Continuous Audit of the Implementation of Internal Controls over Financial Reporting

Audit of Internal Controls – Non-Regular Pay Process

Executive Summary

Background

Correctional Service Canada (CSC)’s Risk-Based Audit Plan (RBAP) of 2012-2015 identified the internal controls over financial reporting as a continuing area of high audit priority. This audit was conducted as part of CSC’s Internal Audit Sector’s mandate.

One process, salary, was ranked as of particular importance and high risk due to its materiality and complexity. A significant error in CSC’s salary expenditure could result in a material misstatement of CSC’s annual financial statements.

Salary expenditures for fiscal year 2012-2013 represented $1.3 billion (53%) out of a total annual departmental budget of $2.4 billion. These expenditures included 110 different types of salary allowances from regular pay to non-regular pay such as overtime, stand-by pay, and bilingual bonuses.

The overall goal of this audit was to provide assurance that the internal controls in place were adequate and effective to ensure the non-regular pay transactions selected for examination were free of material misstatements.

The audit objectives were to:

  • assess the adequacy of the management control framework with regard to key internal controls over financial reporting for the non-regular pay process; and
  • assess the adequacy and effectiveness of internal controls for selected non-regular pay transactions processes.

The audit was national in scope and included visits to NHQ and all five regions of CSC. It included an examination and testing of key controls for 11 non-regular pay allowance processes and covered the timeframe of April 1st, 2012 to March 31st, 2013. The 11 non-regular pay allowances were selected because they were considered to be high risk, based on their materiality and complexity.

Conclusion

In relation to the first audit objective, the CSC policy framework related to key internal controls was consistent with Government of Canada legislation, Treasury Board (TB) policies and directives. All documentation was available to staff; roles and responsibilities were defined and documented; and key controls, as identified by the Internal Financial Control Team (IFCT), were tested on a regular basis.

Nonetheless, two areas require ongoing attention, specifically:

  • sufficient time had not elapsed to assess the impact of the implementation of new measures to ensure clarity of the roles and responsibilities of the compensation advisors with regard to their responsibilities related to section 34 of the FAA. The Internal Audit Sector will follow up in this area in future audits; and
  • the results of ongoing monitoring by the finance group of the key internal controls for the time period of the audit were not yet reported in a final format. The Internal Audit Sector will follow up in this area in future audits.

With respect to the second objective, audit testing demonstrated that key internal controls were in place. However, concerns were identified with regard to:

  • a lack of supporting documentation on files to provide evidence that transactions were accurate and appropriate;
  • a short-coming in the segregation of duties related to non-regular pay process, as they were neither appropriate nor effective in detecting and correcting errors and preventing the risk of fraudulent activities at the time of the audit. Management has taken action since then to address the situation; and
  • an increased risk of error for the call back, mileage and leave without pay processes.

Recommendations have been included in the report to address these areas.

Management Response

Management agrees with the overall audit findings and recommendations as presented in the audit report.

  • Management has prepared a detailed Management Action Plan to address the issues raised in the audit and associated recommendations.

  • Management Action Plan is scheduled for full implementation in September 2014.

Statement of Conformance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with management. The opinion is applicable only to the area examined.

The audit conforms to the Internal Auditing Standards for Government of Canada, as supported by the results of the quality assurance and improvement program. The evidence gathered was sufficient to provide senior management with proof of the opinion derived from the internal audit.


Sylvie Soucy, CIA
Chief Audit Executive

Date:

1.0 Introduction

1.1 Background

Correctional Service Canada (CSC)’s Risk-Based Audit Plan (RBAP) of 2012-2015 identified the internal controls over financial reporting as a continuing area of high audit priority. This audit was conducted as part of CSC’s Internal Audit Sector’s mandate.

Internal controls are a key process in the financial management of a department. The Treasury Board Policy on Internal ControlFootnote 1 (the Policy) states that organizations must establish and maintain broad systems of internal control. It stipulates that the deputy head is responsible for ensuring the establishment, maintenance, monitoring and review of the departmental system of internal controls to mitigate risks in the following broad categories:

  • the effectiveness and efficiency of programs, operations and resource management, including safeguarding of assets;
  • the reliability of financial reporting; and
  • compliance with legislation, regulations, policies and delegated authorities.

The Policy also requires that the deputy head sign an annual departmental Statement of Management Responsibility Including Internal Controls over Financial Reporting. In addition, the deputy head and the chief financial officer are required to sign an annual letter of representation to the Auditor General and the Deputy Receiver General in support of the Public Accounts of Canada covering their responsibilities for internal control and assertions over the integrity of financial information.

As part of its efforts to meet these requirements, in 2006, CSC’s Corporate Services Sector conducted an audit readiness assessment of its financial statements. From this work, 22 processes were identified and deemed to be significant with regard to CSC’s financial statements. One process, salary, was ranked as of particular importance and high risk due to its materiality and complexity. A significant error in CSC’s salary expenditure could result in a material misstatement of CSC’s annual financial statements.

According to the RBAP, the Internal Audit Sector was mandated by the Departmental Audit Committee (DAC) to conduct the Audit of the Internal Controls over Financial Reporting-Salary Process. The last audit on this topic was the 2012 Continuous Audit of the Implementation of Internal Controls over Financial Reporting – Audit of Salaries and Review of Management Action Plans for Hospitality (hereafter called the September 25, 2012 audit).

1.2 The Salary Process at CSC

Salary expenditures for fiscal year 2012-2013 represented $1.3 billion (53%) out of a total annual departmental budget of $2.4 billion. These expenditures included 110 different types of salary allowances from regular pay to non-regular pay such as overtime, stand-by pay, and bilingual bonuses. A complete list of the non-regular pay allowances can be found in Annex A. Table A below provides a breakdown of the salary costs between regular and non-regular pay for the 2011-2012 and 2012-2013 fiscal years:

Table A: Analysis of Non-regular Pay Costs vs. Total Salaries CostsFootnote 2
CSC Salary Actual Total 2012-2013
($000)
% Total 2011-2012
($000)
% of
Non-Regular Pay $252,911 19 $300,025 16
Regular Pay $1,048,511 81 $1,027,751 84
Total Salaries $1,301,422 100 $1,327,776 100

There are a variety of different policies, rules and regulations that provide guidance for the pay allowances; some are relatively straightforward while others are more complex and require interpretation and particular attention to ensure appropriate and accurate payments.

In terms of the administration of salary payments, various sectors and groups within CSC have responsibilities, including: Human Resources Sector; the finance function (at NHQ, in the regions and the sites across the country); and the sub-delegated managers. Finance officers are delegated Section 33 authorization as per the Financial Administration Act (FAA) and managers are delegated FAA Sections 32 and 34 authorization.

1.3 Internal Audit Sector Role

As mentioned in section 1.1, in 2012 the Internal Audit Sector (IAS) conducted the September 25, 2012 audit that focused on internal controls over the salary process. This audit concluded that the controls were adequate and effective to ensure pay transactions were free of material misstatements. Some areas for improvement were identified, and the following recommendations were presented to the offices of primary interest:

  • roles and responsibilities of financial officers and compensation advisors in relation to the verification and validation of pay transactions needed to be clarified;
  • the results of the monitoring of key controls performed by the Internal Financial Controls Team (IFCT) should be reported in a timely manner;
  • the controls over the initiation of pay actions should be reinforced to ensure timely submission of supporting documentation to compensation advisors;
  • the controls over the management of salary overpayment should be strengthened to ensure effective monitoring and efficient recovery of outstanding amounts; and
  • specimen signature cards needed to be accurate and easily accessible to compensation advisors.

In addition to the issues identified and addressed in the September 25, 2012 audit report, the auditors noted other areas of concern that were outside the scope of the audit but required attention. They were reported to the Assistant Commissioner Human Resources Management (ACHRM) and the Assistant Commissioner Corporate Services (ACCS) through a management letter. There were three areas of concern:

  • the risk associated with overtime pay transactions;
  • the inconsistency in the application of the compensation call back process for certain employees; and
  • the significant number of key controls identified in the financial control matrix for the salary process.

In March 2013, the Departmental Audit Committee (DAC) approved the addition of a new audit in the 2013-2016 RBAP, specific to non-regular pay transactions. Given the materiality, complexity and volume of transactions, these pay transactions may be predisposed to error, manipulation or fraud and consequently were identified as high risk.

Originally the audit team was asked to examine all 109 non-regular pay allowances, but their inclusion would have rendered the audit unwieldy and would have required excessive internal audit resources and time. Senior management agreed to start with a selection of pay allowances that were identified by the Internal Audit Sector (IAS) as being more material, higher risk and more complex. This process decreased the number of types of transactions to be tested first to 11 (see Annex A and Annex C for further information).

2.0 Audit Objectives and Scope

2.1 Audit Objectives

The overall goal of this audit, as outlined in the RBAP, was to provide assurance that the internal controls in place were adequate and effective to ensure that non-regular pay transactions processes selected for this audit were free of material misstatements.

The audit objectives were to:

  • assess the adequacy of the management control framework with regard to key internal controls for the non-regular pay process; and
  • assess the adequacy and effectiveness of internal controls for the non-regular pay transactions.

The specific criteria related to each of the objectives are included in Annex B.

2.2 Audit Scope

The audit was national in scope, and included visits to NHQ and all five regions. It included an examination and testing of key controls for 11 non-regular pay allowance processes.

Information technology general controls and the entity level controls were excluded from this audit, as at the commencement of this audit they were not yet documented nor had their design effectiveness been evaluated and tested by the IFCT. At the time of this audit IFCT is in the process of completing this work.

The audit covered the timeframe of April 1st, 2012 to March 31st, 2013.

Risk Identification and Assessment

The pay allowances recommended by IAS for inclusion in the audit were based on a thorough risk assessment. The risk factors included in the analysis were: materiality; previous audit work results; complexity of the allowances; and, requests of senior management.

The pay allowances that were recommended as a starting point by the auditors were approved by the deputy head, in his capacity as chair of the DAC, as follows:

Allowance Type Total ($) 2012-2013
call back 647,864
stand-by 839,609
leave without pay (4,225,396)
commuting allowance 978,664
bilingual bonus 2,368,265
meal allowance 387,524
maternity allowance 12,205,469
terminable allowance 5,124,521
offender supervision allowance (OSA) 1,307,139
penological factor allowance (PFA) 7,951,931
mileage allowance 1,441,777
Total (absolute value) 37,478,159

Annex C provides a description of these allowances.

3.0 Audit Approach and Methodology

Approach

Audit evidence was gathered through a number of methods.

  • Interviews: Interviews were conducted with the Comptrollers, Chiefs of Finance, Financial Analysts/Officers and Compensation Advisors involved in the management and administration of the non-regular pay transaction process in the regions, as well as other staff involved in the non-regular pay process at both NHQ and RHQ.

  • Review of documentation: Relevant documentation, such as legislation, Commissioner’s Directives (CDs), and corporate documents, such as process maps, reports, and planning exercises, were reviewed.

  • Testing: Test plans (including tests, methodology and analytical procedures) and tools were developed based on the non-regular pay processes described in the Internal Financial Control Manual in order to audit the non-regular pay allowances selected. Testing was done by determining if internal controls in place were able to detect and correct errors and prevent the risk of fraud by examining a sample of transactions selected based on a continuous audit approach. It was conducted on key internal controls as identified by IFCT and related to each of the selected non-regular pay allowances.

  • Sampling: A selection of samples from the 11 pay allowances was examined.

Methodology

The sample of transactions was selected using a continuous auditing approach. It was limited to the period of April 1, 2012 to March 31, 2013 for the selected non-regular pay allowance transaction processes. The testing of controls was conducted at the RHQ in each region and at NHQ. Based on this methodology, the audit team selected 817 employee files.

The continuous auditing approach focused on unusualFootnote 3 entries and transactions; therefore the probability of errors was elevated.

4.0 Audit Findings and Recommendations

4.1 Management Framework for Non-regular Pay Process

Given the level of risk and materiality of this area of audit, the auditors chose to follow-up on the work previously conducted in the September 25, 2012 audit. The audit team examined CSC’s financial directives, guides, manuals and collective agreements applicable to the 11 allowances and confirmed that there were no changes in the process since the time of the previous audit. Consequently, it was deemed appropriate to rely on the earlier audit work.

4.1.1 Policy and Legislative Framework

We expected to find that CSC financial directives, guides and manuals were in place and consistent with Government of Canada legislation and Treasury Board (TB) policies and directives. We further expected to find that these documents were available to staff.

CSC financial directives, guides and manuals were consistent with Government of Canada legislation, TB policies and directives and were available to staff.

The audit found that CSC has a suite of financial directives, guides, manuals, instructions and bulletins that were consistent with TB policies and directives. These documents were available to staff on CSC’s intranet website (the Infonet).

4.1.2 Roles & Responsibilities

We expected to find that CSC roles and responsibilities related to the non-regular pay process were defined, documented and communicated.

CSC roles and responsibilities related to the non-regular pay process were defined and documented and were available to all staff on the Infonet; however, specific responsibilities required clarification.

The audit team reviewed CSC’s Payroll and Personnel CycleFootnote 4 to identify CSC staff involved in the management of the salary process, and more specifically, the non-regular pay processes. This work included an examination of roles and responsibilities to determine if they were defined and documented and if the segregation of duties was appropriate.

The audit found that roles and responsibilities were defined and documented and were available to all staff on the Infonet. We also found that roles and responsibilities related to the non-regular pay processes were further documented in various CSC financial directives, manuals, and national generic work descriptions. The CSC’s Payroll and Personnel Cycle was consistent with this documentation.

In the September 2012 audit, it was found that there was a lack of clarity regarding the application of section 34 of the Financial Administration Act (the FAA), specifically between the role of budget managers and that of compensation advisors. At that time, the audit team interviewed five compensation managers, all of whom stated that, in their opinion, the responsibility of section 34 of the FAA is exclusive to budget managers and their role as compensation managers is limited to processing transactions authorized by appropriate budget managers. As per the TB Guideline on Common Financial Management Business Process 5.1 – Pay Administration, compensation advisors are required to ensure the appropriateness of non-regular salary payments. Therefore, compensation advisors are responsible for ensuring that the authorized source documents supporting pay transactions are received and that pay transactions are completed, accurate and processed in a timely manner.

A lack of clarity in the roles and responsibilities of compensation advisors could lead to a deficiency in this key internal control, namely the review process of pay forms submitted, thereby increasing the risk of inappropriate and unauthorized payments.

This concern was reported within the September 25, 2012 audit, as part of Recommendation 1. The Assistant Commissioner Human Resources Management (ACHRM) and the Assistant Commissioner Corporate Services (ACCS) committed to implement their action plan by March 31, 2013.

On April 1st, 2013, Labour Relations, Compensation and Wellness Branch issued a pay verification and payment release procedure stating that compensation advisors are responsible for ensuring that the authorized source documents supporting pay transactions are received and that pay transactions are completed, accurate and processed in a timely manner. Moreover, the compensation advisor with the role of verifier is responsible for the accuracy of pay input with the budget manager and is ultimately accountable to the deputy head for this activity. The verifier is also granted signing authority under section 34 of the FAA to perform his or her role. Training was also provided to the verifiers with regards to the section 34 of the FAA.

Sufficient time had not elapsed for the audit team to assess the impact of the implementation of new measures put in place to ensure clarity of the roles and responsibilities of the compensation advisors with regard to their responsibilities related to section 34 of the FAA; however the approach seems reasonable as stated. The IAS will follow up in this area in future audits.

4.1.3 Monitoring and Reporting

We expected to find that key financial controls for the salary process and non-regular pay processes, as identified by the IFCT were: assessed on a regular basis; that testing results were reported by IFCT; improvements were identified; and changes were made and reported when testing results were issued to process owners and management, within three months following testing completion, as stated in the action management plan of the September 25, 2012 audit.

Key internal controls, as identified by IFCT, were tested on a regular basis; however at the time of this audit, the 2012-2013 report was still in a draft format.

The audit team examined supporting documentation to determine if the monitoring of key controls for non-regular pay transactions occurred, was documented, reported, and if any improvements required, were identified and implemented.

The audit found that monitoring, reporting, and processing requirements were defined in CSC’s Pay Verification Directive (FOPs-DIR-2013-326) and the internal controls around the processes were further defined in CSC’s Internal Financial Controls Manual. The documentation includes direction on the sampling methodology and approach used for testing, compiling and reporting the results.

Testing results were issued to process owners and discussed with regional comptrollers for remediative action, within the required timeline, following testing report on the results of the testing of the key controls surrounding the post-payment verification, but the report was still in draft format at the time of the audit.

Conclusion

With regard to the first objective, the audit found that:

  • the policy framework related to key internal controls was consistent with Government of Canada legislation, TB policies and directives;
  • documentation was available to staff;
  • CSC roles and responsibilities related to the salary process were defined and documented and available to staff on the Infonet; and
  • key controls, as identified by IFCT, were tested on a regular basis.

Nonetheless, two areas require ongoing attention, specifically:

  • sufficient time had not elapsed to assess the impact of the implementation of new measures to ensure clarity of the roles and responsibilities of the compensation advisors with regard to their responsibilities related to section 34 of the FAA. The IAS will follow up in this area in future audits; and
  • the results of ongoing monitoring by the finance group of the key internal controls for the time period of the audit were not yet reported in a final format. The IAS will follow up in this area in future audits.

4.2 Assessment of the Adequacy and Effectiveness of Internal Controls for Non-Regular Pay Processes

Due to the large number of pay allowances examined and the number of criteria in Objective Two (found in Annex B), the audit results were summarized in Table B of this report. They are listed by pay allowance type, with results and comments for each.

We expected to find that key internal controls were in place and working as intended to ensure that transactions were properly and accurately processed and were free of material misstatement as set out in the Objective Two, so that:

  • transactions were recorded in a timely manner in the IFMMSFootnote 5 system as required and represented events that actually occurred during the audited period;
  • all non-regular pay transactions which actually occurred during the audited period were recorded;
  • all non-regular pay transactions were authorized by persons with the appropriate delegated financial authorities;
  • all non-regular pay transactions were properly coded and mathematically accurate; and
  • all non-regular pay transactions were properly described, sorted and classified.

Audit examination work revealed that some key internal controls in place were not effective as they could not ensure that non-regular pay transactions were free of material misstatement and did not detect and correct errors or prevent the risk of fraudulent activities.

4.2.1 General Findings and Observations

4.2.1.1 Segregation of duties

In our testing of all non-pay transactions in the salary process, we expected to find an appropriate segregation of duties related to the processing and verification of non-regular pay transactions. An appropriate segregation of duties should be designed and implemented to prevent an employee or group of employees from perpetrating and concealing errors or fraudulent activities in the normal course of their duties.

The audit found that the segregation of duties was neither appropriate nor effective.

The auditors commented on the segregation of duties in the September 25, 2012 audit and at that time, noted that the segregation of duties for the Regional Pay System (RPS), as set up by CSC, did not prevent the same compensation advisor from entering, reviewing and processing the same transaction.

In response to the September 2012 audit, management stated that a peer review process had been in place that would counter this situation. The current peer review consists of a system where the transactions entered by a compensation advisor are reviewed by another compensation advisor (a reviewer or a pay verifier) before the transaction is processed for payment.

In order to test the effectiveness of this key internal control, the audit team selected a sample of duplicate transactions that had two identical dollar amounts for the same pay period, for the same allowance and employee.

Evidence of the ineffectiveness of the peer review process was discovered through this testing. In one region, the internal control process was unable to identify 55 inappropriate and unauthorized transactions that were processed and improperly paid. The transactions were processed and reviewed by the same compensation advisor who had the capability to enter and review the same transactions and to change bank accounts and then subsequently approve those changes. Details of this situation were discussed with senior management and action has been taken to address the matter. To prevent a reoccurrence of this situation, it is critical that no one individual has the ability to process a pay transaction and to modify bank account information.

In addition, the audit examination also revealed seven other situations of duplicate payments in other regions, none of which ultimately resulted in inappropriate transactions. These payments were processed and paid because the internal controls system of RPS, which is designed to prevent the processing of double entry transactions, was overridden by the compensation advisor processing the transaction. The auditors interviewed five compensation managers in each region and based on the information provided to the auditors, confirmed that all regions were susceptible to this control weakness.

Since then, the Corporate Services and Human Resources sectors have undertaken a number of actions to resolve the issue. CSC may also consider consulting with the department responsible for the RPS to determine if there are ways to address this situation.

Recommendation 1 (Recommendation requires management’s immediate attention, oversight and monitoring)

The Assistant Commissioner Human Resources Management (ACHRM) should:

  • ensure there is an appropriate segregation of duties and put in place mechanisms to periodically monitor its effectiveness.

Management Response

We agree with this recommendation. The ACHRM will:

  • re-iterate to regional Compensation Managers the requirements for segregation of duties;

  • have the regional Compensation Managers confirm such segregation of duties is in place;

  • bi-annually, Corporate Compensation will conduct an audit to identify current RPS Users and the segregation of duties.

The first two items have been addressed and the regional Compensation Managers have confirmed in writing they are compliant and that the segregation of duties is complete.

The next monitoring is scheduled for June 2014.

4.2.1.2 File Documentation and Audit Trail

We expected to find evidence of review by compensation advisors to confirm the accuracy and completeness of the non-regular pay transaction payments, and that all supporting documentation was on file for the purpose of an audit trail.

With the exception of one region, there was no evidence that the internal control was performed as designed.

The audit found that 16% (130/817) of the files audited were missing key documents (letters of offer, leave without pay forms, timesheets, etc.) that supported the decisions around the payment of the allowances.

An absence of documentation puts the organization at risk as it may be unable to support decisions around the payment of non-regular pay allowances and therefore process ineligible allowances. As well, CSC could lack sufficient and appropriate details for audit trail purposes.

Another documentation issue concerned the transfer of employee pay files. The auditors found when 10 employees were transferred to other departments from CSC, their files were transferred with them without maintaining a minimum amount of documentation at CSC to support final pay transactions. Even though there is an exit process including a checklist, documentation is not retained. This lack of documentation made it difficult to perform the post-verification procedure for those transactions. As a result, it was not possible for the auditors to obtain reasonable assurance that these transactions were free of misstatement, authorized, accurate and appropriate.

Recommendation 2 (Recommendation requires management’s attention, oversight and monitoring)

The Assistant Commissioner Human Resources Management (ACHRM) and the Assistant Commissioner Corporate Services (ACCS) should:

  • identify key documents used in the pay processes and ensure they are maintained on file, electronically or otherwise; and

  • ensure that compensation advisors document the performance of the internal controls.

Management Response

We agree with this recommendation. The ACHRM will:

  • re-iterate the use of compensation and benefits checklists;

  • develop procedures and directions for pay verification and payment release;

  • conduct a review to ensure auditable evidence of verification for each pay transaction.

The first two items have been completed and the regional Compensation Managers have confirmed they are compliant since January 2014 in the use of the checklist.

The conduct of a review of verification on a sample basis is scheduled to begin in June 2014 and bi-annually thereafter.

4.2.2 Findings and observations related to specific allowances

Table B below includes high level results related to each non-regular pay allowance examined. Further information included beneath the Table in sections 4.2.2.1, 4.2.2.2 and 4.2.2.3 relate to specific findings for three particular pay allowances.

During the examination phase, any specific minor issues identified (minor calculation errors with no impact on the assessment of the internal controls) were reported to responsible staff within the regions, to be addressed on an individual basis. Corrective actions were taken for immediate remediation and evidence of this work was obtained by the audit team.

Table B: Summary of Findings by Pay Allowance
Type of Transaction Number of Transactions Tested Internal Control Errors / Deficiency (Rate) Internal Controls were Performed and Able to Prevent, Detect and Correct Errors Missing Documentation or No Evidence of a Review Performed General Comment & Conclusions
Mileage 177 22 (12%) No 2%

The audit found that employees claimed excessive mileage for 12% of the transactions; the audit team concluded that the internal control over the review of the mileage claimed is ineffective.

The audit team raised concerns over the application of National Joint Council Travel Directive. Refer to section 4.2.2.1 for further details.

Call back 173 16 (9%) No 31%

A lack of documentation was noted. The audit found that in 9% of the transactions, the amounts paid were inappropriate. These transactions represent 49% of the total of CSC’s call back payments during the period audited. Refer to section 4.2.2.2 for further details.

Stand-by 277 5 (2%) Yes 1%

No significant issues were noted.

Maternity Allowance 399 7 (2%) Yes 16%

No significant issues were noted with the exception of the lack of documentation.

Leave Without Pay (LWOP) 622 490 (79%) No 84%

The audit found that LWOP forms were often not authorized or authorized after the fact. This situation may generate potential for an overpayment of salary. Refer to section 4.2.2.3 for further details.

Bilingual Bonus 326 0 (0%) Yes 15%

No significant issues were noted with the exception of the lack of documentation.

Penological Factor 1478 39 (3%) Yes 4%

No significant issues were noted.

Commuting Allowance 202 19 (9%) Yes 29%

No significant issues were noted with the exception of the lack of documentation.

All errors were identified in one region and therefore the auditors considered it an isolated error and contacted the particular region.

Terminable Allowance 374 0 (0%) Yes 5%

No significant issues were noted.

Offender Supervison Allowance 819 8 (1%) Yes 0%

No significant issues were noted.

Meal Allowance 125 8 (6%) No 48%

There was a lack of documentation noted. The audit also found that 6% of the transactions were overpaid. While meal allowance is not a significant expense for CSC in relation to the overall budget, the auditors noted that it is an area of high frequency of grievance claims. (The Audit of the CSC Staff Grievance Process was completed by IAS in 2012.)

As mentioned in section 3.0, the auditors selected the sample for testing based on unusualFootnote 6 transactions, such as duplicates or anomalies. As a result, the rate of error is, by definition, higher than it would be if compared to the general population of transactions. The purpose however, was to test whether controls would or could detect those anomalies.

The following three sections describe findings specific to part of a pay allowance and require further explanation.

4.2.2.1 Mileage Allowance

The audit team identified two issues within the payment of mileage allowance that pose a risk to the organization because they involve both significant dollar amounts and a large number of staff members.

Applicability

The first finding concerned the applicability of rules to the payment of mileage for some employees.

Some of the mileage allowance transactions examined by the audit team were submitted by one classification group of staff for travel between their homes and workplaces when they worked overtime shifts. A mileage allowance is not included in their collective agreement but on enquiry from the audit team, CSC’s Labour Relations team explained that payment is based on Section 3.1.11 of the National Joint Council (NJC) Travel Directive. Rationale for the use of this entitlement is that working overtime is a disruption of the normal commuting pattern.

The audit team questioned the use of this subsection for payment because it is preceded by a sentence at the beginning of Section 3, which states that: "The provisions outlined in this module apply when an employee is away from the workplace on government travel within the headquarters area in Canada or worldwide."

The CSC Labour Relations team provided the auditors with recent jurisprudence from the National Joint Council that addressed the use of section 3.1.11 of the Travel Directive. This ruling indicates that use of this section was appropriate for the particular group of employees in question. Further, the Labour Relations team provided the auditors with correspondence from the Office of the Chief Human Resources Officer, Treasury Board, confirming this practice.

However, given the costs associated with this expense, we would strongly encourage CSC to formalize its approach.

Calculation of Payment of the Mileage Allowance

The audit found that there was no standard methodology, CSC-wide, to calculate mileage claimed, whether either finance or compensation staff were involved in the approval process. The audit also found that in some instances, the request for mileage submitted was for distances that were farther than the distances between home addresses listed in HRMSFootnote 7 and the workplace.

The audit also found that the employees’ home addresses were not always up to date in HRMSFootnote 8. Inconsistent and outdated information can lead to incorrect payments of mileage expenses.

4.2.2.2 Call Back

In the September 25, 2012 audit, the audit team noted instances where call back compensation claims appeared to be high, based on the Health Services Collective Agreement, specifically in relation to Article 10 (Call Back) and Article 11 (Stand-by) of the collective agreement. It was determined by Labour Relations after consultation with Treasury Board, that some claims were in fact higher than they should have been and subsequently, measures were taken to clarify and rectify the situation.

During the current audit, we found continued inconsistencies in this application of the Health Services Collective Agreement. However, on May 7, 2013 after completion of the examination phase of the audit, the audit team received a copy of new CSC guidelines for the tracking and payment of call-back for all employees, which addressed aforementioned issues. The practice has now been clarified and the audit team will follow up to determine if the practice has been corrected throughout CSC.

4.2.2.3 Leave Without Pay

As mentioned in section 3.0, the auditors selected the sample for testing based on unusual transactions. An inherent effect of this methodology is that the rate of error is significantly elevated in comparison to a traditional statistical sampling technique. This was particularly the case with the examination of leave without pay transactions.

Leave without pay (LWOP) is, by its definition (see Annex C), an allowance that does not involve pay. However, there are circumstances where there are salary recoveries required, and the auditors examined these transactions.

We expected to find that LWOP recovery transactions were completed in a timely and accurate manner. The sample selection process commenced with the overall population of employees with LWOP requiring recoveries. For the audit examination period, there were 4,370 employees in this situation. Some LWOP recorded was for short periods of time, others for much longer, including leave with income averaging. The audit team selected a total sample population for the period for LWOP of 60 employee files covering 622 transactions. The 60 files included 10 employees selected on a random basis from the 4,370 employee files and 50 whose files included transactions that appeared to be unusual.

The auditors found that CSC employees, whose files were included in the audit sample, took leave without completing the leave application form prior to departure. Specifically, 490 of the 622 (79%) total transactions for the sample were authorized after the leave period. These employees and their managers completed the leave application forms on return to work. The remaining 132 transactions were authorized prior to the leave and were processed after the leave was completed within a reasonable amount of time due to the timing of the pay process.

It was noted by compensation advisors that this practice may be a result of the special circumstances surrounding particular leave situations. CSC staff take leave due to illness or other unanticipated reasons and then remain on leave for a period of time longer than anticipated and consequently, run out of paid leave options. When this situation arises, the employee goes into leave arrears and requires LWOP. However, the employee may continue to be paid until the time the responsible manager notices the discrepancy and stops the pay.

Nonetheless, the audit found that there were some files in the sample where the recovery dollar amounts were significant. These figures were beyond that which would have been expected for a short time period to allow managers to note leave shortfalls and take corrective action. There were 13 employees out of 60 (22%) tested with an average recovery amount of $10,165. The total recovery amount for those 13 employees represented 80% ($132,165) of the total amount of $165,895 of 622 LWOP transactions tested.

For those employees who are covered by the Scheduling and Deployment SystemFootnote 9 (SDS), the reconciliation process between SDS and HRMS is an existing internal control which could prevent the creation of large negative balances in an employee’s sick and annual leave accounts if completed in a timely manner.

The five regional compensation managers informed the audit team, through interviews, that reconciliations between SDS and HRMS are not always completed in a timely manner which may contribute to the delay in stopping pay.

The audit testing results confirmed that the lack of a timely reconciliation between SDS and HRMS can lead to large negative balances in these accounts and debts to the Crown.

There is a risk to the organization that it may be challenging to recover leave without pay overpayments especially if the employee remains away from work or leaves the organization.

Recommendation 3 (Recommendation requires management’s immediate attention, oversight and monitoring)

With respect to remittance of mileage, the Assistant Commissioner Human Resources Management (ACHRM) should:

  • obtain confirmation from the highest authorities that mileage allowance payments to staff working overtime shifts are based on clear and appropriate direction; and

  • implement mechanisms to control and monitor mileage claims for accuracy and appropriateness.

Management Response

We agree with this recommendation. The ACHRM will:

  • consult with TB and union stakeholders on the obligations of the NJC Directive and obtain confirmation in writing from TB on the obligations of the Directive and agreements from bargaining agents, where appropriate, by January 31 2014.

  • develop and implement new national standards and protocols for processing allowance reimbursements, including system process changes if required by April 30th 2014.

  • ensure on-going compliance monitoring of entitlement administration through the implementation of bi-annually site level, and annual headquarters level, audit requirements which include annual policy change review activities by September 30 2014.

Recommendation 4 (Recommendation requires management’s attention, oversight and monitoring)

The Assistant Commissioner Human Resources Management (ACHRM) should reinforce the internal controls in place to ensure timely reconciliations between HRMS and SDS to actively monitor and control leave balances.

Management Response

We agree with this recommendation. The ACHRM will:

  • review current internal controls for SDS and HRMS data reconciliation and re-issue directions to re-affirm manager and system user accountabilities.

  • implement new protocols for leave reconciliation management based on an MOA with the union and take pay actions when an employee leave transaction is not processed in a timely manner.

Conclusion

With regard to Objective Two of this audit, while the audit found that key internal controls are in place, there are two areas of concern with regard to the overall management of the non-regular pay allowance transactions. First, there was a lack of documentation on files and second, the segregation of duties related to non-regular pay process was not effective and could not detect and correct errors and prevent the risk of fraudulent activities. However, in reference to the latter, management has taken action and IAS will continue to monitor progress.

Additional concerns were noted specific to some of the non-regular pay allowances:

  • the rationalisation over the payment of mileage needs to be clarified and based on clear, authoritative documents;
  • the calculation of mileage requires further guidance and clarification; and
  • internal controls and management of leave balances including reconciliation also require further attention.

5.0 Overall Conclusion

In relation to the first audit objective, the CSC policy framework related to key internal controls was consistent with Government of Canada legislation, Treasury Board (TB) policies and directives. All documentation was available to staff; roles and responsibilities were defined and documented; and key controls, as identified by the Internal Financial Control Team (IFCT), were tested on a regular basis.

Nonetheless, two areas require ongoing attention, specifically:

  • sufficient time had not elapsed to assess the impact of the implementation of new measures to ensure clarity of the roles and responsibilities of the compensation advisors with regard to: their responsibilities related to section 34 of the FAA. The IAS will follow up in this area in future audits; and
  • the results of ongoing monitoring by the finance group of the key internal controls for the time period of the audit were not yet reported in a final format. The IAS will follow up in this area in future audits.

With respect to the second objective, audit testing demonstrated that key internal controls were in place. However, concerns were identified with regard to certain non-regular pay transactions:

  • a lack of supporting documentation on files to provide evidence that transactions were accurate and appropriate;
  • a short-coming in the segregation of duties related to non-regular pay process, as they were neither appropriate nor effective in detecting and correcting errors and preventing the risk of fraudulent activities at the time of the audit. Management has taken action since then to address the situation; and
  • an increased risk of error for the call back, mileage and leave without pay processes.

Recommendations have been included in the report to address these areas.

Management Response

Management agrees with the overall audit findings and recommendations as presented in the audit report.

  • Management has prepared a detailed Management Action Plan to address the issues raised in the audit and associated recommendations.

  • Management Action Plan is scheduled for full implementation in September 2014.

Annex A — List of Non-regular Pay Transactions Expenses

Code Name
1 Regular Pay
6 Offender supervison allowance
9 Call-back pay
14 Department head and/or dean allowance
20 Temporary assignment allowance
24 Expanded Professional Role Allowance - Nurses
27 Dual remuneration
29 Leave - payment in lieu - SOS employees
32 Meal allowance
33 Leave - payment in lieu - active employees
34 Professional Membership Fees Allowance
35 Translation Pay Equity Adjustment - Non - Superannuable
38 Clothing Allowance / Correction Services Group (CX)
40 Overtime accumulated
41 Payment for month of death
42 Penological factor allowance
43 Premium pay for work on a holiday
44 Principals' allowance administrative and supervisory
46 Special accommodation allowance
48 Secondment allowance - Northern Pipeline Agency
49 Additional hours part-time employees
50 Reporting pay
51 Retiring allowance, non-transferable - including Early Retirement Incentive (ERI) payments
54 Severance pay
55 Shift premium - evening or 2nd shift
56 Sleeping-in allowance
58 Shift premium - night or 3rd shift
62 Specialists' allowance
63 Education allowance - nurses category only
64 Stand-by pay - 1st rate
65 Stand-by pay - 2nd rate
70 Supervisory differential
71 Supervisory differential - overtime
72 Travel on day of rest
73 Vacation pay
77 Education leave allowance
79 Flight inspection duties quarterly payment
80 Inmates training differential
82 Performance awards - non-management category
83 Pay supplement
86 Shift change premium
87 Lump-sum settlement on revision
88 Lump-sum settlement not subject to superannuation
89 Travel on a normal working day
92 Premium for lieu day
94 Flight calibration duty
95 Dog handler's allowance
96 Height allowance
101 Living cost differential
102 Fuel and utilities differential
104 Mileage allowance or out of pocket expenses
115 Inmate training differential - overtime (allowance applicable to overtime hours worked only)
124 Pay in lieu of notice (term employees)
126 Supervisory differential (ships' repair)
140 Premium for temporary assignment
141 Bilingualism bonus ($800)
142 Commuting allowance - taxable
143 Chairman's allowance
144 Equalization Adjustment Allowance
146 Maternity allowance (collective agreement)
148 Maternity allowance
149 Responsibility allowance Correctional Services (Corr. S.)
154 Weekend premium - first day
155 Weekend premium - second day
158 Transfer allowance (ship repair)
173 Premium pay in lieu of statutory holiday
175 Call Pay - Deckhands
179 At Risk Pay
188 Terminable allowance
1B5 Dangerous Goods
1C3 Instructor Allowance - pensionable
1C4 Institutional Emergency Response Team Allowance - pensionable
1C5 Instructor Allowance non-pensionable
1C6 Institutional Emergency Response Team Allowance non-pensionable
1D3 Lump Sum Payment - Executive (EX) recruitment
1F3 Lay-Day Payment in Lieu of Vacation Credits
1F4 Commuting Assistance
1F6 Full Severance Liquidation Payment
1F7 Part Severance Liquidation Payment
1G3 WFA Financial Counseling
220 Retroactive overtime - current year
221 Retroactive overtime - first previous year
222 Retroactive overtime - second previous year
223 Retroactive overtime - third previous year
227 Terminable Retention Allowance
229 Terminable Allowance - monthly
231 Late hour premium
232 Dual remuneration (non-superannuable)
240 Reimbursement of Memberships
251 Recruitment and Retention Allowance
253 Vacation pay advance
254 Turn around penalty
255 Break penalty
256 Non-continuous hours
259 Overtime - second meal
260 Overtime- regular working day
261 Overtime - first day of rest
262 Overtime - second or subsequent day of rest
263 Overtime on statutory holiday
268 Overtime while on training
280 Severance pay (non-transferable)
281 Reimbursement of parking
282 Non-accountable advance vacation travel - taxable
290 Overtime pay - other rate
297 Environment allowance
301 Leave without pay
302 Fixed hours not worked
303 Overpayment
306 Leave Income Averaging
307 Comp. leave adjustment
331 Rotational Supplement Pensionable - No Premiums
332 Dangerous Goods Allowance
365 Turnkey payment transferable
366 Turnkey payment non-transferable
368 Contracting out payment non-transferable
370 Retiring allowances - Adjustment/non-eligible (RA - adj non eligible)
401 Reverse - leave without pay
402 Reverse - fixed hours not worked
403 Reverse - unearned
404 Rev Rec of Overpayment (O/P)
406 No code name availableFootnote 10
504 No code name available
522 No code name available
540 No code name available
566 No code name available
567 No code name available
5F3 No code name available
728 No code name available
729 No code name available
731 No code name available
741 No code name available
819 No code name available
955 No code name available

Annex B — Audit Objectives and Criteria

Objective Criteria
1. Assess the adequacy of the management control framework with regard to key internal controls for the non-regular pay process.

1.1 Policy Framework:

  • CSC manuals, financial directives and guidelines in place are consistent with TB policies, Acts, legislation and applicable collective agreements as they relate to the non-regular pay process.

1.2 Roles & Responsibilities – CSC employees’ roles and responsibilities in relation to the non-regular pay transactions process are defined, documented and communicated.

1.3 Monitoring and reporting systems are adequate and effective, so that:

  • Key controls as identified by IFCT (internal financial control team) are tested on a regular basis;
  • Testing results are reported by IFCT as required;
  • Improvements are identified by process owner; and
  • Changes are made and reported when necessary by the process owner.
2. Assess the adequacy and effectiveness of internal controls for non-regular pay transactions process.

2.1 Existence / Occurrence - Transactions are timely, recorded in the IFMMS systems as required and represent events that actually occurred during the audited period.

2.2 Completeness - All non-regular pay transactions which actually occurred during the audited period are recorded.

2.3 Authorization - All non-regular pay transactions are authorized by persons with the appropriate delegated financial authorities.

2.4 Valuation & Accuracy - All non-regular pay transactions are properly coded and mathematically accurate.

2.5 Presentation / Disclosure - All non-regular pay transactions are properly described, sorted and classified.

2.6 Accuracy - All controls for non-regular pay transactions are:

  • at the appropriate location in the process; and
  • for the intended purpose.

Annex C — Definition of the Allowances Examined in the AuditFootnote 11

1. Call Back Pay This pay is provided when an employee is called back to work or when an employee who is on stand-by duty is called back to work by the employer any time outside his or her normal working hours.
2. Stand-by Pay When the employer requires an employee to be readily available on stand-by during off-duty hours, the employee shall be compensated for the time he has been designated as being on stand-by duty.
3. Leave Without Pay (LWOP) This allowance is provided when an employee applies for, and is granted leave without remuneration as described in the collective agreements.
4. Commuting Allowance Compensation is provided to help defray excessive costs incurred in employees' daily travel to and from the regularly assigned worksite on the days when they are required by management to report for work.
5. Bilingual Bonus When an employee occupies a position which has been identified as bilingual and the employee has Second Language Evaluation (SLE) results confirming that he/she meets the language requirements of his/her position, then the employee is entitled to the bilingual bonus.
6. Meal Allowance When an employee who works three or more hours of overtime immediately before or immediately following the employee's scheduled hours of work, or works overtime continuously extending four hours or more beyond the period of three or more hours, he or she shall be reimbursed his or her expenses for one meal. The meal allowances shall not apply to an employee who is on travel status.
7. Maternity Allowance Unpaid leave may be granted to a female employee for the purpose of dealing with the pregnancy, delivery, and care of her new-born child.
8. Terminable Allowance In an effort to resolve retention and recruitment problems, Employer provides an allowance to MDs and other group employees who perform the duties of positions at the MD-MOF-1 through MD-MOF-4 levels, MD-MSP-1 through MD-MSP-2, NU, PS and AS-02 levels.
9. Offender Supervision Allowance (OSA) This allowance is used to provide additional compensation to a parole officer position who is employed in the community and who, by reason of duties being performed in relation to the conditional release of offenders, as defined in the Corrections and Conditional Release Act, assumes responsibilities for the regular supervision of offenders.
10. Penological Factor Allowance (PFA) This allowance is used to provide additional compensation to whom, by reason of duties being performed in a penitentiary, as defined in the Corrections and Conditional Release Act, assumes additional responsibilities for the custody of inmates other than those exercised by the employees in the Correctional Group (CX).
11. Mileage Allowance When an employee is required to work in more than one location during a period of duty, transportation between such locations shall be provided, or paid for, by the employer.
ACCS
Assistant Commissioner Corporate Services
ACHRM
Assistant Commissioner Human Resources Management
CD
Commissioner's Directive
CSC
Correctional Services Canada
DAC
Departmental Audit Committee
FAA
Financial Administration Act
HRMS
Human Resources Management System
IAS
Internal Audit Sector
IFCT
Internal Financial Control Team
IFMMS
Integrated Financial and Material Management System
LWOP
Leave Without Pay
NHQ
National Headquarters
NJC
National Joint Council
OSA
Offender Supervision Allowance
PFA
Penological Factor Allowance
RBAP
Risk-Based Audit Plan
RHQ
Regional Headquarters
RPS
Regional Pay System
SDS
Scheduling and Deployment System
SLE
Second Language Evaluation
TB
Treasury Board

Footnotes

Footnote 1

Treasury Board Policy on Internal Control, Section 3.2 and Section 6.1

Return to footnote 1

Footnote 2

Source: Non-Regular Pay Statistics – Public Works and Government Services Canada Regional Pay System (RPS) and CSC’s Resource Management Tool (RMT).

Return to footnote 2

Footnote 3

The use of the term ‘unusual’ follows the Canadian audit standard - 500 audit evidence.

Return to footnote 3

Footnote 4

Internal control matrix that describes CSC’s salary and non-regular pay processes.

Return to footnote 4

Footnote 5

Integrated Financial and Material Management System.

Return to footnote 5

Footnote 6

The use of the term ‘unusual’ follows the Canadian audit standard 500 – audit evidence

Return to footnote 6

Footnote 7

HRMS is Human Resources and Management System endorsed by Treasury Board.

Return to footnote 7

Footnote 8

Ibid 7.                                                         

Return to footnote 8

Footnote 9

SDS is a CSC in-house stand alone time reporting system for correctional officers.

Return to footnote 9

Footnote 10

This is the coding for recoveries.                                                         

Return to footnote 10

Footnote 11

These definitions are drawn from the Treasury Board Collective Agreements.

Return to footnote 11