Audit of Sensitive Expenditures: Reporting Object * Expenditures

Final Report

November 2019

Table of contents

Acronyms and Abbreviations

CFAO
Chief Financial and Administrative Officer
CM&C
Corporate Management & Comptrollership
CROPS
Criminal Operations
DSEFSAM
Delegation of Sensitive Expenditures Financial Signing Authorities Matrix
FAA
Financial Administration Act
FP
Federal Policing
IAER
Internal Audit, Evaluation and Review
NHQ
National Headquarters
RCMP
Royal Canadian Mounted Police
SE
Sensitive Expenditures
SPS
Specialized Policing Services
TB
Treasury Board
TEAM
Total Expenditure and Asset Management System
*
*

Executive Summary

Sensitive expenditures (SE) are expenditures made in support of operations, incurred for law enforcement or security purposes, which could be jeopardized if payment were made using standard overt RCMP procedures. Sensitive expenditures occur in all aspects of policing, in all RCMP divisions, as well as in National Headquarters (NHQ).*

RCMP Internal Audit has previously conducted audits of * SE, covering 2007-2009, 2009-10, 2010-11 and 2011-12. A follow-up audit was also conducted in 2016-17.

This audit was exclusively focussed on * SE as they were not directly assessed in previous audits. The objective of this audit was to assess the adequacy of the governance and internal controls in place over * expenditures. The audit scope included * SE transactions that occurred during the period of April 1, 2015 and March 31, 2018.

The audit found that governance and internal controls over * expenditures are adequate; however, there are opportunities for improvement. While there were clear elements of a governance framework in place, roles and responsibilities related to * expenditures were not well known by all users of * SE. Opportunities for improvement identified include updating SE policy to provide additional guidance and formalizing national processes, procedures and training associated with * expenditures.

Monitoring over * expenditures is generally limited to ensuring justifications for expenditures are appropriate and the expenditures have been properly approved, resulting in gaps in the area of monitoring for compliance with SE policy. Testing indicated that while few issues were found with transactions that had been processed through the * process, evidence was found that in some cases the * process was being circumvented.

The majority of * expenditures were recorded in inventory systems, in accordance with SE policy; however, testing identified issues with data integrity, in part due to multiple inventory systems existing that were not networked and thereby operated in silos. This limited the capacity to provide monitoring and oversight over the inventory contained in these systems, particularly at a divisional or national level. *.

The management response and action plan developed in response to this report demonstrate the commitment from senior management to address the audit findings and recommendations. RCMP Internal Audit will monitor its implementation and undertake a follow-up audit if warranted.

Management's Response to the Audit

Federal Policing & Specialized Policing Services:

The Deputy Commissioner of Federal Policing and the Deputy Commissioner of Specialized Policing Services (SPS) agree with the findings and recommendations outlined in the Audit of Sensitive Expenditures (SE): Reporting Object (RO) * Expenditures report. In particular, both acknowledge the requirement to collaborate in order to determine how best to; update existing Sensitive Expenditure policy, enhance monitoring and tracking capabilities to assess policy compliance, as well as develop formalized training for employees on the * expenditure process.

A key component to delivering on the Royal Canadian Mounted Police's public safety mandate requires that some of its operations and activities be delivered in a covert manner. As an organization, we take the special exemptions from certain external reporting provisions and authorities provided by Treasury Board very seriously and commit to examining the feasibility of implementing a national inventory system which includes the enhancement of a new interactive form 1454 Request and Authority for Payment.

To that end, we have agreed to establish a working group with representation from the various policy centres involved with sensitive expenditures. A fundamental deliverable from this working group will be the development of the Management Response Action Plan ensuring timely progress is made relative to the successful and sustainable implementation of the recommendations outlined in this report. It is anticipated that this detailed plan will be finalized by October 2019 and will be submitted to the Departmental Audit Committee for review and approval.

Deputy Commissioner Gilles Michaud, Federal Policing
Acting Deputy Commissioner Philipe Thibodeau, Specialized Policing Services

Corporate Management and Comptrollership:

Corporate Management agrees with the findings and recommendations in the audit report and will provide support to the Deputy Commissioner Federal Policing by ensuring that the spirit and intent of the Acknowledgement of Responsibilities and Obligations: Sensitive Expenditures Payment Endorsement Authority are adhered to.

