Archived - Audit of SCIS Expenditure Management

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Date: September 2011
Project # 10-34

PDF Version (139 Kb, 24 Pages)

Acronyms
Executive Summary
1. Background
2. Objective and Scope
3. Methodology
4. Findings and Recommendations
5. Conclusion
6. Management Action Plan
Appendix A: Audit Criteria
Appendix B - List of Treasury Board policies reviewed

Acronyms

AANDC

Aboriginal Affairs and Northern Development Canada

ADM

Assistant Deputy Minister

AES

Audit and Evaluation Sector

CIDM

Comprehensive Integrated Document Management

CFO

Chief Financial Officer

FAA

Financial Administration Act

FMC

Financial Management Committee

GAAS

Generally Accepted Auditing Standards

Information Management

IMB

Information Management Branch

Information Technology

KPI

Key Performance Indicator

PAYE

Payables at Year End

PSAB

Public Sector Accounting Board

RCM

Responsibility Center Manager

RIA

Resolution and Individual Affairs

SCIS

Secure Certificate of Indian Status

TBAS

Treasury Board Accounting Standards

Executive Summary

Background

In 2006, Treasury Board approved the Secure Certificate of Indian Status (SCIS) project. The approved funding covered one-time implementation costs of $9.34M and recurring operational costs (Vote 1, Vote 5 and Vote 10) of $5.73M annually. The SCIS initiative was introduced by Aboriginal Affairs and Northern Development Canada (hereon referred to as "AANDC" or "the Department") to replace the original Certificate of Indian Status, which was a laminated paper card that could be easily altered for fraudulent purposes.

The Resolution and Individual Affairs (RIA) Sector is the sponsor organization for the SCIS project, and has overall accountability for SCIS service delivery. RIA is also responsible for project and financial management, including progress reporting.

This audit of SCIS expenditure management was initiated in April 2011 to examine potential risks associated with SCIS project expenditure management.

Objective and scope

The objective of this audit was to provide assurance that:

A sound control framework is in place to manage expenditures;
The SCIS budget is managed with appropriate oversight; and,
SCIS project is on track for an effective and efficient implementation.

The scope of the audit covered expenditures made in fiscal year 2010-11 between November 1, 2010 and March 31, 2011, as well as management controls in place at the time of the audit. The audit covered risks in the broad areas of expenditure, procurement and record management.

Methodology

The audit was planned and conducted to be in accordance with the Internal Auditing Standards for the Government of Canada as set out in the Treasury Board Policy on Internal Audit. It does not constitute an audit in accordance with any Generally Accepted Auditing Standards (GAAS), typically used as part of audited financial statements.

Audit work was conducted from June 2011 to September 2011 at headquarters using a risk-based audit program that was developed based on the Financial Administration Act (FAA) and relevant Treasury Board policies. Principle audit techniques used include documentation reviews, interviews, walk-throughs and testing, including data analytics.

Findings and Conclusion

The audit found that the reported current budget of $6.1M for fiscal year 2010-11, was spent appropriately. While supplementary funding was spent in addition to this total, the Treasury Board funding granted through the 2006 submission was effectively allocated to the SCIS project by the Department for the period under audit.

While the audit found effective expenditure management in many areas, the following exceptions were noted for the period under audit:

Financial coding not effectively leveraged to enable an understanding of total project cost;
Software expenditures not capitalized in accordance with Treasury Board and public accounting guidelines while nearly $5M in Vote 5 funding lapsed;
Electronic and paper-based records not well integrated, leading to inefficiencies and increased non-compliance risk regarding records management;
Procurement planning not well coordinated between the SCIS and procurement teams; and,
Key decisions not consistently recorded and limited operational reporting.

Recommendations

The Audit and Evaluation Sector recommends that the Assistant Deputy Minister, Resolution and Individual Affairs Sector and the Chief Financial Officer address the findings identified to further improve budget and expenditure management for the SCIS project. The recommendations should be considered as planning continues toward achieving a national, sustainable model for SCIS. Specifically, we recommend:

The Assistant Deputy Minister, Resolution and Individual Affairs Sector should:

(Recommendation #1) – Ensure that the SCIS project team, in consultation with the Resource Planning and Administration unit of RIA and with the CFO sector, utilizes a more comprehensive project coding structure to track and report on all expenditures associated with the development and implementation of SCIS. We recommend a project coding structure be designed to enable:
- Effective and efficient tracking of all expenditures related to SCIS across the Department;
- Reconciliation of budget transfers to other RCM's and associated expenditures to enable appropriate and efficient use of funds; and,
- Reporting of total project costs.
(Recommendation #4) – Ensure that the SCIS team continues to proactively review, prepare and revise procurement strategies for the project.
(Recommendation #5) – Ensure that the SCIS project maintains detailed operational reporting that includes:
- A detailed risk register to track risk mitigating activities at the operational level; and,
- Performance metrics and KPIs, including financial and resource metrics, service delivery, and project status by stream.

Dashboards for senior management should contain an aggregate of the detailed operational reporting, and have the ability to raise major issues or risks that require attention. In addition, key management briefings and evidence of decisions should be documented and retained.

The Chief Financial Officer should:

(Recommendation #2):
- Determine whether SCIS software development costs incurred to date should be reclassified in accordance with TBAS 3.1 and PSAB 3150;
- Review other projects with potential capital investment to determine whether appropriate accounting treatment has been applied; and,
- Ensure when changes to project scope impact Vote authority that the funding profile be adjusted through Treasury Board to match projected spending.
(Recommendation #3) – Review internal policies to ensure alignment of electronic records (eRecord) management with related paper-based records management. To more efficiently and securely store and access records of value to the Department, we recommend:
- Establishing common nomenclature and promote use of metadata to improve linkage of paper-based records to electronic transactions (i.e. linking transactions in OASIS with documents in the document management solution);
- Increasing employee awareness and training on internal recording keeping policies;
- Increasing monitoring and compliance of record keeping practices; and,
- Ensuring business processes are revised to reflect continual evolution of eRecord management.
(Recommendation #4) – Ensure procurement officers use and refer to developed procurement plans. To improve communication and alignment, we recommend that a procurement officer be designated as a liaison for the SCIS project. The procurement liaison should be tasked to provide regular guidance and feedback to the project team in the following areas:
- Selection of appropriate procurement vehicles to meet the short-, medium- and long-term needs of SCIS project;
- Tendering notices and requests for proposal; and,
- Establishing timelines for procurement to ensure the right resources are provided at the right time.

1. Background

In 2006, Treasury Board approved the SCIS project for $9.34M of funding for one-time implementation costs and $5.73M annually to introduce a secure identity document to confirm official Indian Status in Canada. The SCIS initiative was introduced by AANDC to replace the original Certificate of Indian Status, which was a laminated paper card that could be easily altered for fraudulent purposes.

SCIS application intake began at the start of 2009. As a result of feedback provided by AES, a new project management team, process, and roll-out strategy was introduced in December 2009.

The Resolution and Individual Affairs (RIA) sector is the sponsor organization for the SCIS project, and has overall accountability for SCIS service delivery. RIA is also responsible for project and financial management, including progress reporting.

This audit of SCIS expenditure management was initiated in April 2011 to examine potential risks associated with SCIS project expenditure management.

Return to Table of Contents

2. Objective and Scope

2.1 Objective

The objective of this audit was to provide assurance that:

A sound control framework is in place to manage expenditures;
The SCIS budget is managed with appropriate oversight; and,
SCIS project is on track for an effective and efficient implementation.

2.2 Scope

Measures implemented in fiscal year 2010-11 to address procurement and records management control deficiencies;
Expenditures made between November 1, 2010 to 31 March 2011, including:
- Financial coding and expenditure tracking;
- Identification and classification of expenditures;
- Review of budget transfers;
Current budgeting and expenditure management practices and controls (i.e. practices in place during the execution of the audit); and,
Project budgeting, variance analysis and reporting for fiscal year 2010-11.

2.3 Areas not in scope

The following areas were not within the audit scope:

IT controls to limit access to the financial system: Oracle Financials application controls and IT general controls were not audited.
Costing model: The costing model for a sustainable, national SCIS program continued to evolve and was not assessed as part of the audit.

