Audit of Shared Services in Regional Offices AU1204

EXECUTIVE SUMMARY

INTRODUCTION

Shared Services Office (SSO) at Natural Resources Canada (NRCan) performs selected corporate functions, including finance, procurement, human resources support services, information technology support services and management operations services such as fleet and building services. These services are located in the National Capital Region (NCR) as well as in five Regions across Canada — Pacific, Prairie & North, Central, Quebec and Atlantic. Each regional organization is managed by a Regional Manager. Functional direction for services delivered in the Regions is provided by SSO Directors of Human Resources Services and Systems, of Information Technology Services, of Finance and Procurement Services, and of Management Operations Services. These functional Directors are located in the NCR. An organization chart for Shared Services in the Regional Offices has been included in Appendix A.

The overall purpose of this audit was to assess the management practices relating to internal support services in the Regional Offices. Specifically, this assessment was intended to provide reasonable assurance that: 

  • SSO support services offered in the Regional offices were compliant with TB and NRCan policies and procedures;
  • SSO support services in the Regional offices were functioning efficiently; and
  • Regional offices’ support services were consistent with KPIs established by the SSO.

The scope of the audit included activities that the SSO is responsible for performing in the Regional offices. The audit did not revisit the resources transferred to the SSO by the Regions and Sectors. The focus of the audit was on the existing services provided by SSO in the Regions. Transactions were sampled from the 2010-2011 fiscal year. Assets that were acquired after 1999 were also included in the audit sample.

Total payments processed for NRCan in 2010-2011 were $4.5 Billion, this was done through 262,613 transactions. Regional Offices reviewed processed approximately $36 Million in payments through 8,435 transactions.

STRENGTHS

SSO staff in the Regions are an integral part of the Regional Management Teams. They meet with management on a regular basis. They provide responsive service to the Sector staff and in all Regions processing times were significantly less than established processing benchmarks. The Regions appeared to be working co-operatively so that workload pressures in one Region were being shared by other Regions.

AREAS FOR IMPROVEMENT

While processes for assets, procurement and accounts payable have been established, Regions were not consistently following these processes. Better documentation is required in contract files to establish a complete documentation trail.

INTERNAL AUDIT CONCLUSION

The Audit Branch can provide reasonable assurance that SSO support services offered in two of the five Regional offices are compliant with Treasury Board (TB) and NRCan policies and procedures, functioning efficiently and meeting the key performance indicators established for accounts payable. Three Regional offices were not consistently following the Account Verification process established by the Department; specifically they were not completing the Account Verification checklist required by NRCan for certain payments. Two Regional offices were not ensuring appropriate delegation of authorities for certifying goods and services received and for contracting. The asset database is not being kept up to date with respect to asset disposals. With regards to efficiency, all Regions were meeting the Key Performance Indicators established by the Department, However, one Region was not following standard processes and was therefore creating inefficiencies in the procurement process.

INTRODUCTION

Corporate Management Services Sector (CMSS) provides Natural Resources Canada (NRCan)  with a systematic, directional and guiding approach to achieve its strategic and operational objectives through leadership in the areas of Finance, Human Resources, Health and Safety and Emergency Management, Information Management, Information Technology, Access to Information and Privacy, and Real Property through the following four primary roles: (1) Ensuring legislative, regulatory, and policy obligations are identified, understood and met; (2) Providing strategic, functional leadership and guidance; (3) Maintaining oversight and compliance monitoring and reporting; and (4) Enhancing corporate decision-making and management practices in response to NRCan business needs.

The Shared Services Office (SSO) reports to CMSS and was established in January 2005. Selected corporate functions, including finance, procurement, human resources support services, information technology support services and management operations services such as fleet and building services,  previously performed within individual sectors were brought together to form the SSO. As well, SSO Regions act as a delivery agent for some of the CMSS policy branches, including Real Property and Environmental Management Division and Security who have no capacity in the Regions. Financial and human resources were transferred to the SSO from Sectors to cover the costs of the shared services activities.

Within the SSO, reporting to the Associate Executive Director, five regional organizations were created — Pacific, Prairie & North, Central, Quebec, and Atlantic. Each regional organization is managed by a Regional Manager. Functional direction for services delivered in the Regions is provided by SSO Directors of Human Resources Services and Systems, Information Technology Services, and Finance and Procurement Services. Functional direction for Management Operations Services is provided by the SSO Associate Executive Director. An organization chart for Shared Services in the Regional Offices has been included in Appendix A.

