Audit of the Purchasing, payables and payments process

(PDF Version - 521 K)

Final Audit Report
March 2012

Management response and action plan

Table of contents

Executive summary

This audit focuses on the Purchasing, Payables and Payments Process at Health Canada. It covers approximately $378.5 million in payments for goods and services acquired in 2010-11. The audit period was from April 2010 to June 2011, and included purchases made in the National Capital Region and the eight regional offices.

This audit was incorporated in the Multi-Year Risk-Based Audit Plan for 2009-12 to complement a series of previous audits aimed at understanding and assessing specific business processes as part of Health Canada's Internal Control Over Financial Reporting Framework (see Appendix C) and in support of the departmental financial statements.

The objective of the audit was to determine whether the key controls over Health Canada's Purchasing, Payables and Payments Process are adequately designed and operating effectively to ensure that the Department complies with the Financial Administration Act (FAA) and key policies issued by the Treasury Board of Canada (TB).

The audit was conducted in accordance with the TB Policy on Internal Audit and the International Standards for the Professional Practices of Internal Auditing. Sufficient and appropriate procedures were performed and evidence gathered to support the audit conclusion.

The Department is responsible for establishing its own internal controls and respecting the Government of Canada's framework governing purchasing activities. Purchasing, payable and payment activities are the responsibility of the Chief Financial Officer Branch (CFOB) and the Regions and Programs Branch (RAPB) which is responsible for regional operations. The Materiel and Assets Management Directorate (MAMD) provides direction for purchasing goods and services, while cost centre managers are responsible for determining their procurement needs.

The audit concluded that Health Canada's key controls over the Purchasing, Payables and Payments Process were:

The scorecard presented in Appendix B provides details on the conclusion as per the audit criteria and region.

The report includes five recommendations to address areas where improvements are required. Management agrees with the recommendations and its response indicates its commitment to take action.

1. Introduction

1.1 Background

The Government of Canada governs purchasing activities through a framework of legislation and policies, including the Financial Administration Act (FAA), Government Contracts Regulations, and the Treasury Board (TB) Contracting Policy. This framework provides direction to ensure that purchasing activities provide value for money and demonstrate sound stewardship in program delivery.

In January 2011, as part of its Common Financial Management Business Process Initiative, the Office of the Comptroller General issued the draft Guideline on the Common Management Business Process for Managed Procure to Payment that defines the common financial business process from planning for purchases to final payments. This document serves as a framework for the current audit and separates the purchase to payment process into six sub-processes (see Appendix D), as described below:

Purchase processing

Payable processing

Payment processing

At Health Canada, the purchase of goods and services is an intricate process involving many stakeholders, and has an impact on all aspects of the Department's operations. Responsibilities for the purchasing and payment of goods and services are shared between the following parties:

This audit was incorporated in the Multi-Year Risk-Based Audit Plan for 2009-12 to complement a series of previous audits aimed at understanding and assessing specific business processes as part of Health Canada's Internal Control Over Financial Reporting Framework (see Appendix C) and in support of the departmental financial statements.

1.2 Audit objective

The audit objective was to determine whether the key controls over Health Canada's Purchasing, Payables and Payments Process are effective to ensure that the Department complies with the FAA and the key policies issued by the Treasury Board of Canada.

1.3 Scope and approach

The audit examined Health Canada's Purchasing, Payables and Payments Process for fiscal year 2010-11. Expenses subject to this audit represented approximately $378.5 million or 27% of the total operating, maintenance and capital expenses for the Department. An overview of the expense categories is presented in Appendix E.

The controls dealing with system access, as well as value for money and efficiency of the purchasing to payment process were not part of the scope of this audit. Also excluded was the process for defining requirements, a function of the purchase processing mentioned in the section above.

This audit had two lines of enquiry. The first was determining whether the key controls for the Purchasing, Payables and Payments Process are adequately designed, and the second was assessing their operating effectiveness. Corresponding audit criteria are presented in Appendix A and have been vetted with management.

Under the first line of enquiry, the audit methodology was comprised of interviews with Health Canada employees, documentation review (for example, departmental policies and procedures, relevant documentation in support of purchasing activities and financial transactions), and the observation of the key processes and controls. Health Canada's policies and procedures were assessed to determine whether they complied with legislative and policy requirements of the Government of Canada.

As for the second line of enquiry, audit evidence was obtained through transaction testing. An initial random sample of 45 transactions that were recorded from April 1, 2010 to June 30, 2011 was selected across the Department for purchases both over and under $10,000 (as $10,000 is the amount that is the threshold for the CRCC review). This sample was selected based on the significance of payments recorded in each region. Where results indicated that controls were not working as designed, the sample size was increased to confirm the identified issues at the regional level. The total sample included 125 transactions, with the following regional breakdown:

Transaction testing - sample size by region
NCR Atlantic Quebec Ontario Manitoba Sask. Alberta B.C. Northern Total
15 12 17 17 17 17 15 14 1 125

The audit work was conducted between August and December 2011.

1.4 Statement of assurance

In the professional judgment of the Chief Audit Executive, sufficient and appropriate procedures were performed and evidence gathered to support the accuracy of the audit conclusion. The audit findings and conclusion are based on a comparison of the conditions that existed as of the date of the audit, against established criteria that were agreed upon with management. Further, the evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing.

2. Findings, recommendations and management responses

2.1 Design of internal controls

2.1.1 Compliance with laws, policies and authorities

Audit criterion: Key controls over the Purchasing, Payables and Payments Process are adequately designed to ensure compliance with applicable acts and regulations and government and departmental policies and procedures.

Key controls over the Purchasing, Payables and Payments Process are designed to ensure compliance with legislative and policy requirements, which include:

The key requirements of the FAA include:

Health Canada's management framework includes the Delegation of Financial Signing Authorities document, the Account Verification Policy, the Contracting Guide for Cost Centre Managers and Administrators, and the Guide to Procurement and Contracting. These documents were assessed to verify compliance with legislative and policy requirements of the Government of Canada. It was determined that Health Canada's policies and procedures complied with the key requirements found in TB policies and the FAA.

Contract and Requisition Control Committee review and approval of contracts

Health Canada's CRCCs form the foundation of the Department's contracting review and approval process. These committees are comprised of a procurement officer and a senior finance officer, and subject matter experts when necessary. Given that procurement and financial operations at Health Canada are decentralised, each branch and region has its own review committee. A senior procurement officer from the Procurement and Contracting Division (one per branch in the National Capital Region) or a regional senior financial officer (in each of the eight regions) chairs each committee. Under the direction of MAMD, within CFOB, these committees are responsible for:

In 2010, the contract review and approval process was re-engineered to ensure greater compliance with government contracting policies. The main change was to involve the CRCCs earlier in the procurement process. More specifically, the responsibility for determining the appropriate procurement strategy and drafting the request for proposal has been transferred from the cost centre managers to the CRCCs. At the time of this audit, this re-engineering exercise had been implemented in the National Capital Region as well as in three regions. The other regions are expected to follow suit shortly.

The audit work consisted of examining departmental contracting flowcharts and internal control matrices that were prepared and maintained by the Internal Control Division (ICD) within CFOB. Walkthroughs were conducted with procurement officers and chairs of the CRCC to observe how and when they conduct their review and approval.

Contract Requisition and Reporting System

The CRCCs' review and approval functions are performed directly in the Contract Requisition and Reporting System (CRRS), which is Health Canada's contracting database and procurement management and approval system. This tool has three main functions:

To be effective, the workflow and automated notifications in the CRRS must mirror the contract review and approval process, so that the appropriate individual is notified at the right time and has the documents required to conduct the review. However, the system has not yet been modified to reflect the re-engineered process. As mentioned previously, the re-engineered process involves the CRCCs earlier on to allow its members to determine the appropriate procurement strategy, based on the statements of work provided by cost centre managers. Currently, the process that directs cost centre managers to provide the required documentation to committee members is not automated in the CRRS. As a result, CRCC members must intervene manually to request the statement of work. This may lead to human error and the circumvention of the CRCC review.

As part of the Department's Application Reduction Initiative, a study published in spring 2011 reported that vendor support is no longer available for the CRRS, and also suggested that its functionalities could be replaced by SAP, the departmental financial system. This proposed replacement is still under review.

Recommendation 1

It is recommended that the Chief Financial Officer ensure that the workflow and automated notifications of the system supporting the work of contract and requisition control committees is aligned with the underlying review process.

Management response

Management agrees with the recommendation.

The Chief Financial Officer Branch included the identification of options to replace the Contract Requisition and Reporting System in its 2011-2012 Operational Plan. An assessment of a potential migration to an SAP solution is currently being conducted. If this option cannot be implemented, alternative solutions will be considered. In the interim, a process to deal with the system issues was developed and implemented.

Account verification under Section 34 of the Financial Administration Act (FAA)

Certification under FAA Section 34 requires an account verification of all expenditures processed at Health Canada. Individuals who have been delegated financial authority, namely cost centre managers, must confirm and certify the following: the goods were supplied or the services were rendered; the payee is entitled to the payment; and the contract or agreement terms and conditions have been met including price, quantity and quality. Also, they are to ensure the following: that the payee information is accurate and complete; that the financial coding has been provided and is accurate and complete; and that all relevant statutes, regulations, orders in council, policies and directives and other legal obligations have been complied with.

A review of Health Canada's Account Verification Policy and Account Verification Procedures documents indicates that the requirements and procedures regarding the FAA Section 34 certification and verification have been clearly defined and are consistent with the TB Directive on Account Verification.

Financial Administration Act (FAA) Section 33 quality assurance over account verification

FAA Section 33 quality assurance consists of the review and assessment of the adequacy of the account verification undertaken prior to exercising payment authority pursuant to Section 33 of the FAA.

Financial officers who have delegated payment authority pursuant to FAA Section 33 are responsible for ensuring thatFootnote 1 :

In addition to FAA Section 32, 33 and 34 authorization, Health Canada has in place a risk-based quality assurance process over FAA Section 34 account verification. Under this quality assurance process, low risk transactions are reviewed prior to payment to verify the appropriateness of financial coding, the vendor information, and the authority of the individual certifying under FAA Section 34. High risk transactions are subject to additional review prior to payment. This entails ensuring that: the required supporting documentation has been provided by the Cost Centre Manager with proper expenditure initiation authority; the contract has been approved in the CRRS; and the payment is in accordance with the contract terms.

Annual Contract Verification Exercise

Health Canada's Annual Contract Verification Exercise has been conducted by MAMD, within CFOB since 2009. MAMD monitors compliance with federal government contracting policies and regulations, assesses the integrity of the procurement process; determines the reliability of information for reporting and monitoring purposes; and assesses the effectiveness of internal controls.

The scope of the 2011 exercise encompassed a review of 248 service contracts that were awarded between May 15, 2010 and May 15, 2011. The review was performed in summer 2011 and it covered the following areas:

The auditors reviewed the draft report issued in December 2011 and noted numerous strengths in both its scope and approach, and the reporting of results. In terms of scope and approach, the 2011 review had a significant increase in the number of transactions reviewed in comparison to the 2010 review. This allowed for the testing of additional transactions with a value below $10,000 and increased regional coverage. In regards to reporting, audit results are clearly presented by area covered, with total errors noted, including a comparison with the 2010 results. Furthermore, recommendations are made for all areas where significant error rates were noted. Once finalized, the report's findings are to be presented to senior management. In response to the recommendations, MAMD has developed action plans with associated responsibilities and timelines to ensure that progress is being tracked.

Internal Control Division's monitoring activities

CFOB's Internal Control Division (ICD) is responsible for overseeing the design and maintenance of an effective and integrated system of internal controls over financial reporting for all major business processes (including the Purchasing, Payables and Payments Process). In doing so, the Division supports the TB Policy on Internal Control, which requires that the Deputy Minister and the Chief Financial Officer sign an annual departmental Statement of Management Responsibility Including Internal Control Over Financial Reporting. This attestation acknowledges the responsibility of management for monitoring and ensuring compliance with this policy within their organizations, as well as for responding to cases of non-compliance in accordance to TB instruments.

Under ICD's lead, Health Canada's Internal Control Over Financial Reporting Framework was developed. An overview of this framework is provided in Appendix C.

It includes:

As part of the ICD monitoring strategy, a plan was developed in 2009 to test the operating effectiveness of internal controls for all business processes. As per this plan, a decision was made to test the Purchasing, Payables and Payments Process in 2010-11 and 2011-12. However, this decision was not based on a fulsome assessment of the risks associated with business processes and underlying controls. As a result, all key business processes within the regions were to be tested over a three-year period ending in fiscal year 2011-12, without giving priority to higher areas of risk. Risk-based planning is particularly important given the amount of time invested.

At the time of the audit, ICD was in the process of revalidating the flowcharts and control matrices for the Purchasing, Payables, and Payments Process with all regions. Additionally, CFOB was conducting a review of the Department's Strategy for Internal Control Over Financial Reporting. The review aims to identify areas requiring more attention and is to be used to develop a revised monitoring strategy, including ongoing testing of operating effectiveness. In addition to supporting the statement of management responsibility, these tests will provide valuable information to ensure that internal controls remain reliable over time.

Recommendation 2

It is recommended that the Chief Financial Officer ensure that the revised monitoring strategy is based on a fulsome risk assessment and includes the extent and timing of ongoing testing for the Purchasing, Payables and Payments Process.

Management response

Management agrees with this recommendation.

The Chief Financial Officer Branch has revalidated the purchasing, payables and payments flowcharts and control matrices with the regions. This information will be used to revise the monitoring strategy as per a new risk assessment. This strategy will identify key controls to be tested with scope (reduced or full testing) as well as timelines for the Purchasing, Payables and Payments Process. Implementation of the strategy will be completed through the conduct of relevant testing, followed by a report identifying gaps and corrective actions.

Overall, except for the above, the key controls over the Purchasing, Payables and Payments Process are adequately designed to ensure compliance with applicable acts and regulations and government and departmental policies and procedures.

2.1.2 Consistency of key controls across the Department

Audit criterion: Key controls over the Purchasing, Payables and Payments Process are consistent across the Department.

The consistency of key controls across the Department increases the reliability, effectiveness, and efficiency of operating transactions. It ensures that the recording of transactions conforms to applicable policies, directives and standards, and is carried out in accordance with delegated authorities. Furthermore, from a corporate viewpoint, it facilitates the review of the effectiveness of controls and the provision of oversight and guidance. In short, consistency contributes to strengthening internal controls across the Department.

The key controls for the Purchasing, Payables and Payments Process, as outlined in the previous section, were assessed for consistency between the National Capital Region and the eight other regions. Audit tests on sampled transactions, which are the subject of the next section of this report, were designed around the key controls that were identified.

In conclusion, the key controls over the purchasing, payables and payments are consistent across the Department.

2.2 Operating effectiveness of key controls

2.2.1 Purchase processing

Audit criterion: Contracts and amendments are reviewed for compliance with purchasing policies and appropriate records are maintained in accordance with policies.

The Office of the Comptroller General's draft Guideline on the Common Management Business Process for Managed Procure to Payment outlines a process that begins with the planning of a requirement by a Cost Centre Manager. This is followed by the commitment of funds; the identification of the appropriate procurement strategy (whether the purchase is within the Department's delegated authority, if a mandatory standing offer exists, etc.); and the award of a contract to purchase goods or services.

To test the operating effectiveness of the key controls, the auditors examined a sample of 45 randomly selected transactions. As mentioned in the scope and approach section of this report, the sample was expanded wherever necessary to verify identified issues.

Expenditure initiation and commitment management

The creation of the commitment is one of the first steps in the purchasing process. Section 32 of the FAA requires that sufficient unencumbered funds be available before entering into a contract or providing payment. In addition, it is important to de-commit the excess funds in a timely manner after the contract expiry to ensure that it can be used towards other departmental priorities.

Testing provided evidence that the commitments were correctly entered. In all cases, authorizations were performed by a Cost Centre Manager with appropriate delegated financial signing authority and, where applicable, excess funds were de-committed on a timely basis. Furthermore, procurement vehicles such as call-ups against a standing offer or short form contracts were correctly utilized and purchase orders such as the creation of a formal commitment in SAP were properly created. However, an exception was noted and is mentioned below.

As per departmental guidelines, cost centre managers must ensure that a commitment is created in SAP at the beginning of the procurement process. The general way to do that is by entering a purchase requisition in SAP as this routes the transaction through the CRRS and triggers the CRCC's review. Exceptions to this general rule include purchases made with acquisition cards and petty cash, and legal services acquired from Justice Canada.

Audit tests revealed that in some cases, a purchase requisition was not used when applicable (outside of the above-mentioned exceptions). Further analysis of all payments posted into SAP in fiscal year 2010-11 showed that approximately $1 million in payments greater than $10,000 (the threshold for CRCC reviews) was made without purchase requisitions.

The most significant proportion of payments without purchase requisitions was for mental health services acquired under the First Nations and Inuit Health Branch's Indian Residential School Resolution Health Support Program (IRS). In general, these services are covered under the Non-Insured Health Benefits (NIHB) Program, which means that the Department makes payments to service providers who are engaged by clients. In such cases, the contract is between clients and service providers. However, in contrary to the NIHB Program, the IRS services are engaged by Health Canada. Thus, a written contract must be issued prior to obtaining these services to comply with the FAA Section 32 and to clearly establish the rights and responsibilities of both the Department and the service providers.

Other examples of payments made without purchase requisitions outside of allowed exceptions included nursing services and management consulting services. As mentioned earlier, not having a purchase requisition means that the CRCC review is not completed, which is a key control in ensuring compliance with applicable laws, regulations and policies.

Recommendation 3

It is recommended that the Chief Financial Officer, in collaboration with the assistant deputy ministers of the First Nations and Inuit Health Branch and the Regions and Programs Branch, ensure that:

Management response

Management agrees with the recommendation

The Chief Financial Officer Branch will work with the First Nations and Inuit Health Branch to develop clear processes for the implementation of local purchase orders in line with Chief Financial Officer Branch directives for contracting for services to ensure that contracts are put in place, when applicable, for mental health services.

The Chief Financial Officer Branch will communicate the importance of the proper use of purchase requisitions and the requirement to have written contracts in place before acquiring the goods and/or services.

Chief Financial Officer Branch will integrate the assessment of the proper use of contracts for mental health services in the Annual Contract Verification Exercise.

Selection of suppliers and contract award

Appropriate supporting documentation is necessary to provide assurance that contracting activities are open, fair, and transparent. To ensure this, the documents required, include:

In the samples selected, the auditors examined files for evidence that the above-noted documentation was prepared, where applicable; verified that contracts were approved prior to goods or services being ordered; that documentation was available through the CRRS where required; and that the status of contracts had been updated in the CRRS.

Cost centre managers are responsible for uploading the contracting documentation in the CRRS; in turn, one of the CRCCs' responsibilities is to ensure that this is done. The information contained in the CRRS is used to meet archival regulations, proactive disclosure and reporting requirements, and support the CRCC's review process. Furthermore, the integrity and accuracy of the contracting information in the CRRS is vital to effectively support the CRCC's review process to reduce reliance on the use of hard copies, and to ensure that management reports on contracting activities are accurate.

From the sample, 114Footnote 2 out of 125 transactions reviewed were associated with a contract, such as a purchase order or a call-up against a standing offer. The auditors found that statements of work and other supporting documentation were prepared and processed in accordance with departmental policies and delegated authorities. However, the following issues were noted for the 114 contracts:

Similar observations have been reported in MAMD's Annual Contract Verification Exercise since 2009. Adequate use of the CRRS allows for more effective reporting and decision making when the information it contains is accurate and complete.

Recommendation 4

It is recommended that the Chief Financial Officer, in collaboration with the Assistant Deputy Minister of the Regions and Programs Branch, ensure that complete and accurate documents and information are entered in the Department's Contract Requisition and Reporting System.

Management response

Management agrees with the recommendation.

The Chief Financial Officer Branch will ensure that the document requirements to support the contracting workflow are included as part of the Contract Requisition and Reporting System migration strategy discussion in the audit report's 1st recommendation.

In addition, out of 114 samples, the CRCC control did not function as expected in the instances described below:

One role of the CRCCs is to monitor contracting activities in order to prevent errors. The risk of errors or non-compliance with TB policies or the Health Canada contracting process increases if the CRCCs do not operate as designed.

Recommendation 5

It is recommended that the Chief Financial Officer, in collaboration with the Assistant Deputy Minister of the Regions and Programs Branch, ensure:

Management response

Management agrees with the recommendation

As part of a broader Chief Financial Officer Branch priority initiative, Procure-to-Pay in SAP, the workflow for the acquisition of goods and services will be reviewed to ensure alignment with contracting policies, processes and guidelines. The Procure-to-Pay initiative includes an element of communication and training that will be used to influence behavioural change.

The Chief Financial Officer Branch will review and improve the training material, where necessary, for materiel and assets management to ensure it clearly reflects that confirming orders is to be used only under exceptional circumstances. It will also conduct awareness sessions with Contract and Requisition Control Committee members to stress the necessity of enforcing the departmental policies, processes and guidelines including the requirement that Contract and Requisition Control Committee chairs approve purchase requisitions greater than $25,000 and contract amendments.

The Chief Financial Officer Branch will integrate the assessment of compliance to approval thresholds in the Annual Contract Verification Exercise.

In conclusion, except for the observations noted above, contracts and amendments are reviewed for compliance with purchasing policies and appropriate records are maintained in accordance with policies.

2.2.2 Payable processing

Audit criterion: Appropriate review is performed to ensure the validity and accuracy of invoices.

The payable process consists of the activities performed by the Cost Centre Manager and/or delegate to ensure that invoices are valid and accurate. In accordance with FAA Section 34, the Cost Centre Manager with the delegated authority is required to certify that:

Test results show that there is evidence of the verification of goods received or service rendered. In addition, the auditors found that individuals certifying under FAA Section 34 had the delegated financial signing authority for their cost centre and were acting within the dollar limits. In addition, the financial coding was correct.

Thus, the audit concluded that an appropriate review is performed to ensure the validity and the accuracy of invoices.

2.2.3 Payment processing

Audit criterion: Payment requisitions are processed in accordance with the established policies.

The authority to request payments in accordance with Section 33 of the FAA is referred to as payment authority. The FAA Section 33 payment authorization performed by financial officers is a key control to ensure the accuracy and legality of transactions. Pursuant to this section of the FAA, a financial officer with delegated responsibility for payment authority is responsible to ensure that:

Tests on the application of FAA Section 33 are essential to ensure that an adequate process is in place to verify accounts under FAA Section 34 and the process is being properly and conscientiously followed.

Audit results indicated that all payments were properly certified under FAA Section 33 by authorized financial officers, and that proper segregation of duties existed between invoice entry and payment certification under FAA Section 33, as well as between sections 34 and 33. It also indicated that adequate supporting documentation was provided.

It was determined that interest was applied correctly on late payments as per the TB Directive on Payment Requisitioning and Cheque Control which states that interest are only to be paid on payments made later than the due date (which is usually 30 days after the receipt of the invoice).

In conclusion, payment requisitions are processed in accordance with established policies.

3. Conclusion

The Purchasing, Payables, and Payments Process is governed by an integrated framework of legislation and policies. To ensure compliance to complex policies, acts and regulations, controls need to be adequately designed and must operate effectively.

The audit concludes that Health Canada's key controls over the Purchasing, Payables and Payments Process are:

The scorecard presented in Appendix B provides details on the conclusion as per audit criteria and region.

Appendix A - Lines of enquiry and audit criteria

Audit of the Purchasing, payables and payments process
Audit criteria description
Criteria Title Audit Criteria
Line of enquiry 1: Internal controls over purchasing, payables and payments are adequately designed.
1.1 Compliance with laws, policies and authorities Key controls over the Purchasing, Payables and Payments Process are adequately designed to ensure compliance with applicable acts and regulations and government and departmental policies and procedures.
1.2 Consistency of key controls across the Department Key controls over the Purchasing, Payables and Payments Process are consistent across the Department.
Line of enquiry 2: Internal controls over purchasing, payables and payments are operating effectively.
2.1 Purchase processing Contracts and amendments are reviewed for compliance with purchasing policies and appropriate records are maintained in accordance with policies.
2.2 Payable processing Appropriate review is performed to ensure the validity and accuracy of invoices.
2.3 Payment processing Payment requisitions are processed in accordance with the established policies.

Appendix B - Scorecard

Audit of the Purchasing, payables and payments process
Criterion Overall Rating Conclusion Rec. Regional Rating
NCR Atl QC ON MAN SASK ALB BC North
Adequate design
Compliance with laws, policies and authorities NMiI Subject to areas for improvement, key controls over the Purchasing, Payables and Payments Process are adequately designed to ensure compliance with applicable acts and regulations and government and departmental policies and procedures (Section 2.1.1). 1, 2 NMiI NMiI NMiI NMiI NMiI NMiI NMiI NMiI NMiI
Consistency of key controls S Key controls over the Purchasing, Payables and Payments Process are consistent across the Department (Section 2.1.2).   S S S S S S S S S
Effectiveness of internal controls
Purchase processing MNoI Except for areas for improvements, contracts and amendments are reviewed for compliance with purchasing policies and appropriate records are maintained in accordance with policies (Section 2.2.1). 3, 4, 5 NMiI S NMoI S NMoI NMoI NMoI S NAA
Payable processing S Appropriate review is performed to ensure the validity and accuracy of invoices (Section 2.2.2). S S S S S S S S S S
Payment processing S Payment requisitions are processed in accordance to the established policies (Section 2.2.3). S S S S S S S S S S

Legend:

S
- Satisfactory
NMiI
- Needs Minor Improvement
NMoI
- Needs Moderate Improvement
NI
- Needs Improvement
Un
- Unsatisfactory
NAA
- Not Applicable/Assessed

Appendix C - Health Canada's Internal control over financial reporting framework

Internal Control over Financial Reporting Framework (ICFR)

figure

Équivalent textuel

Chart showing key components of the internal control over financial reporting framework.

Control Environment: Public Service values; Learning, Innovation and Change Management; Policy and Programs; People; Client-focused Service; Risk Management; Stewardship; Accountability; Governance and Strategic Directions; Results and Performance

Financial Risk Assessment and Financial Risk Management: Financial Reporting Objectives; Financial Reporting Risks; Fraud Risk

Monitoring: Ongoing and Separate Monitoring and Assessments; Reporting Deficiencies Control Activities

For each business process below: 1) Cost effective control activities; 2) integration with assessment of risks over financial reporting; 3) supporting policies and procedures assessment; and 4) management of information (e.g. IT Application Controls and Database and Records Management controls)

Management of Parliamentary Appropriations: Budgeting; Management Variances Reporting; Funding and Resource Allocation (Treasury Board Submissions)

Revenue/Receivables/Receipts: Revenues; Accounts Receivable; Cash Receipts; Inter-departmental Settlements

Purchasing/Payables/Payments: Transfer Payment; Vendor Master Data; Purchase order; Purchase requisition; Contracting; Acquisition Card; Hospitality; Travel Card; Receipt of goods; Invoice postings; Payments; Petty cash; Asset Management; Programs; Inter-departmental Settlements

Payroll: Employee data; Processing of payment; Advance/overpayment; Reconciliation; Period end close

Capital Assets: Asset management

Financial statement, year-end and reporting: General Ledger Maintenance; Non-recurring transactions; Period Close; Consolidations; Financial Statements Preparation; Accruals and Management Estimates

Information and Communication: Financial Reporting Information; Internal Communication; Internal Control Information; External Communication

Appendix D - Health Canada's Purchasing, payable and payments process

Purchasing, payable and payments process

figure

Text description

This is a flow chart showing the Purchasing, Payables and Payments Process.

Start - Cost Centre Manager identifies need for goods or services

Step 1: Manage requirements: Cost Centre Manager defines the requirement(s), verifies availability of funds, and prepares requisition for goods and services;

Step 2: Commitments: Cost Centre Manager records a charge against the budget, and exercises expenditure initiation authority (Financial Administration Act (FAA) Section 32). If applicable, excess funds are de-committed by accounting offices (after payment has been made);

Step 3: Manage contracts: Procurement Officer reviews requisition. If greater than $10,000, Contract Requisition Control Committee reviews and approves the requisition. Cost Centre Manager signs contract and makes purchase;

Step 4: Deliverables: Goods are delivered or services are rendered. Cost Centre Manager administers the contract - quantity, quality, and timing meets contract specifications;

Step 5: Manage payables: Cost Centre Manager validates and endorses invoice (FAA Section 34 certification).  Accounting office performs a minimum quality assurance review of invoice prior to payment:

  • If high risk, the next step is: Full quality assurance over account verification.
  • The last step after full quality assurance is: Manage payments
  • If low risk, the next step is: Manage payments.  Post account verification is performed on a sample of low risk transactions after payment.

Step 6: Manage payments: Accounting office (Finance Officer) performs payment authority (FAA Section 33) and issues payment.

Appendix E - Operating and maintenance and capital expenses

Operating and maintenance and capital expenses
For fiscal year 2010-11
Expenses Category Financial Statement Expenses
$000)
Excluded Expenses
($000)
Note Expenses in Audit Scope
($000)
Operating and maintenance (O&M) expenses
Professional and special services 493,309 293,208 1 200,101
Utilities, materials and supplies 481,571 417,022 1 64,549
Travel for non-insured heath patients 154,014 154,014 1 -
Accommodation 71,549 71,549 2 -
Travel and relocation 38,720 38,720 2 -
Purchase repair and maintenance 34,208 -   34,208
Amortization of tangible capital assets 29,940 29,940 2 -
Information 23,077 -   23,077
Communications 18,437 -   18,437
Rentals 4,132 -   4,132
Other 2,499 2,499 2 -
Bad debts 2,472 2,472 2 -
Total O&M expenses 1,353,928 1,009,424   344,504
Capital expenses (asset acquisitions) 33,960 -   33,960
Total O&M and capital expenses 1,387,888 1,009,424   378,464
Percentage of O&M and capital expenses in scope of the audit 27%

Source: Health Canada 2010-2011 departmental financial statements and departmental financial system, SAP

Note 1: Non-Insured Health Benefits expenses have been excluded from the scope of this audit since they are subject to distinct procurement/payment processes.

Note 2:  These expenses have been excluded from the audit scope as they are subject to distinct procurement/payment processes.

Page details

Date modified: