efficiency over transactions that are of lower risk. Without an approach to account verification that considers risk levels specific to various types of transactions, proper attention may not be given to high-risk transactions, and transactions of lower risk may consume disproportionate levels of employee attention and departmental resources.

Overall Assessment

LDAs are not taking advantage of risk management to help make their account verification practices more efficient. Most LDAs are applying 100% verification on all transactions when appropriate risk management strategies would result in more efficient practices. Further, while some LDAs have appropriate guidance for those with financial signing authority, this guidance is still relatively new or has not been fully implemented.

More specifically, LDAs are at different stages in either the development or the implementation of effective governance processes over their account verification practices. Although most LDAs have some sort of governance function, there is not widespread representation of functional managers or others who can provide pertinent input for risk identification. In addition, most LDAs do not have formal policies and procedures for those who make decisions about payment certification. Without adequate documentation to support decisions made for high-risk types of payments, LDAs must treat all payments as high risk, which is not an efficient practice.

About half of the LDAs have formal guidance or checklists for those authorized to certify (project authorities) that the procured service or good meets the requirements for payment. In addition to receiving formal training from the Canada School of Public Service, half of the LDAs included in our sample have identified when unique payment criteria exist and have guidance or checklists for project authorities to use in carrying out their responsibilities. When proof of payment is particularly risky in some program areas, some LDAs go further, embedding specialists within those program areas to support the certification requirements. One LDA has its Centre of Expertise review payment authorizations before forwarding payment requests to the finance function.

Generally, LDAs are not distinguishing between high- and low-risk types of payments and therefore apply 100% verification on all transactions. This results in an ineffective use of resources because less time should be involved in quality assurance for payments of low risk. A small number of LDAs are beginning to develop guidance to support the identification of high-risk transactions, in keeping with the department's risk management approach. Of these, some are applying fewer verification procedures over low-risk transactions and have national sampling plans in place for these transactions to ensure that the application of fewer verification procedures continues to be appropriate.

Most LDAs apply 100% verification on all transactions. However, they are not monitoring the account verification processes to identify systemic weaknesses and therefore cannot report (through the governance process) the identification of revisions required to the risk identification, or the results of best practices. Insufficient monitoring may hamper LDAs' efforts to be responsive to changing circumstances or new risks.

Conclusion

Overall, the processes in place to identify high-risk transactions for account verification are not satisfactory. Most LDAs are applying 100% verification on all transactions — that is, treating them all as high risk — when appropriate risk management strategies would result in more efficient practices. Furthermore, they do not have an appropriate governance process over risk identification or provide guidance on the verification work required of account verification officers. These practices result in an inefficient use of the time of account verification clerks and of those providing quality assurance.

The Internal Audit Sector of the Office of the Comptroller General has asked chief audit executives to prepare detailed action plans and to have these plans endorsed by their department and agency audit committees. The audit results and recommendations received positive reactions from responsible officials within LDAs. There were good indications that improvements would be pursued. Furthermore, the OCG will facilitate the dissemination of information related to audit findings including sharing of best practices and training as requested.



Statement of Assurance

In my professional judgment as Executive Director, Operational Auditing, sufficient and appropriate procedures and evidence gathering were performed to support the accuracy of the audit conclusion. The audit findings and conclusion are based on a comparison of the conditions that existed as of September 3, 2009, in the departments reviewed, against pre‑established audit criteria. Further, the evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing.[1]

Sylvain Michaud
Executive Director, Operational Auditing
Internal Audit Sector, Office of the Comptroller General



Background

The Treasury Board Policy on Internal Audit requires the Comptroller General to lead horizontal audits in large departments and agencies (LDAs). Horizontal audits are designed to address risks that transcend individual departments in order to report on the state of governance, controls and risk management across the Government of Canada. This report presents the results of the horizontal audit of high-risk expenditure controls.

Expenditure controls in the Government of Canada are governed by the Treasury Board Account Verification policy and the Policy on Active Monitoring and by the Financial Administration Act (FAA).[2]

The objective of the Account Verification policy is to ensure that accounts for payment and settlement are verified in a cost-effective and efficient manner while maintaining the required level of control. Account verification processes must be designed and conducted in a way that will maintain probity while taking into consideration the varying degrees of risk associated with each payment. This policy also requires that account verification practices be monitored to ensure that varying levels of controls exist over high- and low‑risk transactions and that these practices are being carried out as designed. Aspects of both the FAA and the Policy on Active Monitoring are important considerations in complying with the Account Verification policy. For example, active monitoring enables LDAs to use new information and changing conditions to accordingly revise their risk management strategies. The two sections of the FAA that are most relevant to the Account Verification policy are section 34, "Payment for work, goods or services," and section 33, "Requisitions."

Payment for work, goods and services (section 34) must be certified by someone with delegated authority from the minister. Certifying for section 34 implies that the work, good or service has been received in accordance with the terms and conditions established between the Government of Canada and the supplier of the work, good or service. Section 34 is typically delegated to project authorities — those generally responsible for completing the operations in line with the mandate of the department or agency.

After section 34 has been certified, payment requisitions are typically forwarded to the finance function, where someone with delegated section 33 authority will provide quality assurance to further certify requirements such as the following: the payment is in accordance with the budgeted amount, the section 34 authority has discharged his or her responsibilities appropriately, no signing officer will personally benefit from the payment, financial coding is done accurately, and other relevant policies have been respected. The certification of section 33 serves as official documentation to support the release of the funds. A risk management approach can be applied to the above responsibilities. For high-risk payments, however, all the requirements of quality assurance should be met; for low‑risk transactions, reliance on the certification of the project authority may help reduce some of the time-consuming tasks associated with quality assurance.

Effective risk management over expenditure controls requires that the appropriate level of management in a department or agency determine which types of payments are of higher risk and should accordingly be subject to more thorough quality assurance in the section 33 verification process. To ensure appropriate monitoring, those transactions deemed lower-risk should be subject to more rigorous review on a sampled basis. This will ensure that the processes designed for lower-risk transactions are resulting in sufficient due diligence and that any new risks can be identified. Under the Policy on Active Monitoring, LDAs must develop an early notice capability to detect and communicate unacceptable risks, vulnerabilities, control failures and deficiencies requiring remedial action. Effective risk management therefore allows for a more efficient use of the resources responsible for quality assurance requirements.



Audit Objectives, Scope and Approach

Objectives and Scope

The objective of the audit was to assess the adequacy and effectiveness of processes in place to identify higher-risk transactions, which consequently enable more efficient account verification practices.

For the 18 large departments and agencies (LDAs) included in our audit, we looked at risk management over expenditure controls, whether policies and procedures were designed to respect risk management principles, whether the controls designed were commensurate with the risks, and whether appropriate monitoring mechanisms were in place.

Audit Approach

The audit was conducted in two phases. Consultants were engaged to support the Office of the Comptroller General audit team in both phases.

Phase 1

To select the LDAs to be included in the audit, we performed a risk analysis that used findings from previous horizontal audits and considered the centralization or decentralization of the LDA's financial function, the nature of its business, and its size. We also ensured that the selected LDAs accounted for a significant volume of expenditures from a government-wide perspective. On the basis of this analysis, we chose the 18 LDAs listed in Appendix 1. These LDAs account for more than 35% of total government expenditures.

Phase 2

For each of the 18 LDAs, we carried out a document review to identify systemic strengths and weaknesses. Our review included documentation on risk, quality assurance and monitoring plans, and other departmental policies or procedures developed for expenditure management.

On the basis of our findings, we selected eight LDAs at various stages in the development and implementation of an account verification policy for further examination. For these LDAs, we interviewed managers from all parts of the expenditure management process including senior financial officials, and managers and project authorities responsible for account verification, to determine whether procedures were consistently understood and carried out.

We also performed transaction testing to verify whether policies and procedures for account verification of high-risk transactions were being applied as intended. In total, 125 transactions from the period October to December 2008 were reviewed in order to determine whether the established procedures were being followed by responsible officers.



Detailed Findings and Recommendations

Finding 1: Risk Identification


Departments are at different stages in how effectively they identify high-risk transactions requiring special attention.

We examined whether LDAs had an appropriate governance process in place to identify high-risk payments in expenditure management. We also examined whether the managers involved in the governance process were fully aware of the nature and extent of their responsibilities.

We expected to find a governance process over expenditure management that would identify risks and develop policies to support this risk assessment. We also expected that this governance process would involve management with functional responsibility over account verification, including those with an awareness of pertinent risks to the operations and those with appropriate decision-making authority. We expected that the identification of high-risk transactions would be adequately documented to enable those with delegated account verification signing authority to carry out their responsibilities in a manner commensurate with risk management principles. Furthermore, we expected that policies and procedures would exist to guide those responsible for account verification in carrying out their duties in accordance with the risk management decisions made.

It is important that management with appropriate decision-making authority identify expenditure transactions that are of greater risk to the LDA. Opinions on high risk from managers with varying functional responsibilities enable a complete analysis of those transactions that require further scrutiny. Without an approach that considers the risk levels specific to various types of transactions, proper attention may not be given to high‑risk transactions. In addition, in an LDA where many of the resources responsible for carrying out account verification are often not part of the risk identification process, it is essential that the identified risks and their implications be clearly documented. We would therefore expect to see policies and procedures that clearly address risk identification and the resulting impact on the account verification process.

LDAs do not have risk-based policies and procedures to guide them in their account verification practices. Overall, LDAs are at various stages in their application of rigorous risk assessment to the development of account verification policies and related processes and procedures. Some LDAs have not yet identified the criteria for high-risk payments. Others have documented risk thresholds related to various payment streams for account verification but do not have underlying support for these determinations.  Only one LDA has fully documented its policies and control procedures. This LDA, which recently underwent a Controls Reliant Audit Readiness Assessment for Audited Financial Statements, is now piloting a fully compliant account verification practice.

Appropriate members of management are not involved in risk management over expenditure controls. Although most LDAs have in place some form of governance process over expenditure controls and risk assessment in account verification, very few of the LDAs included in our sample could demonstrate that appropriate management and functional areas were included in the ongoing development of risk identification processes to determine the high-risk transactions requiring comprehensive account verification.

Many of the LDAs do not have an appropriate risk assessment function, nor do they involve all the appropriate functional areas in the development and application of financial controls, processes and procedures related to account verification. This means that possible opportunities for greater efficiency and effectiveness may have been lost and that risks may not be uniformly understood by all participants in the account verification process.

Recommendations

1. LDAs should have policies and procedures in place to guide risk-based account verification processes. These should include the identification of high-risk types of payments to ensure those responsible for account verification are aware of the risk tolerance of their department or agency.

2. LDAs should ensure that management is adequately represented in the governance process that determines or defines the risk level and the policies and procedures related to risk-based account verification. Management representatives should include individuals with functional responsibility over account verification, those with an awareness of pertinent risks to the operations, and those with appropriate decision‑making authority.

Finding 2: Certification for Payments


There is limited guidance available to project authorities to enable them to effectively discharge their responsibilities for certification of payments.

Project authorities (section 34) must ensure that proof of performance conditions exists prior to certifying for payment. The project authority certifies that the performance of work, the supply of goods or the rendering of services complies with the terms and conditions of the agreement or contract and that the price charged complies with the contract or, in the absence of a contract, is reasonable.

We reviewed the extent of information, training and guidance available to project authorities to ensure that proof of performance conditions for the agreement are met before each payment is made.

We expected to find that in addition to guidance or checklists sufficient training would be provided to ensure that officials who verify proof of performance conditions know how to apply an appropriate level of scrutiny to determine that the performance conditions of the agreement are met before each payment is certified. Specific guidance would be especially appropriate when the proof of performance conditions are uniquely tailored for agreements not generally encountered in day-to-day situations — for example, contribution agreements that include various performance criteria and reports required prior to payment approval.

The lack of program-specific account verification guidance for project authorities could lead to their misunderstanding and inconsistent application of practices related to account verification and not enough attention being paid to departmental or program-specific attributes or risks.

Progress is being made in providing project authorities with guidance on their role in account verification. Of the LDAs included in our sample, about half have formal guidance to assist the project authorities responsible for account verification (section 34) with payment certification. In the majority of these cases, the guidance is still relatively new or in progress and has not yet been put in place on a national level. Managers in LDAs must undergo specific section 34 training offered by the Canada School of Public Service before their certification authority is granted, and most are in compliance. However, the training does not cover LDA-specific risks or the attributes of a payment under a specific program's design. LDA-specific training or guidance would help mitigate the risk associated with project authorities not completely understanding the basis of payment under a program's design.

