Continuous Auditing of Core Controls Annual Report for 2012-13

Introduction

This report presents the results of the continuous auditing activities by Natural Resources Canada’s Audit Branch (AB) on transactions that occurred in 2012-13. The report is the first annual assurance report focused on AB’s continuous auditing activities of core controls.

Why This Is Important

Continuous auditing is a methodology or a framework that uses automated tools (for data extraction and analysis), combined with audit testing procedures to provide assurance on financial and non-financial data of an organization through a narrow scope in a specific area in a real-time or near real-time environment.

Continuous auditing enables auditors to report on subject matter within a much shorter timeframe than under the traditional auditing model. The ability to provide Management with real-time auditing on the functioning of core controls and on financial transactions can significantly enhance internal controls.

Accomplishments This Year

With support from the Deputy Minister, Senior Management and the Departmental Audit Committee (DAC), AB has initiated the implementation of an effective and sustainable continuous auditing capacity for NRCan in 2012-13^Footnote1. The capacity in this area will be maintained and the nature and scope of testing will evolve over time.

Activities for 2012-13 transactions focused on identifying potential control issues related to high-risk financial processes and gradually introducing ongoing testing of transactions related to these processes. Accordingly, five processes have been identified in the Departmental 2013-16 Risk-Based Audit Plan to be assessed through continuous auditing: Acquisition Cards, Supplier Payments, Contracting, Travel and Hospitality and Payroll.

Continuous auditing testing has been introduced on three of these five key processes for 2012-13 transactions: Acquisition Cards, Supplier Payments and Contracting. Findings/observations resulting from these tests were provided to Management in order to assist them with improving existing control mechanisms. Findings/observations were also presented to DAC along with Management Response and Action Plans on how to address them.

Directly complementing continuous auditing activities undertaken by AB, Management was engaged in continuous monitoring of these same processes during the year. Combined efforts by both AB and Management will result in improvements to control processes and correction of any errors detected in a timely fashion.

Key Findings and Recommendations

The audits found that the internal controls associated with these three processes (Acquisition Cards, Supplier Payments and Contracting) are, for the most part, working, as intended. Some areas have been identified for further improvement. The following summarizes the key findings and conclusions for each process audited:

Contracting

Overall, transactions reviewed were in compliance with Treasury Board (TB) and NRCan policies and procedures. Monitoring and reporting activities can be further strengthened with regards to the data input/coding for the solicitation process for contracts between $5,000 and $25,000 and with regards to the data extraction procedures from SAP for reporting purposes. Contract file documentation can be further improved through the use of documented procedures and additional training.

Acquisition Cards

The majority of transactions reviewed were in compliance with TB and NRCan policies on Acquisition Cards and were supported by adequate controls to monitor acquisition card transactions. The controls over the use of acquisition cards could be improved by strengthening the timely certification of FAA Section 34.

Supplier Payments

Key controls for managing payments to suppliers have been established and documented by Management. Documentation related to the FAA Section 33 account verification process should be improved by updating the department’s Quality Assurance and Statistical Plan to reflect current practices. Management should ensure the procedures are well understood and adhered to. Quality assurance process for high risks transactions should be monitored.

As part of the continuous auditing activities, Management received detailed recommendations on a periodic basis from AB, with respect to improvements in internal controls.

Management Response

Management has developed action plans to address the detailed recommendations. AB will continue to follow-up on the implementation of the management action plans.

Management is also committed to maintain its own continuous monitoring activities, in a timely matter, to complement AB’s continuous auditing activities.

Conclusion

The Audit Branch can provide reasonable assurance that the majority of transactions reviewed for 2012-13 for the three processes selected (Acquisition Cards, Supplier Payments and Contracting) were in compliance with TB and NRCan Policies.

Considering the fact that Management has responded with timely action plans to address the issues noted in these three processes, and that, in most cases, issues were corrected immediately, the Audit Branch assesses the residual risks to be low.

Conformance with Professional Standards

The three continuous audit projects presented in this report were conducted in accordance with the Government of Canada Standards for Internal Audit.

Strategic Direction – Going Forward

Audit Branch’s long-term vision is to transition from testing of the transactions to providing additional assurance on core controls. The coverage on core controls will be further expanded to include not only financial areas but also operational areas in a 2 - 3 year timeframe. Ultimately, the assurance we will provide on core controls will support Senior Management’s decision-making process.

In closing, this long-term vision aligns well with the Audit Branch’s overall vision of being a strategic business partner of NRCan Senior Management, while maintaining its independence. I would also like to thank our Deputy Minister, DAC members, and Senior Management for their support, and AB team for making it happen.

Christian Asselin, CPA, CA, CMA, CFE
Chief Audit Executive
Audit Branch, Natural Resources Canada