3. Methodology

The audit of SCIS expenditure management was planned and conducted to be in accordance with the Internal Auditing Standards for the Government of Canada as set out in the Treasury Board Policy on Internal Audit. It does not constitute an audit in accordance with any Generally Accepted Auditing Standards (GAAS), typically used as part of audited financial statements.

Audit work was conducted from June 2011 to September 2011 at AANDC headquarters. A risk-based audit program was developed based on the Financial Administration Act (FAA), the Policy on Internal Control (PIC) and other relevant policies, standards and directives specified by the Treasury Board of Canada Secretariat (see Appendix A). Principle audit techniques used include documentation reviews, interviews, walk-throughs and testing, including data analytics.

To inform management of audit status, and enable the Department to understand and effectively mitigate risks throughout the audit, periodic status meetings were held with the Assistant Deputy Minister (ADM) of RIA. Status updates were also provided to the Departmental Audit Committee. Key dates and audit timelines are depicted in the figure below.

The picture depicts the timeline for the audit of SCIS expenditure management. Above the timeline, arrows are used to show the length of each phase of the audit, beginning with initial meetings to refine the audit scope. This segment of the audit lasted from April 2011 to June 2011. The next phase of the audit, the planning phase, began in late May 2011 and was finished at the end of June 2011. The execution phase began in mid-June 2011 and ended at the end of August 2011. The reporting phase of the audit began at the end of August 2011 and was completed in September 2011 with the presentation of the audit report to the Departmental Audit Committee.

The picture also depicts the approximate dates of key audit briefs with the Departmental Audit Committee (represented by a diamond shape) and SCIS project leadership (represented by a heptagon shape). The first briefing occurred in late April 2011 where the Departmental Audit Committee requested an audit of SCIS expenditure management. Following this meeting, the audit team met with SCIS project leadership in May 2011 to hold an initial discussion on the scope of the audit. In June 2011, the audit team held a formal kick-off meeting with SCIS project leadership to initiate the audit. Following the kick-off meeting, the audit team provided a briefing to the Departmental Audit Committee in late June 2011. This was followed by an audit status meeting with SCIS project leadership in mid July 2011 to discuss the status of the audit. A final briefing was held with SCIS project leadership at the beginning of September 2011 to present the results of the audit. The results along with the final audit report and management action plan were presented to the Departmental Audit Committee at the end of September 2011.

4. Findings and Recommendations

Overall, the project expenditures in fiscal year 2010-11 were managed appropriately. The reported current budget of $6.1M for fiscal year 2010-11 was spent on the SCIS project. While supplementary funding was spent in addition to this total, as discussed in Section 4.1, the Treasury Board funding granted through the 2006 submission was effectively allocated to the SCIS project by the Department for the period under audit.

The findings and recommendations are organized according to the following five areas:

Expenditure tracking;
Capital expenditure classification;
Records management;
Procurement; and,
Reporting and records of decision.

4.1 Expenditure tracking

We observed improvements made to SCIS expenditure management, coinciding with a change in project leadership that occurred in 2010. Specifically, we observed a greater degree of rigour and discipline in tracking SCIS expenditures and the use of a project code to track expenditures allocated through the Financial Management Committee (FMC).

While progress has been noted, the following areas were identified for improvement to promote more effective management of SCIS expenditures as the project evolves to a steady-state program:

Financial codes are not configured to track expenditures in a comprehensive manner: The project code used by SCIS does not cover expenditures made by other Responsibility Centre Managers (RCM) in the Department. We noted one such example, where Information Management Branch (IMB) established a separate coding mechanism to track project expenditures. As a result, budget transfers of $1.5M for fiscal year 2010-11 are not tracked as SCIS project expenditures. This situation impairs the Department's ability to view the total SCIS expenditures in the financial system.
There is no detailed reconciliation of SCIS expenditures As a result of the limitation in project coding described above, the reconciliation of project expenditures (budget versus actual) performed by the RIA Sector excluded spending made by another RCM in the Department. Specifically, no detailed reconciliation was performed for spending by IMB for application development, which represented 17% (approximately $1M) of total SCIS expenditures in fiscal year 2010-11.
Total cost of ownership is not well understood: Because another RCM supplemented funds transferred to them by SCIS with their own internal budget funds, the total funds originating from the SCIS RCM do not represent the total cost of the project. Specifically, approximately 9% ($95K) of the total IMB spending on SCIS application development for fiscal year 2010-11 was from IMB's internal budget funds. The use of IMB's internal budget allocation to supplement SCIS application development has resulted in:
- Inaccurate management reporting of total costs for the development and implementation of SCIS; and,
- Increased risk of funding pressure for other IT projects.

Finding 1: Financial coding is not effectively leveraged to understand total SCIS project costs. Budget analysis and expenditure testing demonstrated that coding used to track SCIS expenditures does not support the reconciliation and reporting of total project costs. There is a risk that management reporting does not accurately reflect the total costs of SCIS development and implementation.

Recommendation 1: The Assistant Deputy Minister, RIA Sector should ensure that the SCIS project team, in consultation with the Resource Planning and Administration unit of RIA and with the CFO Sector, utilizes a more comprehensive project coding structure to track and report on all expenditures associated with the development and implementation of SCIS. We recommend a project coding structure be designed to enable:

Effective and efficient tracking of all expenditures related to SCIS across the Department;
Reconciliation of budget transfers to other RCM's and associated expenditures to enable appropriate and efficient use of funds; and,
Reporting of total project costs.

4.2 Capital expenditure classification

We observed that all project expenditures for the SCIS project are expensed when incurred, including software development expenditures incurred within IMB. However, SCIS software developed in-house subject to the requirements of Treasury Board Accounting Standards (TBAS) 3.1 and 3.1.1 for Capital Assets and Software Guidance indicates these types of expenditures should be capitalized. Public Sector Accounting Board (PSAB) section 3150 also provides guidance on the capitalization of tangible capital assets, suggesting that expenditures related to software development should be capitalized. No evidence was available for review to confirm the process specified for capital assets in AANDC's Financial Management Manual (Chapter 7.11) was adhered to.

We noted in fiscal year 2010-11 that reported current budget of SCIS Vote 1 funds was $6.1M while the Treasury Board submission allotment for Vote 1 remained at $2.95M. Since 2006, the SCIS delivery method has evolved significantly requiring amendments to the Treasury Board Vote authority profile. These amendments were not made, which resulted in the Department having to approve FMC pressure funds for the project. Additionally, accumulated Vote 5 and remaining Vote 10 funding for the project lapsed at year-end.

Finding 2: Software development costs are not capitalized. The expenditures relating to software development for SCIS were not capitalized in accordance with Treasury Board and Public Sector Accounting Board standards.

Recommendation 2: The CFO Sector should:

Determine whether SCIS software development costs incurred to date should be reclassified in accordance with TBAS 3.1 and PSAB 3150;
Review other projects with potential capital investment to determine whether appropriate accounting treatment has been applied; and,
Ensure when changes to project scope impact Vote authority that the funding profile be adjusted through Treasury Board to match projected spending.

4.3 Records management

We observed improvements to records management practices. Invoices, contracts and supporting financial paper-work were readily available for review, in a consistent filing format managed by the RIA Sector. While improvement has been made, the following exceptions were noted:

Policy non-compliance for paper-based records: We observed instances of non-compliance with records management policies during testing within the Headquarters Financial Services office of the CFO Sector. Specifically, we observed important financial control documents not filed in accordance with the Treasury Board Directive on Recording Keeping that requires documents to be properly classified and stored. While all supporting documents were located, the files were stored in boxes, unclassified and unsecured.
Inconsistent procurement filing for paper-based records: In the sample of procurement file reviewed, we found no evidence of a defined, structured framework for managing associated documents. The importance of a number of documents contained in the files or the associated business value for their retention was not clear. In some instances, repetitive information was retained, which resulted in difficulty ascertaining the final outcomes of key decisions made on contracts and associated amendments.
Gaps in policy awareness: The results of our testing indicate that retention policies for financial records are not well understood by personnel managing financial records within the RIA Sector. This suggests that communication between IMB and the RIA Sector may require strengthening with regards to the application of internal records management policies.

In addition to the exceptions above, the audit observed inefficiencies associated with linking paper-based records to their associated electronic files in the financial system. Specific inefficiencies noted include:

Inconsistent budget transfer batch nomenclature, resulting in difficulty identifying transfers; and,
Inability to identify supply arrangements used by a particular RCM, resulting in time-consuming key word searches on a case-by-case basis.

To further refine the records management process for greater efficiency and risk mitigation, the processes in place to manage files with electronic and paper-based components should be revised to improve integration.

The exceptions noted and the inefficiencies observed suggest that the framework for managing paper-based records may require attention. As part of efficiency-focused transformations taking place, the Department should consider efficiencies to be gained by integrating the processes to manage paper-based records in greater alignment with electronic file-keeping.

Finding 3: Lack of integration between the processes to manage electronic and paper-based records.There is an increased risk of inefficiency and policy non-compliance, whereby paper records do not align with electronic records for the same file. Better integration between the two filing mechanisms may improve efficiency and mitigate risk.

Recommendation 3: The Chief Financial Officer should review internal policies to ensure alignment of electronic records (eRecord) management with related paper-based records management. To more efficiently and securely store and access records of value to the Department, we recommend:

Establishing common nomenclature and promote use of metadata to improve linkage of paper-based records to electronic transactions (i.e. linking transactions in OASIS with documents in the document management solution);
Increasing employee awareness and training on internal recording keeping policies;
Increasing monitoring and compliance of record keeping practices; and,
Ensuring business processes are revised to reflect continual evolution of eRecord management.

4.4 Procurement

Procurement is another area in which improvements were noted. We observed a greater degree of planning and oversight for SCIS-related contracts within the RIA Sector. Despite these improvements, there was a lack of evidence to demonstrate a coordinated planning process between the SCIS project team and the CFO procurement team.

Our testing of procurement files and assessment of contracting strategies for SCIS suggested poor communication between the teams. Specifically, we noted the following:

Inefficiencies in contract management: The nature and frequency of communications between procurement and RIA personnel demonstrate challenges in implementing a coordinated approach to procurement for the SCIS project.
Lack of a formalized procurement plan for 2010-11: Procurement management indicated that there has never been a formal procurement plan presented by the SCIS team to enable effective planning. However, while outside the period of audit, we noted that the SCIS project has established procurement plans for fiscal years 2011-12 and 2012-13. It is unclear why procurement management interviewed was not aware with these plans, suggesting a lack of coordination between the two units, particularly at the operational level.
Potential for conflict of interest in current processes: Due to increased reliance on contracted personnel, it appears that there may be challenges in segregating some of the SCIS contract management functions from consultants. On two occasions, we observed consultants engaged in the bid review process. This practice introduces the potential for conflict of interest. To mitigate this risk, controls should be in place to assess the potential for conflict of interest in advance of bid reviews.

Finding 4: Lack of a coordinated plan between procurement and SCIS project team. The lack of alignment increases the risk of inefficient contracting, non-compliance with internal control policies, and cost overruns.

Recommendation 4: The Assistant Deputy Minister, RIA Sector should ensure that the SCIS team continues to proactively review, prepare and revise procurement strategies for the project.

The Chief Financial Officer should ensure procurement officers use and refer to developed procurement plans. To improve communication and alignment, we recommend that a procurement officer be designated as a liaison for the SCIS project. The procurement liaison should be tasked to provide regular guidance and feedback to the project team in the following areas:

Selection of appropriate procurement vehicles to meet the short-, medium- and long-term needs of SCIS project;
Tendering notices and requests for proposal; and,
Establishing timelines for procurement to ensure the right resources are provided at the right time.

4.5 Reporting and records of decision

As part of our assessment of budgeting and oversight, we noted a lack of evidence to demonstrate how and when key decisions were made in fiscal year 2010-11 outside of briefing documents to the Deputy Minister. While we were informed of frequent meetings to discuss and resolve issues as part of the project's organizational reporting framework, records of decision from key management and oversight meetings were not available for review. The practice of retaining these records of decision is important for the following purposes:

Demonstrating due diligence and rationale for budgetary changes or costing revisions; and,
Managing SCIS knowledge, which is particularly important when key resources are no longer available to work on the project.

At a high level, it appears that the reporting and oversight processes have matured and that improved record keeping practices for key decisions is now in place for fiscal year 2011-12. As the project evolves, the following documentation should be retained as evidence of appropriate oversight and reporting:

Risk registers to track and manage risks associated with the project;
Records of decision from key meetings;
Ongoing budget-to-actual analysis; and,
Detailed cost forecasting.

Finding 5: Key records of decision not retained from management meetings and operational reporting is limited.Evidence of operational reporting and oversight at the Sector level was not available to support the reporting framework illustrated to auditors. There is an increased risk that important information concerning project performance is not communicated in a timely manner for mitigating action and key decision-making purposes.

Recommendation 5: The Assistant Deputy Minister, RIA Sector should ensure that the SCIS project maintains detailed operational reporting that includes:

A detailed register to track risks and issues on an ongoing basis; and,
Performance metrics and KPIs, including financial and resource metrics, service delivery, and project status by stream.

5. Conclusion

Overall, project finances appear to be on track to effectively support a controlled SCIS implementation. Improvement in SCIS expenditure management has been demonstrated and audit observations indicate plans are underway to continue to improve the current suite expenditure management controls.

For the period under audit, we noted that internal controls over the expenditure approval process were effective and compliant with the FAA. We also found evidence to demonstrate that Treasury Board funds from the 2006 submission were allocated to the SCIS project, and that the reported current budget of $6.1M for fiscal year 2010-11 was spent on SCIS.

Nonetheless, we identified five findings and opportunities for improvement in the following broad areas:

Expenditure tracking;
Capital expenditure classification;
Records management;
Procurement; and,
Reporting and records of decision.

We recommend that the CFO and RIA Sectors work together to address the findings according to the five recommendations in this report. We understand that SCIS expenditure management practices continue to be improved and refined as part of planning for a national, sustainable model. The audit recommendations should be incorporated into the ongoing planning toward a national, sustainable model for SCIS.

6. Management Action Plan

Recommendations	Management Response/ Actions	Responsible Manager (Title)	Planned Implementation Date
1. The Assistant Deputy Minister, RIA Sector should ensure that the SCIS project team, in consultation with the Resource Planning and Administration unit of RIA and with the CFO Sector, utilizes a more comprehensive project coding structure to track and report on all expenditures associated with the development and implementation of SCIS. We recommend a project coding structure be designed to enable: Effective and efficient tracking of all expenditures related to SCIS across the Department; Reconciliation of budget transfers to other RCMs and associated expenditures to enable appropriate and efficient use of funds; and, Reporting of total project costs.	Management Response/Actions: RIA Sector Management agrees with this recommendation. The SCIS team and the Resource Planning Unit are developing in collaboration with CFO a comprehensive expenditure tracking and coding system which will include IMB, and any of the sectors expending funds on SCIS. Staff will be informed of the update system. Establishment of the project coding structure, developed jointly by RIA and CFO, Planning and Reporting Management (Financial Management Advisors), will ensure that departmental sectors who incur expenditures related to the project will be able to code these costs appropriately within the departmental financial system. Updates to the coding structure will be communicated broadly by CFO, PRM accordingly in order to facilitate a regular comprehensive reporting of total project costs against allocated budgetary resources. Results would form part of the Financial Status Report and be available for management's review and decision making. To ensure accurate reporting of project cost CFO, PRM will ensure budgetary transfers are actioned and reconciled as part of the regular budget reconciliation process.	Assistant Deputy Minister, RIA Sector	October 31, 2011 for the establishment of a new coding structure, with an ongoing reporting of accurate costs and budgetary reconciliation process.
2. The Chief Financial Officer should: Determine whether SCIS software development costs incurred to date should be reclassified in accordance with TBAS 3.1 and PSAB 3150; Review other projects with potential capital investment to determine whether appropriate accounting treatment has been applied; and, Ensure when changes to project scope impact Vote authority that the funding profile be adjusted through Treasury Board to match projected spending.	Management Response/Actions: An analysis will be conducted to determine if the costs should be capitalized. For fiscal year 2011-2012, corrections will be made if necessary. For previous years, a restatement of the financial statements may be required based on the levels of materiality.	Chief Financial Officer Director, Corporate Accounting and Reporting	Q2: 2011-2012
	This was addressed through the internal controls assessment conducted in 2010-2011. The monitoring of expenditures is ongoing.	Director, Corporate Accounting and Reporting	On-going
	In discussion with program to assist them with a new TB Submission if required. Through the regular monitoring processes, including the monthly Financial Status Report CFO, PRM (Financial Management Advisors) will work closely with RIA to ensure SCIS project costs are forecasted appropriately. If the scope and costs increase, CFO, PRM (Director of Financial Planning, Analysis and Estimates) in discussion with RIA and the Treasury Board Secretariat will consider an adjustment to the authority and make adjustments through Treasury Board as required.	Planning and Resource Management	Q2: 2011-2012 and on-going
3. The Chief Financial Officer should review internal policies to ensure alignment of electronic records (eRecord) management with related paper-based records management. To more efficiently and securely store and access records of value to the Department, we recommend: Establishing common nomenclature and promote use of metadata to improve linkage of paper-based records to electronic transactions (i.e. linking transactions in OASIS with documents in the document management solution); Increasing employee awareness and training on internal recording keeping policies; Increasing monitoring and compliance of record keeping practices; and, Ensuring business processes are revised to reflect continual evolution of eRecord management.	Management Response/Actions: IMB/CIMD will develop additional instructions for this project, based on existing departmental RK policies. This will include standard document naming and profiling conventions, use of linking keywords and metadata (such as project code), invoice handling procedures and identification of core records to ensure alignment of electronic records in Oasis and CIDM to related paper-based records. These will be prepared as part of an IM Project that will include representation of the Program, Finance and IMB. These instructions will be customized for this project in the form of a Record Keeping Agreement, but the intention would be that this would also become a standard for all projects to be included with the RK overlay/deliverables for the Project Management Framework. ERecord candidacy will be assessed for project-related document handling and will be encouraged to the extent possible under TBS Policy. These additional instructions will support the project sponsor with education and awareness efforts to assist employees in distinguishing and handling information resources of enduring value, business value and transitory value to improve recordkeeping and retrieval. Additionally, they will contribute as a foundation for recordkeeping compliance monitoring by the project sponsor.	Chief Financial Officer	Q4: 2011-2012
4. The Assistant Deputy Minister, RIA Sector should ensure that the SCIS team continues to proactively review, prepare and revise procurement strategies for the project. The Chief Financial Officer should ensure procurement officers use and refer to developed procurement plans. To improve communication and alignment, we recommend that a procurement officer be designated as a liaison for the SCIS project. The procurement liaison should be tasked to provide regular guidance and feedback to the project team in the following areas: Selection of appropriate procurement vehicles to meet the short-, medium- and long-term needs of SCIS project; Tendering notices and requests for proposal; and, Establishing timelines for procurement to ensure the right resources are provided at the right time.	Management Response/Actions: CFO and RIA Sector Management agree with the recommendation. *RIA Sector* RIA Sector Management confirms that SCIS had developed a procurement plan in September 2010, once the SCIS model was approved, to deal with the remainder of the 2010-11 Fiscal year. This plan was implemented and monitored within policy guidelines and funding levels. In addition, for FY 11-12 and 12-13, SCIS has developed an exhaustive procurement plan including contracting resource requirements, forecasts, timelines and contracting vehicles (from a short, mid and long term perspective). This plan is currently being implemented and monitored closely, while allowing for revisions, as the project evolves. A regular monthly meeting between RIA Planning and Administration Unit and Procurement is already in place to review progress against the procurement plan, and make any necessary adjustments.	Assistant Deputy Minister, RIA Sector	On-going
	*CFO Sector* The CFO has introduced a procurement planning regime at AANDC to capture major procurement strategies and plans. RIA Sector is feeding into this departmental process. SCIS developed an appropriate and detailed procurement plan including contracting resource requirements, forecasts, timelines and contracting vehicles (from a short, mid and long term perspective). The RIA Sector now has a procurement team leader assigned to it as a liaison, and meetings have taken place between the MAM, CFO and the RIA Sector to discuss the needs of the SCIS project and how to proceed in coming months. The SCIS procurement plan is currently being implemented and monitored closely, while allowing for revisions and amendments, as the project evolves. The procurement team leader approach now in place will permit the CFO the flexibility of assigning officers to the procurement requests and processes, as required, based on the skill set and expertise of employees.	Chief Financial Officer	On-going
5. The Assistant Deputy Minister, RIA Sector should ensure that the SCIS project maintains detailed operational reporting that includes: A detailed register to track risks and issues on an ongoing basis; and, Performance metrics and KPIs, including financial and resource metrics, service delivery, and project status by stream. Dashboards for senior management should contain an aggregate of the detailed operational reporting, and have the ability to raise major issues or risks that require attention. In addition, key management briefings and evidence of decisions should be documented and retained.	Management Response/Actions: The SCIS project has evolved over the last three years and a rigorous risk analysis has been developed and monitored for every model put forward. As decisions are finalized for the SCIS project, these risks will be retained in a risk register for on-going management and escalation as part of the detailed dashboard. Weekly status and performance updates are forwarded to the ADM, and have been for that last 18 months. Monthly financial and resource reports are provided and documented at the Sector Management Meetings, and shared with CFO sector. A governance model has been in place for 18 months, and includes a weekly Sector Management Meetings (ADM and DG level) and Business Modernization Meetings (ADM and DGs). In addition, bilateral meetings occur between the ADM and the Executive Director, SCIS during which project specific items are discussed. Records of decisions for these meetings are documented and retained, but decisions of sensitive nature, since this project has been classified "secret", are only documented in briefing documents to the DM, Minister and Central Agencies. The sector is developing a detailed monitoring and reporting dashboard for senior management that includes registration, Qalipu, C-3 and SCIS.	Assistant Deputy Minister, RIA Sector	October 31, 2011

Appendix A: Audit Criteria

The audit objective is linked to audit criteria developed in alignment with relevant Treasury Board policies (see Appendix B). Additional audit criteria were developed to address specific risks identified in during the planning phase of the audit.

Area of Focus		Criteria
1	Expenditure management	1.1	Expenditures are managed in accordance with the SCIS Treasury board submission
		1.2	Expenditure coding and tracking is reasonable, consistently applied and supports efficient and effective monitoring of SCIS expenditures
		1.3	Travel expenditures are managed in accordance with applicable government and department policies, directives and standards
		1.4	Invoices are appropriately approved, and entered into the OASIS Financial System
		1.5	Payables are validated prior to payment
		1.6	PAYE's at year-end are appropriate
		1.7	Tangible capital assets are identified and appropriately classified
		1.8	Personnel have received reasonable expenditure management training and guidance
		1.9	Expenditure pre-audit and post-audit reviews are completed and corrected
2	Procurement management	2.1	Procurement plans support SCIS project needs, facilitating efficient and effective procurement
		2.2	Personnel have received reasonable procurement management training and guidance
		2.3	Procurement is managed in accordance with applicable government and department policies, directives and standards
3	Records management	3.1	SCIS records management is compliant with the Directive on recordkeeping
4	Budgeting, planning and costing	4.1	Program and project planning are complete and aligned to the SCIS Treasury Board submission
4	Budgeting, planning and costing	4.2	The SCIS budget is aligned to the SCIS Treasury Board Submission and updated regularly
5	Oversight and reporting	5.1	The SCIS project reports regularly to all levels of Management
5	Oversight and reporting	5.2	SCIS project progress and expenditures are reported to Treasury Board

Appendix B - List of Treasury Board policies reviewed

The following policies were reviewed as part of the audit and considered relevant to the audit scope:

Treasury Board Accounting Standards:
- Accounting Standard 2.2 – Materiality
- Accounting Standard 3.1 – Capital Assets
- Accounting Standard 3.1.1 – Software
Treasury Board policies:
- Contracting Policy
- Policy on Information Management
- Policy on Payables at Year-End (PAYE)
- Policy on the Management of Projects
- Policy on Transfer Payments
- Project Approval Policy
Treasury Board directives:
- Directive on Acquisition Cards
- Directive on Delegation of Financial Authorities for Disbursements
- Directive on Information Management Roles and Responsibilities
- Directive on Recording Financial Transactions in the Accounts of Canada
- Directive on Record Keeping
National Joint Council directives:
- Travel Directive
Additional Treasury Board guidance:
- Carry-Forward of Capital Funds - TB Circular 1987-53
- Guide to Costing
- Standard for Project Complexity and Risk

Did you find what you were looking for?

What was wrong?

I can't find the information

The information is hard to understand

There was an error or something didn't work

Other reason

Please provide more details

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Date modified:: 2012-07-09