Chief Financial Administrative Officer, Dennis Watters

1. Background

The Royal Canadian Mounted Police (RCMP) works to ensure the safety and security of Canadians and their institutions, domestically and globally, through intelligence-based prevention, detection, investigation, and law enforcement measures taken against terrorists, organized criminals, and other criminal activity. To this end, the RCMP carries out some of its operations and activities in a covert manner, designed either to infiltrate criminal or terrorist organizations or to disguise the intelligence gathering activities of the police. Treasury Board (TB) has recognized the inherent challenges presented by these types of operations and has provided the RCMP with special authorities and dispensations. Paramount among these are exemptions from certain external reporting provisions such as the requirement to report covert assets and inventories in integrated information systems and public disclosures related to specific types of contracts.

Expenditures for these types of activities are known as "sensitive expenditures", defined as an expenditure made in support of operations, incurred for law enforcement or security purposes, which could be jeopardized if payment were made using standard overt RCMP procedures. Sensitive expenditures occur in all aspects of policing, in all RCMP divisions, as well as in National Headquarters (NHQ).

SE are generically recorded in the RCMP's departmental financial system (Total Expenditure and Asset Management system, commonly referred to as TEAM) without identifying details. *

RCMP Internal Audit has previously conducted audits of * SE, covering 2007-2009, 2009-10, 2010-11 and 2011-12. A follow-up audit was also conducted in 2016-17.

This audit was exclusively focussed on * SE as they were not directly assessed in previous audits. The objective of this audit was to assess the adequacy of the governance and internal controls in place over * expenditures. The audit scope included * SE transactions that occurred during the period of April 1, 2015 and March 31, 2018.

The RCMP incurred the following expenditures of SE * during the time period of the audit, including *.

In May 2018, the Commissioner approved the 2018-2023 Risk-Based Audit, Evaluation and Data Analytics Plan, which included an audit of Sensitive Expenditures with a focus on * expenditures.

2. Objective, Scope, Methodology and Statement of Conformance

2.1 Objective

The audit objective was to assess the adequacy of the governance and internal controls in place over * expenditures. Appendix A presents the audit objective and audit criteria.

2.2 Scope

The audit scope examined * expenditures that were made between April 1, 2015 and March 31, 2018. This audit focused exclusively on * SE.

2.3 Methodology

Planning for the audit was completed in January 2019. In this phase, the audit team conducted interviews, process walkthroughs and examined relevant policies, directives, procedures and results of previous audit work performed.

The examination phase, which concluded in April 2019, employed various auditing techniques including interviews, documentation reviews, file testing and data analysis. Site visits took place at three divisions as well as at NHQ to review files and assess practices.

A file review was conducted on * expenditures made during the audit's scope, to assess compliance with SE policy and the * expenditure process. In order to capture * expenditures made across the Force, the audit team selected a total of 96 "* expenditures" for sample testing, including expenditures made in SPS and E, C and F Divisions. In addition, to assess the risk of the * expenditure process being circumvented the audit team, in coordination with the IAER's data analytics team, selected a total of 90 "* expenditures" as well as a risk based sample of 10 credit card transactions made with vendors commonly associated with * expenditures. These additional expenditures were tested to determine if they should have instead been processed as * expenditures.

Upon completion of the examination phase, the audit team held meetings to validate findings with personnel and debriefed senior management of the relevant findings.

2.4 Statement of Conformance

The audit engagement conforms to the Institute of Internal Auditors' International Professional Practices Framework and the Treasury Board of Canada Directive on Internal Audit, as supported by the results of the quality assurance and improvement program.

Audit Findings

3.1 Governance

While overall, governance mechanisms are appropriate to ensure compliant use of * SE, benefits could be achieved through fully documenting roles and responsibilities, updating and clarifying SE policy and by increased monitoring activities.