During our audit, we noted good practices related to section 34 certification. Some LDAs are embedding finance specialists in program areas to help provide on-the-job training and support to project authorities responsible for section 34. Other LDAs have specific checklists for understanding the basis of payment associated with specific programs, such as transfer payments that could have particular payments attributes not encountered in normal day-to-day operations. In one LDA, the Centre of Excellence for Grants and Contributions rigorously reviews all payment certifications before releasing the payment request to the finance function and those responsible for quality assurance.

Recommendation

3. LDAs should develop guidance or checklists to assist project authorities responsible for section 34 account verification in carrying out their duties and to provide proof of performance related to their account verification procedures. This would be particularly helpful in instances where payment types have specific and unique terms and conditions and are otherwise not straightforward.

Finding 3: Quality Assurance


The quality assurance function for account verification has been established without taking risk into consideration.

In LDAs, quality assurance for account verification is done within the finance function. Those with delegated authority for section 33 typically employ account verification clerks to assist them in ensuring that all the appropriate verifications have been done. This quality assurance activity certifies activities such as the following: the payment is in accordance with the budgeted amount, the section 34 authority has discharged his or her responsibilities in accordance with the terms and conditions of the agreement, no signing officer will personally benefit from the payment, financial coding is done accurately, and other relevant policies have been respected. For high-risk payments, quality assurance must at a minimum include all of the above elements; for low-risk payments, verification may be reduced.

Because account verification procedures may be lessened for low-risk payments, these payments should be subject to more rigorous review on a sampled basis. Such a review helps monitor whether those responsible for certification under section 34 are carrying out their duties in a responsible manner and whether risk assessment and analysis are serving to appropriately identify high-risk payments.

We examined the LDAs' quality assurance practices over account verification to determine whether they were following efficient risk management practices; that is, they were conducting full verification over high-risk payments and reduced verification, subject to sampling, for low-risk payments. We expected to find clear guidance on account verification processes for high- versus low-risk transactions, such as checklists for the account verification clerks to use in discharging their responsibilities. A checklist would also provide documentation to support the quality assurance work that had been done, thereby allowing those signing section 33 certification to feel comfortable that all necessary steps had been taken.

LDAs are not taking advantage of risk management's potential for making account verification processes more efficient. Most LDAs included in our sample are not applying a risk-based approach to account verification and, therefore, perform 100% prepayment verification of all transactions. Performing 100% verification on all transactions does not enable the LDA to leverage the efficiency gained through effective risk management and requires the LDA to have more resources to carry out verification responsibilities.

LDAs do not have guidance in place to support verification procedures for high‑ versus low-risk payment types. Some LDAs have a formal process for determining which payment types are high versus low risk and what the resulting effort for payment verification entails. Of these LDAs, some are piloting new risk‑based account verification processes with plans to roll out their sampling procedure for low-risk payments on a national level once deemed successful. However, most LDAs do not have any formal guidance or training for their quality assurance personnel to assist them in their day‑to‑day identification and verification of high- versus low‑risk types of payments. As a result, insufficient documentation exists to support the verification work that is done.

Progress was noted in a few LDAs. Some have national sampling plans for low-risk payments commensurate with their risk management guidance and are developing guidance for regional risks and capacity considerations. A few are monitoring the results of sampling and making modifications to their risk management strategies when appropriate.

Recommendations

4.  LDAs should ensure that high- versus low-risk types of payments are identified and determine whether the verification procedures applied are aligned with their risk principles.

5.  LDAs should develop clear risk identification guidance to assist those who provide quality assurance over account verification to characterize high- versus low-risk types of payments. LDAs should consider using checklists that outline verification procedures based on risk type or other measures.

6.  LDAs need to develop rigorous sampling plans to monitor the verification process used for low-risk payments. These should be national in scope and allow for monitoring of appropriate risk identification and for the collection of results, which could indicate systemic errors or point to best practices.

Finding 4: Monitoring


Monitoring of high-risk transactions, including reporting on issues found, is not done in most LDAs.

Effective monitoring over high-risk transactions should be done to track common or systemic issues found, to ensure those carrying out account verification responsibilities are respecting the risk levels, and to provide timely information to the governance function overseeing expenditure management. Effective monitoring informs those charged with governance that appropriate due diligence is taking place and helps them in their analysis of the changing environment. 

We reviewed the nature and extent of the LDAs' monitoring of high-risk transactions and how this information was used to support decision making. We expected that those responsible for quality assurance in LDAs would be monitoring errors and other systemic weaknesses and reporting them to the governance function. These reports would also demonstrate that the LDAs' practices for, and controls over, account verification were being performed effectively. We expected that there would be a risk-based process for the financial officers responsible for quality assurance to monitor the overall account verification process within LDAs.

Effective monitoring of account verification processes for high-risk transactions (including reporting to an oversight function) is essential for improving future performance and ensuring that risk profiles are updated based on systemic weaknesses, good performance or changing environment. Without an overall monitoring process complete with error reports, management might not be made aware of any process-related concerns or significant breakdowns in control.

LDAs are not monitoring errors found during their quality assurance process. A small number of the LDAs included in our sample regularly submit formal quality assurance reports to the governance function informing them of errors or concerns. These LDAs monitor errors from all regional and branch operations and can therefore roll up the results at the national level to report to senior management. The majority of LDAs included in our sample lack adequate information on whether account verification is achieving its objective of dealing with high-risk transactions with appropriate due diligence or whether systemic weaknesses are being identified or corrected.

Recommendation

7.  LDAs should establish reporting requirements that enable the governance function over expenditure management to discharge its responsibilities in a robust, timely and comprehensive manner. Those responsible for quality assurance need to develop reports to meet this need and to prepare and present them in a timely manner.



Conclusion

Overall, the processes in place to identify high-risk transactions for account verification are not satisfactory. Most large departments and agencies (LDAs) are applying 100% verification on all transactions, that is, treating them all as high risk, when appropriate risk management strategies would result in more efficient practices. Furthermore, they do not have an appropriate governance process over risk identification or provide guidance on the verification work required of account verification officers. These practices result in an inefficient use of the time of account verification clerks and of those providing quality assurance.

Management Action Plans

The findings and recommendations of this audit were presented to each department and agency included in the scope of the audit. The audit results and recommendations encountered positive reactions from responsible officials within LDAs. The Internal Audit Sector of the Office of the Comptroller General has asked chief audit executives to prepare detailed action plans and to have these plans endorsed by their department and agency audit committees. There were good indications that improvements would be pursued. The department and agency audit committees will periodically receive reports from management on the actions taken where Management Action Plans are in place.

Deputy heads of LDAs not included in the scope of this audit will take into account the results of this horizontal internal audit and develop Management Action Plans as necessary. They may also choose to brief their department and agency audit committees on this audit.

Furthermore, the Office of the Comptroller General will facilitate the dissemination of information related to audit findings including sharing of best practices and training as requested.



Appendix 1: Departments and Agencies Included in the Audit Engagement

Departments and Agencies Included in the Audit Engagement

  1. Atlantic Canada Opportunities Agency
  2. Canada Border Services Agency
  3. Canadian Food Inspection Agency
  4. Canadian Heritage
  5. Fisheries and Oceans Canada
  6. Industry Canada
  7. Infrastructure Canada
  8. Justice Canada, Department of
  9. Health Canada
  10. Human Resources and Skills Development Canada
  11. National Research Council Canada
  12. Privy Council Office
  13. Public Health Agency of Canada
  14. Royal Canadian Mounted Police
  15. Statistics Canada
  16. Transport Canada
  17. Treasury Board of Canada Secretariat
  18. Veterans Affairs Canada

Departments and Agencies Selected for Detailed Examination

  1. Atlantic Canada Opportunities Agency
  2. Canadian Heritage
  3. Fisheries and Oceans Canada
  4. Industry Canada
  5. Human Resources and Skills Development Canada
  6. National Research Council Canada
  7. Transport Canada
  8. Veterans Affairs Canada


Appendix 2: Objectives and Related Criteria


The objective of the audit was to assess the adequacy and effectiveness of processes in place to identify higher risk transactions, which consequently enable more efficient account verification practices.
Objectives Criteria
Risk assessment processes are designed to identify high-risk payments for focused attention and verification.
  • The organization has established and documented appropriate internal policies specific to the account verification process.
  • The organization's direction and approach to risk management are formally articulated and documented.
  • The documented risk identification process is rigorous; it considers risks at both the entity level and the activity level, and assesses internal and external sources of risk.
  • All appropriate levels of management are involved in analyzing risks.
  • All appropriate functional areas — for example, line managers, internal auditors, security, and legal representatives — are involved in the analysis of risk.
  • Risk information is regularly presented to and discussed at established management and/or oversight committee meetings.
Verification processes are designed to ensure that payments are verified in a cost-effective and efficient manner while maintaining the level of control required under the Account Verification policy.
  • The organization has an entity-specific account verification policy. It also has appropriate and adequate account verification procedures.
  • Other financial management policies and procedures are maintained by the organization.
  • Financial management policies and procedures are regularly and effectively communicated within the organization.
  • Responsibility for monitoring compliance with financial management laws, policies and authorities is clear and communicated through, for example, job descriptions, organization charts, or division or branch mandates.
  • Compliance monitoring is appropriately and effectively applied through a documented risk-based quality assurance process, including a documented sampling strategy.
  • Reports to the oversight body include clear statements that compliance has been maintained or that breaches have been noted.
Monitoring processes exist to inform the organization, on an ongoing basis, of the effectiveness of the account verification processes.
  • In accordance with the Policy on Active Monitoring, organizations actively monitor their management practices and controls using a risk-based approach.
  • Management review is ongoing and timely.
  • Significant control breakdowns are reported to management in a timely way.
  • The organization's internal audit group periodically assesses the account verification process.
  • Recommendations are considered and deficiencies are investigated and resolved in a timely fashion.


Appendix 3: Risk Ranking of Recommendations

The following table presents the recommendations and assigns risk rankings of high, medium or low. Risk rankings were determined based on the relative priorities of the recommendations and the extent to which the recommendations indicate non-compliance with Treasury Board policies.

Recommendations Overall Risk Ranking
1. LDAs should have policies and procedures in place to guide risk-based account verification processes. These should include the identification of high-risk types of payments to ensure those responsible for account verification are aware of the risk tolerance of their department or agency. High
2. LDAs should ensure that management is adequately represented in the governance process that determines or defines the risk level and the policies and procedures related to risk-based account verification. Management representatives should include individuals with functional responsibility over account verification, those with an awareness of pertinent risks to the operations, and those with appropriate decision-making authority. Medium
3. LDAs should develop guidance or checklists to assist project authorities responsible for section 34 account verification in carrying out their duties and to provide proof of performance related to their account verification procedures. This would be particularly helpful in instances where payment types have specific and unique terms and conditions and are otherwise not straightforward. Medium
4. LDAs should ensure that high- versus low-risk types of payments are identified and determine whether the verification procedures applied are aligned with their risk principles. Medium
5. LDAs should develop clear risk identification guidance to assist those who provide quality assurance over account verification to characterize high- versus low-risk types of payments. LDAs should consider using checklists that outline verification procedures based on risk type or other measures. Medium
6. LDAs need to develop rigorous sampling plans to monitor the verification process used for low-risk payments. These should be national in scope and allow for monitoring of appropriate risk identification and for the collection of results, which could indicate systemic errors or point to best practices. Low
7. LDAs should establish reporting requirements that enable the governance function over expenditure management to discharge its responsibilities in a robust, timely and comprehensive manner. Those responsible for quality assurance need to develop reports to meet this need and to prepare and present them in a timely manner. Medium


Appendix 4: Links to Applicable Legislation, Policies and Guidance

Website Reference (Links current as of September 3, 2009)

* Since this audit report was prepared, the Treasury Board Account Verification policy and the Policy on Delegation of Authorities were rescinded effective October 1, 2009, and replaced respectively by the Directive on Account Verification and the Directive on Delegation of Financial Authorities for Disbursements. The conclusions contained in the report are not affected by these changes.



Footnotes

[1]. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. However, the Office of the Comptroller General has not undergone an external assessment at least once in the past five years or been subject to ongoing monitoring or to periodic internal assessments of its horizontal internal audit activity that would confirm its compliance with the standards.

[2] Since this audit report was prepared, the Treasury Board Account Verification policy was rescinded effective October 1, 2009, and replaced by the Directive on Account Verification. The conclusions contained in the report are not affected by this change.