Docstoc

AUDIT OF CONTRIBUTION AUDITING

Document Sample
AUDIT OF CONTRIBUTION AUDITING Powered By Docstoc
					                                              TABLE OF CONTENTS



STATEMENT OF ASSURANCE ................................................................................................ i

EXECUTIVE SUMMARY .......................................................................................................... 1

1.   INTRODUCTION ................................................................................................................. 7

     1.1 Background ..................................................................................................................... 7
     1.2 Organizational Structure ................................................................................................. 8
     1.3 Audit Objectives and Scope ............................................................................................ 9

2.   OBSERVATIONS – MANAGEMENT FRAMEWORK................................................. 11

     2.1    Follow-Up on Previous Audit of Contribution Auditing Process................................. 11
     2.2    Departmental Contribution Audit Policy ...................................................................... 11
     2.3    Appropriateness of the Level of Audit Activities within Programs Branch ................. 12
     2.4    Audit Process ................................................................................................................ 13

3.   OBSERVATIONS – INFORMATION SYSTEMS .......................................................... 25

     3.1 Audit Risk Matrix ......................................................................................................... 25
     3.2 GCIMS – Grants and Contributions Information Management System ....................... 26

4.   OBSERVATIONS – INTERFACES WITH RECIPIENTS ............................................ 29

5.   OBSERVATIONS, RECOMMENDATIONS AND MANAGEMENT RESPONSES . 31

APPENDIX A – AUDIT METHODOLOGY ........................................................................... 37

APPENDIX B – CONTRIBUTION AGREEMENTS BY FUND/PROGRAM:
             APRIL 2005 TO MARCH 2008 .............................................................. 39
                            STATEMENT OF ASSURANCE


We have completed the internal audit of the Contribution Auditing Process. The overall
objectives of this audit were to review and assess the adequacy of the management control
framework in place in the Department for auditing contribution agreements (e.g. policies,
practices, and procedures relating to planning, organizing, controlling, leading, and
communicating); the appropriateness of the methodology and procedures for performing and
reporting on contribution audits; the appropriateness of the level of contribution audit activities
in the Department; the extent to which contribution auditing practices conform to central agency
requirements; the reliability of information systems for decision-making and accountability
purposes; and the appropriateness of interfaces with recipients with regard to auditing of
contribution agreements

The internal audit was conducted in accordance with the requirements of the Treasury Board
(TB) Policy on Internal Audit and the Institute of Internal Auditors’ Standards for the
Professional Practice of Internal Auditing. The audit team assessed the management control
framework against criteria found in the July 2006 Treasury Board document “Core Management
Controls”.

In our professional judgment, sufficient and appropriate audit procedures have been conducted
and evidence gathered to support the accuracy of the conclusions reached and contained in this
report. The conclusions were based on a comparison of the situations as they existed at the time
of the audit and against the audit criteria. It should be noted that the conclusions are only
applicable for the areas examined.




                                                 i
                               EXECUTIVE SUMMARY


The Department of Justice has identified two outcomes in its overall departmental strategy: a
fair, relevant, and accessible justice system that reflects Canadian values, and a federal
government that is supported by effective and responsive legal services. A significant number of
the initiatives necessary to achieve the above strategic outcomes are funded through grants and
contributions programs, which in 2007-08 amounted to approximately $361 million (see
Appendix B for details). Within the Department, the Programs Branch is responsible for
managing the majority of grants and contributions programs.

This audit focused on the contribution auditing process followed by the Programs Branch. The
planning and on-site examination phases for this audit were conducted between September 2008
and December 2008.

MANAGEMENT FRAMEWORK

Departmental Contribution Audit Policy

The Department has developed a departmental Contribution Audit Policy that complies with the
requirements of the Treasury Board’s Policy on Internal Audit (April 2001) and Policy on
Transfer Payments (June 2000).

During the course of the audit, Treasury Board Secretariat introduced a new Policy on Transfer
Payments (October 2008), Programs Branch is currently assessing the impact this Policy may
have on the administration of transfer payments within the Department and determining the
effect, if any, on the departmental Contribution Audit Policy.

Appropriateness of the Level of Audit Activities within Programs Branch

Programs Branch prepares an annual audit plan based on the level of recipient audit activity
dictated by risk-based audit frameworks (RBAFs). A review of the audits conducted between
April 2005 and March 2008 has demonstrated that some recipient audits scheduled in the audit
plan have been postponed or cancelled without documented justification. While changes to the

                                               1
Internal Audit Branch




annual audit plan may be appropriate, the reasons supporting these changes need to be
documented.

Audit Process

The planning and conduct of recipient audits are based on procedures that need to be supported
by a formal process. They include the following:

•           identification of objectives and scope of recipient audits
•           preparation and approval of the annual audit plan
•           conduct of audits
•           review of audit results

Identification of objectives and scope of recipient audits

The RBAFs provide the basis for including recipients of contributions in the Programs Branch
annual recipient audit plan. The objectives and scope of these recipient audits are dictated by the
provisions of the Guide for the Audit of Contribution Recipients of the departmental
Contribution Audit Policy. While we found that all files and resulting audit reports contained a
reference to an examination of financial transactions and financial statements and/or reports,
there were instances where the review of the recipient’s internal controls was not addressed
either in the statement of work or in the audit report, as required by the departmental
Contribution Audit Policy.

Preparation and approval of the annual audit plan

The selection of recipients for audit is governed by the RBAFs for all programs managed by
Programs Branch. While a number of RBAFs identify clearly which recipients will be audited, in
some cases the input of the program analysts and financial officers in the selection of recipients
is required. In such instances, the audit showed that the reasons supporting the selection of a
specific recipient for audit are not always appropriately documented. Furthermore, in the case of
cost-shared programs with provinces and territories, we found no documented evidence that due
consideration was given to prior audits conducted by the provinces and territories, as
recommended by the TB Policy on Transfer Payments.

The annual audit plan ensuing from the recipient selection process is presented to the Grants and
Contributions Audit Advisory Committee (GCAAC) for approval on an annual basis. Established
in 2003 further to a recommendation from a previous audit, this Committee is responsible,

                                                      2
                                                                                Contribution Auditing Process
                                                                                          Executive Summary



among other things, for the approval of the plan and any subsequent changes to the said plan.
The decision process followed by the Committee with respect to the approval of the annual plan
is not supported by sufficient documentation and we found no evidence that changes to the
annual plans are presented officially to the Committee for approval.

Conduct of audits

The Operations Directorate is currently managing the audits of contribution agreements for
Programs Branch and the Youth Justice, Strategic Initiatives and Law Reform Section of the
Policy Sector. The Directorate uses the services of consultants (from outside the Department of
Justice) to conduct recipient audits. Over the years, the Directorate has secured the services of
Audit Services Canada (ASC), based on the quality of services rendered and the efficiency of the
procurement process. Services required are well defined in Memoranda of Understanding
(MOUs).

