Internal Audit Report - April 2011 to June 2012

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

The following report was reviewed by the Audit and Evaluation Committee and was approved by the Commissioner on December 18, 2012.



Office of the Public Sector Integrity Commissioner of Canada


Audit of Contracting, Acquisition Cards and Contribution Program


Final Report


August 31, 2012


Submitted by:
Samson & Associates
Gatineau, Quebec


Table of Contents

Executive Summary
Background / Context
Risk Assessment
Audit Approach and Methodology
Audit Sample
Audit Criteria
Audit Findings and Recommendations

Appendix I - Audit Criteria*
Appendix II - Contribution Program: Process Overview*

*These appendices are available on request by contacting the Office


Executive Summary

The audit of contracting, acquisition cards and contribution program was conducted in accordance with the approved internal audit plan.

The objective of the audit was to provide the Office of the Public Sector Integrity Commissioner of Canada (PSIC) management with the assurance that contracting, acquisition card and contribution program activities and processes were being administered with due diligence and were compliant with relevant government-wide policies and procedures.  The audit was carried out during August 2012. 

We examined the Management Control Framework (MCF) in place to monitor contracting, acquisition card and contribution program activities within PSIC. A review of the processes undertaken by personnel directly involved in these activities was also undertaken. The audit included an examination of procurement and contribution documents between April 1, 2011 and June 30, 2012. During this period, procurement activities and contributions within the scope of our audit amount to the following:

Procurement activities:  $ 1,974,040
Contribution agreement activities:  $ 12,759


Following our documentation review, interviews and testing of files and transactions, we found that payments related to contracting, acquisition cards and the contribution program were in compliance with TBS policies in all cases. 

Although the audit found the Management Control Framework to be well designed, performance measures should be selected and assessed for contracting activities and additional documentation of the procedures for administering the contribution program are required. 


Background / Context

The Office of the Public Sector Integrity Commissioner of Canada provides a safe and confidential mechanism enabling public servants and the general public to disclose wrongdoings committed in the public sector. It also protects from reprisal public servants who have disclosed wrongdoing and those who have cooperated in investigations. The Office’s goal is to enhance public confidence in our public institutions and in the integrity of public servants.

The Commissioner is an Agent of Parliament appointed by resolution of the Senate and House of Commons. He reports directly to Parliament. He is the Chief Executive of the Office of the Public Sector Integrity Commissioner and has the rank and powers of a Deputy Head of a department.

PSIC obtains its financial operation services from the Canadian Human Rights Commission (CHRC) through shared service agreements.

PSIC has an independent audit and evaluation committee comprised of the Commissioner and a minimum of two members external to the government.  The responsibilities of the committee are to provide objective views on PSIC’s financial statements, risk management, control and governance frameworks.

Given the size of the organization and limited resources, the PSIC must supplement its internal audit capacity by contracting out most of its internal audit services.



The objectives of this audit are to confirm whether due diligence is being exercised in key management processes, namely procurement, acquisition cards and contribution program and to provide assurance to senior management that processes and controls in place at PSIC are adequate to ensure compliance to TBS policies and practices.



The scope of this assignment covers transactions occurring between April 1, 2011 and June 30, 2012 in the following areas:

  • Contracting;
  • Acquisition Cards; and
  • Contribution Program.

The scope of the audit did not include transactions related to Travel and Hospitality.

Risk Assessment

Risk Identification

As part of the planning phase for the audit, a risk assessment was conducted to identify potential areas of risk.  Planning consisted of initial interviews with key stakeholders and review of documentation relevant to the scope of the audit.

Based on the results of the planning phase, our audit focused on the areas of highest risks and where the most value could be gained from this audit.