Roles and responsibilities

Sound governance structures are required to ensure that SE transactions are compliant with the RCMP's special delegated authorities. Governance should be supported by clear roles, responsibilities, accountabilities and policy guidance. Regular monitoring activities, including monitoring compliance with the SE policy, should also promote the appropriate use of SE.

Federal Policing (FP), Specialized Policing Services (SPS), Corporate Management & Comptrollership (CM&C) and the divisions share responsibility for the governance of SE.

Federal Policing

The Deputy Commissioner FP is responsible for ensuring appropriate oversight, accountability, training *, leading to successful investigations and the safety of police officers. Within FP, the SE Policy Centre develops SE policy and provides training and support for the * expenditure process. In addition, * expenditures reviews these expenditures in advance of providing them to Accounting Operations for recording in the departmental financial system.

Specialized Policing Services

The Deputy Commissioner SPS is responsible for providing specialized investigative and operational services to frontline police officers as well as advice to RCMP senior management and other government agencies in areas of corporate and government security. Within SPS, * reviews and processes * expenditure requests from NHQ and the divisions, with the * being generally responsible for approving the expenditures for those within the RCMP's special authorities.

Corporate Management & Comptrollership

The Chief Financial and Administrative Officer (CFAO) is responsible for the sound management and stewardship of all RCMP financial and materiel resources. The Corporate Accounting, Policy and Control branch, reporting under the CFAO, develops policies and processes, and provides oversight to ensure responsible spending and safeguarding of RCMP finances and assets, including those acquired using SE funding.

National, regional or divisional CM&C do not currently engage in SE activities at the outset of the transaction. Interviews with senior officials within CM&C and FP indicated that front-end guidance is not offered by CM&C for SE-related transactions. Governance in this respect rests with * expenditures review function in exercising Endorsement of Payment Request authority*.

The Divisions

Unit supervisors in the divisions are responsible for the management and oversight of * expenditures. This includes ensuring the appropriateness of their respective * expenditure requests, particularly the justification to substantiate the expenditure as * and/ or contracts. They are also responsible for ensuring that sensitive assets are managed in accordance with policy over their lifecycle.

SE Coordinators

Divisional SE Coordinator do not review * expenditures as these expenditures are processed *. As a result the divisional SE Coordinator role is limited to identifying * expenditures processed in error through the division, and redirecting those expenditures *. * reviews all * expenditures that had been processed * and exercises the Endorsement of Payment Request authority.

Roles, responsibilities and accountabilities were generally known

While TB and national SE policy set out the expectations for the various roles, responsibilities and accountabilities among the various parties involved in SE, opportunities exist to formally document the * expenditure process to enhance understanding among the various key stakeholders. For example, *, * divisional units who made frequent * expenditures demonstrated a strong awareness of the process, divisional units who made infrequent * expenditures demonstrated limited understanding of the process. In addition, while divisional SE Coordinators roles were limited to directing * expenditure requests they receive *, the divisional SE coordinators stated they were unsure how effectively they were fulfilling this responsibility due to a lack of clarity in SE policy surrounding * expenditures. Formally documenting the * expenditure process would clarify roles, responsibilities and accountabilities for all key stakeholders involved in the process.

Policy Guidance

The national SE policy was published in January 2011 and provides a framework for the use of SE in terms of financial, asset, materiel and real property management as well as procurement. The audit found that while the RCMP policy instruments provided valuable information to employees involved in the SE expenditure process, information specific to * expenditures was unclear and had not been updated to reflect current business practices.

For example, while the policy states that it applies to both * expenditures, it does not clearly define * expenditures nor clearly identify how to make a distinction between a * expenditure. In addition, while the current business processes for * expenditures uses an updated version of Form 1454 Request and Authority for Payment, the policy links to the old version of the form. The updated form 1454 plays an important role in the current * process as it includes automated controls requiring inclusion of key elements of the * expenditure process, including the justification for the expenditure, restricting delegated authorities for approving the expenditure * based on the Delegation of Sensitive Expenditures Financial Signing Authorities Matrix (DSEFSAM) and type and method of procurement, and requiring review of the expenditure in advance of submission for approval. Since March 2016 * has only accepted the updated version of the form for processing * expenditures. The version of form 1454 currently linked to in the SE Policy is an older version, which includes only limited information and lacks the automated controls over approval of transactions, such as limiting approval authority of * expenditures *.

Monitoring and Oversight

Monitoring and oversight is a critical element of * expenditures as it allows management to determine whether business processes are compliant with policy, assess performance, and assess whether funds are being used effectively. The audit expected to find that monitoring and oversight was in place over * expenditures, including monitoring compliance with SE Policy and monitoring of * assets.

The audit found that no Unit Level Quality Assurance, Management Review, or similar tools or performance metrics were in place at the NHQ or divisional level to facilitate monitoring and compliance with policy. While monitoring over * expenditures to ensure compliance with policy was identified, it was generally limited to ensuring the * expenditures are justified and form 1454 was completed correctly. Supervisors * exercising section 32, Financial Administration Act (FAA) authorities were found to have performed a challenge function as it relates to SE approvals.

Monitoring at the divisional level included supervisory review of form 1454 in advance of sending the form for approval and processing *. While monitoring over the use of * assets in operations was identified in divisional units, units that were located in more than one geographic location generally had more than one * inventory system, and inventory systems were not linked and were accessible on-site only. This limits the ability of these units to perform effective monitoring over all * assets in their possession, as there is no single list of all * assets in their care. In addition, lack of visibility into * assets in place in other similar units in other divisions increases the risk that * expenditures will be made where there was a possibility to borrow an unused * asset from another unit, resulting in unnecessary expenditures.

In addition, limited monitoring was identified at NHQ or the divisional level over whether expenditures were circumventing the * expenditure process. Monitoring for policy compliance was only identified with the * policy centre in *. This policy centre had identified situations where divisional units had acquired assets through other procurement methods that should have underwent the * process and took corrective actions with the units involved. Due to the lack of linked inventory systems * policy centres have no direct visibility into divisional unit's * inventory systems, limiting their ability to detect * assets that did not go through the * expenditure process.

3.2 Risk Management

While risks related to the appropriateness of * expenditures and their procurement are managed, there are opportunities to mitigate risks related to circumventing the * expenditure process.

The audit expected to find risk management in place for risks associated with * expenditures, including risks that: (1) * expenditures are appropriate; (2) * expenditures within the RCMP's authority for SE are procured appropriately; and (3) the * expenditure process is not circumvented.

Justification of Expenditures

The SE policy requires that all * expenditure be justified. To ensure that * expenditures are justified, form 1454 requires the inclusion of a justification demonstrating the need for the expenditure to be processed as a * expenditure. This facilitates supervisory review and allows supervisors to effectively challenge requested expenditures in advance of approval. This approval is required in advance of * processing the transaction. Testing indicated that all sampled * transactions included an appropriate rationale and justification that clearly articulated the need for the expenditure to be processed as a * expenditure.

Procurement of * Expenditures

The SE Policy provides a framework for procuring * expenditures, including links to delegated authorities for * expenditures, as well as the Asset Management Manual for more detailed information on procurement. As a result policy requires contracts procured by the RCMP to be competitive except where otherwise provided by federal policy (ie. sole-source contracting). To ensure appropriate procurement practices are followed, procurement of * expenditures is centralized * with additional review taking place in advance of vendor payment that all required procurement documents are on file. Testing indicated that all 96 expenditures in the sample included support for the method of procurement chosen.

Risks relating to circumvention of the * SE process

The * expenditure process exists to control risks associated with * expenditures; however, there remains a risk that transactions that should be classified as * expenditures will be processed through other procurement methods. This is a risk as the * process was designed to ensure only the appropriate delegated authorities approve expenditures and ensure sensitive information is limited to those who have a need to know to protect the RCMP operational capabilities.

Other than Corporate Procurement, divisional units have two other potential methods for purchasing * that should be processed as a * expenditure. These methods include processing the transaction at the divisional level as a * transaction instead, and purchasing items directly from vendors using the unit's acquisition card. Neither of these methods align with policy requirements for procuring *.

While the * process is designed to protect sensitive information in the same manner as the * process, the * process is based on different authorities and parties outside * would not have authority to enter into contracts for * expenditures. As * transactions are processed at the divisional level, processing what should be a * transactions as a * transactions would mean * would have no awareness of the expenditure or any related assets. Testing of 90 transactions processed as * expenditures identified that 89 of 90 transactions were relevant * expenditures, with a single exception identified which should have been processed as a * expenditure.

SE Coordinators in the divisions are expected to review * expenditures and identify those that should instead have been processed as * expenditures, redirecting them to * to obtain the appropriate approvals. While results of testing divisional * transactions identified limited issues, SE coordinators in E, F and C did not demonstrate a strong understanding of what * expenditures were, and stated they did not believe the policy for SE provided sufficient guidance to assist them in identifying * expenditures. As a result, risk remains that expenditures that should be processed as * expenditures through * will instead be processed in error as * divisional transactions.

Purchases using unit acquisition cards are likewise inappropriate as cardholders would not have the authorities to contract for * expenditures and sensitive information would not be protected. In coordination with the IAER's data analytics team, a sample was selected of transactions made on unit acquisitions cards with vendors identified as commonly associated with * expenditures in the sample of * expenditures. *. Discussion with the units involved in these transactions identified the cause to be a lack of awareness of the process and what specifically would be considered a * expenditure.

3.3 Internal controls

While observed rates of compliance with the FAA and SE policy were high, opportunities exist to improve internal controls associated with inventory systems and disposals of * assets.

Delegated Authority

High compliance rates to the Financial Administration Act (FAA) were observed for the sampled transactions. All * expenditures sampled transactions were pre-approved by a signatory with appropriate commitment authority (section 32 FAA), and all sampled transactions were also certified with appropriate certification authority (section 34, FAA).

The * expenditure process balances FAA requirements against the requirement to protect the sensitive information associated with the expenditure. *. Testing indicated that 93 of the 96 (97%) sampled transactions had an appropriate Endorsement for Payment Authority completed by *. As an additional control, expenditures in excess of $20,000 require an additional document referred to as * Checklist, used to demonstrate that * has reviewed the file in advance of completing the endorsement authority. Three files with payments in excess of $20,000 were identified where * checklist was not present; however, the endorsement authority had been completed correctly for those files and required documentation had been included in the files.

Protecting Sensitive Information

Protecting sensitive information related to * expenditures is critical to ensuring RCMP capabilities remain covert. As a result sensitive information associated with * expenditures must be protected throughout the * expenditure process. The audit found that when form 1454 is completed by divisional units it is transmitted * for approval and processing through * which aligns with security requirements for the forms *. Units * making * expenditures stated they either *.

*. The audit found that these documents were stored in accordance with their security classification.

The requirement to protect sensitive information associated with * expenditures must also be balanced against the RCMPs' *. While three exceptions were noted above, based on the audit team's site visits in the sampled divisions and NHQ the errors noted were not indicative of a pervasive issue with respect to the * expenditure process. Accordingly, the specific issues were raised with the relevant units and *.

Tracking and Managing * Assets

The management of assets resulting from * expenditures over their life cycle is important to ensure sound stewardship of resources. This includes when * assets are received by a unit, their lifetime in use and their eventual disposal. Testing of the sampled transactions identified 55 instances where * expenditures resulted in assets.

National SE policy requires that * assets must be recorded in an inventory system; however, it does not specify a specific system must be used. An accurate inventory system is an important control as it allows lost or misappropriated assets to be detected, and allows for informed decisions on the units capacities and whether additional * expenditures are required.

The audit found that a variety of inventory systems were in place to track * assets. At NHQ attempts had been made at creating a national * inventory system, containing all * assets in use across the Force. In addition, inventory systems were kept at the unit level for * assets in their possession. Units making frequent * expenditures used the *, and units making infrequent * expenditures used *. This was compliant with SE Policy as the policy requires that * assets must be inventoried; however, does not require the use of * as the inventory system. Due to information security considerations *.

In 2016, NHQ transitioned from * as its inventory system for recording details of * expenditures. Of the * sampled instances where * assets were procured, * of these transactions were found on the national * inventory system, with the remainder missing from that inventory system *.