The planning phase of the audit is completed through the joint efforts of the program analyst, the
finance officer from Operations Directorate assigned to the program, and the team of ASC
auditors. The program analyst or the program director formally advises the recipient of the
upcoming audit in a letter that describes the audit objectives and scope. The fieldwork is
conducted after giving due consideration to the needs of the recipient and the complexity of the
file. Once the fieldwork is completed, the ASC auditor completes the audit file and prepares a
draft report that reflects the findings of the audit and then submits the report to the auditee for
comments. The final audit report is forwarded to the recipient by the Director of the program
with an accompanying letter. The examination of the sample files confirmed the appropriateness
of the documentation in the audit files.

Quality assurance on audit files

The involvement of the finance officer and the program analyst in the conduct of the audit
provides assurance to the Branch that the audits are conducted in accordance with generally
accepted auditing standards. Furthermore, the quality assurance process in place is appropriately
documented in the audit files.

Audit results

In certain instances, audits will result in financial adjustments to the original contribution
payments based on the terms and conditions of the Contribution Agreement. During the audit, we
found that all final audit adjustments were recovered by the program and were appropriately
documented.
                                                3
Internal Audit Branch




Operations Directorate prepares an annual summary report on the status of the audits planned for
the year and submits this report to the GCAAC for review. We found that this report addresses
audits scheduled for the current year only and does not provide any information on the status of
incomplete past audits or explanations for cancelling or postponing current year audits. On the
basis of this report, the Committee provides an informative annual report to Senior Management
on the status of the audits conducted during the year.

INFORMATION SYSTEMS

Audit Risk Matrix

As a result of the 2003 audit of Contribution Agreement Auditing, the GCAAC developed an
audit risk matrix (ARM) to support the decision-making process for the selection of recipients
for audit. Furthermore, to facilitate the production of useful reports in the recipient audit
selection process, the ARM was integrated into the Grants and Contributions Information
Management System (GCIMS).

A review of the ARM information in the system has revealed that the tool is not widely used and
therefore any report that can be generated from the system is based on incomplete data and
cannot be relied upon to support the decision-making process.

GCIMS – Grants and Contributions Information Management System

The Programs Branch currently uses GCIMS to monitor information on recipients that receive
funding from discretionary funds and to compile information on proactive disclosure. GCIMS
has the capacity to be used to facilitate the management and tracking of all recipients’ files and
provide up-to-date information on any file through the generation of various reports. The report
that is currently generated from the system with respect to the ARM is incomplete and needs to
include the tabulated risk assessment results in order to become a more efficient tool that can be
used in the decision-making process for selecting auditees.

INTERFACES WITH RECIPIENTS

Programs Branch has developed a good communications process with recipients that are audited
in any given year. Recipients are advised of upcoming audits, involved in the timing of the audit,
provided with feedback when the fieldwork is completed, and given the opportunity to provide
additional information when financial adjustments to contribution payments are proposed further
to an audit.
                                                4
                                                                               Contribution Auditing Process
                                                                                         Executive Summary




In conducting audits over the years, Programs Branch has identified the need for a tool that
would help NGOs better understand their role and responsibilities with respect to the terms and
conditions of contribution agreements signed with the Department. As a result, Programs Branch
is proactively developing a handbook that addresses the requirements of a typical NGO and
provides guidance on the internal controls needed to support the delivery of the project/program.

The management responses to the recommendations contained in this report were provided by
the Director General, Programs Branch.




                                               5
                                  1.      INTRODUCTION


1.1    Background

The Department of Justice has identified two strategic outcomes: a fair, relevant, and accessible
justice system that reflects Canadian values, and a federal government that is supported by
effective and responsive legal services. The Department of Justice contributes to the achievement
of these strategic outcomes by:

•      working with partners across the federal, provincial, and territorial levels of governments
       and with stakeholders across Canada to develop and maintain a fair, relevant, and
       accessible justice system;
•      ensuring a bilingual and bijural national legal framework for the administration of justice;
•      providing significant ongoing funding to provinces and territories for the delivery of
       programs aimed at the day-to-day administration of justice;
•      providing legal services to the federal government and its departments and agencies.

A significant number of the initiatives necessary to achieve the above strategic outcomes are
funded through grants and contributions programs (Gs&Cs), which in 2007-08 amounted to
approximately $361 million.

Within the Department, the Programs Branch is responsible for managing the majority of grants
and contributions programs. These programs fall within two categories: cost-shared programs or
discretionary programs. Cost-shared programs are those for which costs are shared with the
recipient (provinces and territories) and are usually for ongoing programs. Discretionary
programs are funded by the Department with funds being disbursed directly to recipients
(individuals, governments, and non-governmental organizations (NGOs)) in support of non-
recurring activities and/or projects (e.g. pilot projects) that are conducted over a shorter period of
time.

The table in Appendix B illustrates the funds allocated to the various programs and the number
of contribution agreements in place by program for the fiscal years 2005-06, 2006-07, and 2007-
08.
                                               7
Internal Audit Branch




1.2         Organizational Structure

Programs Branch, which is part of Policy Sector, is comprised of the Office of the Director
General and five directorates: Policy Planning; Legal Aid; Innovations, Analysis and Integration;
Aboriginal Justice; and Operations. The directors who head up each of these directorates report
to the Director General, Programs Branch. Programs Branch’s overall organization comprises
107.5 full-time equivalent (FTE) positions allocated between the Office of the Director General
(five FTE positions) and the five directorates (102.5 FTE positions). The nature of the mandate
of the Branch requires that a significant number of positions within the Branch be filled by
program analysts, financial officers, and support personnel.

Each directorate, with the exception of Operations, is responsible for a variety of programs and is
supported at the operational level by the Operations Directorate:

•           The Policy Planning Directorate is primarily responsible for the program agreements with
            the provinces and territories (except for legal aid) and for broader issues related to how
            the Department uses programs to meet its specific key priorities and those of the
            Government.
•           The Legal Aid Directorate is primarily responsible for negotiating, implementing, and
            monitoring federal/provincial/territorial funding agreements with respect to legal aid in
            criminal law matters and in matters relating to the Youth Criminal Justice Act.
•           The Innovations, Analysis and Integration Directorate is responsible for grants and
            contributions funding programs that offer funding to recipients such as individuals, non-
            profit organizations, universities, bands, and tribal councils for justice-related activities.
•           The Aboriginal Justice Directorate focuses on strengthening the capacity of Aboriginal
            communities to reduce victimization, crime, and incarceration rates through increased
            community involvement in the local administration of justice.
•           The Operations Directorate is the Programs Branch's centre of expertise on finance and
            compliance, and provides financial services and advice to the Programs Branch’s
            directorates and to other sectors which have programs administered by the Programs
            Branch. The Directorate is responsible for the managing, planning, conducting, and
            reporting of contribution audits.




                                                      8
                                                                              Contribution Auditing Process
                                                                                            1. Introduction



1.3    Audit Objectives and Scope

The main objectives of the audit were to review and assess:

•      the adequacy of the management control framework in place in the Department for
       auditing contribution agreements (e.g. policies, practices, and procedures relating to
       planning, organizing, controlling, leading, and communicating);
•      the appropriateness of the methodology and procedures for performing and reporting on
       contribution audits;
•      the appropriateness of the level of contribution audit activities in the Department;
•      the extent to which contribution auditing practices conform to central agency
       requirements;
•      the reliability of information systems for decision-making and accountability purposes;
•      the appropriateness of interfaces with recipients with regard to auditing of contribution
       agreements.

The planning and on-site examination phase of this audit was carried out between September and
December 2008 and covered practices and procedures pertaining to the contribution auditing
process in the Department of Justice at headquarters.

Details on the audit methodology are outlined in Appendix A.




                                               9
          2.      OBSERVATIONS – MANAGEMENT FRAMEWORK


2.1    Follow-Up on Previous Audit of Contribution Auditing Process

In 2003 the Department conducted an audit of “Contribution Agreement Auditing” and in its
report elaborated a series of recommendations that triggered changes to the contribution auditing
process. The most significant recommendations included the introduction of a generic risk-based
audit framework (RBAF) to be completed for all programs, the establishment of the Grants and
Contributions Audit Advisory Committee (GCAAC), and the requirement to include in all
recipients’ files a completed audit risk matrix (ARM) and a justification for conducting (or not
conducting) an audit.

The current audit found that the above noted recommendations have been implemented with a
varied degree of success. They have been revisited during the course of this audit and are
commented upon in the appropriate sections of this report.

2.2    Departmental Contribution Audit Policy

The Department has developed a departmental Contribution Audit Policy that
complies with the requirements of the Treasury Board’s Policy on Internal Audit
(April 2001) and Policy on Transfer Payments (June 2000).

The Department of Justice implemented a Contribution Audit Policy in August 1991. This policy
was updated in June 2002 further to the tabling in March 2000 of a Treasury Board document,
entitled Results for Canadians: A Management Framework for the Government of Canada, and
the issuance of revised Treasury Board policies on Transfer Payments (June 2000) and Internal
Audit (April 2001). Revisions to the TB Policy on Internal Audit in 2006 did not require any
changes to the Department’s Contribution Audit Policy.

The departmental Contribution Audit Policy outlines the purpose of program audits as well as
recipient audits for all contributions programs administered and delivered by the Department.
Section 2 of the policy defines its objective as follows: “The objective of the Contribution Audit
Policy is to ensure sound management of, control over, and accountability for the delivery of
                                               11
Internal Audit Branch




contribution programs and to ensure compliance with related central agency and DOJ policies
and regulations”.

The departmental Contribution Audit Policy states its scope and to whom it applies as well as the
need to meet the requirements of the TB Policy on Transfer Payments (2000) and Policy on
Internal Audit (2001). Committees and stakeholders involved in the governance, management,
and delivery of departmental programs are identified and their roles and responsibilities defined.
A “Guide on Assurance Service for the Audit of Contribution Programs” and a “Guide for the
Audit of Contribution Recipients” are attached as appendices to the departmental policy.

Programs Branch is assessing the impact of the new TB Policy on Transfer
Payments (2008) on the administration of transfer payments and determining the
effect, if any, on the departmental Contribution Audit Policy.

In October 2008, TBS issued a new Policy on Transfer Payments together with a Directive on
Transfer Payments. The documents reflect changes to the administration of transfer payments,
and consequently, the departmental Contribution Audit Policy may need to be revised. It is our
understanding that Programs Branch has taken steps to determine the implications of the new
Policy on the administration of transfer payments and its impact on the departmental
Contribution Audit Policy.

2.3         Appropriateness of the Level of Audit Activities within Programs Branch

While Programs Branch prepares an annual audit plan based on the level of
recipient audit activity dictated by RBAFs, some recipient audits scheduled in the
audit plan have been postponed or cancelled without documented justification.

In compliance with the requirements of the TB Policy on Transfer Payments (2000), the
departmental Contribution Audit Policy requires that a risk-based audit framework (RBAF) be
developed for each program and submitted to TBS for approval. The Contribution Audit Policy
specifically addresses the need to develop a framework for the audit of recipients of
contributions that identifies who can be audited, who will conduct the audit, what will be audited
and when, how audit activities for the same recipient can be coordinated, and what follow-up
actions are required on audit findings.

We found that all programs are supported by RBAFs and that these include a section addressing
the conduct of recipient audits and the recommended mechanism to select recipients. For
example, some programs such as the Child-centred Family Justice Fund (CCFJF) clearly
                                                12
                                                                                     Contribution Auditing Process
                                                                         2. Observations – Management Framework



identified in their RBAF the recipients by name and scheduled the timing of the audits to be
performed over the life of the program. Others such as the Justice Partnership and Innovation
Program (JPIP) stated only that a number of audits per year would be conducted based on risk
assessment and other factors.

Although Programs Branch prepares an annual audit plan based on the level of recipient audit
activity required by RBAFs according to the requirements of the RBAFs, we found that in
certain instances scheduled recipient audits were either cancelled or postponed without
documented justification in the audit plan. For example, under the Legal Aid Program, out of the
five audits that were scheduled on the annual audit plans between April 2005 and March 2008,
three of these scheduled audits represented one audit that had been postponed three times over
the course of three years.

Recommendation and Management Response

1.     It is recommended that the Director General, Programs Branch, ensure the reasons
       for postponing or cancelling recipient audits scheduled in the annual audit plan are
       documented.

       Agreed. Programs Branch will ensure that justification for the postponement or
       cancellation of recipient audits will be documented in the audit plan, effective in the
       2009-10 fiscal year.

2.4    Audit Process

2.4.1 Identification of objectives and scope of recipient audits

There are instances where the statement of work and/or the audit report do not
comply with the requirements of the Contribution Audit Policy.

The RBAFs provide the basis for including recipients of contributions in the Programs Branch
annual recipient audit plan. The objectives and scope of these recipient audits are dictated by the
provisions of sections 3 and 4 - Annex 2: Guide for the Audit of Contribution Recipients of the
departmental Contribution Audit Policy.

The objectives of the recipient audits are generic in nature and include the assurance that the
funds received by the recipient were expended in accordance with the terms and conditions of
the Contribution Agreement (CA). They also include confirmation that the recipient has adequate

                                                13
Internal Audit Branch




internal controls to safeguard assets and ensure accuracy and reliability of financial data reported
to Programs Branch.

The scope of the audits is subject to the particularities of the various programs managed by
Programs Branch. As a minimum the scope should include: a review of the recipient’s internal
controls and systems in place to ensure compliance with the terms and conditions of the CA, an
examination of financial transactions, and a review of financial statements and reports.

We examined a sample of recipient audit files to determine whether the objectives and the scope
of the audits were clearly defined and in compliance with the requirements of the departmental
Contribution Audit Policy. While we found that all files and resulting audit reports contained a
reference to an examination of financial transactions and financial statements and/or reports,
there were instances where the review of the recipient’s internal controls was not addressed
either in the statement of work or in the audit report.

Recommendation and Management Response

2.          It is recommended that the Director General, Programs Branch, ensure that the
            objectives and scope of recipient audits and the resulting audit report comply with
            the requirements of the departmental Contribution Audit Policy.

            Agreed. The Programs Branch will ensure that a reference to a review of the recipient’s
            internal controls is addressed in the statement of work and in the audit report for all future
            audits. The Branch has created templates to ensure that internal controls are reviewed by
            the auditors, and that a review of internal controls is included in all DOJ audits.

2.4.2 Process for preparation and approval of the annual audit plan

Selection of recipients

The process supporting the selection of recipients for audit is not always
appropriately documented.

The selection of recipients for audit is governed by the RBAFs for all programs managed by
Programs Branch. While a number of RBAFs identify clearly which recipients will be audited
and when they will be audited, in some cases the input of the program analysts and financial
officers in the selection of recipients is required.


                                                     14
                                                                                      Contribution Auditing Process
                                                                          2. Observations – Management Framework



The reasons for justifying the selection of a specific recipient for audit are not always
documented. Furthermore, there was no documented evidence that shows which recipients were
considered as potential auditees during the audit selection process. Also, decisions in relation to
the audit selection process are not always supported by a formal risk analysis process.

The previous audit on the contribution auditing process recommended that an automated audit
risk matrix (ARM) be developed to support the recipient audit process. Accordingly, in fiscal
year 2005-06, an ARM was introduced as a formal tool to assist program analysts in the
decision-making process related to selecting recipients for audit where they were not identified
in the RBAF. This automated tool was designed to provide Programs Branch with a formal base
to support the selection of recipients. (For specific details on the functioning and effectiveness of
the ARM, see the Audit Risk Matrix section under Information Systems.)

Recommendation and Management Response

3.     It is recommended that the Director General, Programs Branch, ensure that the
       decision process for selecting recipients is appropriately documented at all times.

       Agreed in principle. Programs Branch will ensure that appropriate documentation exists
       on all files to justify the selection of recipients for audit by the Branch effective 2010-11.
       Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
       Reform Section to adopt this recommendation.

Due consideration should be given to provincial/territorial audits, when available,
to determine the scope of a federal audit, and the decision whether or not to audit
should be appropriately documented.

In the case of cost-shared programs with provinces and territories, the TB Policy on Transfer
Payments (2000) states that a department should plan the scope of federal audits after giving due
consideration to prior audits undertaken by the provinces.

In our opinion, Programs Branch should review provincial/territorial audit reports, when
available, to determine the scope of a federal audit. Decisions in relation to this should be
appropriately documented in the recipient file and the audit plan.




                                                 15
Internal Audit Branch




Recommendation and Management Response

4.           It is recommended that the Director General, Programs Branch, ensure that:

            a) due consideration is given to provincial/territorial audit reports, when available,
               to determine the scope of a federal audit;
            b) decisions are documented in the recipient file and the audit plan.

            Agreed in principle. Programs Branch will ensure that copies of provincial/territorial
            audit reports are considered for all the cost-shared programs and discretionary programs,
            where appropriate and applicable, prior to conducting a federal audit.

            The Branch will also ensure that documentation justifying the decision to audit exists in
            the recipient file for all future audits. The audit plan has been modified in 2009-10 to
            ensure these decisions are documented.

           Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
           Reform Section to adopt these recommendations.

Role of the Grants and Contributions Audit Advisory Committee (GCAAC)

There is a need for the GCAAC to maintain formal records of all its decisions.

The GCAAC was established in 2003 further to a recommendation in the February 2003
Contribution Agreement Auditing report. Its role and responsibilities are defined in the
departmental Contribution Audit Policy.

The Committee is comprised of representatives from the Management Sector, Operations Branch
and each of the departmental contributions programs. While its principal role is to act as a
governance committee to oversee the Department’s management of its grants and contributions
(Gs&Cs) programs, it is also responsible for approving the annual audit plan for Gs&Cs
recipients and preparing an annual report on the status and results of contributions audits. The
Committee is not a requirement of the TB Policy on Transfer Payments.

The main responsibilities of the GCAAC are to:

•           approve any changes to the annual audit plan;
•           review internal audit reports on contributions programs;

                                                    16
                                                                                   Contribution Auditing Process
                                                                       2. Observations – Management Framework



•      review and approve RMAFs (risk management and accountability frameworks) and
       RBAFs prepared by program analysts;
•      create an annual report on the results of the contribution audits for dissemination to the
       Assistant Deputy Minister, Policy Sector, and the Chief Financial Officer;
•      approve specific plans for audits of recipients;
•      approve and monitor recommendations for action to be taken to deal with deficiencies
       following internal audits of contributions programs;
•      provide advice as to whether changes are required to the Contribution Audit Policy or the
       annual audit plan.

The audit team examined notes and correspondence between committee members to understand
the workings of the Committee. We found that a significant portion of the correspondence that
was provided to us addressed issues related to the review of programs’ RBAFs and their
subsequent approval. Very little of the correspondence dealt with the review and approval of the
annual audit plans and review of the status of past audits. Furthermore, none addressed changes
to the audit plan (e.g. the cancellation of an audit) and some documents were either incomplete
or in a draft form (e.g. minutes of meetings).

The Committee is working well with respect to the review and approval of RBAFs, and decisions
are well documented in e-mails and notes. However, the audit team was unable to find an
appropriate level of formal documentation supporting the actions taken by the Committee
regarding the contribution auditing process. The Committee would benefit from a more formal
process whereby decisions for all Committee deliberations are formerly recorded and easily
accessible for reference purposes.

Recommendation and Management Response

5.     It is recommended that the Secretary of the GCAAC ensure that formal records of
       all decisions approved by the Committee are maintained.

       Agreed. Programs Branch will work to develop an action plan with the Chief Financial
       Officer (CFO) Branch to implement this recommendation in the 2010-11 fiscal year.

There is a need for the Committee to determine whether the departmental
Contribution Audit Policy conforms to the new TB Policy on Transfer Payments
(October 2008).


                                              17
Internal Audit Branch




With the advent of the new TB Policy on Transfer Payments in October 2008, it may also be
relevant for the GCAAC to review the departmental Contribution Audit Policy and ascertain that
it meets the requirements of the new TB policy.

Recommendation and Management Response

6.          It is recommended that the Director General, Programs Branch, in conjunction with
            the GCAAC, determine whether the departmental Contribution Audit Policy meets
            the requirements of the new TB Policy on Transfer Payments issued in October 2008.

            Agreed. Programs Branch will work to develop an action plan with the CFO Branch to
            implement this recommendation in the 2010-11 fiscal year.

Approval of annual audit plan

Insufficient information on the audit plan is provided to the GCAAC, and any
changes to the original audit plan are not resubmitted to the Committee for
approval.

The Operations Directorate in Programs Branch is responsible for managing the contribution
auditing process and preparing the annual audit plan, which is submitted for approval to the
GCAAC.

The audit plan is developed over a period of six months with input from the program analysts
and their respective financial officers. While the plan is normally submitted for approval to the
GCAAC in early September, we found that some audits are started before the audit plan is
approved by the Committee. We were told that Operations sometimes decides to start audits
before receiving Committee approval so as to be able to complete the audits before the end of the
fiscal year. With respect to those programs for which the RBAF identifies which recipients are to
be audited, the audit plan would receive Committee approval as a matter of course. However, in
other cases for which it is not a requirement of the RBAF, starting the audit before the audit plan
is approved could be problematic if the Committee does not approve the audit.

The audit plan is compiled manually by Operations on an Excel spreadsheet based on the list of
potential auditees provided by the various directorates. This list includes the program names, the
recipients and the fiscal years to be audited, and the financial limits of the agreements. It does
not, however, provide any information that would explain the selection of the recipients to be
audited. Also, changes to the annual audit plan approved by the GCAAC are not resubmitted to
the Committee for approval.
                                                18
                                                                                      Contribution Auditing Process
                                                                          2. Observations – Management Framework




While the audit plans are submitted to the GCAAC on a timely basis and are approved by the
Committee, there is insufficient information on why certain recipients were selected for audit.
This is important information for the Committee to have in order to make decisions about the
audit plan. Furthermore, when changes are made to the annual audit plan, the Committee is not
formally informed. In our view, in order for the GCAAC to be effective, it requires additional
information.

Recommendation and Management Response

7.      It is recommended that the Director General, Programs Branch, ensure that the
        GCAAC is provided with information on the selection of recipients to be audited,
        and that any changes to the approved audit plan are submitted to the Committee for
        approval.

        Agreed. Programs Branch will work to develop an action plan with the CFO Branch to
        implement this recommendation in the 2010-11 fiscal year. The audit plan has been
        modified to flag any changes to the approved audit plan for the 2009-10 fiscal year.

2.4.3   Conduct of Audits

Audit Team

The hiring of consultants to conduct contribution audits is appropriately
documented in MOUs.

The Operations Directorate is currently managing the audits of contribution agreements for
Programs Branch and the Youth Justice, Strategic Initiatives and Law Reform Section of the
Policy Sector. The Directorate uses the services of consultants (from outside the Department of
Justice) to conduct recipient audits, while retaining overall control of the audits with the support
of the program analyst responsible for the Contribution Agreement.

Over the years, the Directorate has secured the services of Audit Services Canada (ASC)
(formerly Consulting and Audit Canada) to conduct recipient audits, based on its quality of
services and efficiency of procurement process. In contracting with this federal organization the
Operations Directorate is not required to obtain bids from other suppliers. However, the
agreement of formal services must be defined in a Memorandum of Understanding (MOU)
signed by both parties. We found that all files we examined included a duly signed MOU

                                                19
Internal Audit Branch




between the Directorate and the ASC and that the objectives and scope of the audits were clearly
defined.

The Operations Directorate is in the process of reviewing their consultant
selection process to ascertain that they are getting the best value for their money.

The Operations Directorate has recently been advised by the procurement services of the
Department that new, more efficient procurement tools are now available through Public Works
and Government Services Canada (PWGSC) for hiring private sector audit consultants. We were
told that the Directorate intends to test these tools and may hire consultants from outside the
federal government to conduct some future audits, while continuing to obtain most of their
current services through ASC. This practice will allow the Directorate to gain an understanding
of what the private sector has to offer and ascertain that they are getting the best value for their
money.

Planning Phase

The audit planning phase is appropriately documented and the recipient is advised
in writing of the upcoming audit.

The planning phase of the audit is completed through the joint efforts of the program analyst
responsible for the audit, the finance officer from Operations Directorate who provides financial
advice to the program, and the team of ASC auditors. The program analyst or Director
responsible for the program formally advises the recipient of the upcoming audit in a letter that
describes the audit objectives and scope.

The ASC auditor prepares an audit program based on the audit objectives and scope of the
planned audit. Our review of selected ASC files demonstrated that a formal audit program was
completed and approved by the ASC representative for all files examined.

We were told that in the case of larger audits, recipients are advised in advance of the
documentation that will be deemed acceptable evidence to support claims made to the
Department. We were also told that this practice is well received by recipients and has resulted in
the fieldwork being conducted in an efficient manner.




                                                20
                                                                                       Contribution Auditing Process
                                                                           2. Observations – Management Framework



Fieldwork

The fieldwork is conducted after giving due consideration to the needs of the
recipient and the complexity of the file.

The timing of the fieldwork is negotiated with the recipient to ascertain that the recipient’s
personnel will be available to answer queries and that the supporting documentation will be
readily available. In the case of routine audits, the field audit team consists of the financial
officer from Operations and the ASC auditor. In the case of sensitive or larger audits, we were
told that the program analyst is involved in the fieldwork and is available to discuss program
issues with the recipient as required.

The ASC auditor and the financial officer hold a formal debriefing with the recipient prior to
leaving the field to discuss the audit findings and ascertain that there is a clear understanding of
the nature of the proposed adjustments and their financial implications.

Reporting Phase

The audit report-writing process is well documented and provides ample time for
the recipients to convey their comments on the audit.

Once the fieldwork is completed, the ASC auditor completes the audit file and prepares a draft
report that reflects the findings of the audit. This report is shared first with the financial officer
and then delivered to the program analyst for review and comments. Once the program analyst
has completed his/her review and has discussed the findings with the Director of the program,
the draft report is sent to the recipient with a request for comments within 30 days. During this
time the recipient is given an opportunity to provide additional information to the audit team to
try to resolve any outstanding issues. Discussions and comments on the findings are normally
conducted between the recipient, the ASC auditor, the financial officer and/or the program
analyst through e-mail exchanges. In the sample of audit files we reviewed at the ASC we found
evidence of these exchanges. The final audit report is forwarded to the recipient by the Director
of the program.

There is a need to develop standardized correspondence to accompany the final
audit report that reflects information currently provided to recipients by the Policy
Planning Directorate.


                                                 21
Internal Audit Branch




During the audit, we found that the letters sent to recipients by the Director of Policy Planning
Directorate were informative and helpful to recipients. The letters not only identified the
amounts owed but also addressed specific audit findings and were proactive in suggesting
solutions to resolve issues identified during the audit. In our view, the letters assist by providing
the recipient with an overview of the audit’s key findings with respect to both financial and non-
financial issues. Programs Branch would benefit from developing standardized correspondence
that reflects issues currently addressed by the Policy Planning Directorate in its letters to
recipients.

Recommendation and Management Response

8.         It is recommended that the Director General, Programs Branch, ensure that
           appropriate correspondence, which highlights key audit findings, accompanies all
           audit reports provided to recipients.

           Agreed in principle. Programs Branch will ensure there is appropriate correspondence to
           the recipient concerning the final audit report, highlighting the key audit findings.
           Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
           Reform Section to adopt this recommendation when forwarding their final audit reports to
           their recipients.

Quality assurance on audit files

The involvement of the finance officer and the program analyst in the conduct of
the audit provides assurance to the Branch that the audits are conducted in
accordance with generally accepted auditing standards.

The financial officer and the program analyst are continually involved in the conduct of the
audit. While on site and working with the ASC consultant, the financial officer is in a position to
assess the work performed by the ASC consultant and to ascertain that the level of effort
expended is sufficient to support the conclusions reached during the audit. Furthermore,
throughout the audit, the program analyst remains available to explain and/or clarify the
objectives of the program and provide answers to queries raised by the ASC consultant regarding
program activities. The ASC consultant prepares and keeps the working paper files compiled
during the audit of recipients and provides access to Programs Branch when necessary.

During the audit we examined a sample of working paper files prepared by the ASC consultant
to determine whether ASC had a quality assurance process in place to review the work

                                                  22
                                                                                     Contribution Auditing Process
                                                                         2. Observations – Management Framework



performed during the audit. In all cases, we found that there was a quality assurance process in
place that was appropriately documented.

2.4.4 Audit Results

Audit adjustments

All approved audit adjustments to original contribution payments are recovered by
the program and are appropriately documented.

In certain instances, audits will identify potential financial adjustments to the original
contribution payments based on the auditor’s interpretation of the terms and conditions of the
Contribution Agreement. Prior to the issuance of the draft audit report, the identified adjustments
may be discussed with the program analyst to confirm the auditor’s interpretation of certain
clauses.

During the audit, we found that all approved audit adjustments reported in the final audit report
were recovered by the program and were appropriately documented.

“Review of Audit Results Summary” Report

The “Review of Audit Results Summary” report does not provide information on
the status of prior years’ incomplete audits or an explanation of why current year’s
audits are incomplete, postponed, or cancelled.

Operations Directorate prepares an annual summary report, entitled “Review of Audit Results
Summary”, on the status of the audits planned for the year. The Directorate submits this report to
the GCAAC for review.

We found that this annual summary report comments on the audits that were scheduled for the
current year only and does not provide any information as to the status of past audits that were
incomplete when the report was tabulated. Furthermore, it does not provide explanations for the
cancellation or postponement of planned audits for the current year.

In order to allow for proper follow-up on recipient audits from one year to the next, it would be
useful to extend the content of the annual summary report to include:



                                                23
Internal Audit Branch




•           an update on the status of the previous year’s audits that were still in progress when the
            report was submitted to the Committee;
•           comments on current year audits that are still outstanding, cancelled, or postponed when
            the report is presented to the Committee.

Recommendation and Management Response

9.           It is recommended that the Director General, Programs Branch, ensure that the
             content of the “Review of Audit Results Summary” report is expanded to include
             the status of prior years’ unresolved audits and the reasons why current audits are
             incomplete, postponed, or cancelled.

            Agreed. Programs Branch will provide the reasons for incomplete, postponed, or
            cancelled audits and the status of prior years’ unresolved audits on the “Review of Audit
            Results Summary”, effective 2009-10.

Result of Audits reported to Senior Management

The GCAAC prepares an informative and complete annual report on the status of
audits conducted during the fiscal year for the attention of Senior Management.

As previously noted, the GCAAC is responsible for preparing an annual report on the status of
contribution audits conducted during the fiscal year. This report also provides information on the
status of RBAFs examined during the same timeframe and on work undertaken by the
Committee throughout the year.

During the audit, we examined the reports prepared by the GCAAC for the fiscal years ended
March 31, 2004 to March 31, 2008. We found that the reports have become increasingly more
informative. The most recent report includes a good level of detail on the overall results of
current audits, the status of RBAFs reviewed and approved, and various decisions taken by the
GCAAC.




                                                   24
             3.      OBSERVATIONS – INFORMATION SYSTEMS


3.1    Audit Risk Matrix

The automated risk assessment tool developed by the GCAAC is not widely used by
program analysts and therefore cannot be relied upon to support the decision-
making process.

As a result of the 2003 audit of Contribution Agreement Auditing, the newly created GCAAC
undertook to develop an audit risk matrix (ARM) to support the decision-making process for the
selection of recipients for audit. This automated risk assessment tool rates specific quantifiable
issues with regard to an auditee on a scale of 1 to 5 (with 5 carrying the greater risk element).
When these ratings are summed, they indicate the level of risk to be attributed to an auditee. The
ARM also allows for both the program analyst and the financial officer to identify and provide
comments on non-quantifiable risks that need to be addressed. In their comments the financial
officers and program analysts provide recommendations that should confirm the rating provided
by the automated portion of the ARM. To facilitate the production of useful reports, the ARM
was integrated into the Grants and Contributions Information Management System (GCIMS) and
can be accessed by program analysts and financial officers.

The GCAAC initially promoted the use of the ARM for the risk analysis of NGO recipients in
receipt of discretionary funding, as it was recognized that provinces and territories carry a
distinct kind of risk that needs to be addressed differently, usually through the RBAFs. Over
time, a second ARM was developed. The two ARMs address respectively the specific risk
elements of the two types of recipients: NGOs, and provinces and territories (P/T). The GCAAC
has also developed short and useful guides for both ARMs that address frequently asked
questions that may come up when developing a risk assessment of a specific recipient using an
ARM.

An ARM serves an important role in assessing the risk related to other types of recipients and
can be a useful tool to support the decision-making process related to the selection of recipients
to be audited in any given year. Unfortunately, while we found that the ARMS developed are
useful, ARMs are not widely used by project/program analysts and the input of an ARM into
                                               25
Internal Audit Branch




GCIMS is limited to NGOs receiving discretionary funding. A review of ARM information
within GCIMS for the period covered by the audit has revealed the following:

•           in all cases ARMs are currently being completed at the end of the project;
•           for the fiscal year ended March 31, 2008, only 17% of the files entered into GCIMS have
            a completed ARM filed electronically;
•           some ARMs have been completed manually and filed in the program file.

Consequently, notwithstanding the fact that an ARM supports the decision-making process
related to the selection of recipients for audit, it is not being widely used. Furthermore, since
only a portion of the ARMs are currently entered into GCIMS, any useful reports that could be
generated from GCIMS are incomplete and therefore unreliable, as we discuss in the next section
of the report.

Recommendation and Management Response

10.        It is recommended that the Director General, Programs Branch, ensure an audit risk
           matrix is completed for all funding agreements and the information is entered into
           GCIMS.

           Agreed in principle. The audit risk matrix is being completed for all discretionary funding
           agreements now that a technical issue in GCIMS has been corrected. Programs Branch
           will monitor GCIMS to ensure the matrix is being completed in all cases. Programs
           Branch will also encourage the Youth Justice, Strategic Initiatives and Law Reform
           Section to adopt this recommendation. It is important to note that GCIMS could be
           replaced in the near future by a Gs&Cs module within IFMS.

3.2         GCIMS – Grants and Contributions Information Management System

The Matrix Summary Report needs to be modified to include both tabulated results
and the recommendations of the program analysts and financial officers.

The Programs Branch currently uses GCIMS to monitor information on recipients that receive
funding from discretionary funds and to compile information on proactive disclosure. GCIMS
has the capacity to be used to facilitate the management and tracking of all recipients’ files and
provide up-to-date information on any file through the generation of various reports.



                                                   26
                                                                                     Contribution Auditing Process
                                                                             3. Observations – Information Systems



As noted in the previous section, GCIMS has been modified to include the audit risk matrix
(ARM) and as a result can generate a “Matrix Summary Report”. Our examination of this
GCIMS report showed that only the comments and recommendations provided by the program
analyst and the financial officer appear in the report. The tabulated results from the automated
portion of the ARM are not reflected in the report. As a result, it is difficult to analyze the data
efficiently and to rely on the report to support the decision to audit (or not to audit) a recipient.
Furthermore, until an ARM is completed for all recipients and the data entered into GCIMS, the
Matrix Summary Report that is generated from GCIMS is incomplete and cannot be used to
support decisions.

Therefore, as recommended in the previous section, all ARMs should be entered into GCIMS
and the Matrix Summary Report should be modified to provide the tabulated results as well as
the recommendations of the program analysts and the financial officers.

Recommendation and Management Response

11.     It is recommended that the Director General, Programs Branch, ensure that
        GCIMS is modified to produce a Matrix Summary Report that will include both
        the automatically tabulated results and the recommendations of the program
        analysts and the financial officers.

       Agreed in principle. Programs Branch will explore this option with the Information
       Management Branch and Systems Unit within the CFO Branch to determine the
       appropriate solution and timing for producing this report. It is important to note that
       GCIMS could be replaced in the near future by a Gs&Cs module within IFMS.




                                                 27
        4.      OBSERVATIONS – INTERFACES WITH RECIPIENTS


Programs Branch has developed a good communications process with recipients
that are audited.

Programs Branch has developed a good communications process with recipients that are audited
in any given year. Recipients are advised of upcoming audits, involved in the timing of the audit,
provided with feedback when the fieldwork is completed, and given the opportunity to provide
additional information when financial adjustments to contribution payments are proposed further
to an audit.

As a proactive measure, Programs Branch is developing a handbook for NGOs
that will help them understand their role and responsibilities in the delivery of
their project and promote adequate internal controls that should have a positive
impact on the results of future audits.

In conducting audits over the years Programs Branch has identified the need for a tool that would
help NGOs better understand their role and responsibilities with respect to the terms and
conditions of contribution agreements signed with the Department. As a result, Programs Branch
is proactively developing a handbook that addresses the requirements of a typical NGO and
provides guidance on the internal controls needed to support the delivery of the project. At the
time of the audit, a draft of the handbook had been shared with an NGO to ascertain its
completeness. We were told that Programs Branch anticipates that the handbook will be part of
their online reference material in the near future.




                                               29
     5.      OBSERVATIONS, RECOMMENDATIONS AND MANAGEMENT
                              RESPONSES


The Department has developed a departmental Contribution Audit Policy that
complies with the requirements of the Treasury Board’s Policy on Internal Audit
(April 2001) and Policy on Transfer Payments (June 2000).

Programs Branch is assessing the impact of the new TB Policy on Transfer
Payments (2008) on the administration of transfer payments and determining the
effect, if any, on the departmental Contribution Audit Policy.

While Programs Branch prepares an annual audit plan based on the level of
recipient audit activity dictated by RBAFs, some recipient audits scheduled in the
audit plan have been postponed or cancelled without documented justification.

1.        It is recommended that the Director General, Programs Branch, ensure the reasons
          for postponing or cancelling recipient audits scheduled in the annual audit plan are
          documented.......................................................................................................................13

          Agreed. Programs Branch will ensure that justification for the postponement or
          cancellation of recipient audits will be documented in the audit plan, effective in the
          2009-10 fiscal year.

There are instances where the statement of work and/or the audit report do not
comply with the requirements of the Contribution Audit Policy.

2.        It is recommended that the Director General, Programs Branch, ensure that the
          objectives and scope of recipient audits and the resulting audit report comply with
          the requirements of the departmental Contribution Audit Policy. .............................14



                                                                    31
Internal Audit Branch




            Agreed. The Programs Branch will ensure that a reference to a review of the recipient’s
            internal controls is addressed in the statement of work and in the audit report for all future
            audits. The Branch has created templates to ensure that internal controls are reviewed by
            the auditors, and that a review of internal controls is included in all DOJ audits.

The process supporting the selection of recipients for audit is not always
appropriately documented.

3.          It is recommended that the Director General, Programs Branch, ensure that the
            decision process for selecting recipients is appropriately documented at all times. ..15

            Agreed in principle. Programs Branch will ensure that appropriate documentation exists
            on all files to justify the selection of recipients for audit by the Branch effective 2010-11.
            Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
            Reform Section to adopt this recommendation.

Due consideration should be given to provincial/territorial audits, when available,
to determine the scope of a federal audit, and the decision whether or not to audit
should be appropriately documented.

4.          It is recommended that the Director General, Programs Branch, ensure that: ........16

            a) due consideration is given to provincial/territorial audit reports, when available,
               to determine the scope of a federal audit;
            b) decisions are documented in the recipient file and the audit plan.

            Agreed in principle. Programs Branch will ensure that copies of provincial/territorial
            audit reports are considered for all the cost-shared programs and discretionary programs,
            where appropriate and applicable, prior to conducting a federal audit.

            The Branch will also ensure that documentation justifying the decision to audit exists in
            the recipient file for all future audits. The audit plan has been modified in 2009-10 to
            ensure these decisions are documented.

           Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
           Reform Section to adopt these recommendations.



                                                     32
                                                                                                                   Contribution Auditing Process
                                                                                    5. Observations, Recommendations and Management Responses



There is a need for the GCAAC to maintain formal records of all its decisions.

5.    It is recommended that the Secretary of the GCAAC ensure that formal records of
      all decisions approved by the Committee are maintained. ..........................................17

      Agreed. Programs Branch will work to develop an action plan with the Chief Financial
      Officer (CFO) Branch to implement this recommendation in the 2010-11 fiscal year.

There is a need for the Committee to determine whether the departmental
Contribution Audit Policy conforms to the new TB Policy on Transfer Payments
(October 2008).

6.    It is recommended that the Director General, Programs Branch, in conjunction with
      the GCAAC, determine whether the departmental Contribution Audit Policy meets
      the requirements of the new TB Policy on Transfer Payments issued in October 2008.18

      Agreed. Programs Branch will work to develop an action plan with the CFO Branch to
      implement this recommendation in the 2010-11 fiscal year.

Insufficient information on the audit plan is provided to the GCAAC, and any
changes to the original audit plan are not resubmitted to the Committee for
approval.

7.    It is recommended that the Director General, Programs Branch, ensure that the
      GCAAC is provided with information on the selection of recipients to be audited,
      and that any changes to the approved audit plan are submitted to the Committee for
      approval. ...........................................................................................................................19

      Agreed. Programs Branch will work to develop an action plan with the CFO Branch to
      implement this recommendation in the 2010-11 fiscal year. The audit plan has been
      modified to flag any changes to the approved audit plan for the 2009-10 fiscal year.

The hiring of consultants to conduct contribution audits is appropriately
documented in MOUs.

The Operations Directorate is in the process of reviewing their consultant
selection process to ascertain that they are getting the best value for their money.
                                                                 33
Internal Audit Branch




The audit planning phase is appropriately documented and the recipient is advised
in writing of the upcoming audit.

The fieldwork is conducted after giving due consideration to the needs of the
recipient and the complexity of the file.

The audit report-writing process is well documented and provides ample time for
the recipients to convey their comments on the audit.

There is a need to develop standardized correspondence to accompany the final
audit report that reflects information currently provided to recipients by the Policy
Planning Directorate.

8.         It is recommended that the Director General, Programs Branch, ensure that
           appropriate correspondence, which highlights key audit findings, accompanies all
           audit reports provided to recipients. ...............................................................................22

           Agreed in principle. Programs Branch will ensure there is appropriate correspondence to
           the recipient concerning the final audit report, highlighting the key audit findings.
           Programs Branch will also encourage the Youth Justice, Strategic Initiatives and Law
           Reform Section to adopt this recommendation when forwarding their final audit reports to
           their recipients.

The involvement of the finance officer and the program analyst in the conduct of
the audit provides assurance to the Branch that the audits are conducted in
accordance with generally accepted auditing standards.

All approved audit adjustments to original contribution payments are recovered by
the program and are appropriately documented.

The “Review of Audit Results Summary” report does not provide information on
the status of prior years’ incomplete audits or an explanation of why current year’s
audits are incomplete, postponed, or cancelled.


                                                                34
                                                                                                                   Contribution Auditing Process
                                                                                    5. Observations, Recommendations and Management Responses



9.     It is recommended that the Director General, Programs Branch, ensure that the
       content of the “Review of Audit Results Summary” report is expanded to include
       the status of prior years’ unresolved audits and the reasons why current audits are
       incomplete, postponed, or cancelled. .............................................................................24

      Agreed. Programs Branch will provide the reasons for incomplete, postponed, or
      cancelled audits and the status of prior years’ unresolved audits on the “Review of Audit
      Results Summary”, effective 2009-10.

The GCAAC prepares an informative and complete annual report on the status of
audits conducted during the fiscal year for the attention of Senior Management.

The automated risk assessment tool developed by the GCAAC is not widely used by
program analysts and therefore cannot be relied upon to support the decision-
making process.

10.   It is recommended that the Director General, Programs Branch, ensure an audit risk
      matrix is completed for all funding agreements and the information is entered into
      GCIMS. ..............................................................................................................................26

      Agreed in principle. The audit risk matrix is being completed for all discretionary funding
      agreements now that a technical issue in GCIMS has been corrected. Programs Branch
      will monitor GCIMS to ensure the matrix is being completed in all cases. Programs
      Branch will also encourage the Youth Justice, Strategic Initiatives and Law Reform
      Section to adopt this recommendation. It is important to note that GCIMS could be
      replaced in the near future by a Gs&Cs module within IFMS.

The Matrix Summary Report needs to be modified to include both tabulated results
and the recommendations of the program analysts and financial officers.

11.    It is recommended that the Director General, Programs Branch, ensure that
       GCIMS is modified to produce a Matrix Summary Report that will include both
       the automatically tabulated results and the recommendations of the program
       analysts and the financial officers..................................................................................27

      Agreed in principle. Programs Branch will explore this option with the Information
      Management Branch and Systems Unit within the CFO Branch to determine the

                                                                  35
Internal Audit Branch




            appropriate solution and timing for producing this report. It is important to note that
            GCIMS could be replaced in the near future by a Gs&Cs module within IFMS.

Programs Branch has developed a good communications process with recipients
that are audited.

As a proactive measure, Programs Branch is developing a handbook for NGOs
that will help them understand their role and responsibilities in the delivery of
their project and promote adequate internal controls that should have a positive
impact on the results of future audits.




                                                  36
                    APPENDIX A – AUDIT METHODOLOGY


The audit methodology consisted of:

•      an analysis of the management control framework in place using a risk-based approach
       related to key elements of the framework;
•      a review of relevant policies at the departmental and central agency levels;
•      a review, analysis, and discussion with stakeholders of all documentation pertinent to the
       contribution auditing process;
•      interviews with management and staff within Programs Branch;
•      a review of documentation prepared by the Grants and Contributions Audit and Advisory
       Committee;
•      a review of a sample of program and Operations files;
•      a review of a sample of audit files prepared by the consultant auditors.

The audit was undertaken in a manner consistent with the Treasury Board Policy on Internal
Audit and related guidelines and procedures, and with generally accepted auditing standards.




                                              37
  APPENDIX B – CONTRIBUTION AGREEMENTS BY FUND/PROGRAM:
                   APRIL 2005 TO MARCH 2008

     Number of Contribution Agreements by Fund/Program with Associated Dollar Value
                          From April 1, 2005 to March 31, 2008

                                       2006                        2007                        2008
      Fund Description        Number      Value of        Number      Value of        Number      Value of
                                       Agreements $                Agreements $                Agreements $


Cost-Shared Programs


Youth Justice Services            13    185,302,415           13    177,302,415           13    177,302,415
Legal Aid                         10    119,775,396           10    119,827,507           10    119,827,507
Access to Justice Services         3          4,856,593        3          4,856,593        3          5,156,593
Aboriginal Courtwork
Program                            8          4,836,363        8          4,836,363        8          4,836,363

Discretionary Funding

Youth Justice - Intensive
Rehabilitative Custody and
Supervision                       13          2,885,475       13          3,424,450       13          4,039,250
Child-Centered Family
Justice Fund                     34      16,042,102          36      16,170,761          34      16,250,027
Aboriginal Justice Strategy     109       7,345,000         114       7,287,586         104       9,586,445
Youth Justice Fund               45       3,602,614          55       2,880,238          29       2,415,577
Official Languages Program       44       3,248,559          47       3,479,089          42       2,798,219
Drug Treatment Courts
Program                            6          2,207,127        9          2,341,894       21          1,702,667
                                           2006                         2007                        2008
       Fund Description           Number      Value of         Number      Value of        Number      Value of
                                            Agreements $                Agreements $                Agreements $


Justice Partnership and
Innovation Program                    42          2,106,340        51          2,431,342       25          1,411,336
Contraventions Act Fund                4          1,688,670         5          2,613,100        5          2,779,800
Legal Aid Pilot Projects              10            950,999         9            986,449        0                  0
Victims of Crime Program            162            788,813       435           1,908,150     516           2,426,494
Court-Ordered Counsel in
Federal Prosecutions                  15           396,437         19          1,601,039       38          5,850,842
Public Security & Anti-
Terrorism                              6           380,400         19          1,121,100        7          3,959,663
Hague Conference on
Private International Law              0                   0        0                  0        1           249,561
Special Advocates Program              0                   0        0                  0       11           127,513
International Institute for the
Unification of Private Law             0                   0        0                  0        1            77,050
Integrated Market
Enforcement Team                       0                   0        0                  0        0                  0


Table compiled from information provided by Programs Branch

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:9/12/2011
language:English
pages:37