Risk Ranking

Inherent risk can be defined as the risk to an organization of an event occurring, ignoring controls, processes, and other strategies in place to mitigate or manage the risk.  Inherent risk is determined by individually rating and multiplying an ‘impact’ rating by a ‘likelihood’ rating, which are defined as follows:

  • Impact:  Refers to the implications to PSIC and its operations if the risk were to occur (low, medium, and high impact).
  • Likelihood:  Refers to the probability of the risk occurring.

The following generally describes the overall risk assessment:

  • Low risk: Risk is not likely to occur and has a low impact in regards to financial, operational, compliance, reputational, or strategic implications to PSIC.
  • Medium risk:  Risk is likely to occur and has a medium impact in regards to financial, operational, compliance, reputational, or strategic implications to PSIC.
  • High risk:  Risk is highly likely to occur and has a high impact in regards to financial, operational, compliance, reputational, or strategic implications to PSIC.

The initial risk assessment is then considered in the context of the mitigation strategies and / or steps that the organization has put in place to deal with those risks, to arrive at the residual risk assessment.

Risk Overview

The following summarises key factors affecting risk and their impact on the level of risk for PSIC activities related to contracting, acquisition cards and the contribution program as identified in our preliminary assessment: 


  • The availability of experienced, or senior, subject matter experts to provide advice and conduct contracting activities – (decrease);
  • The low number of significant contracts processed by the department - (decrease);
  • The existence of documented processes for the approval and issuance of contracts - (decrease).

Acquisition Cards:

  • The existence of documented processes for the issuance of acquisition cards and the processing and approval of acquisition card transactions - (decrease);
  • The limited number of acquisition cards issued to PSIC employees - (decrease).

Contribution Program:

  • The absence of a documented process for payments under the contribution program - (increase);
  • The limited number of contributions - (decrease);
  • The low dollar value of individual contributions - (decrease).

Based on the preliminary survey, the residual risks are, in our opinion, assessed at low to moderate.

Audit Approach and Methodology

The conduct phase of the audit consisted of an assessment of the control processes and practices in place to ensure that appropriate measures are taken to effectively manage contracts, acquisition cards and contributions. Specifically, we interviewed staff and management responsible for the areas being reviewed, we reviewed relevant documentation provided by PSIC, including policies and guidelines, and conducted an on-site examination of a sample of transactions in each of the key areas covered by the engagement. 

The audit was conducted in accordance with the standards and requirements set out in the Government of Canada Treasury Board Secretariat’s Policy on Internal Audit

Audit Sample

The audit team tested a sample of 65 transactions which was selected based on the following criteria.

Contracting and Acquisition Cards
The sample related to testing of Contracting was selected based on a random statistical strategy with a 95% confidence level with a ± 5% precision level. (1

Due to the limited number of acquisition cards in use at PSIC, transactions were selected on a judgemental basis to ensure adequate coverage of the audit period.

Contribution Program
Due to the limited number of contributions for the audit period, the audit sample related to the testing of the Contribution Program was selected on a judgemental basis based on our preliminary risk assessment.

The characteristics of the population and resulting sample are presented below:

 Audit Sample Size

Transactions               $

Population Size

Transactions        $

 % of Audit Coverage

 65                    $1,092,966  524           $1,986,766



Professional Standards

In the conduct of this assignment, the Contractor respected the Internal Auditing Standards for the Government of Canada, which is based on the International Professional Practices Framework (IPPF) of the Institute of Internal Auditors (IIA), including a Code of Ethics and the International Standards for the Professional Practice of Internal Auditing.

Audit Criteria

Detailed audit criteria are presented in Appendix I*.  The audit criteria were developed to ensure that contracting, acquisition card and contribution program transactions adhere to TBS Policies and Directives and that the internal financial controls function at PSIC operates as designed.


(1) IDEA is the sampling application utilized.

*Appendices are available by contacting the Office.

Audit Findings and Recommendations

The following sections provide detailed findings and related recommendations.  Findings are based on the evidence and analysis from both the initial risk analysis and audit conduct.


