Core Control Audit of the Office of the Registrar of the Supreme Court of Canada
December 2017
Office of the Comptroller General
Why this is important
The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policy and procedures.
Core control audits provide deputy heads with assurance regarding the effectiveness of core controls over financial management in their respective organization. By doing so, core control audits inform deputy heads of their organization’s level of compliance with requirements contained in selected financial legislation, policies and directives.
About the Office of the Registrar of the Supreme Court of Canada
Created by an Act of Parliament in 1875, the Supreme Court of Canada (SCC) is Canada's final court of appeal. It serves Canadians by deciding legal issues of public importance, thereby contributing to the development of all branches of law applicable within Canada. The Office of the Registrar of the Supreme Court of Canada (ORSCC) provides all necessary services and support for the Court to process, hear and decide cases. It also serves as the interface between litigants and the Court.Footnote 1 The ORSCC’s strategic objectives are:
- To ensure the independence of the Court as an institution within a framework of sound public administration;
- To continuously improve access to the Court and its services;
- To ensure that hearings can be held and decisions rendered promptly; and
- To provide the timely and accurate information the Court needs to fulfill its mandate.Footnote 2
For fiscal year 2014-15, the ORSCC had spending of approximately $32 million and human resources of 204 full-time equivalents.Footnote 3
Core Control Audit Objective and Scope
The objective of this audit was to ensure that core controls over financial managementFootnote 4 within the ORSCC result in compliance with key requirements contained in the selected financial legislation, policies, and directives.
The scope of this audit included financial transactions, records, and processes conducted by the ORSCC. Transactions were selected from fiscal year 2014-15. The audit examined a sample of transactions for each of the selected policies and directives. The Appendix provides a complete list of policies and directives included in the scope of the audit and the overall compliance in the areas tested.
The scope of this audit includes all transactions, records, and processes conducted by the ORSCC from fiscal year 2014-2015, with the exception of transactions pertaining to the Justices of the Supreme Court of Canada, which have been scoped out of this audit.Footnote 5
Conformance with Professional Standards
This audit engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.
Mike Milito, MBA, CIA, CRMA
Assistant Comptroller General
Internal Audit Sector, Office of the Comptroller General of Canada
Audit Findings and Conclusion
Core controls over financial management regarding the transactions tested within the ORSCC resulted in partial compliance with the key requirements contained in 1 of the 14 policies, directivesFootnote 6 and corresponding legislation tested. The ORSCC was not in compliance with key requirements contained in the remaining 13 policies and directives tested.
Weaknesses were identified in the area of compliance with requirements specific to the TB Policy on Financial Management Governance and
Financial Management Governance
For financial management governance, the budget was not formally approved by the Deputy Head. In addition, the department had incurred net operating losses in fiscal years’ 2013–14 and 2014–15 for a selected activity, contrary to their departmental policy requiring full cost recovery. Furthermore, based on a review of policy and procedural documentation for this activity, the audit noted issues of segregation of duties for purchasing, billing and conducting inventory. Further documentation to support certain transactions in the audit sample were not provided by the ORSCC; therefore, the audit could not conclude on whether these transactions complied with the requirements of applicable TB policies and directives. Given the above, the risk of fraud may be heightened. The ORSCC is strongly encouraged to conduct a comprehensive fraud risk assessment. Fraud risk assessments are considered to be a best practice for all organizations.
Contracting
With respect to contracting, appropriate procurement methods were not always chosen and used in compliance with their terms and conditions. Documentation was often missing or deemed insufficient to serve its intended purpose, including documentation pertaining to sole-source justifications, best-value analysis, bid evaluation criteria, bid evaluations, security clearance checks and justification for contract amendments. In addition, contracts and contract amendments were sometimes signed by individuals who did not have the appropriate authority to do so.
Documentation
For acquisition cards, documentation to support approval, issuance, conditions of use, and cardholder acknowledgement of responsibilities was not always retained on file. In addition, documentation was not always retained on file to demonstrate the business need for purchases made on acquisition cards or for purchases reimbursed through the petty cash fund.
For travel, justification was not always sufficiently detailed on approval documentation to specify the reason for travel; to demonstrate that efforts had been made to reduce, minimize or avoid travel; or to support accommodation costs above prescribed city rate limits.
With respect to hospitality, justification on file was sometimes insufficient to demonstrate the necessity of the event or specific event costs (including events where only public servants had attended); or to substantiate the reason for selecting a specific supplier, costs above the standard per person cost and the need to serve alcohol at the event. In addition, applicable hospitality transactions were not always proactively disclosed.
For pay administration, the audit found that performance agreements, year-end performance reviews and departure forms were not always on file.
Approval
With respect to financial delegation, the audit noted that some staff had been delegated financial authorities without having completed mandatory training. In addition, approvals of signature specimen cards were not dated and there was no evidence provided to demonstrate that a formal, annual review of the delegated financial authorities had been conducted.
Regarding accountable advances, the audit found that an individual was designated to be the fund custodian for each respective petty cash fund. However, several employees had access to each fund, resulting in a lack of internal control. With respect to specified purposes accounts, the ORSCC had not been collecting security deposits from appellants when required.
In the area of fleet management, the ORSCC did not periodically confirm the continued validity of drivers’ licenses, systemically monitor vehicle usage logbooks or analyze usage data in order to determine vehicle utilization patterns.
Lastly, the audit found that expenditure initiation and account verification were not always approved by someone with the delegated authority, dated or processed in a timely manner and supported with sufficient evidence. For example, evidence was not always on file to demonstrate that goods and services had in-fact been received. In addition, transactions were sometimes approved by an individual who had performed incompatible duties. For example, with respect to acquisition cards, instances were noted where cardholders had completed account verification for their own purchases, which demonstrated a lack of segregation of duties.