At the unit level, 23 units were interviewed in the course of the audit with 9 of those units using the * inventory system. * was an inventory system used by units making high volumes of * expenditures. This system was provided to these units * after an assessment of units needs in 2013. The system was intended *.

While all sampled * assets were found on the units' * systems, significant challenges were noted by the audit team with the effectiveness of the search function in *. This limited units' ability to identify specific inventory items on a timely basis and limits their capacity to perform a monitoring role over items contained in the inventory system. This challenge was compounded by a lack of consistency with how items are entered into *. No formal processes or guidance related to the recording and management of * assets in inventory systems were identified.

In addition, a lack of communication between administrators of the divisional * systems and the administrator of the national inventory system was identified, resulting in the national inventory system not being updated beyond the original procurement of the * assets. As a result *. Interviews with the divisional * users identified that they generally learn from predecessors or 'on-the-job' and had not received formal training. While formal training had been provided when the * system had first been rolled out in *, there had been no subsequent training.

Of the 23 units interviewed, 12 units with * assets were not using * and instead used *. These units did not use the *. While the inventory systems used differed, the same lack of consistency in how assets are recorded was identified as well as the same lack of awareness of the need to communicate with the administrator of the national inventory system.

A lack of training and formal guidance on inventory practices increases the risk of inconsistent practices for recording and managing inventory on the system. In addition, a lack of awareness of communication requirements with administrator of the national inventory system *.

Of the 23 units interviewed, 2 units with * assets were not using an inventory system. In addition to not being compliant with SE Policy, lack of an inventory system limits the units' ability to monitor and maintain control over their assets. *.

While challenges with inventory systems in place were noted, all * assets in the sampled transactions were traced to source documents such as 1454s, purchase orders and invoices. The majority of * assets in the sampled transactions were physically observed by the audit team. In some cases the assets could not be directly observed by the audit team *. In all of these cases, the audit team received an attestation from the member of the unit responsible for the asset that the item existed and was in use in accordance with the SE policy.

Controls Over * Assets and Information Systems

Effectively safeguarding * assets after purchase requires controls over both the physical assets themselves as well as the associated information systems that contain details of the assets.

Controls to physically safeguard assets were identified for all * assets that were physically observed in the sample. *. As a result no challenges or concerns were identified by the audit team with respect to controls over safeguarding * assets within RCMP facilities.

The inventory systems containing * assets were kept *, resulting in access to these systems being restricted *. In addition, the ability to modify the inventory system *, reducing the risk of unauthorized modifications being made (i.e. inventory being inappropriately deleted from the system).

While the inventory systems had controls in place to prevent unauthorized access, opportunities for improvement were identified. *.

An additional opportunity for improvement includes formalizing and documenting a process to update the status of items in the inventory system, (ie. changes of location, identifying items that are destroyed or disposed of, etc.) to the administrator of the national inventory system. This would improve the overall data integrity and consistency between units and improve the ability to effectively monitor inventory at the unit and national level.

Disposal of * Assets

By their nature, * assets are sensitive and are often assets that are restricted to law enforcement use only. *. Authority to approve disposing of * assets, *, is restricted * and senior management and has not been granted at the divisional level.

The operational units interviewed during the audit identified a variety of methods of disposing of * assets, *, which aligned with the asset's sensitive nature and SE Policy requirements.

None of the * expenditures sampled had been disposed of; however, interviews with units did not demonstrate a strong awareness of the need to obtain approval * in advance of disposal, nor the need to communicate disposals to the national inventory system administrator. This increases the risk that * assets will be disposed of without necessary approvals, * will be unaware of the * and that the national inventory system will include items that no longer exist.

3.4 Training and awareness

Opportunities remain to develop and implement * SE-related training and guidance as well as information sharing processes to support SE Coordinators and * SE users in exercising their duties.

Training for Key Stakeholders

No formal training was identified for units making * expenditures. Units in the divisions making * expenditures identified a reliance on their predecessors or assistance *. * policy centres making * expenditures noted 'on-the-job' training on * expenditures had been provided to some policy centres by *. Interviews with units identified that when changes to the * process occurred, such as updates to form 1454, these changes were only communicated to the units when they submit a 1454 * for approval and procurement.

Overall, units who made more frequent * expenditures demonstrated a strong knowledge of the * expenditure process, while those who made less frequent expenditures demonstrated limited knowledge of the process. Where units had a strong knowledge of the process, this knowledge was often limited to specific individuals within the units. This increases risks associated with business continuity and maintaining corporate knowledge, as should those individuals leave their role the unit may be left with limited knowledge of the * expenditure process.

As a result, due to limited awareness of the * expenditure process, combined with a lack of available formal training and documented procedures, there is an increased risk that units will not follow the * process correctly, or will process transactions through other procurement methods.

In accordance with SE Policy, the SE Policy Centre has provided training to divisional SE coordinators. However, while training on sensitive expenditures was provided to divisional SE Coordinators, the training was focussed on * expenditures and did not include information on * expenditures. This decision was made by the SE Policy centre due to divisional SE Coordinators not being authorized to process * expenditure requests and instead being required to redirect these expenditures * for the correct approvals. For the divisional SE Coordinators to be effective in this role, *.

Interviews with divisional SE Coordinators identified a lack of awareness of how to identify a * expenditure effectively. The SE Coordinators stated that they did not believe they had effective tools or guidance to assist them in determining whether a given transaction would be * expenditures and instead relied on the unit to process it correctly. This lack awareness, combined with limited awareness of the * process at the unit level, increases the risk that expenditures that should be * expenditures will instead be incorrectly processed as * expenditures.

Conclusion

The audit found that governance and internal controls over * expenditures are adequate; however, there are opportunities for improvement. While there were clear elements of a governance framework in place, roles and responsibilities related to * expenditures were not well known by all users of * SE. Units who made frequent * expenditures and those involved in processing * expenditures knew the process well; however, units who made infrequent * expenditures had limited knowledge of the process. National processes and procedures associated with * expenditures had not been formalized and documented. In addition to formalizing and documenting the process, additional guidance on * expenditures could include updates to the SE policy to clarify what would be classified as a * expenditure and updating the links in the policy to the form being used in current business practices. As training for * expenditures was limited to 'on-the-job' training, the development of formal training for parties involved in * expenditures would better communicate expectations and assist them in fulfilling their roles.

Monitoring over * expenditures is generally limited to ensuring justifications for expenditures are appropriate and the expenditures have been properly approved, resulting in gaps in the area of monitoring for compliance with SE policy. Testing indicated that while few issues were found with transactions that had been processed through the * process, evidence was found that in some cases the * process was being circumvented.

The majority of * expenditures were recorded in inventory systems, in accordance with SE policy; however, testing identified issues with data integrity in the inventory systems, in part due to multiple inventory systems existing that were not networked and thereby operated in silos. This limited the capacity to provide monitoring and oversight over the inventory contained in these systems, particularly at a divisional or national level. No national processes for managing * inventory over their life cycle had been formalized or documented. Opportunities for improvement related to inventory systems *.

Recommendations

  1. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should update the existing SE Policy (and related policies referred to in the SE Policy) to: ensure * expenditures are clearly defined; guidance is provided on the distinction between a * expenditure; * related processes and procedures are documented; and the version of Form 1454 Request and Authority for Payment currently in use is added to the RCMP's Forms Catalogue and SE Policy.
  2. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should develop a monitoring program to assess compliance with SE policy for * expenditures. Along with the applicable engagement of the Chief Financial and Administration Officer, the monitoring program should ensure * expenditures are not made on acquisition cards.
  3. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should develop formalized training on the * expenditure process, including training for SE Coordinators and units making * expenditures.
  4. The Deputy Commissioner Specialized Policing Services should examine whether inventory system capabilities can be enhanced to link inventory systems, providing visibility into these systems to relevant units * policy centres.

Appendix A – Audit Objective and Audit Criteria

Objective: to assess the adequacy of the governance and internal controls in place over * expenditures.

  • Criterion 1: There are governance structures, roles and responsibilities and accountability mechanisms in place to provide oversight over * expenditures.
  • Criterion 2: There is a risk management approach in place to ensure significant risks related to * expenditures are identified, analyzed and managed.
  • Criterion 3: There are effective internal controls to ensure delegations of authority are respected, and sensitive information and assets are protected throughout their lifecycle.
  • Criterion 3: Training and awareness of the * expenditures process is sufficient to ensure the * expenditure process is complied with.

Appendix B – Management Action Plan

Management Action Plan (MAP)
Recommendation Management Action Plan (MAP)
  1. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should update the existing Sensitive Expenditure Policy (and related policies referred to in the SE Policy) to: ensure * expenditures are clearly defined; guidance is provided on the distinction between a * and * expenditure; * related processes and procedures are documented; and the version of Form 1454 Request and Authority for Payment currently in use is added to the RCMP's Forms Catalogue and SE Policy.

AGREE. As outlined in the * Audit MAP (Rec #1), the SE policy (for both * and * expenditures) will be updated to ensure it is reflective of the findings of both audits.

  1. Update current Sensitive Expenditure (SE) Policy to reflect changes that have evolved from the SE Pilot Project regarding reference to new forms and processes. Moving forward, a plan will be developed as to how best to address the distinction between * and *, with official definitions of each included in the policy.
  2. Develop a process map to clarify processes and procedures related to * and * expenditures.

Completion Date: March 31, 2020

Position Responsible: Deputy Commissioner Federal Policing

  1. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should develop a monitoring program to assess compliance with SE policy for * expenditures. Along with the applicable engagement of the Chief Financial and Administration Officer, the monitoring program should ensure * expenditures are not made on acquisition cards.

AGREE. As outlined in the * Audit MAP (Rec #1), the roles, responsibilities and accountabilities for all parties involved in key SE processes will be updated to ensure they are reflective of the findings of both audits.

  1. In addition to amending policy and updating procedures, business practices will be redefined to clarify mandates, roles & responsibilities. Internal Control will be engaged to determine and develop a monitoring program to identify purchases funded with the acquisition cards that should have been processed as a sensitive expenditure rather than an open expense claim.

Completion Date: March 31, 2020

  1. Training for SECs will include the identification of * transactions through their review process, in an attempt to identify those * transactions inappropriately processed as * expenditures, and to ensure that assets are properly recorded and maintained.

Completion Date: March 31, 2021

Position Responsible: Deputy Commissioner Federal Policing

  1. The Deputy Commissioner Federal Policing, in collaboration with the Deputy Commissioner Specialized Policing Services, should develop formalized training on the * expenditure process, including training for SE Coordinators and units making * expenditures.

AGREE. As outlined in the * Audit MAP (Rec #4), formalized training will be developed to meet the requirements of both audits.

  1. An online training session outlining the process for completion of the 1454 will be developed with a library of sample claims demonstrating how form 1454 should be completed for the various contracting authorities as listed in the Delegated of Sensitive Expenditure Financial Signing Authorities Matrix (DSEFSAM).

Completion Date(s):
January 31, 2020 for Training. March 31, 2020 for Forms Library

  1. A Course Training Standard (CTS) to be developed in collaboration with L&D for the SECs and will form part of a new annual certification requirement. Completion Date: April 30, 2020

Completion Date: April 30, 2020

Position Responsible: Executive Director, Federal Policing Resource Management

  1. The Deputy Commissioner Federal Policing and Deputy Commissioner Specialized Policing Services should examine whether inventory system capabilities can be enhanced to link inventory systems. AGREE. As outlined in the * Audit MAP (Rec #5), the requirement for a covert asset tracking system has been identified to meet the requirements of both audits.

AGREE. As outlined in the * Audit MAP (Rec #5), the requirement for a covert asset tracking system has been identified to meet the requirements of both audits.

  1. Federal Policing to request that a substantial investment of capital be committed towards funding a national inventory solution which would be included in the RCMP Investment Plan.
  2. Technical Operations to work with key partners (FP, IM/IT, CSIS, CSE and private vendors) to validate the business requirements, assess options for a long term global solution, and make a recommendation on a way forward.

Completion Date: March 31, 2021

Positions Responsible: Deputy Commissioner Federal Policing and Deputy Commissioner Specialized Policing Services

Date modified: