Internal Audit of Financial Management Governance
February 2014

Internal Audit of Financial Management Governance February 2014 PDF Version (207 KB)
Table of contents

Executive Summary

Background

This audit was approved by the Deputy Minister on May 23, 2013 as part of the Risk-based Audit Plan 2012-13 to 2014-2015. Public Safety Canada (PS) identified financial management governance as an area of interest warranting audit. Effective financial management governance ensures both strong leadership and financial management practices. Appropriate stewardship of funds, effective decision-making, and efficient policy and program delivery are the result. Moreover, the Department's ability to meaningfully challenge and scrutinize its financial decisions is critical in a time of fiscal restraint. As the Department is called upon to absorb the costs of new programming, strong financial governance processes will be of utmost important in making tough financial decisions.

Overall, financial management is defined through a set of legislative, and Treasury Board (TB) policy frameworks, and departmental instruments. Specifically, in 2009, TB introduced the Policy Framework for Financial Management. This framework is the overarching umbrella that articulates the roles and responsibilities and outlines key financial principles including Financial Management Governance.

The expectation as articulated in the TB Policy on Financial Management Governance is to ensure:

Audit Objective and Scope

The objective of the audit was to provide reasonable assurance that the structures and practices in place to support appropriate financial management governance are adequate and effective.

The audit scope covered the period from September 1, 2012 to November 30, 2013 in order to obtain the most current audit information and to ensure an audit of the full financial management governance cycle. The focus of the audit was on the Department's activities over financial management governance.

Summary of Findings

Governance Structures:

Terms of Reference for key governance committees broadly defined roles and responsibilities, purpose, objectives, and activities.

The Department Management Committee (DMC) discussed and considered financial management issues, however not in a fulsome manner. Further the financial information provided to the DMC did not always enable managements` full understanding of the issue to support meaningful discussion and decision-making.

Financial Management Advisor (FMA) Model and supporting Financial Management Framework and Policies:

Progress has been made in the development of a financial management framework and the associated policies.

FMAs did not always have sufficient access to the full suite of information needed to fully understand branch business requirements and to effectively discharge their role.

Lack of understanding and application of the FMA model within Branches may prevent it from achieving its objectives and full value.

Branch Management Control Frameworks:

The sub-certification checklist process was relatively new and not well understood, leading to a concern as to the completeness and validity of the attestation statements.

Financial Management Accountability:

The process and measures by which management was held accountable may not instill the importance of sound financial management nor compel the right attitudes and behaviors.

Audit Opinion

In my opinion the Department’s structures and practices in place to support appropriate financial management governance are generally adequate and effective and have been improving over the past several years. There are still some moderately important issues such as certain governance structures and oversight practices requiring management focus to ensure sound, transparent and effective financial management and stewardship of public resources.

Statement of Conformance and Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The opinion is applicable only to the entity examined.

Recommendations

  1. The Assistant Deputy Minister (ADM), Corporate Management Branch (CMB), should, in conjunction with DMC members, define which financial management activities require their collective oversight, the time table for their consideration, their information needs and the information available through departmental systems, processes and reports. 
  2. The ADM, CMB should re-affirm the understanding and commitment to the FMA model by senior management at the DMC. Subsequently, the ADM, CMB, should, in collaboration with Branch Heads, fully implement the FMA model by ensuring that FMAs have access to appropriate tools and training as well as sufficient visibility into Branch activities in order to deliver effective and value-add strategic advice.
  3. The ADM, CMB, should continue to raise awareness of internal control roles, responsibilities, and accountabilities, including, but not limited to, the sub-certification process with a view towards fostering an integrated approach to internal control.
  4. Each Branch Head should, with the support of the CMB, identify and document existing Branch controls, including how and when these controls are monitored and to whom the results are reported, and share best practices in financial management and internal control within the Department.
  5. The ADM, CMB, should recommend to the Deputy Minister, standard accountability clauses for Executive Performance Management Agreements that are focused on financial management and internal controls.  Further there should be a formal process put in place for the measurement, monitoring and enforcement of these commitments, which is agreed to and understood by all senior management.

Management Response

The Assistant Deputy Minister (ADM), Corporate Management Branch and all other Branch Heads accept the recommendations as presented. The recommendations recognize that the accountability for financial management and internal control is shared by the Chief Financial Officer (CFO) and Senior Departmental Managers (SDM). The recommendations recognize that the CFO exercises functional leadership in these areas as defined by the Treasury Board Policy Framework for Financial Management and the Public Safety Financial Management Framework. The recommendations further recognize that Senior Departmental Managers play a complementary role in providing direction and oversight in the areas where they exercise delegated financial authority.

CAE Signature

 

____________________________

Audit Team Members

Deborah Duhn
Kyle Abonasara
Melissa Greenland

Acknowledgements

Internal Audit would like to thank the all those who provided advice and assistance during the audit.

1. Introduction

1.1 Background

This audit was approved by the Deputy Minister on May 23, 2013 as part of the updated Risk Based Audit Plan (RBAP) 2012-13 to 2014-2015. Public Safety Canada (PS) identified financial management governance as an area of interest warranting audit attention.

Effective financial management governance is required to ensure strong leadership and financial management practices in the public sector. Appropriate stewardship of funds, effective decision-making, and efficient policy and program delivery are the result. Moreover, the organization's ability to meaningfully challenge and scrutinize its financial decisions is critical in a time of fiscal restraint. In particular, as the Department is called upon to absorb the costs of new programming, strong financial governance processes will be of utmost importance to making tough financial decisions.

This combined with other concerns noted in the RBAP about access to robust information in support of decision-making and oversight, led to the identification of this audit as a high priority that would add value to management and the Deputy Minister. Lastly, it was signaled that this audit would also allow for the testing of new governance arrangements put in place in response to an internal audit of financial planning, forecasting and monitoring completed in 2011.

The audit also supports the 2013-14 departmental priority to “improve the efficiency and effectiveness of the management framework to make it more responsive to risks, business requirements and resource pressures”, which includes the element of financial management governance.

1.2 Legislative Framework

Overall, financial management is defined through a set of legislative, and Treasury Board (TB) policy frameworks, and departmental instruments. Specifically, in 2009, TB introduced the Policy Framework for Financial Management. This framework is the overarching umbrella that articulates the roles and responsibilities and outlines key financial principals supported by four fundamental TB policies:

The expectation as articulated in the TB Policy on Financial Management Governance is to ensure:

1.3 Financial Management Roles and Responsibilities

The PS Financial Management Framework (PS FMF) and the PS Policy on Budget Management (PS PBM) outline the roles and responsibilities of all key financial management players. See Annex C for details. As per the PS FMF, a sound and effective financial management framework is a key element and core to every Manager`s accountabilities and responsibilities. It articulates the following roles and responsibilities:

The Deputy Minister assumes overall stewardship responsibility for the integrity of the Department`s financial management and transfer payment management capabilities, and the capacity to meet the resource management requirements of the Department and Government.

The Chief Financial Officer (CFO) is the lead departmental executive for all aspects of financial management, program financing, investment planning, financial reporting and disclosure, and for dealing with central agencies and other stakeholders on these matters. The CFO is accountable to the Deputy Minister. At PS the CFO role is played by the Assistant Deputy Minister, Corporate Management Branch.  

Senior Departmental Managers, defined as managers reporting directly to the Deputy Minister, are responsible to:

Financial Management Advisors (FMA) are financial specialists who report functionally to the CFO. They are individually assigned to support a Branch in all financial aspects. They review and provide strategic advice on the financial components of branch activities.

Branch Planners reside directly within individual Branches, with responsibilities for supporting and coordinating branch financial planning, forecasting, and reporting. They also ensure the information within the financial system is accurate, up-to-date and aligned with all financial system controls.

1.4 Audit Objective

The objective of the audit was to provide reasonable assurance that the structures and practices in place to support appropriate financial management governance are adequate and effective.

1.5 Scope and Approach

The audit scope covered the period from September 1, 2012 to November 30, 2013 in order to obtain the most current audit information and to ensure an audit of the full financial management governance cycle. Over the past year, the Department has begun to implement a new governance committee structure as well as introduce the PS Financial Management Framework. The audit examined these new and evolving structures and practices as well in order to provide management with timely advice and insight.

The focus of the audit was on the Department’s activities over financial management governance. See Annex A: Audit Criteria. Financial management governance encompassesFootnote 2:

Exceptions:

The audit does not provide assurance on the completeness, accuracy or validity of the information being presented to the governance committees nor on the processes used to ensure the integrity of the information. Although certain aspects of these processes were highlighted as potential risks during the planning stage, they were excluded in order to focus the audit on the effectiveness of the financial management governance processes and maintain a reasonable audit scope and timeline.

Procedures for gathering evidence included inspection of documents, interviews, detailed review of a sample of files, and analysis of data. The application of these procedures allowed the audit to formulate a conclusion as to whether the established audit criteria have been met. The standards for gathering evidence included ensuring that the information was sufficient, reliable, relevant, and useful to draw conclusions.

1.6 Risk Analysis

 Through preliminary documentation review and interviews, numerous business conditions were identified within the financial management governance environment. See Annex B: Preliminary Risks.

In the last year, PS has introduced new and significant financial policies and processes, and has revised their governance structures. In addition, the Department has experienced significant turnover at the senior management level; particularly within the Corporate Management Branch (CMB) who is a key player in an effective financial management framework.  In addition to these business conditions, the planning phase of the audit also identified complexities and dependencies associated with financial management governance, which heighten the Department's risk exposure. These factors included the limited understanding of the financial reports, the high volume of processes and responsibilities, the necessary high degree of financial acumen, and the numerous dependencies between various players and committees.  

External influences such as the Deficit Reduction Action Plan (DRAP), the introduction of new TB policies, and the unpredictable financial nature of some programs, such as the Disaster Financial Assistance Arrangements, further impact risk exposure.

1.7 Audit Opinion

In my opinion the Department's structures and practices in place to support appropriate financial management governance are generally adequate and effective and have been improving over the past several years. There are still some moderately important issues such as certain governance structures and oversight practices requiring management focus to ensure sound, transparent and effective financial management and stewardship of public resources.

1.8 Statement of Conformance and Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The opinion is applicable only to the entity examined.

2. Findings, Recommendations and management responses

2.1 Governance Structures

 The audit expected to find well-defined financial management governance structures which are supported by practices and controls that enable senior managers to discharge their financial management governance responsibilities. This would include appropriate Terms of References (ToR) for defined governance structures as well as robust processes to support the structures i.e. agenda setting and follow-up, to ensure these committees receive appropriate and sufficient financial and non-financial information in order to facilitate a collective and robust discussion, effective oversight and informed decision-making.

The audit examined the ToRs for several committees, as well as their supporting documentation such as Records of Decisions, agendas, and calendars. On a judgmental sample basis, the audit also examined the actual financial presentations for the purpose of assessing the comprehensiveness of the information i.e. inclusion of financial and non-financial analytics. The integrity of the financial and non-financial information was not assessed as part of this audit.

The Department has established several governance structures whose responsibilities include elements of financial management oversight. As per the departmental website the following is a description of each committee examined during the audit:

Subsequent to our audit period, the Department made further changes to the governance structures with the objective of improving the functioning of Committees at the senior management levels. The changes involved the creation of a Director General Management Committee and a Director General Portfolio Policy Committee. The main purpose of the new committees is to be a forum for meaningful departmental consultation and deliberation prior to presentation of key issues at senior management committees. These committees are intended to focus on more administrative processes and operational issues whereas the DMC will focus on policy and overall departmental strategic direction.

2.1.1 Terms of Reference for key governance committees broadly defined roles and responsibilities, purpose, objectives, and activities.

The audit reviewed the ToR for the DMC, the DAC, and the DG G&C committee and found that they contained sufficient information to provide direction i.e. membership, purpose of committee, roles, and objectives. The audit could not find either within the individual ToRs or through a reference to another information document, further specificity on what type of information should be received by the members or the general timeframe as to when or how often this information should be presented to the committee, in order to discharge their oversight responsibilities and accountabilities. While there were individual oversight mechanisms such as bi-lateral meetings, there was no guidance as to what should be reviewed as a collective management governance structure. For example, it was not clear whether significant procurement contracts should be reviewed at DMC. Nor was it clear what financial issues, if any, should be brought to their attention, such as updates on major financial projects or significant budget transfers that could have both financial and non-financial impacts across the Department.  

2.1.2 The DMC discussed and considered financial management issues, however not in a fulsome manner. Further the financial information provided to the DMC did not always enable managements` full understanding of the issue to support meaningful discussion and decision-making.

In order to establish the DMC agenda, the secretariat function consolidated and prioritized the items submitted for DMC oversight by the individual subject matter experts. Only on rare occasions does the secretariat formally solicit or request specific financial information for presentation to DMC. Determining which items require DMC oversight was largely left to the judgment of the specific process owners or subject matter experts. There was no predetermined list of financial topics requiring collective senior management oversight, although there was a DMC calendar specifying some key dates for certain financial items. The DMC secretariat did not play a proactive or strategic role in managing the agenda as it was not considered part of the secretariat function. Further there was no systematic approach to monitor, or follow-up on agenda items. As a result, the audit found the frequency and nature of the financial topics to be somewhat inconsistent.  

The audit found aspects of financial management were monitored by the DMC such as the monthly departmental Financial Situation Report, the status of implementation of the Internal Control Framework, and to some extent budget pressures and allocation information. The audit did observe that the comprehensiveness and the usefulness of the information being presented were inconsistent. By its very nature, financial information is complex, and so combined with a resource constrained multi-faceted budget, there is a need for key metrics and interpretation i.e. “so what does it mean”. The audit found many financial reports had limited non-financial analytics. Without these analytics, there is a risk of different interpretations of the key message and potentially an inappropriately informed management decision.   

The audit noted that many financial presentations were for information purposes only. There was limited time given to senior management to deliberate and /or provide direction. The purpose of the presentations was not always clear. In some cases senior management questioned whether it was the most effective use of their time given other higher risk priorities that might require their collective oversight. Further the audit noted that the time allotted for financial discussions was not always adequate. In some cases as noted above, priority on the agenda may have been allocated for presentations for the purpose of informing, while deliberations on critical financial decisions such as budget allocations/re-allocations were given less time and in some cases items had to be rescheduled. There continues to be varying opinions amongst the Branch Heads as to whether they have been appropriately informed of critical financial information or provided sufficient time in order to discharge their oversight responsibilities. The potential cause may stem from the existing culture of the organization whereby financial decisions were largely made through isolated individual branch decisions or through bi-lateral agreements with colleagues. This culture was still evident during this audit.

Overall, it was observed that there was a strong message of commitment to sound financial management both from the Deputy Minister and within individual branches. This strong commitment to sound financial management can be further reinforced by clarifying the understanding of financial management controls and how they will be enforced. Further by having a strategic and systematic approach to financial governance, senior management can be assured that the right information is available at the right time to support effective decision-making.

2.2 Financial Management Advisory Model and supporting Financial Management Framework and Policies.

The audit expected to find a defined and effectively implemented Financial Management Advisor (FMA) model. This model should define the responsibilities of the FMAs as well as other key officials such as the Branch Heads and Branch Planners, within a holistic perspective of the Department`s financial capacity and responsibilities. There should be appropriate communication and training on all aspects of the model including guidance on “how” to implement it.

The audit examined the FMA policies and guidance in place to assess their completeness and compliance to external direction. As well through interviews and documentation review, the audit assessed how the actual advisory control function operated.

Currently the Department has in place an approved Policy on Budget Management, as well as a detailed FMA Roles and Responsibilities document. Annex C presents the responsibilities of several of the key players responsible for financial management identified within the PS Policy on Budget Management. The PS Financial Management Framework also defines the FMA role as a key governance control.  The following depicts the relationship between the FMA and the departmental players.

Image 1
Image Description

A chart depicts the relationship between the Financial Management Advisor and the departmental players in fulfilling both the challenge and advisory functions. The Financial Management Advisor and departmental players are identified in seven boxes in the middle of the chart. These boxes are supplemented by a set of two boxes on each side of the chart showing the outputs and outcomes of the challenge function work on the left side, and the outputs and outcomes of the advisory function work on the right side.

The seven boxes in the middle of the chart are linked by vertical and horizontal arrows showing that Financial Management Advisors and Branch Planners support the Comptroller and Director General, who in turn support the Chief Financial Officer and Branch Heads in fulfilling both the challenge and advisory functions for the Deputy Minister. The bottom box on the left side of the chart highlights the outputs of the challenge function work performed by the Financial Management Advisor and departmental players. These outputs include: financial reports, departmental budgets, financial situation report, Chief Financial Officer attestations, estimates, and internal controls. These outputs lead to another box above showing the outcomes flowing from the challenge function outputs. These outcomes are sound financial and stewardship and internal control. The bottom box on the right side of the chart indicates the outputs of the advisory function work performed by the Financial Management Advisor and departmental players. These outputs include: financial plans, branch budget, variance explanation report (VER), Memorandum to Cabinet and Treasury Board submissions, estimates, and internal controls. The outcomes of these outputs include effective financial management and resource allocation and are presented in the top right-hand box. The outcomes for both the challenge and advisory functions are then looped back to the Deputy Minister's box to show that they support the Deputy's management responsibilities.

2.2.1 Progress has been made in the development of a financial management framework and the associated policies.

Progress was made in 2012 in the development of the comprehensive PS FMF which was approved by the DMC and well communicated across the Department through mandatory training. The audit found the PS FMF aligns with TB requirements and clearly outlines the roles and responsibilities of key financial management players.

The PS PBM had clear objectives, expectations, and roles and responsibilities for the key players involved in the financial management processes. It was also expected that appropriate measures were in place to ensure outcomes are as intended. However, the audit found limited indicators identified that would allow for the assessment of the effectiveness of the implementation of the PS PBM.