Recommendations
The ORSCC should ensure that:
- Delegated financial authorities are formally reviewed on an annual basis and updated, if deemed necessary; all signature specimen cards include the date on which the appropriate authority had delegated financial authority to the incumbent; and all employees with delegated financial authority receive mandatory training before they exercise their authority.
- The organizational budget is signed by the Deputy Head at the start of the fiscal year; it examines the long-term sustainability of the funding models for selected activities; appropriate segregation of duties exists within activities for purchasing, billing and conducting inventory; and it reviews and adjusts all departmental financial policies to ensure appropriateness. A risk-based plan should also be established to review all other departmental policies.
- Documentation is retained on file for acquisition cards to substantiate their issuance, approval and conditions of use, as well as the acknowledgment of responsibilities by the acquisition cardholder and to demonstrate the business need for purchases.
- Business processes are improved and consistently performed in compliance with the Treasury Board Directive on Accountable Advances, and that documentation is retained on file.
- The department re-examines the continued need for security deposits and takes appropriate action to ensure that internal policies, procedures and practices align with applicable legislation.
- Business processes are improved and consistently performed in compliance with the Treasury Board Contracting Policy, and that documentation is retained on file.
- Business processes are improved and are consistently performed in compliance with the National Joint Council Travel Directive, and that documentation is retained on file.
- Business processes are improved and are consistently performed in compliance with the Directive on Travel, Hospitality, Conference and Event Expenditures, and that documentation is retained on file.
- Performance agreements and performance reviews are documented, retained on file and completed prior to determining performance pay owed to the employee; and departure forms are appropriately completed and retained on file.
- The validity of drivers’ licences is periodically confirmed; users of fleet vehicles consistently and appropriately complete entries in the fleet logs; fleet log usage is systemically monitored, and the log data is periodically analyzed; and disposal and write-off of vehicles is approved in accordance with the Delegation of Financial Authorities Matrix.
- Funds commitment availability is certified, signed and dated by an individual with the appropriate delegated authority prior to the expenditure initiation, and that documentation is retained on file to demonstrate that this had occurred; and commitments are established and entered into the financial system in a timely manner, at the value expected to be incurred.
- Account verification is sufficiently documented, duly signed and dated in a timely manner by the appropriate delegated authority; transactions are only approved by individuals who perform compatible duties; invoice payment is issued for the correct amount, within the contract limit; and payment and settlement is processed on a timely basis, within payment terms.
Management Response
Management has accepted the majority of the audit findings, with some exceptions noted in the Management Action Plan. Management has developed an action plan to address the recommendations. It is expected that the management action plan will be fully implemented by March 31, 2019.
The results of the audit and the Management Action Plan have been discussed with the Registrar of the Supreme Court of Canada and with the Small Departments Audit Committee. The Office of the Comptroller General of Canada will follow-up on the implementation of the Management Action Plan.
Appendix: Policies and Directives Tested
Policies and Directives Tested | Compliance |
---|---|
Directive on Delegation of Financial Authorities for Disbursements | Not Met |
Policy on Financial Management Governance | Not Met |
Directive on Acquisition Cards | Not Met |
Directive on Accountable Advances | Not Met |
Directive on Year-End Recording of Payables | Not Met |
Directive on Specified Purposes Accounts | Not Met |
Contracting Policy | Not Met |
National Joint Council Travel Directive | Not Met |
Directive on Travel, Hospitality, Conference and Event Expenditures | Not Met |
Directive on Leave and Special Working Arrangements | Partially Met |
Directive on Financial Management of Pay Administration | Not Met |
Directive on Fleet Management – Light Duty Vehicles | Not Met |
Directive on Expenditure Initiation and Commitment Control | Not Met |
Directive on Account Verification | Not Met |
Legend of Compliance Thresholds Footnote 7 | |
---|---|
Met |
Greater than or equal to 98% compliance |
Partially Met |
Greater than or equal to 80% and less than 98% compliance |
Not Met |
Less than 80% compliance |
Footnotes
- Footnote 1
-
Source: ORSCC Report on Plans and Priorities (RPP) for 2014–15, Section I (“Raison d'être”)
- Footnote 2
-
Source: SCC webpage entitled “Strategic Direction”, last modified on March 24, 2011
- Footnote 3
-
Source: ORSCC Departmental Performance Report (DPR) for 2014–15, Section I (“Actual Expenditures”)
- Footnote 4
-
See Appendix for a complete list of policies and directives included in the scope of this audit.
- Footnote 5
-
The scope of this audit excluded expenditures made under the Judges Act; however, it included transactions that were subject to Treasury Board (TB) policies and directives.
- Footnote 6
-
See Appendix for the ORSCC compliance in the areas tested.
- Footnote 7
-
Compliance thresholds for the transactions tested.
Source: ORSCC Report on Plans and Priorities (RPP) for 2014–15, Section I (“Raison d'être”)
Source: SCC webpage entitled “Strategic Direction”, last modified on March 24, 2011
Source: ORSCC Departmental Performance Report (DPR) for 2014–15, Section I (“Actual Expenditures”)
See Appendix for a complete list of policies and directives included in the scope of this audit.
The scope of this audit excluded expenditures made under the Judges Act; however, it included transactions that were subject to Treasury Board (TB) policies and directives.
See Appendix for the ORSCC compliance in the areas tested.
Compliance thresholds for the transactions tested.
- Date modified: