Core control audit of the Office of the Registrar of the Supreme Court of Canada

December 2017

Office of the Comptroller General

Why this is important

The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policy and procedures.

Core control audits provide deputy heads with assurance regarding the effectiveness of core controls over financial management in their respective organization. By doing so, core control audits inform deputy heads of their organization’s level of compliance with requirements contained in selected financial legislation, policies and directives.

About the Office of the Registrar of the Supreme Court of Canada

Created by an Act of Parliament in 1875, the Supreme Court of Canada (SCC) is Canada’s final court of appeal. It serves Canadians by deciding legal issues of public importance, thereby contributing to the development of all branches of law applicable within Canada. The Office of the Registrar of the Supreme Court of Canada (ORSCC) provides all necessary services and support for the Court to process, hear and decide cases. It also serves as the interface between litigants and the Court. ^{Footnote 1} The ORSCC’s strategic objectives are:

• To ensure the independence of the Court as an institution within a framework of sound public administration;
• To continuously improve access to the Court and its services;
• To ensure that hearings can be held and decisions rendered promptly; and
• To provide the timely and accurate information the Court needs to fulfill its mandate. ^{Footnote 2}

For fiscal year 2014-15, the ORSCC had spending of approximately $32 million and human resources of 204 full-time equivalents. ^{Footnote 3}

Core Control Audit Objective and Scope

The objective of this audit was to ensure that core controls over financial management ^{Footnote 4} within the ORSCC result in compliance with key requirements contained in the selected financial legislation, policies, and directives.

The scope of this audit included financial transactions, records, and processes conducted by the ORSCC. Transactions were selected from fiscal year 2014-15. The audit examined a sample of transactions for each of the selected policies and directives. The Appendix provides a complete list of policies and directives included in the scope of the audit and the overall compliance in the areas tested.

The scope of this audit includes all transactions, records, and processes conducted by the ORSCC from fiscal year 2014-2015, with the exception of transactions pertaining to the Justices of the Supreme Court of Canada, which have been scoped out of this audit. ^{Footnote 5}

Conformance with Professional Standards

This audit engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

Audit Findings and Conclusion

Core controls over financial management regarding the transactions tested within the ORSCC resulted in partial compliance with the key requirements contained in 1 of the 14 policies, directives ^{Footnote 6} and corresponding legislation tested. The ORSCC was not in compliance with key requirements contained in the remaining 13 policies and directives tested.

Weaknesses were identified in the area of compliance with requirements specific to the TB Policy on Financial Management Governance and TB Contracting Policy; and in the broader compliance areas of documentation and approval for the remaining policies and directives tested.

Financial Management Governance

For financial management governance, the budget was not formally approved by the Deputy Head. In addition, the department had incurred net operating losses in fiscal years’ 2013–14 and 2014–15 for a selected activity, contrary to their departmental policy requiring full cost recovery. Furthermore, based on a review of policy and procedural documentation for this activity, the audit noted issues of segregation of duties for purchasing, billing and conducting inventory. Further documentation to support certain transactions in the audit sample were not provided by the ORSCC; therefore, the audit could not conclude on whether these transactions complied with the requirements of applicable TB policies and directives. Given the above, the risk of fraud may be heightened. The ORSCC is strongly encouraged to conduct a comprehensive fraud risk assessment. Fraud risk assessments are considered to be a best practice for all organizations.

Contracting

With respect to contracting, appropriate procurement methods were not always chosen and used in compliance with their terms and conditions. Documentation was often missing or deemed insufficient to serve its intended purpose, including documentation pertaining to sole-source justifications, best-value analysis, bid evaluation criteria, bid evaluations, security clearance checks and justification for contract amendments. In addition, contracts and contract amendments were sometimes signed by individuals who did not have the appropriate authority to do so.

Documentation

For acquisition cards, documentation to support approval, issuance, conditions of use, and cardholder acknowledgement of responsibilities was not always retained on file. In addition, documentation was not always retained on file to demonstrate the business need for purchases made on acquisition cards or for purchases reimbursed through the petty cash fund.

For travel, justification was not always sufficiently detailed on approval documentation to specify the reason for travel; to demonstrate that efforts had been made to reduce, minimize or avoid travel; or to support accommodation costs above prescribed city rate limits.

With respect to hospitality, justification on file was sometimes insufficient to demonstrate the necessity of the event or specific event costs (including events where only public servants had attended); or to substantiate the reason for selecting a specific supplier, costs above the standard per person cost and the need to serve alcohol at the event. In addition, applicable hospitality transactions were not always proactively disclosed.

For pay administration, the audit found that performance agreements, year-end performance reviews and departure forms were not always on file.

Approval

With respect to financial delegation, the audit noted that some staff had been delegated financial authorities without having completed mandatory training. In addition, approvals of signature specimen cards were not dated and there was no evidence provided to demonstrate that a formal, annual review of the delegated financial authorities had been conducted.

Regarding accountable advances, the audit found that an individual was designated to be the fund custodian for each respective petty cash fund. However, several employees had access to each fund, resulting in a lack of internal control. With respect to specified purposes accounts, the ORSCC had not been collecting security deposits from appellants when required.

In the area of fleet management, the ORSCC did not periodically confirm the continued validity of drivers’ licenses, systemically monitor vehicle usage logbooks or analyze usage data in order to determine vehicle utilization patterns.

Lastly, the audit found that expenditure initiation and account verification were not always approved by someone with the delegated authority, dated or processed in a timely manner and supported with sufficient evidence. For example, evidence was not always on file to demonstrate that goods and services had in-fact been received. In addition, transactions were sometimes approved by an individual who had performed incompatible duties. For example, with respect to acquisition cards, instances were noted where cardholders had completed account verification for their own purchases, which demonstrated a lack of segregation of duties.

Recommendations

The ORSCC should ensure that:

1. Delegated financial authorities are formally reviewed on an annual basis and updated, if deemed necessary; all signature specimen cards include the date on which the appropriate authority had delegated financial authority to the incumbent; and all employees with delegated financial authority receive mandatory training before they exercise their authority.
2. The organizational budget is signed by the Deputy Head at the start of the fiscal year; it examines the long-term sustainability of the funding models for selected activities; appropriate segregation of duties exists within activities for purchasing, billing and conducting inventory; and it reviews and adjusts all departmental financial policies to ensure appropriateness. A risk-based plan should also be established to review all other departmental policies.
3. Documentation is retained on file for acquisition cards to substantiate their issuance, approval and conditions of use, as well as the acknowledgment of responsibilities by the acquisition cardholder and to demonstrate the business need for purchases.
4. Business processes are improved and consistently performed in compliance with the Treasury Board Directive on Accountable Advances, and that documentation is retained on file.
5. The department re-examines the continued need for security deposits and takes appropriate action to ensure that internal policies, procedures and practices align with applicable legislation.
6. Business processes are improved and consistently performed in compliance with the Treasury Board Contracting Policy, and that documentation is retained on file.
7. Business processes are improved and are consistently performed in compliance with the National Joint Council Travel Directive, and that documentation is retained on file.
8. Business processes are improved and are consistently performed in compliance with the Directive on Travel, Hospitality, Conference and Event Expenditures, and that documentation is retained on file.
9. Performance agreements and performance reviews are documented, retained on file and completed prior to determining performance pay owed to the employee; and departure forms are appropriately completed and retained on file.
10. The validity of drivers’ licences is periodically confirmed; users of fleet vehicles consistently and appropriately complete entries in the fleet logs; fleet log usage is systemically monitored, and the log data is periodically analyzed; and disposal and write-off of vehicles is approved in accordance with the Delegation of Financial Authorities Matrix.
11. Funds commitment availability is certified, signed and dated by an individual with the appropriate delegated authority prior to the expenditure initiation, and that documentation is retained on file to demonstrate that this had occurred; and commitments are established and entered into the financial system in a timely manner, at the value expected to be incurred.
12. Account verification is sufficiently documented, duly signed and dated in a timely manner by the appropriate delegated authority; transactions are only approved by individuals who perform compatible duties; invoice payment is issued for the correct amount, within the contract limit; and payment and settlement is processed on a timely basis, within payment terms.

Management Response

Management has accepted the majority of the audit findings, with some exceptions noted in the Management Action Plan. Management has developed an action plan to address the recommendations. It is expected that the management action plan will be fully implemented by March 31, 2019.

The results of the audit and the Management Action Plan have been discussed with the Registrar of the Supreme Court of Canada and with the Small Departments Audit Committee. The Office of the Comptroller General of Canada will follow-up on the implementation of the Management Action Plan.

Appendix: Policies and Directives Tested