Audit of Acquisition card management

 

Alternative format

PDF Version (381 KB)

Prepared by: Office of Audit and Evaluation, National Research Council Canada

Approval: This report was approved by the NRC's President on January 21st, 2018

ISBN: 978-0-660-29386-8

Acronyms and Abbreviations

AP Accounts Payable
CBI Research Centres, Branches, and IRAP
FAA Financial Administration Act
FMD Financial Monitoring Division
FPS Finance and Procurement Services Branch
GL General Ledger
IRAP Industrial Research Assistance Program
MAP Management action plans
PSPC Public Services and Procurement Canada
SAP Specified audit procedures
TB Treasury Board
TBS Treasury Board Secretariat
 

Executive Summary and Conclusion

Background

Acquisition cards provide a convenient and practical method of procuring and paying for goods and services while maintaining financial control. When used appropriately, they are a cost-efficient method to execute low-dollar value purchases and pay for day-to-day expenses in support of operations. The Financial Administration Act (FAA), the Treasury Board (TB) Contracting Policy, the Treasury Board Secretariat (TBS) Directive on Payments, and the NRC Acquisition cards policy provide the guidance with regards to the intent and proper use of acquisition cards.

In calendar year 2017, there were 423 acquisition cards used within Research Centres, Branches, and IRAP (CBIs). During this period, 26,931 transactions were processed, amounting to $18.2 M and representing approximately 9 % of all NRC operating expenditures in fiscal year 2017 to 2018.

The objective of this audit was to provide NRC Senior Management with independent assurance that the key management controls relating to the initiation, planning, execution and recognition of acquisition card expenses have been implemented as designed and that these are working as intended.

Based on a targeted sampling approach using data analytics to identify high-risk transactions, the audit examined CBI acquisition card usage between January 1, 2017, and December 31, 2017. Specifically, the audit sought to confirm that:

  • transactions were approved by an individual with the appropriate delegated financial signing authority in accordance with sections 32 and 34 of the Financial Administration Act (FAA);
  • supporting documentation is in order and available upon request;
  • expenditures were coded appropriately in the financial system and were in conformance with the TB Directive on acquisition cards purchases as well as the NRC's Acquisition cards policy; and
  • acquisition cards were used in conformance with the Treasury Board (TB) Contracting Policy and the NRC's internal limits and/or authorization controls.

It should be noted that the targeted sampling approach used does not allow for an extrapolation of the audit results to the entire population of transactions.

Strengths

Policy and guidelines relating to the management and use of acquisition cards have been developed and communicated. These are well defined and are consistent with Treasury Board Policies and Treasury Board Secretariat Directives. Accounts Payable (AP) and the Financial Monitoring Division (FMD) within the Finance and Procurement Services Branch (FPS) performs oversight and monitoring activities, in alignment with the NRC's approved (Transaction) Sampling Plan.

Areas for Improvement

While we observed that key internal controls are working as intended, we found that opportunities exist to reinforce policies, procedures, and responsibilities through communication to cardholders and their managers to enhance ongoing compliance. We also found that procedures could be improved to detect additional potential non-compliance through enhanced use of data analytics, strengthened information management, and consistent reporting of cardholder non-compliance.

Recommendations

  1. The Vice President, Corporate Services and Chief Financial Officer should:
    1. reinforce standard procedures and best practices on the use of acquisition cards, communicate these to managers and cardholders to ensure awareness;
      [Priority: Moderate]
    2. enhance the use of data analytics to ensure compliance with Treasury Board Secretariat and NRC Standards with regards to potential transaction splitting and to detect the use of acquisition cards while on leave.
      [Priority: Moderate]
  2. The Vice President, Corporate Services and Chief Financial Officer should update card cancellation procedures to ensure supporting documents are retained for inactive cards in accordance with the Treasury Board Secretariat Guide to Delegating and Applying Spending and Financial Authorities, and communicate updates to responsible individuals.
    [Priority: High]
  3. The Vice President, Corporate Services and Chief Financial Officer should ensure the consistent application of the tracking and reporting of compliance infractions with clear standards and rules for taking appropriate progressive corrective actions in a timely manner.
    [Priority: Moderate]
  4. The Vice President, Corporate Services and Chief Financial Officer should ensure that cardholder information within the acquisition card database is consistently recorded and accurate.
    [Priority: Low]