When the SSO was first established, service agreements were negotiated between the SSO and Sectors. These agreements expired in 2008 and have not been renegotiated. The SSO is in the process of establishing Key Performance Indicators (KPIs) that will report on processing/service times for selected activities. Where applicable these KPIs will include activities carried out in the Regions.

While the number of transactions processed and services provided by the SSO have increased, no additional resources have been transferred from the Sectors. For a few new/short term activities, SSO has received additional funding. Through SSO innovations, some activities have been streamlined in the Regions to help offset budget reductions including Strategic Review and other overall budget reductions. At the time of the audit, SSO had approximately 600 full time staff of which 179 were located in the Regions.

Total payments processed for NRCan in 2010-2011 were $4.5 Billion, this was done through 262,613 transactions. Regional Offices processed approximately $36 Million in payments through 8,435 transactions.

AUDIT PURPOSE AND OBJECTIVES

The overall purpose of this audit was to assess the management practices relating to internal support services in the Regional Offices. Specifically, this assessment was intended to provide reasonable assurance that: 

  • SSO support services offered in the Regional offices were compliant with TB and NRCan policies and procedures;
  • SSO support services in the Regional offices were functioning efficiently; and
  • Regional offices’ support services were consistent with KPIs established by the SSO.

SCOPE AND METHODOLOGY

The audit approach was based on Treasury Board’s Policy on Internal Audit and the Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors and included:

  • a review of relevant background documentation;
  • interviews with key personnel; and
  • the use of statistical and judgemental samples for the review of accounts payable, acquisition cards, procurement and assets.

The scope of the audit included activities that the SSO is responsible for performing in the Regional offices. Where some activities had already been subject to a recent audit, these were excluded. For example, Fleet Services and Staffing were not included in the audit. Where activities are performed centrally and are not unique to the Regional offices, these were also excluded from the audit. For example, ePayment was excluded from the audit.

The audit did not revisit the resources transferred to the SSO by the Regions and Sectors. The focus of the audit was on the existing services provided by SSO in the Regions.

Transactions were sampled from the 2010-2011 fiscal year. Assets that were acquired after 1999 were also included in the audit sample.

Note that the audit focussed mainly on the SSO services in the largest processing site for each Region. Specifically, site visits were as follows:

Region Site Visit
Pacific Pacific Forestry Centre Victoria
Prairie & North Northern Forestry Centre Edmonton, and Geological Survey Edmonton
Central Great Lakes Forestry Centre Sault Ste Marie
Quebec Laurentian Forestry Centre Ste Foy, and Geological Survey of Canada  Quebec
Atlantic Atlantic Forestry Centre Fredericton

CRITERIA

The criteria were developed based on the various types of SSO business activities. Where possible criteria were used from similar audits completed for business activities performed in the National Capital Region. The criteria guided the audit fieldwork and formed the basis for the overall audit conclusion.  Detailed audit criteria are included in Appendix B.

FINDINGS AND RECOMMENDATIONS

COMPLIANCE

Summary Finding

The audit examined compliance for accounts payable, acquisition cards, assets and procurement with TB and NRCan policies and procedures. While there was no evidence of procurement or payments made without invoices and/or receipts, there were instances in one region of non-compliance with FAA Section 34. Three Regions were not always following the Account Verification process established by the Department; specifically they were not consistently completing the checklist required for certain payments. In addition, the asset database is not up to date to reflect disposals.

RISK AND IMPACTFootnote 1
Risk Type Audit Risk Rating Impact
Compliance ModerateFootnote 2 Non-compliance with the Financial Administration Act can result in payments being made that are not authorised.
Monitoring Moderate The NRCan Quality Assurance and Statistical plan for Account Verification requires that high risk transactions are being reviewed in detail. If this is not happening, then high risk transactions are not being properly monitored.
Reporting Moderate If accurate information is not entered into the asset module, the reporting tools will be ineffective which can lead to improperly informed decisions.
Supporting Findings
ACCOUNTS PAYABLE

Processing an invoice for payment requires that a responsible manager certify, by signing the invoice, that goods and/or services were received and that the prices were fair. This is a requirement under Section 34 of the Financial Administration Act and is referred to as certifying FAA Section 34. While each manager is responsible for authorizing FAA Section 34, SSO staff are responsible for ensuring that it has been signed before a payment is made. When a payment is made in excess of $25,000, SSO staff are responsible for ensuring that the person certifying FAA Section 34 has the proper authority through the account verification process. Three of five Regions reviewed did not have any issues with respect to certifying FAA Section 34. All transactions reviewed had been appropriately certified.

One Region had issues where either the certification had not been completed or the person certifying FAA Section 34 did not have the authority to do so. This represented approximately 10% of the 47 transactions statistically randomly selected for review as follows:

  • Four transactions were processed for payment without any FAA Section 34 certification. SSO is responsible for ensuring that all invoices are certified with an FAA Section 34 signature. The total dollar value of these four transactions was approximately $9,725 ; and
  • A fifth transaction was certified by someone who did not have FAA Section 34 authority. This transaction was for $30,000 and should have been identified in the account verification process.

One Region had FAA Section 34 certified at the beginning of the year for certain recurring contractual services such as waste management. The Region considered these “bulk approvals”. The manager would be asked to authorize expenditures at the beginning of the year up to an estimated amount. Each month an invoice was received and paid based on the FAA Section 34 signed at the beginning of the year. The purpose of certifying FAA Section 34 is to confirm that goods and/or services were received and prices are fair. In some instances, mostly due to contractual requirements, FAA Section 34 can be certified and payment can be made in advance of goods and services being received. These payments were not made in advance of goods and services received and there was no contractual requirement to pay in advance.  The Region did only select vendors that had regular monthly payments and where NRCan had ongoing business. TB policy provides certain criteria where payment can be made in advance of FAA Section 34 certification. These vendors would meet the criteria. While this Region could make payments to these vendors in advance of having FAA Section 34 certification, they cannot have FAA Section 34 certification in advance of receiving the goods and/or services.

When a payment is processed, the TB Directive states that:

The spending of public money requires that integrity, accountability and transparency are maintained to a high standard. This requires the establishment of responsible account verification processes that maintain sound stewardship of financial resources. As part of the account verification process, transactions are reviewed for accuracy such as ensuring that the payment is not a duplicate, that discounts have been deducted, that any charges not payable have been removed and that the amount has been calculated correctly.Footnote 3

NRCan has a Quality Assurance and Statistical Plan for account verification. This plan establishes 3 levels of risk for transactions. A sample of low and medium risk transactions are reviewed in detail after the payment has been processed for accuracy, but high risk transactions must be reviewed for accuracy prior to the payment being released. In order to facilitate this process, an account verification checklist has been established for use by SSO staff in the review of high risk transactions. This includes payments greater than $25,000, international travel and conference fees. The checklist documents steps that the reviewer has taken prior to releasing the payment including confirmation that the FAA Section 34 has the appropriate authority and documentation accompanies the invoice to support the payment. Because these payments are not included in the statistical sample for account verification, the checklist is an important part of the control process because it ensures that the payment is not released with out the appropriate documentation and authority.

SSO staff in three Regions were not consistently using the checklist to review high risk transactions.

  • one Region was not using it for transactions greater than $25,000 and for conference fees;
  • one Region was not using it for conference fees; and
  • one Region was not using it for international travel.

Without the checklist being completed it is difficult to confirm whether account verification has taken place.

ACQUISITION CARDS

Acquisition cards are charge cards that provide a convenient and practical method of procuring and paying for goods and services while maintaining financial control. They simplify the process of procuring and paying for goods and services thereby generating savings in procurement and expenditure processing.Footnote 4 NRCan staff can only process payments up to $5,000 with the acquisition card.

The audit sample only included transactions from acquisition cards held by SSO staff in the Regions. Regional SSO staff are using acquisition cards for low dollar value transactions. In all cases supporting documentation was readily available and attached to the invoice or filed by vendor.

NRCan receives one invoice for the entire Department that is paid by SSO in Ottawa. This payment is made prior to FAA Section 34 certification. This meets the TB criteria that allows some payments to be made in advance of FAA Section 34 being certified. Each acquisition cardholder receives an electronic invoice and is required to consolidate all supporting invoices and ensure that FAA Section 34 is certified. SSO acquisition cardholders in one Region did not have an adequate process in place to ensure FAA Section 34 was certified. Out of 48 transactions reviewed for SSO cardholders in this Region:

  • 12% did not have any signature to certify FAA Section 34; and
  • 44% had signatures and while it is assumed that these were FAA Section 34 certification it was not clear that the signatures were confirming that goods and or services were received and that prices were fair.

Four Regions were doing an excellent job in having FAA Section 34 certified on acquisition card transactions. One Region had a good practice for certifying FAA Section 34 for acquisition cards. Purchases were recorded throughout the month on a worksheet and as goods and/or services were received and invoices were received the responsible manager certified FAA Section 34 on the worksheet.

ASSETS

NRCan uses a database to record and track all assets greater than $1,000. A new financial system was implemented in April 2011 and only assets acquired after 1999 were transferred to the new system. In selecting the audit sample and completing the review of assets, the audit team included only assets acquired after 1999. Across the Regions, between 6% and 39% of assets from the audit samples could not be physically verified. The main reason for not being able to find assets was that SSO staff were not updating the system to reflect the disposal of assets. In many cases SSO had the disposal documentation on file but had not updated the data base. In other cases SSO staff were not aware that the Sector had disposed of the item. The audit team did note some instances where equipment was not on site and the database had not been updated to reflect the location change or the change in custodian.

It should be noted that only one asset valued at more than $10,000 could not be located. All other assets not located were valued at less than $10,000 as follows:

Dollar Value of Assets not Located Number of Assets
$0 - $999.99 1
$1000 - $4999.99 25
$5000 – $9,999.99 3
$10,000 and Greater 1
PROCUREMENT

All Regions were using e-Procurement. This is a requirement and it seems to be working well. Before the procurement process can begin, the responsible manager must confirm that funds are available to pay for the goods or services being purchased. This is consistent with Section 32 of the FAA (FAA Section 32 certification). The e-Procurement system does not assign a procurement request to SSO procurement staff unless Expenditure Initiation has been provided.

As the Audit Branch had just completed two audits of procurement that included the Regions, the audit team selected only a small judgemental sample of procurement transactions from each Region. The findings in this audit were consistent with the findings in the previous audits. No recommendation will be made for missing documentation because the recommendation has already been made in the Audit of Contracting for Professional Services.Footnote 5

There are specific requirements with respect to who can sign a contract on behalf of the Government of Canada. While certain positions have delegated authorities assigned to them, these authorities are based on their Specimen Signature Record.Footnote 6Only those staff with approved delegated contracting authority can sign contracts and even these individuals are limited to the dollar value that they can authorize.

One Region had two individuals sign contracts when neither possessed the required delegated authority. Both staff people were working or acting in a contracting position that was approved to authorize contracts however the formal contracting authority had not been delegated through the Specimen Signature Record. The audit team reviewed 34 procurement transactions in this Region and noted that 18% of these were contracts were signed before the staff had received their formal delegated contracting authority.

RECOMMENDATIONS
  1. Atlantic, Pacific and Prairie & North Regions should ensure that they are consistently using the Account Verification checklist as required for high risk transactions.
  2. Pacific should follow existing NRCan policies in order to ensure that:
    1. All  payments are made with an FAA Section 34 certification; and
    2. The delegated authority of the person certifying FAA Section 34 is confirmed before payment is issued for high risk transactions.
  3. Pacific Region should cease the use of certifying FAA Section 34 for recurring contractual services before the services are received.
  4. SSO Corporate should ensure that all Regions consistently follow the NRCan policies and procedures for asset disposal.
  5. SSO Corporate should ensure that procurement contracts issued by SSO procurement are only authorized by staff with the formal delegated authority.
MANAGEMENT ACTION PLAN AND TIME FRAME

1. Management concurs with the findings.

Regional Financial Officers have reviewed the procedures pertaining to checklists and the related policies, and will ensure that the appropriate and current account verification checklist is attached to payment documents where applicable.

Completed October 30, 2011

SSO has centralized (at the Invoice Payment Centre in Sherbrooke) the payment of all supplier invoices linked to a Purchase Order. 

Completed April 30, 2011

Payment for all Travel Claims will be centralized by April 30, 2012.  The transition to centralized payment has already begun with the announcement of the new standard payment process in January 2012.

April 30, 2012

All other payments such as Grants and Contributions, Supplier payments not linked to a Purchase Order and other employee reimbursement will be centralized and standardized by June 29, 2012.

June 29, 2012

2. Management concurs with the findings.

a) The Regional Finance Managers will return to the funding manager—or escalate—any invoice without a wet signature, not dated and/or not noted as being pursuant to Section 34 of the FAA.
October 31, 2011

b) Regional Finance Managers have instructed the appropriate financial staff to perform the mandatory manual verification of the Specimen Signature Record (SSR) module as a means to ensure Section 34 signatories have the appropriate delegated authority for transactions that are not processed through ePayment.

September 30, 2011

SSO Finance Services will send a communication by May 15, 2012, to managers of levels 3 through 5 delegation of financial signing authority, to remind them that they are responsible for ensuring:

  • they have proper and valid FAA Section 34 authority prior to signing Section 34 on payment requests
  • their valid SSR is completed and activated (i.e. formal delegation of financial signing authority)

April 30, 2012

SSO Finance Services will follow-up with managers where non-compliance is identified and take appropriate action, e.g. removal of delegated authorities.

May 15, 2012

3. Management concurs with the findings.

The use of blanket Section 34 forms has ceased effective September 23, 2011. All monthly or reoccurring payments are required to have a Section 34 wet-ink signature and date. Finance staff in all Pacific Region sites have been advised in writing, and have confirmed their understanding.

September 30, 2012

4. Management concurs with the findings.

SSO will implement processes and procedures to ensure that the disposal of assets is properly documented (including regions). SSO has drafted comprehensive NRCan Assets Management Processes & Procedures designed to provide uniform protocols to SSO Asset Management employees across the department (i.e. including regions). All Asset Management employees will be required to confirm in writing their acknowledgement of the processes and procedures.

March 30, 2012

Procedures on the intranet site and the related business process map (see appendix B) will also be updated to ensure that NRCan managers understand their responsibilities in the Asset Disposal process.

April 30, 2012

5. Management concurs with the findings.

A process was implemented on April 1, 2011 that prevents SSO-Procurement staff from approving procurement contracts if such staff do not have the appropriate delegated authority. This SAP process was reviewed over the course of the Felix Implementation Audit. As of February 7, 2012, all SSO-Procurement employees are required as part of this process to acknowledge their responsibilities in order to be a delegated contracting authority.

Completed February 7, 2012

EFFICIENCY

Summary Finding

Regions are using the tools available to them to ensure that operations are completed in an efficient manner. One Region was creating inefficiencies by requiring the use of Local Purchase Orders (LPOs) for low dollar value items purchased on the acquisition card.

Supporting Findings
PROCUREMENT

All regions are using e-Procurement to streamline procurement requests. Regions are using acquisition cards as an alternative to LPOs. Regions have been working together to help each other out with procurement backlogs due to volume or absences.

Four Regions had an average of 175 procurement transactions less than $25,000 in fiscal year 2010-2011. One Region had 1,191 procurement transactions less than $25,000 in that same year. The SSO procurement staff in this Region required an LPO for all procurement transactions; even those made through the acquisition card. This was not consistent with the NRCan or TB policies that promoted the use of acquisition cards as a convenient and more practical way of procuring low dollar value items.

Fifty-one percent of the acquisition card transactions reviewed had an LPO issued for the purchase. Issuing an LPO required that the manager make the request using e-procurement. This required substantial documentation for the purchase. It also required that a procurement person create the LPO and sign it. An LPO for a low dollar value amount required the same amount of time as required for an LPO for higher dollar value items.

A new financial system was implemented at NRCan in April 2011. This system eliminated this practice because LPOs are generated through the system and they cannot be generated for acquisition card transactions.

INFORMATION TECHNOLOGY

Staff in the Regions are using the SSO IT Help Desk. The use has been increasing consistently over the past two years. While some systems IT staff are still receiving requests for service directly, they are encouraging staff to officially record the request for assistance afterwards and in some situations they record the request themselves.
Shared Services Canada has been established to manage IT resources more effectively, to eliminate duplication and allow government to achieve a more efficient and cost-effective way of providing services, while ensuring best value for Canadian taxpayers. It also allows departments and agencies to focus on their core programs, instead of focusing on managing their IT infrastructure.As the planning for this initiative was starting at the same time as this audit, a decision was made to limit the review of IT services in the Regions to use of the IT Help Desk and obtaining some understanding of the responsibilities between SSO IT staff and Sector IT Staff.
Regions have both SSO IT staff and Sector IT staff with the exception of one Region that has only SSO IT staff. There appears to be a split between the duties of SSO vs Sector IT staff, but it is not always the same in each Region. In interviews, staff were not concerned about the difference in responsibilities. It would appear that together, both parties ensure that Regional IT requirements are being met.

COMMUNICATION
  • Communication between a central location and Regional offices is often an issue and it is no different at NRCan.  Regional SSO staff have struggled with making contacts with functional areas (i.e. HR, Finance, IT) located in the NCR and often feel that information is not shared with them on a timely basis.  
  • The SSO organization has implemented Regional Working Groups that have been helpful in resolving issues and finding ways to work more efficiently. There are working groups for Facilities, IT, Procurement, Human Resources and Finance.  Each working group is lead by a different SSO Regional Manager. 

NO RECOMMENDATION

KEY PERFORMANCE INDICATORS

Summary Finding

The SSO has established a Key Performance Indicator (KPI) target of 10 days for supplier payments and travel. All Regions process transactions in significantly less time, on average 5.2 days. The KPI for simple acquisitions is 7 days. On average the KPIs for the transactions sampled for the Regions was calculated at 6.3 days.

RISK AND IMPACT
Risk Type Audit Risk Rating Impact
Monitoring Minor Failure to monitor key performance indicators may result in delays in Regions to complete work and thus prevent a program from meeting its objectives.
Supporting Findings

One of the key recommendations in the 2008-2009 Audit of Shared Services Management Practices was to “review current service standards to determine their on-going applicability and, if required, take appropriate actions to ensure that core standards are easily understood and are measurable and that actual performance against the standards is monitored and reported.”Footnote 8

SSO implemented several KPIs including one for accounts payable and one for procurement. Both have been measured for transactions in the NCR but there has never been any measurement of how the Regions were doing. The audit team was able to calculate the KPI for accounts payable for each region. On average the KPI was 5.2 days and ranged form 2.1 days to 7.3 days.

The KPI for procurement is calculated based from the date the manager authorized the procurement (this is considered the receipt date) until the SSO issues the contract. Simple Acquisitions are defined as procurement for the following:

  • Services under $5,000;
  • Goods under $25,000; and
  • Call-ups against existing standing offers.

The KPI for simple acquisitions is 7 days. On average the KPIs for the transactions sampled for the Regions was calculated at 6.3 days however not all receipt dates were available. The SSO has calculated the procurement KPI for the NCR in the past but it has not completed the calculation for the Regions.

While SSO has not calculated KPIs they have been monitoring workload and making shifts between Regions and the NCR where necessary in order to ensure work is getting done on a timely basis. Establishing KPIs and monitoring them regularly would be a more pro-active approach and ensure objectivity when shifting workloads.

RECOMMENDATION

6. SSO Corporate should calculate KPIs for the Regions and use this information to objectively monitor workloads and make adjustments where necessary.  

MANAGEMENT ACTION PLAN AND TIME FRAME

6. Management concurs with the findings.

As part of SSO’s commitment to ensure that the KPIs are being met, employee data will be used to monitor individual productivity by region.

SSO will share the KPI data with its Regional personnel on an ongoing regular basis as a matter of normal operating protocol.

March 30, 2012

APPENDIX A – SSO ORGANIZATION CHART

APPENDIX  A – SSO Organization Chart

APPENDIX A – SSO Organization Chart

APPENDIX A SHARED SERVICES OFFICE – INNOVATION IN SERVICE

Appendix A is a diagram of Shared Services Office (SSO) as it is implemented in the Regions. The Diagram identifies the 5 Regions, Pacific, Prairies and North, Central, Quebec and Atlantic. Each Regional Manager reports to the Associate Executive Director of the SSO, who in turns works with CMSS Corporate Branches and SSO Functional Directors to address Regional issues.

In addition each Regional Manager is considered a Regional Functional head for a specific line of business as follows:

  • Pacific Regional Manager is the Functional Head for Procurement and Management Services;
  • Prairies and North Regional Manager is the Functional Head for Human Resources Management Services;
  • Central Regional Manager is the Functional Head for Property and Facility Management Services;
  • Quebec Regional Manager is the Functional Head for Financial Management Services; and
  • Atlantic Regional Manager is the Functional Head for Information Technology Management Services.

The Diagram shows that each Region is made up of several office locations and each location offers various functional services.

Pacific Region has the following locations and services:

  • Victoria offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services;
    • Information Technology Management Services; and
    • Health/Safety/Security and Environmental Management Services.
  • Sidney offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Vancouver offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.

Northern and Prairies Region has the following locations and services:

  • Edmonton offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Calgary offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Devon offers:
    • Procurement and Management Services; and
    • Financial Management Services.
  • North offers:
    • Information Technology Management Services.

Central Region has the following locations and services:

  • Sault Ste Marie offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services;
    • Information Technology Management Services; and
    • Health/Safety/Security and Environmental Management Services.
  • Hamilton services are to be determined.

Quebec Region has the following locations and services:

  • Ste Foy offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services;
    • Information Technology Management Services; and
    • Health/Safety/Security and Environmental Management Services.
  • Quebec City offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Sherbrooke offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Varennes offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.

Atlantic Region has the following locations and services:

  • Fredericton offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Property and Facility Management Services;
    • Financial Management Services;
    • Information Technology Management Services; and
    • Health/Safety/Security and Environmental Management Services.
  • Dartmouth offers:
    • Procurement and Management Services;
    • Human Resources Management Services;
    • Financial Management Services; and
    • Information Technology Management Services.
  • Corner Brooke services are offered through Fredericton.

APPENDIX B – AUDIT CRITERIA

Objective Criteria
SSO support services offered in the Regional offices are compliant with TB and NRCan policies and procedures.
 Accounts Payable There is a segregation of duties between the person who inputs the invoice and the person who completes FAA Section 33. Invoices are not processed without proper FAA Section 34 Authority. Payments are not processed without the proper supporting documentation.
Assets Inventory items are recorded and monitored. When assets are disposed of the appropriate systems are updated.
Acquisition Cards Where SSO uses acquisition cards as a payment tool the supporting documentation is on file. Where SSO uses the acquisition card as a procurement tool the appropriate supporting documentation is on file. SSO staff reconcile acquisition cards on a monthly basis.
Procurement The appropriate procurement tool is used for procurement.
SSO support services in the Regional offices are functioning efficiently.
  The volume of work for accounts payable/procurement and IT is evenly distributed among Regional staff. There are no duplicate of efforts when providing support services specifically with respect to IT (Sector vs SSO IT staff) and procurement. Facility Staff monitor and manage incident to ensure the health and safety of Occupants. Where Hazardous waste removal is required appropriate policies and procedures are in place. Financial records are properly stored and easily accessible.
Regional offices’ support services are consistent with KPIs established by the SSO.
Finance Processing Time for supplier payments meet KPI.
Procurement Average time to complete simple requests meet KPI.

APPENDIX C – STANDARD RISK TYPES AND AUDIT RATINGS

Standard Risk Types

Our standard risk types are classified based on the COSOFootnote 9 Internal Control-Integrated Framework as follows:

Strategy – High-level goals, aligned with and supporting the Department's mission.
Operations – Effective and efficient use of resources.
Monitoring – Accurate assessments or evaluation of activities.
Reporting – Reliability of operational and financial reporting.
Compliance – Compliance with applicable laws, regulations, policies and procedures.

Standard Audit Risk Ratings

Audit findings are rated as follows:

Major: A key control does not exist, is poorly designed or is not operating as intended and the related risk is potentially significant. The objective to which the control relates is unlikely to be achieved. Corrective action is needed to ensure controls are cost effective and/or objectives are achieved.

Moderate: A key control does not exist, is poorly designed or is not operating as intended and the related risk is more than inconsequential. However, a compensating control exists. Corrective action is needed to avoid sole reliance on compensating controls and/or ensure controls are cost effective.

Minor: A weakness in the design and/or operation of a non-key process control. Ability to achieve process objectives is unlikely to be impacted. Corrective action is suggested to ensure controls are cost effective.