Guidance on how to operationalize the roles and responsibilities outlined in the PS FMF was limited. For example, there was no guidance on how the Branch Heads should develop and implement their own branch financial management framework or what would be considered appropriate evidence for monitoring their individual branch financial management frameworks.  

2.2.2 FMAs did not always have sufficient access to the full suite of information needed to fully understand branch business requirements and to effectively discharge their role.

The primary FMA communication channel to both receive and disseminate information and advice to and from branches was through the Branch Planner. This relationship was seen as valuable by all levels within the Department with significant improvements observed over the past several years. For example, the FMAs now attend the financial portion of the individual branch management meetings this was not the case during the last financial audit.

As per the FMA Roles and Responsibilities, the new FMA role should be more strategically focused and provide advice at the ADM and DG level. The audit found that the new role was not yet fully implemented as intended. To fully and effectively realize the new FMA role requires that the FMA has the access and opportunity to discuss issues directly with senior management allowing them to acquire knowledge on all aspects of the branch activities. However, the FMAs were not regularly invited to attend key branch business meetings such as procurement planning meetings, branch risk profile meetings, or priority setting meetings limiting their ability to fully understand branch business requirements and to effectively discharge their responsibilities.

2.2.3 Lack of understanding and application of the FMA model within Branches may prevent it from achieving its objectives and full value.

As per the TB and PS FMF, the FMA model is a critical control in achieving sound financial management and oversight. Therefore its acceptance at all levels within the Department is imperative.  The vision for the new FMA model was communicated and approved as part of the PS PBMand the PS FMF. It emphasized the FMA as strategic advisor to senior management as well as positioning them in the unique role of financial subject matter expert.

Despite the communication and approval of the PBM and the FMF, it was observed that there are different interpretations of the FMA role by senior management. While the FMA function was committed to evolving to this strategic role, most Branch Heads told us that they generally rely on the Branch Planner for strategic advice as some felt that FMAs were not yet providing the required level of strategic focus. Additionally, as branch planning organizations have increased their capacity, it has become possible for Branch Heads to seek guidance from Branch Planners as opposed to their FMAs. However, given the lack of specific financial expertise within the branches, this could result in advice that does not comply with the policies and directions of the Department or the Federal government. It has also resulted in a situation where FMAs are increasingly disconnected from strategic discussions in the Branch and are primarily leveraged for questions of policy interpretation and the transactional aspects of budget management (e.g., financial coding, budget transfers, Journal Vouchers, etc.). At the same time, this diminishes the value of the FMA as a key financial control in support of the CFOs financial stewardship responsibilities.

Another barrier to the full achievement of the FMA model was the inconsistent capacity within each of the Branches. Generally the larger Branches have established a team of advisors whose responsibilities include the coordination and oversight of all financial, procurement, staffing, and business planning activities. These teams appear to have the capacity to perform the transactional aspects of financial management such as monthly variance explanations, and procurement planning which allows the FMA to focus on more strategic analysis rather than validation of the technical transactions. However, some of the smaller Branches do not have this capacity and consequently the FMA was required to perform more transactional analysis in order to ensure the integrity of the baseline financial data for these smaller groups. This extra work was beyond the responsibilities of the FMA and prevented them from fulfilling the strategic analysis role and attending other branch management meetings. The audit is not suggesting that each Branch establish a special advisor team.  Rather the audit is highlighting a need to ensure a consistent interpretation and implementation of the FMA model and align the roles as appropriate to the overall departmental needs and capacity.  

Without the clarity and acceptance of the FMA model by senior management across the Department, the FMA exposure to activities may not be broad enough to equip them with the insights or understanding of the business of the Branches and their complexities.  Further, if the FMAs are unable to exercise their responsibilities as the financial subject matter experts providing strategic advice, it may lead to a weakened independent oversight control preventing the detection of inappropriate financial decisions. There may be undue reliance on the FMA as a control as the full value of the model may not be realized.  

2.3 Branch Management Control Frameworks

The audit expected individual Branches to have identified, implemented, and monitored their own unique financial management control frameworks in support of the Corporate Control Framework. The summary of these individual control frameworks was to be captured within the departmental sub-certification checklist (see description below).

The audit examined the guidance and tools provided to the Branch Heads to support the completion of the sub-certification checklist to assess their completeness, complexity, and orientation. All individual branch responses were reviewed for the purpose of assessing integrity and comprehensiveness. Evidence supporting these individual checklists was also examined to ensure sufficiency and appropriateness. The audit did not validate the compliance of the responses against the control objectives.

As per the PS FMF each Branch Head is responsible to “provide the Deputy Minister with assurance that processes are in place to ensure the effectiveness of branch financial management.”Footnote 6 Currently TB has not mandated this level of formal assurance however PS felt that it was a best practice to reinforce and emphasize Branch Head responsibilities and therefore adopted it internally. The requirement for this formal assurance was established in 2012, however the necessity for Branches to define, implement, and monitor appropriate financial controls within their purview is embedded within the authorities of the Financial Administration Act (FAA) as well as the 2010 TB Policy on Internal Controls.  

To facilitate this assurance process a sub-certification checklist was developed to support the in:

The completion of this checklist was expected to be guided by the foundational financial controls already in existence. In essence it was the formalization of documenting their financial management controls currently in existence.

2.3.1 The sub-certification checklist process was relatively new and not well understood, leading to a concern as to the completeness and validity of the attestation statements.

The audit found that generally Branches had not purposefully or deliberately identified the key financial management controls necessary to mitigate the financial risks within their purview of operational activities. There were as yet no documented branch specific financial management control frameworks although Branches were attempting to establish some financial controls albeit in an isolated manner. Without a branch financial management control framework, or an understanding of the necessary controls, it is difficult to be certain whether the right controls were in place or if there were exposures or redundancies. Further without the clear articulation of how these controls should operate and be monitored the Department cannot be certain whether it has achieved the outcomes of risk mitigation. The impact of not having branch financial management frameworks was likely one of the contributors to the sub-optimal branch responses observed within the sub-certification checklist.

The audit did recognize that the former Community and Safety Partnership Branch provided good evidence and thoughtful representation of the financial controls within their operations particularly surrounding their Grants and Contributions programs. However, the majority of the other branch responses were generic and high-level with limited specificity to branch operations. It was difficult for audit to conclude whether the sub-certification checklists were comprehensive as in many cases the audit noticed that key controls such as the oversight monitoring done by the Branch Planners were not identified.

Another contributor to the limited quality of the responses was the general lack of clarity as to the sub-certification checklist`s purpose and use. There were no guidelines and limited training sessions to provide direction as to “how” to complete it and consequently there were misunderstandings. For example there was confusion as to what time period the sub-certification checklist was to cover. There was also a lack of understanding as to what constituted a branch control versus a departmental control. Often the responses were in “support” of the departmental controls versus the identification of unique branch controls.

The audit was also concerned that the processes followed to complete the sub-certification checklists may have diminished the accountability and integrity of the responses. For example, generally the Branch Planners completed the sub-certification checklists with varying degrees of consultation with the accountable Responsibility Center Managers (RCM). After completion there were, in most cases, branch meetings to discuss the responses; however the process was often perceived as administrative. The sub-certification checklist`s use and value were generally not evident to senior management and consequently may not have been given the priority and due diligence warranted by the significance of its objective. Only the former Community and Safety Partnership Branch required individual RCMs to complete and formally sign the sub-certification checklist at their respective levels. The audit viewed this as a good control process as it is these individuals who are accountable to implement and monitor the financial controls and who are therefore in the best position to attest to integrity of the responses.

The audit reviewed on a sample basis, the supporting evidence for several branch controls e.g. financial templates and branch financial records of decisions and correspondence. The audit found that Branches were implementing many good financial management practices although there is a need to strengthen the documentation of the results of these controls.

Further there were strong examples of financial management leadership and tone set by senior management. Informal communications on financial management at branch meetings and through training and policy communications were observed. Subsequent to the audit, a strong message on the importance of financial management at the departmental town hall was communicated.

The audit also recognized that while beyond the scope of the audit, there were lower level transactional oversight controls currently being developed and implemented, in particular through the Financial Management Internal Control Framework which is in the process of being expanded to encompass branch financial controls.

Given that the sub-certification checklist is a consolidated view of the pre-existing branch financial controls the integrity of the responses suggest a need to strengthen the overall departmental financial control framework. While individual branches have various financial management controls, without having a more comprehensive branch financial control framework, there may be a risk in regard to the effectiveness and efficiency of programs, operations and resource management, including safe guarding assets. The CFO and the Deputy Minister may to some extent place undue reliance on these Branch assurances. Consequently some risks may be above their tolerance levels for reliance on the integrity of the financial information.

2.4 Financial Management Accountability

The audit expected to find appropriate processes in place to ensure that senior management was held accountable for financial management governance.

The audit examined the Performance Management Agreement (PMA) clauses specifically related to financial management to ensure their reasonableness and effectiveness.

In the 2012-2013 fiscal year there were two mandatory financial management clauses for all senior management PMAs:

In the 2013-2014 fiscal year the format of the PMAs was changed to reflect a more results based focus. There were two mandatory financial management measures for management PMAs:

Individual senior management PMAs may have had other discretionary financial management clauses however the audit did not review these additional accountability measures. Nor did the audit validate compliance of the individual PMAs, only the overall PMA enforcement processes.

2.4.1 The process and measures by which management was held accountable may not instill the importance of sound financial management nor compel the right attitudes and behaviors.

The individual senior management PMA requirements to support the PS FMF as well as obtain a financial variance target were considered good performance measures. However, the audit remains concerned on several fronts.

Firstly, there was a need for more specific and detailed accountability around financial management related to the branch activities. The notion of general support for the PS FMF does not identify the depth or specificity that is required under the FMA model. Branch financial frameworks are unique and complex. Consequently there should be some direct accountability for their integrity.

Secondly, there was concern that the pure financial target, while important from an FAA perspective may not fully instill accountability or worse, drive the wrong behaviors. This type of metric may lead the Department to focus on spending or transferring funds as opposed to the effectiveness and value of the process to arrive at financial business decisions. The Department may also achieve the 5% variance without ensuring the effectiveness of the internal controls or the integrity of the sub-certification responses. For example, the overall budget or forecast target could be achieved through isolated budget transfers of the surplus funds amongst a few responsibility center managers. While these surplus funds are being spent or transferred thus achieving the target, they may not have been on the highest priorities or greatest budget pressures of the Department collectively.   

From a process perspective, despite having the above-mentioned PMA clauses, there was little evidence that management was consistently held accountable for the 5% variance target. Based on the documentation from last fiscal year there were 62 out of 231 cost centers or 46 individual RCMs that were not compliant with the 5% variance target. Despite the opportunity for senior management to collectively review and assess the results and take the appropriate action, the presentation and consolidation of the financial data was questioned and a decision was made not to enforce the PMA financial clause. The audit did not attempt to validate the accuracy of the numbers. While the auditors were told that there were situations of lower level consequences for noncompliance, there remains a concern as to the overall effectiveness of this control as senior management was not able to enforce a collective decision or show evidence of performance accountability.

Supporting evidence and rational for variances against the PMA clause were also not rigorously documented during these senior management discussions. While there may be instances beyond the control of the RCM for the deviation, these circumstances should be appropriately identified so as to ensure an opportunity for improvements in future planning. Evidence illustrated situations of weak financial management. For example, the auditors were told of situations where RCMs were using a reserve account for budget purposes but authorizing the expenditures against other accounts. The result of this type of management means that surpluses remain in one cost center while deficits result in another cost center. This practice may not only distort financial reporting, potentially by Program Activity Architecture, but it also may dilute the accountability of the individual RCMs. 

Without consistent and continuous application of the PMA clauses, there is a natural tendency to disregard or place less attention on its achievement. The message in regard to the importance of these accountability controls becomes diminished.

Recommendations

  1. The Assistant Deputy Minister (ADM), Corporate Management Branch (CMB), should, in conjunction with DMC members, define which financial management activities require their collective oversight, the time table for their consideration, their information needs and the information available through departmental systems, processes and reports. 
  2. The ADM, CMB should re-affirm the understanding and commitment to the FMA model by senior management at the DMC. Subsequently, the ADM, CMB, should, in collaboration with Branch Heads, fully implement the FMA model by ensuring that FMAs have access to appropriate tools and training as well as sufficient visibility into Branch activities in order to deliver effective and value-add strategic advice.
  3. The ADM, CMB, should continue to raise awareness of internal control roles, responsibilities, and accountabilities, including, but not limited to, the sub-certification process with a view towards fostering an integrated approach to internal control.
  4. Each Branch Head should, with the support of the CMB, identify and document existing Branch controls, including how and when these controls are monitored and to whom the results are reported, and share best practices in financial management and internal control within the Department.
  5. The ADM, CMB, should recommend to the Deputy Minister, standard accountability clauses for Executive Performance Management Agreements that are focused on financial management and internal controls.  Further there should be a formal process put in place for the measurement, monitoring and enforcement of these commitments, which is agreed to and understood by all senior management.
Management Action Plan
# Management Action Plan Planned Completion
Date
1 The ADM, CMB will consult DMC on the types of financial information that can be provided to inform evidence-based decision-making and improve financial management governance. March 31, 2015    
The ADM, CMB will recommend revisions to the terms of reference of key governance committees to define the nature and frequency of financial information that will be considered by each entity. March 31, 2015    
The ADM, CMB will implement a quarterly scorecard that demonstrates the degree of compliance with financial management policy and legislation as well as the effectiveness of internal control over financial reporting across all Branches. June 30, 2015
2 The ADM, CMB with input from DMC, will develop and implement an action plan to further shift the FMA function from an operational to a more strategic focus. September 30, 2015.
3 The ADM, CMB will provide information sessions to all executives to clarify their roles and responsibilities under the Policy on Internal Control and in support of the Senior Departmental Manager sub-certification for internal control over financial reporting. June 30, 2016
4 The ADM, CMB will identify and document Branch controls for the CMB Branch December 31, 2014
The ADM, CMB and the Comptroller Directorate will provide support and assistance tor Branch Heads in the documentation of their controls as required. March 31, 2015
All Branch Heads with the support of CMB will identify and document key controls for the directorate based on risk and potential impact. March 31, 2015
5 The ADM, CMB will develop an objective and transparent monitoring approach for the mandatory financial management clauses in 2014-15 executive PMAs. June 30, 2014  
The ADM, CMB will propose mandatory clauses for 2015-16 executive PMAs to increase accountability for internal control over financial reporting and enhanced financial stewardship March 31, 2015

ANNEX A: Audit Criteria

Lines of Inquiry
Lines of Inquiry
Line of Inquiry 1: Leadership & Direction
The Department provides the leadership and establishes an appropriate “Tone at the Top” around financial management governance activities.
Line of Inquiry 2: Oversight Structures
There are well-defined financial management governance structures which receive sufficient and appropriate financial and non-financial information facilitating a robust discussion, effective oversight and informed decision-making.
Line of Inquiry 3: Branch Financial Management Control Framework
Individual Branches have identified, and implemented their specific Financial Management Controls in support of the Corporate Control Framework and are appropriately monitoring these controls so as to provide the Deputy Minister assurance of effective financial management.
Line of Inquiry 4: Financial Management Advisory Model
The Department has defined and implemented an effective Financial Management Advisor (FMA) model.
Line of Inquiry 5: Financial Management Framework and Policy
There is a clear and comprehensive financial management framework, policy, and guidance. This includes clear direction for reviewing and approving financial management activities.
Line of Inquiry 6: Accountability
Senior management is accountable for financial management governance.
Line of Inquiry 7: Training
The Department has appropriate and timely financial management training for key personnel.

ANNEX B: Preliminary Audit Risks

As a result of these conditions and the risk factors that stem from them, the following is a summary of the key risks to which PS is exposed in relation to Financial Management Governance.

Preliminary Audit Risks
Key Area Risk Statement
People and Knowledge

There is a risk that responsibilities, accountabilities and authority will not be understood or consistently applied by key personnel.

There is a risk that resources will not be able to focus on priority areas including financial management activities.

Information and Decision Making

There is a risk that governance structures are not informed of or sufficiently discussing all key financial considerations to ensure comprehensive oversight and effective decision-making.

There is risk that appropriate financial information including analysis and risks is not available or timely to ensure effective decision-making.

Business Processes

There is a risk that governance processes are not conducive for substantive financial and non-financial discussions and effective oversight.

There is a risk that financial management governance processes do not engage the right stakeholders or subject matter experts.

Leadership and Culture

There is a risk that financial direction provided by key personnel may be inconsistent (leadership).

There is a risk of isolated or siloed decision-making without a collective departmental perspective.

ANNEX C: Roles & Responsibilites

The following are the roles and responsibilities of the several key players identified within the PS Policy on Budget Management.

“Deputy Minister (DM)

As the Accounting Officer for the Department, under the Federal Accountability Act the Deputy Minister is responsible for:

Chief Financial Officer

As the lead executive supporting the DM's financial management and stewardship responsibilities under the TB Policy on Financial Management Governance, the Chief Financial Officer (CFO) is responsible for:

Branch Head

As the lead executive responsible for financial management within the organization under their delegated authority, the Branch Head is responsible for:

Responsibility Centre Manager

As a manager with delegated financial authority, the Responsibility Centre (RC) Manager is responsible for:

Financial Management Advisor (FMA)

As the functional specialists in financial management assigned to each Branch, the FMA is responsible for:

Branch Planner

With responsibilities for supporting and coordinating Branch financial planning, the Branch Planner is responsible for:

Footnotes

  1. 1

    Treasury Board Policy on Financial Management Governance

  2. 2

    Excerpts taken from the Treasury Board Framework for Financial Management and Financial Management Governance Policy

  3. 3

    Public Safety`s Internal Website

  4. 4

    Public Safety`s Internal Website

  5. 5

    Public Safety`s Internal Website

  6. 6

    PS Financial Management Framework

  7. 7

    Public Safety`s Policy on Budget Management

Date modified: