E.18 Essential Internal Controls for the Office’s Service Leaders and Managers

  1. When changes within the Office of the Auditor General of Canada (Office) result in jobs being realigned and redefined, there is a need to assure that control responsibilities are being adequately addressed and an appropriate segregation of duties is being maintained. Office policy charges all members of management with the responsibility of maintaining an adequate and effective internal control environment.

  2. One of the strongest elements of an enterprise’s system of internal control is a management group that effectively monitors and directs enterprise operations. The Office’s service leaders and managers are the focal point of control because of their key role in managing day-to-day operations. Their decisions and actions are fundamental to the achievement of established objectives.

  3. The following information is provided to assist service leaders and managers and others in management positions in monitoring the activities for which they are responsible from a control standpoint. It summarizes essential internal controls that should be in place in a typical function in order to safeguard the Office's assets, produce reliable data, and contribute to the attainment of objectives. This procedure sets forth the appropriate controls in one document to make it easier to monitor the organization's compliance with established controls. Although this summary is not all-inclusive, it does incorporate some basic elements of internal control upon which managers should focus their attention.

  4. Performance and Accountability

    1. As stated in the Statement of Management Responsibility Including Internal Control Over Financial Reporting, included in the Departmental Results Report:

    “Management is responsible for the integrity and objectivity of the information in these financial statements. Some of the information in the financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of the Office’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in the Office’s Departmental Results Report, is consistent with these audited financial statements.

    Management is also responsible for maintaining an effective system of internal control over financial reporting (ICFR), which is designed to provide reasonable assurance that financial information is reliable; that assets are safeguarded; and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.”

    1. Management must adequately communicate the policy and show commitment to it through words and actions.

    2. To a large extent, management relies on financial, operational, statistical, and narrative reports as the basis for decision and action. The Office’s service leaders and manager should ensure that procedures are in place to assure the accuracy, reliability, and completeness of reports and related disclosures issued by his or her department. Compliance with such procedures should be monitored on a continuing basis.

    3. Responsibilities, accountabilities, and measurements must be clearly assigned, in writing, and reviewed with each associate.

    4. In assignment of responsibilities, management must adhere to appropriate segregation of incompatible duties such as separation of accounting for and custody of assets.

  5. Approval Authority

    1. The enterprise exercises control over its activities through delegations of authority. The Office’s service leaders and manager should regularly review the current monetary level of authority delegated to determine if the current level of operations warrants changes in these levels. Service leaders and managers should ensure an adequate knowledge level of persons approving unusual or complex transactions. Service leaders and managers also should ensure that their department's approval authorities are understood and not exceeded. For re-delegations to subordinates, the responsibility for controlling the exercise of the authority re-delegated remains with the manager. Management should also ensure that those who authorize transactions do not record the transactions or have physical custody of the assets.

  6. Verification of Budget Cost Reports

    1. Budgets, plans, and reporting systems should be in place to identify variances and communicate and explain such variances to appropriate management.

    2. Cost reports should be reviewed on a regular and timely basis to detect and report any inappropriate or erroneous charges. Occasionally, charges on cost reports should be test-traced back to confirming, receiving, and/or approved copies of documents.

    3. For work orders, the benefiting organization should review costs for reasonableness and for non-consumables and equipment not required in the work order definition.

    4. For cash disbursements, the initiating organization should ensure that disbursements are in compliance with established policies and procedures, are for value and quality, and that petty cash or special fund disbursements are within the scope and intent of funds. Funds should be kept in a secure location and periodically counted on a surprise basis.

  7. Invoice Verification

    1. The primary responsibility for the validity of an invoice rests with the purchaser. The purchaser’s signature of approval on an invoice signifies the following:

      1. The services covered by the invoices were satisfactorily performed and in conformance with the terms of the contract agreement between the parties.

      2. The quantities, prices, quality, and payment terms are correct as stated in the invoice and the proper accounts are charged to reflect fairly the results of operations.

      3. The payment in process has been checked to determine that payment has not already been made.

    2. Specific responsibility should be assigned for the verification and accuracy of invoices. Employees assigned this responsibility should have access to payment terms as contained in the contract as well as the contract and any amendments and change orders.

    3. The Office should retain records in sufficient detail to easily verify invoices by matching independently prepared documents.

    4. Payments should be made only against original invoices, unless the appropriate person based on authority certifies that the contractor/vendor is eligible for or entitled to an additional payment.

    5. When applicable, final payment should not be approved until the purchaser is satisfied that all materials and services provided by the enterprise are back charged to the contractor.

  8. Materials Ordering and Handling by User Organizations

    1. An underlying control principle is segregation of duties so that no one individual has approval authority over all the activities of ordering, receiving, storing, issuing, and accounting for materials. Points should be designated in the Office to control these activities and procedures implemented to assure that materials are charged to the operating account where the material is used.

    2. Delegations of authority to order materials should be made only to personnel whose positions require it and should be limited to the extent practical. A list of personnel authorized to order materials should be obtained and reviewed periodically. The names of terminated or transferred personnel should be promptly removed.

    3. Access to stored materials should be limited to authorized personnel. Personnel authorized to sign gate passes should be kept to a minimum.

    4. If the size of the operation warrants, perpetual inventory records should be maintained for stored materials.

    5. Confirming copies of documents (e.g. material issues, waybills) should be reviewed promptly upon receipt for validity of transactions. The documents should be retained for later use in verifying costs.

  9. Contract Administration

    1. No contractual or other commitments can be made and no work can be started until a formal contract document is signed. (An exception to this general rule is an emergency situation approved by senior management, which is subsequently formalized by a signed contractual agreement.)

    2. In situations where practical, a specific employee(s) should be assigned the administration of the contract from start to conclusion.

  10. General Services, Technical Services, and Miscellaneous

    1. Maintenance and repair type contracts that are executed with several contractors for the same scope of work require controls over expenditure commitments and work to be done. The employees involved in initiating work requests or monitoring the contractor’s performance should not control the selection of the contractor.

    2. There should be written procedures for certifying the quantity and quality of work done and maintaining performance. Actual work quantities completed should be confirmed according to the originally approved service orders and the invoice, in turn, should be checked against the verified work quantities and the contract payment terms. The employee who certifies the completion of the work or receipt of the service should be someone other than the originator of the service or work order.

    3. The person approving payment should make arrangements to verify performance of the work.

    4. Short-form contracts for repetitive type work should be converted into competitively bid long-form contracts.

  11. Assets

    1. Assure that individual items, pieces of equipment, installations, or facilities are capitalized where appropriate, as required by capital budget procedures. A list of the department's fixed assets should be maintained. Asset records should show the plant numbers and physical location of the assets to facilitate physical inventories and to establish responsibility for custodianship.

    2. Physical inventories of fixed assets that are pilferable and/or mobile should be completed periodically. The principle of segregation of duties entails the separation of responsibilities of asset custody from the asset record-keeping.

    3. Items of equipment charged to expense that are valuable and pilferable (e.g. cameras, test equipment) should be assigned internal control numbers and accounted for by departments in the same manner as is used for fixed assets. If appropriate, a tool check or craftsman inventory system should be used to control issues concerning such tools and instruments.

    4. Management should establish procedures to periodically reconcile accounting records with appropriate physical assets. This should be a two-way reconciliation: all assets are recorded and all recorded assets exist.

  12. Computer Environment

    1. Office policy states that data is an asset. The Office’s service leaders and managers should ensure control procedures are in place to retain and protect this data. The establishment of an active computer security liaison function within a function is an essential control. The following are control practices that should be strictly adhered to:

      1. backup of departmental data should be made on a regular basis;

      2. access to data should be adequately segregated between read-only and ability to enter/change/delete;

      3. access privileges should be suspended on a timely basis when an employee is transferred or terminated; and

      4. passwords should be protected.

    2. The use of information systems for such areas as materials ordering and employee time reporting requires service leaders and managers to review their delegation of authority and supervisory review procedures to assure that departmental controls over these activities are adequate and effective.

Last modified:
2018-03-06