Audit Opinion and Conclusion

In my opinion, as Chief Audit Executive, the NRC has established policies and procedures and has implemented business controls for the use of acquisition cards that are consistent with federal policies and legislation, and support the application of required financial controls. While the acquisition card program is in compliance with the Treasury Board Secretariat Directive on Payments (Appendix B) and the NRC Acquisition cards policy, improvements are needed, as set out in this audit report below.

Statement of Conformance

In my professional judgment as Chief Audit Executive, the audit conforms to the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing (IIA Standards) and the Code of Ethics, as supported by the results of the Quality Assurance and Improvement Program.


Alexandra Dagger, CIA, Chief Audit Executive

Acknowledgements

The audit team would like to thank those who collaborated in this effort to highlight the NRC's strengths and opportunities for improvement as they relate to this audit project.

1.0 Introduction

Government acquisition cards are charge cards used by employees of the Government of Canada for low value and day-to-day expenses in support of operations. Acquisition cards simplify the process of procuring and paying for goods and services thereby generating savings in procurement and expenditure processing while maintaining financial control. Procurement through acquisition cards is also subject to the requirements of contracting policies and various laws, regulations, trade agreements and comprehensive land claim agreements, as applicable.

Continuous auditing provides enhanced oversight and ongoing assurance on specific management processes and controls deemed to be more at risk, by leveraging the use of repeatable and sustainable data analytics. It provides management with information on the state of key controls related to financial and non-financial processes in a near real time manner. As such, continuous audits serve as an efficient way to enhance the internal control processes within an organization.

During NRC's annual risk-based audit planning exercise, consideration is given as to whether a continuous or regular audit is the most effective approach for providing assurance. In this case, based upon the inherent level of risk associated with acquisition cards and their use, it was determined that data analytics would be used to support monitoring activities using a continuous audit approach.

As such, the objective of this audit was to provide NRC Senior Management with independent assurance that the key management controls relating to the initiation, planning, execution, and recognition of acquisition card expenses have been implemented as designed and are working as intended.

2.0 Background and Context

In June 2014, the NRC's Finance and Procurement Services Branch implemented the NRC's acquisition card policy and procedures, with updates in October 2017, consistent with Treasury Board (TB) Policies and Directives. At the NRC there are 2 types of acquisition cards used. These are:

  • Acquisition cards used within Research Centres, Branches, or IRAP (CBIs), and Acquisition cards used by the Procurement Officers within the Finance and Procurement Services Branch (FPS Buyers).

FPS Buyer cards were not examined as part of this audit but rather in a separate audit of procurement and contracting to be completed this fiscal year. In calendar year 2017, there were 423 active CBI cards with 26,931 transactions amounting to $18,240,806 (Figure 1). In March of 2017, acquisition card spending increased by more than double of the average monthly spending (Figure 2). The majority of this variance was attributed to CBI card usage, which had a 213 % increase from the average monthly amount. We noted that increased pressure to spend budgets at fiscal year-end was one of the main contributing factors behind this increase. This gives rise to a financial management and reporting risk related to paying for goods before goods have been received and/or operational risks due to unnecessary purchases for goods or services.

Figure 1: Acquisition cards spending across Calendar Years (CY)

Figure 1: Acquisition cards spending across Calendar Years (CY)
Long description of Figure 1: Acquisition cards spending across Calendar Years (CY)
Card Type CY2015 CY2016 CY2017
CBI Cards (095) $17,441,847 $17,111,182 $18,240,806
FPS Buyer Cards (041) $2,949,780 $2,525,479 $2,655,743
 

Figure 2: Acquisition cards spending

Figure 2: Acquisition cards spending
Long description of Figure 2: Acquisition cards spending
Month FPS Buyer Cards CBI Cards
Jan $212,742.06 $1,632,388.37
Feb $401,073.55 $1,785,848.73
Mar $346,512.88 $3,243,992.16
Apr $68,171.37 $912,154.06
May $191,053.68 $1,334,278.04
Jun $198,620.87 $1,363,627.65
Jul $177,379.33 $1,214,339.15
Aug $229,914.50 $1,244,536.58
Sep $197,952.45 $1,384,614.50
Oct $210,773.49 $1,529,091.60
Nov $209,820.11 $1,376,459.90
Dec $211,729.01 $1,224,213.31
 

Approximately 9 % of all relevant operating expenditures Footnote 1 in fiscal year 2017 to 2018 were paid through an acquisition card.

3.0 About the Audit

The purpose of the NRC's internal audit function is to provide assessments, independent from line management, on the effectiveness of the NRC's risk management, control and governance processes and to report on results.

Assurance for this audit was obtained through a combination of continuous auditing activities performed by Internal Audit to independently evaluate the state of the governance, risk management, and control processes, including monitoring activities performed by NRC management for the area under examination.

Objective

The objective of this audit was to provide NRC Senior Management with independent assurance that the key management controls relating to the initiation, planning, execution, and recognition of acquisition card expenses have been implemented as designed and that these are working as intended.

Scope

The audit of Acquisition card management examined CBI acquisition card transactions that occurred between January 1, 2017, and December 31, 2017. Procurement Officers within the Finance and Procurement Services Branch (FPS Buyer cards) were not examined as part of this audit but rather in a separate continuous audit of procurement and contracting to be completed this fiscal year.

Based upon the inherent level of risk associated with the use of acquisition cards, it was determined that data analytics would be used to conduct this audit in a way that supports NRC's ongoing financial monitoring activities as well as NRC's continuous audit regime, focusing on risk and compliance.

Approach / Methodology

Unlike the traditional audit approach to sampling, where only a sample of a population of transactions is examined to measure control effectiveness or operational performance, our audit used data analytics to examine every transaction between January 1, 2017, and December 31, 2017. Based on this examination, a targeted sample of 138 high-risk transactions were selected for further review as part of the audit.

The audit approach also included documentation review, interviews, developing and performing analytical test (i.e. developing and programming automated tasks that form reusable scripts) against pre-defined criteria.

The audit was conducted in accordance with the Institute of Internal Auditors (IIA) Standards and the TB Policy on Internal Audit and related policy instruments. The criteria (Appendix B) were derived from relevant policies, directives, and guidelines.

4.0 Audit Findings and Recommendations

Policies and procedures for the management of NRC acquisition cards are consistent with the Treasury Board Secretariat Directive on Payments, including the Standard on Acquisition Cards Payments. The key financial controls are summarized below:

  1. Cardholders are responsible for reconciling their transactions and inputting financial coding on a financial dashboard within 20 days of a purchase.
  2. Managers review this dashboard along with supporting documents, and sign and date under Section 34 of the Financial Administration Act (FAA), attesting to the receipt of goods and services as described.
  3. The approved dashboard is then sent to Accounts Payable (AP) for a review of transactions that have been deemed sensitive.
  4. AP performs an analytical review to identify purchases not permitted under relevant policies, directives, and guidance.
  5. Finally, AP validates the authority of the individual managers' Section 34 authorizations and loads the information into SAP.

The NRC's Financial Monitoring Division (FMD) employs data mining techniques and performs statistical sampling of acquisition card transactions on a post-payment basis, in accordance with the NRC (Transaction) Sampling Plan. As noted above, our audit used data analytics to examine every transaction between January 1, 2017, and December 31, 2017. Based on this examination, a targeted sample of 138 high-risk transactions were selected for further review. Out of the 138 transactions examined, we found 67 % were free from critical errors. The percentage breakdown of compliance by criteria examined is provided in Figure 3. We considered a critical error to have occurred if (a) a valid approval or supporting documents are missing, or if (b) a payment is deemed non-compliant with Treasury Board or NRC policies, such as transaction splitting where a contract would have been required to be in place. For a summary of critical errors observed, please see Figure 4.

Figure 3: Results of the Acquisition Card Sample

Figure 3: Results of the Acquisition Card Sample
Long description of Figure 3: Results of the Acquisition Card Sample
Criteria % Compliance
Compliance with Acquisition Card Standards 91%
Certification Authority (FAA Section S34) 93%
Compliance with Contracting Policies 82%
Reliable Financial Coding 96%
 

Figure 4: Summary of critical errors found

  Common critical errors observed Number of cases (138)
A. Sharing or not securing acquisition card (4.1.1) 1
B. Inconsistent with policies (4.1.2 & 4.1.3) 13
C. Inappropriate FAA certification (4.2.1) 3
D. Missing supporting invoices/receipts on file (4.2.2) 7
E. Evidence of purchase splitting (4.3.1) 21
F. Inappropriate procurement process (4.3.2) 5
G. Financial coding issues (4.4.1) 5

4.1 Compliance with acquisition card policies and procedures

Summary Finding

The majority of the 138 transactions examined were valid. However, we found 13 instances of non-compliance with the Treasury Board Secretariat Directive on Payments and the NRC's Acquisition Card Policy and related guidance.

We expected to find that transactions were compliant with government and NRC policy regarding acceptable use, such as ensuring that the card and card information is kept secure at all times, and are not used for purchasing restricted goods and services.

Observation

4.1.1 Securing acquisition cards

NRC's Acquisition Card Policy states that the cardholder must ensure that they are "the only one who uses the card" and that their card be "kept in a secure location at all times". As part of our analysis, we matched cardholder leave data (e.g. when an employee was recorded as being on vacation or on travel status) to acquisition card use. We observed that 4.33 % of NRC acquisition card transactions in 2017 (i.e. 1,259 transactions valued at $1.1 Million) were executed when cardholders were reported to be on leave or away due to business-related travel. Of the 1,259 transactions, we selected 26 transactions in detail and found that they were valid purchases and in the interest of the NRC. However, there is a risk that these transactions were made by non-cardholders who had access to the acquisition cards while cardholders were out of the office, or that cardholders shared their card information, or brought their cards on leave or travel, thus failing to keep their cards in secure locations. In fact, we did note one instance among the transactions examined where a cardholder provided their card number to a colleague to make a purchase. Based on these results, and the insight that a deeper analysis of these transactions could provide, the detailed analytical tests developed for this audit (i.e. Scripts) will be provided to Finance and Procurement Services for inclusion in their ongoing monitoring regime. This will support further examination for possible targeted education and awareness for users on the proper use of acquisition cards.

4.1.2 Purchases between Federal Departments

The Directive on Payments and the NRC's Acquisition card policy states that acquisition cards cannot be used for "purchases between federal government departments". However, we observed 8 transactions that were purchases directly from other departments of the Government of Canada, for items such as patent applications. We also observed 4 transactions related to purchases directly from the NRC for items such as mementos from the NRC Boutique. In most of these cases, interdepartmental settlements or journal vouchers would have been the appropriate way to procure these goods. Since the time of this audit, it should be noted that the NRC's Finance and Procurement Services Branch has revised its policy for efficiency purposes and introduced mitigating controls to allow the use of NRC acquisition cards for purchases of items from the NRC Boutique.

4.1.3 Other specified restrictions

We observed 5 purchases of items that are restricted by the NRC's Acquisition card policy, including decorations, mementos, and common cafeteria supplies.

Recommendation

Non-compliance with policies and procedures increases the risk of unauthorized or illegitimate purchases, compromised cards, and inefficiencies within the acquisition card process.

To mitigate these risks, we recommend the following:

1. The Vice President, Corporate Services and Chief Financial Officer should:

  1. reinforce standard procedures and best practices on the use of acquisition cards, and communicate these to managers and cardholders to ensure awareness;
    [Priority: Moderate] and
  2. enhance the use of data analytics to ensure compliance with Treasury Board Secretariat and NRC Standards with regards to potential purchase splitting and to detect the use acquisition cards while on leave.
    [Priority: Moderate]

4.2 Performance certification requirement

Summary Finding

Of the transactions examined, we observed 10 instances of improper certification of purchases: 1 instance of a conference fee that was authorized by the individual who attended the conference, 2 cases of duplicate payments, and 7 cases of missing supporting documentation out of 138 examined. 93 percent of the 138 transactions examined were properly reconciled and had evidence of FAA Section 34 performed by the budget holder with the proper delegation of authority under the FAA.

We expected to find that the selected transactions were compliant with key requirements of the FAA and NRC Account verification policy. Specifically, we examined whether:

  • transactions were properly pre-authorized (s.32 FAA);
  • transactions were certified to have been completed (i.e. goods and services had been received) and approved by the delegated financial authority (s.34 FAA); and
  • transactions were supported by complete documentation as required by the Treasury Board Secretariat's Directive on Account Verification.

Observation

4.2.1 Certification authority (FAA Section 34)

Under the Financial Administration Act (FAA) and the TBS Directive on Delegation of Spending and Financial Authorities, individuals who have been delegated authority for purchase certification are responsible for verifying and documenting that the work has been performed, the goods have been supplied, or the services have been rendered.

From the transactions examined, we observed 1 instance of a transaction for a conference fee payment that was authorized by the individual who attended the conference. The Treasury Board Secretariat's Directive on Delegation of Spending and Financial Authorities requires that no individual exercise his or her delegated spending and financial authorities on a transaction through which he or she may personally benefit. In these situations, a superior must authorize the transaction to ensure appropriate segregation of duties.

We also observed 2 cases where the same invoice was paid twice through different methods: once through an acquisition card payment and a second time through a direct invoice payment for which the NRC's Finance and Procurement Service Branch paid. In 1 case, an individual signed under FAA Section 34 twice, once for each method of payment. In the other case, 2 separate individuals signed under FAA Section 34. Another potential duplicate payment examined could not be validated due to a missing receipt.

4.2.2 Supporting documentation

Section 4.6 of the Treasury Board Secretariat's Guide to Delegating and Applying Spending and Financial Authorities states that appropriate financial documentation, including receipts and invoices, should be retained in paper or electronic format. Of the 138 transactions examined, receipts could not be located for 7 transactions. 5 of these transactions were from cardholders who were no longer employed by the NRC at the time of the audit. Upon further examination of the NRC's procedures related to acquisition card transactions and the retention of supporting documentation, we observed a need to clarify responsibilities for cases involving departing employees.

Recommendation

The lack of a document retention process for acquisition cardholders who leave the department prevents the validation of purchases, which could potentially be incorrect or illegitimate.

To mitigate these risks, we recommend the following:

  1. 2. The Vice President, Corporate Services and Chief Financial Officer should update card cancellation procedures to ensure supporting documents are retained for inactive cards in accordance with the NRC's Account Verification Policy as well as the NRC's Acquisition card policy, and communicate updates to responsible individuals.
    [Priority: High]

4.3 Compliance with contracting policy

Summary Finding

We observed 21 transactions meeting the criteria for transaction splitting. We also observed that standing offers were not used as required under Public Services and Procurement Canada's (PSPC) Mandatory Standing Offers and Supply Arrangements for 5 transactions examined.

We expected to find that appropriate procurement processes, such as using mandatory standing offers, were followed and that there was no evidence of transaction splitting or recurring procurement activities over prescribed limits.

Observations

4.3.1 Transaction splitting

The NRC's Acquisition cards policy sets a limit of $10,000 per transaction for CBI acquisition cards. In addition to the fact that acquisition cards are only to be used for low value day-to-day purchases, the transaction limit supports the TB Contracting Policy requirement that all contracts greater than $10,000 must be established and proactively disclosed on the Treasury Board Secretariat's website. Furthermore, the NRC's Sole Source (Contracting) Requirements state that all contracts above this amount must be justified by a short paragraph describing why the vendor has been chosen. These controls ensure public transparency and fairness, and facilitate the realization of economic benefits that competitive processes create.

We noted 8 separate cases involving 21 transactions where potential contracts or purchases over $10,000 were split between cards to avoid this transaction limit. 5 of these cases were from individual cardholders who split purchases on their own card, while the other 3 cases were purchases split between multiple cards within the same CBI.

Figure 5: Examples of potential contract or purchasing split techniques observed

a) Split on one card

Split on one card

b) Split on multiple cards in the same CBI

Split on multiple cards in the same CBI

4.3.2 Mandatory standing offers

Public Services and Procurement Canada (PSPC) requires that Standing Offers and Supply Arrangements be used for goods and services listed in Section 3.5.1 of their Standard Acquisition Clauses and Conditions (SACC) Manual. Standing Offers are offers from potential suppliers to provide goods and/or services under set terms and conditions. These are established as a convenient method of supply that saves time and money. We observed 5 transactions that would have required the use of a Standing Offer that did not. We observed in 2 of these cases, the NRC did not have a valid Standing Offer set up as required, and therefore the acquisition cards were used.

Recommendation

Non-compliance with contracting policies can prevent the NRC from realizing economic benefits that competitive processes create, and can result in unfair treatment to companies if they don't have an equal chance to secure Government contracts.

Recommendation 1 will mitigate these risks.

4.4 Financial coding and Oversight and monitoring

Summary Finding

While the majority of transactions examined were found to have appropriate and reliable financial coding, we observed 5 transactions recorded under an incorrect General Ledger (GL) account. Although monitoring and quality assurance processes are in place at the NRC, we found that additional mechanisms could be introduced to improve their effectiveness.

We expected to find that cardholders used appropriate financial coding during the reconciliation process for their transactions, that monitoring of acquisition card usage is performed, and that identified issues are resolved appropriately.

Observations

4.4.1 Reliable financial coding

Reliable financial coding for acquisition card transactions is essential for generating accurate financial statements. We observed that while the majority of transactions examined were coded correctly, there were 5 General Ledger (GL) accounts recorded for purchases not matching their description. 2 of these were for sensitive or high-risk items that, if coded correctly, should have undergone additional review by Accounts Payable. These included a conference fee recorded as lab equipment and cafeteria supplies recorded as mechanical services.

4.4.2 Oversight and monitoring

The NRC's Accounts Payable (AP) reviews all sensitive transactions and performs analytical review to identify transaction splitting and acquisition card purchases not permitted by policy and procedure. AP loads transaction data into the NRC's financial system known as SAP. Reconciliation is then performed on the Bank of Montreal (BMO) Clearing Account for acquisition cards. In addition, the NRC's Financial Monitoring Division (FMD) employs data mining techniques and performs statistical sampling of acquisition card transactions selected for examination on a post-payment basis, in accordance with the NRC's (Transaction) Sampling Plan.

While oversight and monitoring mechanisms are in place, the following areas for improvement were noted. Cardholder information within the BMO database is not always entered consistently, which effectively weakens business controls to track cardholder activity. Monitoring processes for tracking cardholder non-compliance and reporting of acquisition card issues to the Financial Oversight Committee are in place. However, there exists no process for tracking of cardholders who do not perform the reconciliation within the required timeframe of 20 days and/or who do not respond to AP in a timely manner. Current data mining techniques performed by FMD are not designed to highlight contract splitting between CBIs or contract splitting over multiple days. Current techniques employed also do not detect potential double payments between transactions paid for by acquisition cards and transactions paid through the NRC's direct payment process.

Recommendations

Incorrect financial coding, inconsistent treatment of cardholder non-compliance, and lack of consistency in recording cardholder information, can result in financial misstatements and weaken business controls designed to allow for proper oversight and monitoring.

To mitigate these risks, we recommend the following:

  1. 3. The Vice President, Corporate Services and Chief Financial Officer should ensure the consistent application of the tracking and reporting of compliance infractions with clear standards and rules for taking appropriate progressive corrective actions in a timely manner.
    [Priority: Moderate]
  2. 4. The Vice President, Corporate Services and Chief Financial Officer should ensure that cardholder information within the acquisition card database is consistently recorded and accurate.
    [Priority: Low]

Appendix A: Audit Criteria

Acquisition Cards
1 Transactions are pre-approved by budget holders as per their delegated financial signing authority in accordance with Section 32 of the Financial Administration Act (FAA) and NRC policies for acquisition card use.
2 Expenditures have had their performance certification completed by an individual other than the cardholder who has appropriate delegated financial signing authority.
3 Appropriate documentation is kept in order and available upon request.
4 Acquisition card transactions are appropriately coded in the financial system and there are no duplicates or double payment of invoices.
5 The expenditure is allowed under the TB Directive on Acquisition Cards and the NRC's Acquisition cards policy.
6 Acquisition cards are used in compliance with TB Contract Policy and internal limit and/or authorization controls.
7 Proper segregation of duties is maintained between the card holder and the appropriate delegated signing authority for FAA Section 34.

Appendix B: Management Action Plan

Definition of Priority of Recommendations
High Implementation is recommended within 6 months to reduce the risk of potential high likelihood and/or high-impact events that may adversely affect the integrity of the NRC's governance, risk management and control processes.
Moderate Implementation is recommended within 1 year to reduce the risk of potential events that may adversely affect the integrity of the NRC's governance, risk management and control processes.
Low Implementation is recommended within 1 year to adopt best practices and/or strengthen the integrity of the NRC's governance, risk management and control processes.
Recommendation Corrective Management Action Plan Expected implementation
date and esponsible
NRC contact
  1. The Vice President, Corporate Services and Chief Financial Officer should:
    1. reinforce standard procedures and best practices on the use of acquisition cards, communicate these to managers and cardholders to ensure awareness;
      [Priority: Moderate] and
    2. enhance the use of data analytics to ensure compliance with Treasury Board Secretariat and NRC Standards with regards to potential purchase splitting and to detect the use acquisition cards while on leave.
      [Priority: Moderate]
  1. Corporate Services (CS) will implement a training recertification process of Acquisition cardholders.
  2. CS will incorporate the Internal Audit sample scripts into existing analytic procedures to enhance sample selection and detection.
  3. These changes will be incorporated in the implementation of the revised Account Verification Framework
  1. June 30, 2019
  2. March 31, 2019
  3. June 30, 2019

Director, Accounting Operations

  1. The Vice President, Corporate Services and Chief Financial Officer should update card cancellation procedures to ensure supporting documents are retained for inactive cards in accordance with the NRC's Account verification policy and the NRC's Acquisition card policy, and communicate updates to responsible individuals.
    [Priority: High]
  1. CS will work to add the cancellation procedures to the Termination Clearance Certificate (TCC) process to ensure that those who remain at the time of departure retain supporting documents.
  2. Records management will be added to the AC training noted in recommendation 1.
  1. March 31, 2019
  2. June 30, 2019

Director, Accounting Operations

  1. The Vice President, Corporate Services and Chief Financial Officer should ensure the consistent application of the tracking and reporting of compliance infractions with clear standards and rules for taking appropriate progressive corrective actions in a timely manner.
    [Priority: Moderate]

The Financial Oversight Committee will further document and incorporate standard scenarios and actions to the Terms of Reference to be used by committee members as a reference tool when assessing cases for increased decision/action consistency.

January 31, 2019

Director, Financial Accountability &s; Solutions

  1. The Vice President, Corporate Services and Chief Financial Officer should ensure that data within the BMO database is accurate, in particular, cardholder names should be entered as the same name used for HR purposes at the NRC.
    [Priority: Low]

Corporate Services will ensure that it incorporates the cross-referencing of names in the HR database for consistency.

January 31, 2019

Director, Accounting Operations