Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Audit of Account Verification


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Audit Results

Each area of focus was assessed against audit objectives and related audit criteria. The audit results are presented below by area of focus.

Human Resources Management

Employee training and related guidance support the account verification practice.

We expected to find that employees received sufficient training from their supervisors on account verification requirements and that instruction material and/or guidelines were available and used by employees to support account verification activity.

The audit found that new employees receive informal but structured one-on-one training on the requirements of fulfilling the job of an account verifier. An informal assessment of their performance is also provided by their supervisors. Training consists of walk-throughs of account verification processes and practices under supervisor guidance and review of the account verification procedures manual. On-the-job learning is also a key aspect, including support from a financial officer, for high-priority or more complex verifications.

Policies, procedures, processes, directives and instructions related to account verification practices are accessible to employees through the Secretariat's document management system (RDIMS). When there are changes to authorities, the account verification procedures manual is updated, employees are notified in writing (by email), and meetings with staff are held if warranted.

Conclusion

Employee training supports the account verification practice. While the training process for new employees to acquire account verification competencies is thorough, it could be strengthened by documenting current training and evaluation techniques. Documenting what is currently done will maintain training consistency, especially when turnover rates are high.

Recommendation: None.

Verification of Financial Administration Act–certified payment requests

Departmental payments were verified in an accurate and timely manner. A number of business process improvements would enhance the effectiveness of the account verification practice.

We expected to find that business processes and internal controls validate key aspects of account verification for goods and services and for acquisition card and employee-related payment requests.

The audit categorized goods and services payments into three types based on the distinct account verification procedures applied for each. A statistical sample of 67 payments for goods and services, acquisition card purchases and employee payables amounting to $174,974, $23,581 and $69,856, respectively, totalling 201 payments and $268,411, was selected for detailed examination.

Based on our detailed examination, payments for goods and services were verified in compliance with the Treasury Board Directive on Account Verification, the FAA and good management practices. We found that FAA Section 34 certification signatures were:

  • Clearly recorded;
  • Matched to the Specimen Signature Record of the department;
  • Valid in the period applied; and,
  • Valid for the Fund Centre indicated.

Further, payment amounts were accurately entered into the financial system, financial coding was appropriate, processing was prompt, and corrections were made as warranted. Also, the audit did not find duplicate payments.

The following provides specific observations for each type of payment or payment request subject to our detailed examination.

Payment Requests for Goods and Services

The audit found that an adequate document trail of account verification activity was maintained on file, such as invoices—traced to purchase orders in the financial system, where applicable—and receipts for services rendered. Requests for payment that required further verification by a subject matter expert were forwarded and verified as required. A record of account verification activity was recorded on the account verification checklist for payment of goods and services.

The audit found that of the 67 payment files examined, 10 were missing evidence of goods receipt (e.g., a packing slip, bill of lading, a stamp and signature certifying goods receipt, or a note to file verifying goods receipt). While the audit examination was limited to a file review, the Directive on Account Verification requires supporting documentation be complete, allowing maintenance of an audit trail for each payment amount claimed such as receipt of goods or services and authorization according to the delegation of financial signing authorities. Without complete documentation that supports payment requests, the account verification process is incomplete.

Payment Requests for Acquisition Cards

Regarding the examination of payments made using acquisition cards, we found that, overall, sufficient information and appropriate documents were included in the file to support the purchases. However, in 10 cases, the audit found minor errors or document deficiencies affecting full compliance with established procedures. For example, in 2 cases, conference registration was incorrectly coded as miscellaneous products, and in 4 other cases, photocopies of invoices/receipts were provided instead of the originals. The audit did not identify any evidence in the payment files sampled that Financial Management Directorate followed-up with Funds Centre managers to obtain the missing information or documents.

The account verification process requires that each payment undergo a thorough verification. The audit noted, however, that 14 of 67 (21 per cent) of acquisition card statements had one or more payments with incorrectly applied taxes (i.e., GST and/or PST). Of note were instances where the error was generated on the monthly bank statement. The errors from the audit sample resulted in a total overstatement and understatement of approximately $95 and $150, respectively, with a net understatement of approximately $55. If extrapolated to acquisition card payments for the Secretariat and Finance Canada for the audit period, the resulting error rate would remain at less than 1 per cent, with a net understatement of approximately $13,000.

The audit observed that formalized desk procedures or verification checklists were not applied for acquisition card payments. Consequently, an audit trail of verification activity was not available on the file. The absence of an audit trail made it difficult for the audit team to assess the extent and consistency of post-payment verification for goods and services purchases (e.g., issues followed up with Fund Centres, rationale for accepting incomplete documentation, etc.).

Payment Requests for Employee-Related Expenses

Employee-related payments include payment requests such as awards, conferences, hospitality, memberships, training and travel.

The audit found that the account validation process for employee payable payments generally complied with established procedures and Treasury Board policy. A formal account verification checklist was introduced in the latter part of the 2008–09 fiscal year. It was found that the checklist was consistently used for payments dated January to March 2009.

It was found that 40 of 55 (73 per cent) of employee-payable files examined included evidence that payment requests were properly pre-authorized prior to the event occurring and were properly certified for payment authorization. In 5 cases, travel pre-authorizations were not completed in advance of travel; in 6 cases, travel pre-authorizations were not dated by the signee, which is required to validate the pre-approval, and in 4 cases, there was neither a travel authorization signee nor a date.  It should be noted that audit examination was limited to a file review.  If further information was obtained by an account verifier over the phone or via email and this information was not placed on the payment file, then this evidence was not available for the audit.  Such omissions put the validity of the authorization or certification into question and decrease process efficiency, as account verifiers must then use additional time and effort to determine whether the signatures were valid in the possible range of time that they could have been recorded.

Conclusion

Departmental payments were found to be made in an accurate and timely manner; however, a number of business process improvements would enhance the effectiveness of the account verification practice. Specifically:

  • Use of checklists in support of verification for all payment types would provide an audit trail of account verification activity and facilitate a consistent approach.
  • Enhancements to checklists would also be beneficial. These include:
    • Incorporating a comments box, which would provide a brief audit trail of Financial Management Directorate contact with, and direction to, Fund Centres;  and
    • Clearly indicating on the checklist for goods and services evidence of receipt of goods and/or services rendered;
  • Ensure that the date of each signature be provided for all instances of pre-authorization and FAA certification; and
  • The proper application of taxes should be identified and addressed at the account verification practice level, as should the need to include the date of signature for all pre‑authorizations and FAA certifications.

Recommendation 1

It is recommended that the Assistant Secretary, CSS, implement account verification business process improvements, including:

  • An account verification checklist for processing acquisition card payment requests;
  • Modification to the existing checklist for goods and services to indicate that supporting documentation is required for receipt of goods and/or services rendered; and
  • Modification of existing account verification checklists to specify the requirements for the date of pre‑authorization, FAA Section 34 certification, and a record of account verification follow-up.

Monitoring and Reporting of Results

Monitoring compliance with financial management legislation, policies and authorities is done through 100-per-cent verification of payment requests. This approach does not take advantage of risk-based sampling techniques, and the results of monitoring are not shared with senior management.

Because monitoring is a core fundamental control, we expected to find that compliance monitoring was performed effectively and on a periodic basis and that the results of monitoring were reported to the appropriate level of management.

The Directive on Account Verification requires that departments apply a risk-based approach to account verification, conducting a full review of high-risk payment requests and sampling low- to moderate-risk payment requests based on a sampling plan. Accounting Services and Management Practices, Financial Management Directorate has developed a sound Account Verification of Sampling Plan for the Secretariat and Finance Canada; however, the plan has not yet been implemented.

For the audit period under review, every request for payment sent to Financial Management Directorate for processing was subject to verification based on established internal guidelines. Subsequent to the audit period, the departments have assessed travel reimbursement requests on a risk basis and are planning to apply a sampling approach to the verification of low-risk payment requests.

With respect to the results of verification, Internal Audit and Evaluation Bureau was informed that significant errors detected as part of account verification were taken up with responsible parties and corrected. These errors, however, were not tabulated or reported. Such an exercise would provide a record of the type of errors arising from Fund Centres and assist in identifying appropriate corrective measures. Furthermore, senior management could use these results to support decision making with respect to financial management, such as determining how to change existing controls and ensure that risks are managed appropriately.

The results of follow-up activity should also be monitored to ensure that identified controls are operating as intended.

While monitoring of error rates in payment requests was not undertaken, Accounting Services and Management Practices does maintain a monitoring log of payment requests involving significant policy or practice interpretation issues and matters of management concern. The log serves as a control document and a reference source for consistent treatment of issues should similar situations arise. Current reporting to management is limited to ad hoc reports, usually focused on interest charges as a result of late payments.

Conclusion

There is limited monitoring and ad hoc reporting of the results of account verification, and a risk-based sampling approach to verification is not yet in place. As a result, there are opportunities to enhance management decision making, efficiency, and compliance with the Directive on Account Verification as it pertains to using a risk-informed approach.

Recommendation 2

It is recommended that the Assistant Secretary, CSS, implement, as practicable:

  • A risk-based approach to payment verification; and
  • Periodic monitoring and reporting of results to support management of account verification.

Overall Conclusion

We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. Specifically:

  • No significant practice or process gaps were observed within the account verification function that would put the departments at risk.
  • Vote 1 Goods and Services payment requests were managed in accordance with applicable legislation, policy and established procedures.
  • Opportunities to enhance the function were identified. These include formalizing training procedures, implementing a checklist for post-payment verification of acquisition card purchases, enhancing existing verification checklists, introducing a risk-based approach to account verification practices, and monitoring and reporting verification results.