A management control framework governing the PSIC’s contracting activities is in place and being administered in accordance with TBS policies and directives. However, the information available for performance measurement must be strengthened.

Contracting activities within the scope of our audit include approximately 440 commitments with a total value exceeding $3 million.

PSIC does not have the internal resources to develop a suite of internal contracting policies and as such, relies exclusively on the policies and guidelines published by TBS. Staff training is provided to all levels of management to ensure that there is adequate internal communication and awareness of their responsibilities. However, formal training sessions were last provided in 2009 and turnover at PSIC has been significant.  In cases where PSIC did not have staff with the required expertise, external experts were hired to ensure that contracting policies and guidelines were followed.  

As indicated in TBS Contracting Policy, formal challenge mechanisms are important elements in upholding the integrity of the contracting process within a Department. At PSIC, this function is filled by the Contracting Review Committee. PSIC has adopted the Contracting Review Committee’s process as a best practice for reviewing contracts under the following circumstances:

 Type of Contract / Amendment  Criteria for review
 Competitive  > $25,000
 Sole Source   > $10,000 or > $1,200 / day
 Temporary Help Services  > 20 weeks
 Legal  > $200 / hour

In order to ensure that contracting activities meet the federal government's regulatory framework requirements and that these requirements are consistently applied, it is necessary to have processes in place to assess the performance of the contracting activity.

Although some ad hoc reports are prepared for management on a periodic basis, the information presented is primarily financial data related to suppliers or a variance analysis comparing commitments with the budget. To analyze compliance with the regulatory framework, reports should be prepared with details relevant to the assessment of the procurement exercise, such as the value of contracts awarded, the percentage of competitive contracts and the number and value of amendments. In discussions with management, we noted that such reports had been prepared in the past but that the practice had stopped due to the manual efforts required.

Treasury Board Contracting Policy also stipulates that “on completion of the contract, the contracting authority should evaluate the work performed by the consultant or professional”. During our review, we noted that there was no evidence that contract activities are being monitored; and, there were no performance evaluation reports included in any of the contract files examined.

Our audit of the sample transactions for 15 suppliers included a review of the process in place at PSIC for the preparation of its Proactive Disclosure report.  The process is systematic, includes verification and appropriate levels of approval.

Overall, the contracting practices applied within the Department comply with TBS policies and guidelines. Efforts are made to award and manage contracts in relation to best value, open access, fairness and transparency. In our sample, all contracts awarded without competition were appropriately justified communicated to the Contracting Review Committee.


We recommend that the Management identify and periodically assess key measures to monitor performance and control the quality of the contracting activity. This information should be communicated to the Executive Committee.

Management Response:
A quarterly procurement activity report will be prepared and presented to management, highlighting numbers and values of contracts by type (competitive vs. non-competitive) and  number of amendments based on system generated information. 

The contracting review committee provides oversight of the quality of the contracting activity and the recommendation to document performance on contracts will enhance feedback on the quality of performance on contracts.

We recommend that PSIC periodically assess the need to provide all staff with contracting training. 

Management Response:
The Office will schedule contracting training in 2013-14.

We recommend that PSIC appropriately assess the results from awarded contracts.  A materiality based approach could be implemented to ensure that the performance of all contracts over $100,000 is evaluated after their completion.

Management Response:
The Office will update its process and provide a one page template questionnaire to assist managers in completing contract performance evaluations, where contracts exceed $50,000.

Acquisition Cards

The management control framework governing PSIC’s acquisition cards is in place and being administered in accordance with TBS policies and directives. Overall compliance with Treasury Board policies is good.  

The number of cards in circulation as well as certain credit limits seems appropriate for the level of spending:

 Period  Cards Issued  Cards Cancelled  Active Cards Cumulative Credit Limit
April 2011 – March 2012  1  1  3  $65,000

Corporate Services has established and documented a control framework to mitigate risks associated with both the issuance and cancellation of acquisition cards and with the procedures for purchases made with acquisition cards.

Purchases of goods and services using acquisition cards are made on a regular basis at PSIC. The cardholder is required to maintain a record and documentation of all purchases, the supporting documentation is reviewed and approved for each individual purchase.  At the end of each month, the monthly card statement is reconciled with the Acquisition Card Registry. As such, supporting documentation and Section 34 authorizations are required for each individual purchase and the Executive Director approves the monthly reconciliations.  The acquisition card reconciliations verified were complete, with adequate supporting documentation and were authorized by an appropriate third party with delegated authority.

A sample of six months of acquisition card transactions selected between April 1, 2011 and June 30, 2012 which included transactions from two of the three acquisition card holders at PSIC.  These were examined in terms of the approvals provided under Section 34 of the FAA, the month end reconciliation completed by the acquisition card administrator and the timely payment of the balance.

The audit found that section 34 certification and the monthly reconciliations of acquisition card statements were completed satisfactorily.

Contribution Program

PSIC’s sole contribution program is to provide for access to legal advice under the Public Servants Disclosure Protection Act (the Act).  Section 25.1 of the Act provides for payments to eligible recipients involved in a proceeding or considering a disclosure or complaint. .  Details of the Program were submitted to TBS in December 2010 and since its implementation, 27 requests for funding have been approved.   Seventy percent of contributions to date have been approved for the maximum amount of $3,000.

Contribution activities at PSIC during the period under audit are summarized as follows:

 Type of Contribution   Number of Approved Contributions   Amount
Access to legal advice   6  $1,500
Access to legal advice (exceptional circumstances)  14  $3,000
 Total  20  $51,000

Communication regarding the availability of a Contribution Program at PSIC for the provision of legal advice is somewhat limited.  However, some information about the availability of funding and the criteria for eligibility is mentioned in the Frequently Asked Questions and Proactive Disclosure sections of the PSIC website. Additionally, once involved in a disclosure of wrongdoing or reprisal complaint, individuals receive direct communication from PSIC that includes information about their potential eligibility to receive legal advice.

The control framework governing PSIC’s contributions is generally in place and being administered in accordance with TBS policies and directives.  PSIC has established an internal process to administer contribution requests, and while this process is well understood by staff currently handling the requests, it is not documented.  Documented procedures increase efficiency, decrease the chance of error or omission and ensure continuity of the process.  The absence of documented procedures, combined with high turnover at PSIC, increase the risk related to the program’s administration.

As part of the audit work, an overview of the contribution process was developed and is presented in Appendix II. 

Our sample consisted of seven contributions. In all cases, the requests for funding were adequately assessed against the eligibility criteria and the contribution agreements were signed by the appropriate authority.

Once the contribution request is approved and the contribution agreement signed, the payment of funds is the next step in the funding process. TBS has set out requirements to ensure that sufficient funds are available, and that the recipient meets the criteria for funding eligibility.  In this area, we reviewed adherence to Section 32 and 34 of the Financial Administration Act for a sample of transactions.  Although payments were examined, Section 33 approval was not included in the scope of the audit as it is completed by the Canadian Human Rights Commission under a Memorandum of Understanding.  We found that there was 100% compliance with payment requirements for all contributions examined. 

Although we did not note any post-award monitoring of the contribution program as part of PSIC’s processes, controls are in place to mitigate the risk of error for all individual contributions.  Each contribution is approved by the Commissioner and no payment of contributions is made until a confirmation that the legal advice has been provided is received by PSIC. Additionally, in 2012-13 an independent Five-Year Review of the legislation, its administration and operation will take place.


We recommend that PSIC document the procedures in place for the management of its contribution program, including clear definitions of roles, responsibilities and accountabilities for each of the key activities identified.

Management Response:
The procedures for the management of the contribution program will be documented in 2012-13.

The following Appendices form an integral part of the Audit Report.*


*Appendices are available by contacting the Office.