This Web page has been archived on the Web.

2006 November Report of the Auditor General of Canada

Main Points

What we examined

When public business is conducted properly, public servants comply with laws and policies and use public funds and other assets entrusted to them to benefit the public and not themselves.

We examined key aspects of the proper conduct of public business in three agencies: the Royal Canadian Mounted Police (RCMP), Correctional Service Canada, and the Canada Border Services Agency. We looked at whether each agency has values and ethics programs that promote good behaviour and has internal disclosure (or "whistle- blowing") policies that support the reporting of wrongdoing. We also examined the role that internal audit plays in verifying compliance with laws, policies, and regulations.

We looked at three areas where we believe a risk of abuse is present—contracting, use of acquisition (credit) cards, and use of overtime and leave.

We did not look at issues such as the use of excessive force, harassment, or security breaches.

Why it's important

Misuse and abuse of public resources has become a major concern to Parliament and to Canadians in general. Over the last five years, the federal government has made a major investment in values and ethics programs, has introduced whistle-blower legislation in Parliament, and has begun strengthening internal audit in departments and agencies.

The three public safety agencies we audited employ a total of about 40,000 public servants and spend a total of about $5.6 billion each year, making them a significant factor in the conduct of the federal government overall.

What we found

  • Although the two-year-old Canada Border Services Agency is still developing its programs, all three agencies generally have in place programs of values and ethics, internal disclosure, and internal audit. However, only about 20 percent of employees report having received training in values and ethics. Our survey of 400 non-management employees in the three agencies showed that no more than half are familiar with agency values and ethics programs.
  • Our analysis found that having programs in place is not enough alone to encourage employees to report wrongdoing by colleagues. They also need to know that management will follow up on their reports and will preserve their confidentiality, and that their peers will continue to respect them. While 70 to 80 percent of employees said they themselves would report misconduct, they had significant doubts about their co-workers' willingness to do so. The extent to which management was perceived to take reports of wrongdoing seriously and investigate them ranged from 60 percent at the RCMP to a low of 45 percent at the Border Services Agency.
  • We found few cases of abuse of leave in order to generate excessive overtime.
  • We found that all three agencies had improperly sole-sourced contracts, to the detriment of fairness and equal access—two principles that government agencies are required to apply in the proper conduct of their contracting activities. The Canada Border Services Agency and Correctional Service Canada did not have adequate quality assurance practices in place for contracting activities.
  • We found outright abuse of acquisition cards in only a small number of cases. Nevertheless, the RCMP and the Canada Border Services Agency had high levels of non-compliance with the rules. We also found that purchase limits had been exceeded, and purchases were sometimes split into two bills to evade controls. There was poor control at all three agencies, with individuals allowed to verify their own purchases and documentation frequently lacking. The Treasury Board's policy explicitly forbids the use of acquisition cards for vehicle operations and maintenance, but the Treasury Board Secretariat has allowed it in practice. This has led to a "grey area" in how agencies view the rules and has reduced value for money in some cases.

The agencies have responded. The agencies generally agreed with our findings and most recommendations.

Introduction

What is the "proper conduct of public business"?

4.1 "Proper conduct of public business" means that management and other federal public servants not only comply with laws and policies in the course of their work but, in particular, use public funds and other assets to benefit only the public and not themselves. Lapses in proper conduct can therefore range from criminal acts to merely poor business judgment, such as extravagant and unnecessary business travel.

4.2 Proper conduct encompasses both compliance with law and regulations and an absence of abuse. "Abuse" has been defined by the US Government Accountability Office as ". . . distinct from fraud, illegal acts, and violations of provisions of a contract or grant agreements." Instead, abuse involves deficient or improper behaviour that a prudent person would not consider reasonable and necessary business practice. The Values and Ethics Code for the Public Service says that "Public servants shall act at all times in a manner that will bear the closest public scrutiny, an obligation that is not fully discharged by simply acting within the law."

Ensuring the proper conduct of public business

4.3 Departments and agencies can take several formal measures to ensure proper conduct:

  • Supportive programs. The capstone of Treasury Board's Management Accountability Framework is Public Service Values, which states that "departmental leaders [should] continually reinforce the importance of public service values and ethics in the delivery of results to Canadians." Most departments and agencies have responded with values and ethics programs designed to increase awareness about ethical challenges and appropriate responses to them. Beginning January 2006, Treasury Board policy makes such training compulsory for all new public servants.
  • Controls on high-risk assets and activities. Certain government assets and activities are vulnerable to risk of abuse by employees. Experience has shown that contracting, for example, can lend itself to favouritism and even kick backs; "acquisition" (or government credit) cards might be used to purchase unauthorized goods and services. Abuse can occur in human resource activities such as appointments, promotions, leave use, and overtime pay. Because these activities are at risk, departments and agencies usually put controls in place to ensure that resources are used only for approved purposes.
  • Internal disclosure. The Treasury Board Secretariat has issued an internal disclosure policy aimed at allowing public servants to report incidents of wrongdoing in the workplace to a senior departmental officer. In addition, the government established the Public Service Integrity Office in 2001 to provide a point of contact for public servants who have concerns about wrongdoing that they believe their departments have not addressed adequately. Parliament recently strengthened disclosure provisions with new whistleblower legislation. This Act, however, was not in effect during the period we audited.
  • Internal audit units. The internal audit units located within each federal department or organization need to be alert to indications of fraud and abuse and also need to periodically conduct compliance audits of high-risk areas to ensure that controls are operating as intended. Having an effective internal audit function within a federal organization can also act as a deterrent by increasing the likelihood that improper acts will be discovered.
  • Sanctions. Employees who have behaved improperly can suffer appropriate sanctions. Departments have formal disciplinary mechanisms to apply sanctions when required.

4.4 These formal mechanisms are important, but formal programs go only so far. Like all communities, government agencies have networks of informal communication, personal relationships, and community norms that collectively form a "culture." An important aspect of leadership at all levels is to demonstrate proper conduct and to be a positive influence on agency culture.

Focus of the audit

4.5 This audit focused on the RCMP, the Canada Border Services Agency, and Correctional Service Canada, which, together, employ most of the employees in the Public Safety and Emergency Preparedness portfolio.

4.6 We assessed the adequacy of programs to support positive behaviour by employees, and we surveyed 400 employees at the three agencies to determine whether the programs had reached them and were working as intended. In particular, we reviewed values and ethics initiatives, internal disclosure programs, and internal audit. We looked at whether programs complied with government policies. We did not assess the use of sanctions.

4.7 We also examined selected high-risk areas (acquisition cards, overtime use, and contracting) to determine whether controls were adequate.

4.8 More details on the audit objectives, scope, approach, and criteria are in About the Audit at the end of this chapter.

Observations and Recommendations

Programs to support proper conduct

4.9 The Treasury Board of Canada Secretariat in its Modern Comptrollership Practices: Toward Management Excellence calls on agency heads and senior managers to establish programs that can help employees deal appropriately with ethical challenges. Deputy heads are to "encourage and maintain dialogue" on values and ethics. The Values and Ethics Code for the Public Service says

  • public servants shall endeavour to ensure the proper, effective, and efficient use of public money;
  • in the public service, the means used to achieve the ends should be as important as the achievements themselves; and
  • public servants shall act at all times in a manner that will bear the closest public scrutiny—an obligation that is not fully met by simply acting within the law.

4.10 Government policies require that agencies have structures in place to implement the Code. This includes designating a senior official responsible for assisting public servants to resolve issues arising from the application of the Code. A second senior officer must be appointed to implement the policy of internal disclosure of wrongdoing. The Office of Values and Ethics in the Public Service Human Resource Management Agency of Canada reports results annually.

4.11 We examined the values and ethics programs of each agency to determine whether it had supportive programs in place. We expected that the agencies would have training programs that would deal with specific ethical issues facing their staff and that the agencies would be aware of how effective their efforts to support ethical behaviour were.

Values and ethics programs have not yet reached the majority of employees

4.12 We found that all three agencies had most of the required structures in place.

  • Agency heads have actively encouraged and promoted dialogue on values and ethics issues, and these issues are discussed at the senior executive meetings.
  • All three have identified a senior official as their ethics champion.
  • The RCMP and the Canada Border Services Agency have designated specific staff members to implement their ethics programs. Both agencies maintain websites that offer assistance to employees. Correctional Service Canada has delegated the implementation of the program to the performance assurance sector. Correctional Service has developed reference materials for staff and also maintains a website with typical ethical dilemmas for staff to review.
  • All three agencies have reported to the Treasury Board on their values and ethics programs—the RCMP through a personal briefing from the RCMP Commissioner to the Secretary of the Treasury Board, in addition to its written reports.
  • The RCMP has made significant efforts to direct its ethics training to specific institutional problems. Correctional Service Canada is also working to identify where ethical breakdowns occur, focusing on the relationship between its officers and offenders. The Border Services Agency has established a working group to examine the issue of officers being vulnerable to criminal coercion. Border Services has an established Internal Affairs section that conducts investigations of employee misconduct or malfeasance. Senior management has implemented an action plan to promote awareness and to address gaps in values and ethics.

4.13 Agencies are making efforts to provide values and ethics training to members. For example, the RCMP provides ethics awareness training to 1,200 cadets each year. In 2004–05 the RCMP also provided ethics awareness presentations to about 1,100 other members at various rank levels. Since 2002 Correctional Service Canada has trained about 1,200 individuals throughout the organization. Based on our survey of employees (see paragraph 4.15), only about 20 percent of agency employees can recall ever attending any formal values and ethics training.

4.14 All three agencies maintain documentation on disciplinary actions and grievances that involve abuse of resources. Except for that step, they have not evaluated the effectiveness of their values and ethics programs.

4.15 We conducted a survey, between June and October 2005, of over 400 non-management employees in the three agencies to determine the extent to which they were aware of their particular agency's values and ethics program. The results have indicated that these programs have not yet reached a majority of employees (Exhibit 4.1):

  • No more than half of the employees at any of the three agencies said that they are familiar with the values and ethics program in their specific organization.
  • No more than half of the employees believe that senior management works toward making values and ethics an important part of their organization's culture. At both the Canada Border Services Agency and Correctional Service Canada, more staff disagreed with this statement than agreed with it.
  • Approximately half of the employees at the RCMP and Correctional Service Canada identified their respective commissioner as the source of messages regarding values and ethics. About one third of employees surveyed at the Canada Border Services Agency said that their president originated messages about values and ethics.

4.16 These results indicate that employees of the public safety agencies are just beginning to be aware of their particular values and ethics programs. Moreover, many employees do not believe that senior management think the program is important.

Lack of confidence in management and peers decreases willingness to come forward

4.17 Treasury Board policy requires that departments have mechanisms and ethics staff in place to allow employees to bring forward information concerning wrongdoing in the workplace. Departments are supposed to appoint a senior official to receive and investigate complaints of wrongdoing in a timely manner. Employees are to be informed of the process in their department. In addition, the government has established an alternative system through the creation of the Public Service Integrity Office for cases that staff believe cannot be discussed in their own department.

4.18 The RCMP are not covered by the general policy as there are separate provisions in the Royal Canadian Mounted Police Act. Members of the RCMP are under a code of conduct that covers a wide range of professional behaviour. Members have a duty to promptly report any violations of the code of conduct that they are aware of. The RCMP have decided to voluntarily adhere to the public service policy on internal disclosure, including use of the position of the Public Service Integrity Office for cases where members believe they cannot use the RCMP's own system for reporting wrongdoing. The RCMP also provides a toll-free phone line, an email address, and direct access to ethics staff for employees who wish to come forward with reports of wrongdoing.

4.19 Both Correctional Service Canada and the Canada Border Services Agency have implemented the internal disclosure policy. At Correctional Service, the performance assurance sector is responsible. Like the RCMP, Correctional Service Canada provides a toll-free phone line to report wrongdoing. At Border Services, employees report any wrongdoing to the internal audit unit. However, internal affairs may carry out any investigations.

4.20 Our employee survey of the three organizations gave us considerable information about how much employees know about internal disclosure programs. Few employees appear to be aware of the program—awareness ranged from less than 27 percent at Border Services to under 40 percent at the RCMP. However, more people said they knew how to report misconduct—from about 30 percent at Border Services to over 60 percent at the RCMP.

4.21 There was no real difference among the three agencies in the employees' willingness to report misconduct—70 to 80 percent said they would do so if they became aware of wrongdoing. However, they were much less optimistic about whether their colleagues would be willing to report a wrongdoing; they estimated that only about 40 per cent would be willing to report.

4.22 A high number of employees disagreed with the statement that people who report misconduct in the workplace are generally respected. At least 26 percent of the RCMP staff disagreed with this statement, over 34 percent of Border Services Agency employees disagreed, and over 40 percent of the Correctional Service staff disagreed with it.

4.23 While the majority of RCMP members (about 60 percent) believe their organization will take reports of misconduct seriously and investigate them, it was different at the other public safety agencies. About 50 percent of employees surveyed at the Correctional Service and fewer than 45 percent of Border Services employees said that they believed their specific organizations would take reports of misconduct seriously and investigate them. There was also a lack of confidence that disclosures of wrongdoing would be kept confidential. There was a sharp difference in the number of public servants who believed that senior management is committed to encouraging employees to bring forward knowledge of misconduct. A majority at the RCMP (about 56 percent) believed in management's commitment, and approximately one third of employees at the Correctional Service and Border Services thought senior management was behind the program (Exhibit 4.2).

4.24 Our analysis of the survey results found that programs enabling and encouraging internal disclosure do not, in themselves, increase employees' willingness to report wrongdoing. Such programs may be necessary, but they are not sufficient. From the employees' point of view, such activities might appear to be only "window dressing" if they believe that their bosses and their co-workers will not support them. Based on our analysis, employees' self-reported willingness to disclose misconduct is influenced by

  • the degree to which reporting misconduct is respected by their co-workers,
  • the degree to which senior management will take it seriously and investigate it,
  • the degree to which senior management will protect the confidentiality of the person making the disclosure, and
  • senior management's commitment to encouraging employees to disclose misconduct.

4.25 Overall, the survey results indicate the following:

  • employees' knowledge about the programs is poor at all three agencies; and
  • employees' confidence in management support, in peer support, and in confidentiality for the person reporting the wrongdoing ranged from moderate at the RCMP to low at Correctional Service Canada and the Canada Border Services Agency.
Internal audit provides adequate information

4.26 Internal audit is another support for proper conduct as it tests the integrity of management controls. This process provides assurance that assets are protected and that there is compliance with the regulations. The knowledge that transactions might be audited also acts as a deterrent to wrongdoing by increasing the risk of discovery. Because internal audit has a broad mandate with numerous processes to be covered, we did not expect it to devote a large number of resources to the areas that may be subject to employee abuse. We expected that audit resources would be allocated on the basis of risk and that abuse would be factored into those risks.

4.27 We found that all three agencies have done this. They all have risk-based plans. All three have undertaken audits in the same areas that we identified as high risk: overtime and leave, acquisition cards, and contracting, as well as additional areas. We concluded that internal audit is playing its expected role in supporting compliance.

Compliance in high-risk activities

4.28 Employees are entrusted to manage and use significant public resources while doing their jobs. There is always a possibility that resources can be diverted to benefit employees rather than the public. We therefore looked at three areas that we consider to be subject to a relatively high risk of abuse:

  • employee manipulation of leave to generate excessive overtime earnings,
  • use of acquisition (credit) cards, and
  • contracting.
Leave abuse is a relatively insignificant cause of overtime

4.29 Correctional Service Canada and the Canada Border Services Agency operate 24 hours a day, seven days a week. In addition, employees are subject to unpredictable spikes in workload and job stress caused by factors like incidents at prisons and seizures of contraband goods. Managing overtime is therefore a complex task. We did not include the Royal Canadian Mounted Police (RCMP) in this section of our audit.

4.30 It is possible for employees to collude to use their leave entitlements to create otherwise unnecessary overtime opportunities for their work unit. If management fails to challenge employees who appear to collude, a department could end up paying overtime rates for large amounts of work, which could have been performed at regular-pay levels. Departments and agencies have recognized this as a risk.

4.31 At both Correctional Service Canada and the Canada Border Services Agency, a small number of employees earned a disproportionate amount in overtime. At Correctional Service, 5 percent of overtime earners (562 out of 10,269 employees) used large amounts of both leave and overtime. Their overtime earnings accounted for 26 percent of the total amounts spent on overtime in the last two years (about $16 million out of $62 million). At Border Services we found 3 percent of the overtime earners (320 out of 9,820) fell into this category and accounted for about 15 percent of overtime expenses (about $6.6 million out of $44 million).

4.32 We asked managers to provide valid reasons for the overtime use by employees in this group who worked at the same sites and could potentially collude. We found that managers were able to provide the requested information for the majority of employees. Managers cited understaffing, scheduling deficiencies, the need to respect collective agreements when granting leave, and workload issues as key causes of overtime. In addition they recognized possible abuse. In their responses, managers stated that they were already monitoring leave patterns for eleven Correctional Service employees and one Border Services employee.

4.33 We found that Correctional Service has very good systems to control overtime abuse. Timesheets require employees to indicate why they worked overtime, and management is able to determine the reasons with relative ease. Correctional Service conducted several reviews, which identified abuse as a relatively small problem. In response, Correctional Service has instituted an attendance awareness program, complete with red flags and guidelines for management action in the case of irregularities.

4.34 Although limited analysis of reasons for overtime had been conducted in the past, Canada Border Services Agency senior management begun tracking overtime use in October 2005. We noted some confusion among managers about which level of the Agency was responsible for analyzing leave and overtime use.

4.35 Recommendation. The Canada Border Services Agency should consider using the overtime management techniques employed by Correctional Service Canada and put in place better overtime and leave monitoring.

Canada Border Services Agency's response. We will take into consideration the recommendation. It should be noted that the audit did not identify any issues with regard to overtime abuse.

Acquisition cards are used inappropriately

4.36 Purchase orders—the traditional means that government departments use to obtain goods and services—cost the government about $50 to $100 more for each transaction than using a credit card. In December 1991, the federal government launched its acquisition card program. An acquisition card is a regular bank credit card for which the department, not the cardholder, takes on the obligation to pay. The cards are convenient for consolidating the procurement and payment of limited goods and services of low dollar value. Prompt payment of card account balances (that is, within seven days of billing statement) triggers a rebate to the department. Payments that are thirty days overdue trigger interest charges.

4.37 The Auditor General's 1997 Report, Chapter 7, Acquisition Cards, reported on its audit about the controls that would be appropriate for the use of government acquisition cards. The audit found that departments were not prepared to manage the risks of acquisition cards. It also found that departments needed better training and control procedures and that the use of controls varied from organization to organization. Allowing more than one employee to share duties related to use of the acquisition card coupled with inadequate monitoring, recording, secondary scrutiny, auditing, and verification of card transactions were all seen as major risks.

4.38 In response to our 1997 audit, the Treasury Board established a new policy in 1998 that emphasized that departments need better controls when issuing and using acquisition cards. In addition departments need to improve monitoring, analysis, and the use of information provided by contractors in electronic format. Our 1999 follow-up noted progress, new monitoring, and control tools in departments, and a revised Treasury Board policy and management guide. We also noted the implementation of improved control practices to reduce risks.

4.39 One of our objectives for this audit was to determine whether controls were in place and acquisition cards were being used appropriately. In particular, we looked to see that

  • card users had received training,
  • only authorized users made purchases with the cards,
  • only authorized goods and services were purchased, and
  • spending limits were not exceeded or circumvented.

4.40 We audited a representative sample of card holders in each agency and reviewed their transactions for the last year. More information on our methodology can be found in About the Audit.

4.41 Compliance is a problem at the RCMP. The RCMP has about 4,300 acquisition cards in use. The control structure conforms to the Treasury Board requirements. As an added control, the RCMP has also made accounting services in each region responsible for monitoring card use, for ensuring compliance, and for distributing monthly cost allocations.

4.42 In 2003, the RCMP's internal audit unit carried out a review of the use of acquisition cards in one facility; this was followed by an agency-wide comptroller's review in 2004. The RCMP conducted routine monitoring and a study on contracting and procurement procedures, which identified a number of potential abuses and other risk areas. The RCMP found that

  • cardholders were unfamiliar with the RCMP's policy for acquisition cards and that cards had been used to pay for meals, flowers, fuel, and travel;
  • cards had been used by employees other than the cardholder; and
  • the appropriate manager or other authorized employee had not confirmed that goods and services had been received or the actual cardholders had approved their own purchases.

4.43 Officials told us that the RCMP took remedial action to correct problems found by internal reviews, including revising processes, improving controls, and developing and providing training.

4.44 The most frequent misuses our examinations found at the RCMP were as follows:

  • Thirty-six percent of cardholders made purchases for hospitality functions, gift plaques, flowers, and coffee room supplies (Exhibit 4.3).
  • Nineteen percent of cardholders used the card for vehicle operating and maintenance expenses, which are not allowed by Treasury Board policy. At least some of these transactions (three percent) took place when the vendor rejected the special vehicle operating card, and no other payment alternative existed.
  • The RCMP does not allow cardholders to purchase computer goods and services without prior approval by the regional informatics officer or unless the purchase is made from an approved supplier. Seventeen percent of cardholders made information technology purchases.
  • We found one case where an individual made personal purchases for car insurance and a gym membership. The RCMP could not provide a receipt or contract for the gym membership, nor an adequate explanation for either purchase.
  • We found one instance of splitting a purchase of cameras and equipment to evade controls, with the file annotated "bill under two separate billings," and two cases where records were in such disarray that the individual's file could not be audited.

4.45 We also found that at the RCMP, 21 percent of cardholders had not certified that goods and services had been received as is required. Documentation was missing or unsigned, and cardholders often verified that goods and services had been received, rather than having another person do this, as the rules require. This leaves the RCMP open to the risk of abuse if no one verifies transactions or if individuals sign for their own purchases

4.46 The use of acquisition cards for payment of vehicle operating and maintenance expenses is a particular difficulty. Treasury Board policy specifically states that the acquisition card must not be used for this purpose. However, Treasury Board Secretariat officials informed us that they encourage the use of acquisition cards for purchases that are not clearly identifiable or not defined as an operating or maintenance item for vehicles under the current motor vehicle policy, as long as other policy requirements for acquisition cards are met. The Treasury Board Secretariat has not amended its policy to say this is allowed. This has created a grey area for RCMP employees who must purchase vehicle parts and material for inventory and for specialized vehicle equipment, such as flashing lights, internal screens, and barriers, because the Treasury Board Secretariat has not provided a definition of operation and maintenance expenses. When departments find rules impractical, but allow them to stand, it can eventually result in all the rules falling into disrepute and an overall lack of control. Treasury Board Secretariat officials told us they were already updating the relevant policies and had intended to take this problem into account.

4.47 Nine RCMP garage managers use acquisition cards to purchase automobile parts for vehicle maintenance. Better value might be achieved by competitive tendering for spare parts.

4.48 Finally, we determined that only about 25 percent of the RCMP employees in our sample had received training in the use of acquisition cards.

4.49 Canada Border Services Agency also has compliance problems. The Canada Border Services Agency has about 900 acquisition cards. The Agency uses a Canada Revenue Agency system to track card use. The headquarters finance unit of the Border Services Agency collects regional statistics on card use but does not scrutinize transactions systematically in detail.

4.50 We found evidence of training for less than 10 percent of the cardholders in our sample, since the new agency was created. Officials told us that 700 cardholders had been trained by predecessor organizations but could not provide us with evidence confirming this.

4.51 A great many of the non-compliant cases we found at the Canada Border Services Agency appeared to have occurred because corporate headquarters gave informal permission. We found that 25 percent of cardholders had purchased software or computer hardware, which was not permitted by departmental policy at the time, but which had been allowed for operational convenience. An additional 19 percent of cardholders had purchased vehicle maintenance or repair services, which is not allowed by Treasury Board policy. As was the case with the RCMP, the Border Services officials explained that suppliers sometimes refused the approved vehicle operating card; officials also claimed that the acquisition card was the most efficient purchasing method.

4.52 We also found that other regulations had not been followed.

  • Ninety-eight percent of cardholders did not obtain three price quotes for purchases over $500, as the Agency required at the time of the audit. The Agency has since made this optional.
  • Seventeen percent of cardholders made purchases over the $5,000 transaction limit specified by the Agency. We found one instance where cardholders split one transaction into two bills to evade controls.
  • There were three cases where provincial sales tax was paid although the federal government is exempt, and where the cardholder simply recorded the entire amount as the purchase price rather than correcting the mistake. Agency officials noted that the amounts were small. Nevertheless, we remain concerned about the lack of care in recording transactions.
  • The selection of one individual in our audit sample coincided with an internal investigation. Agency officials found that this individual made 61 questionable transactions (payments for home electricity bills, fuel and gasoline purchases, pharmacy bills, and a home alarm system), and the Agency cancelled the acquisition card. Because questionable transactions were not identified within three months of having been made, the Agency will be unable to claim insurance repayment for any wrongful transactions. This case indicates potential control weaknesses. Agency officials told us they would take other measures to recover any losses.

4.53 Correctional Service Canada has few controls, but few problems. There are about 1,000 acquisition cards in use at Correctional Service Canada. In total, Correctional Service spent $8.9 million on purchased goods and services through acquisition cards in the 2004 calendar year.

4.54 Controls are not as extensive at Correctional Service as at the RCMP. A report generated by regional coordinators identifies the total value of a purchase at a given time, the name of the store, and the date of purchase. However, the report does not list the individual items purchased. Although officials are aware of the risk of abuse, they have not taken steps to perform audit and inspection on a regular basis.

4.55 The last internal audit performed in 1998 identified some deficiencies, such as inappropriate uses of the card and lack of tracking of attractive items purchased with cards, such as television sets. It also noted that cardholders did not submit payment documentation, including receipts and bank statements, on time to the Agency's finance unit for payment, which resulted in interest charges.

4.56 We could not determine how many cardholders at Correctional Service have received training. However, we also found few non-compliant transactions; for example, purchasing forbidden goods, splitting purchases, and exceeding the card spending limit made up less than one percent of transactions in each case. However, one of the few cases of non-compliance we found involved purchase splitting for large amounts.

4.57 We found that about one third of the cardholders had delinquency charges on their accounts for not making payment in a timely manner. For 35 percent of cardholders, there was no review or sign-off for one or more transactions. Correctional Service Canada allows cardholders to sign on their own behalf that goods and services have been received. Twenty-six percent of the cardholders in our sample did so. In one case, we found that an inmate had signed for the purchase. Officials told us that this happened when the inmate was mistakenly given the credit card slip to sign as an acknowledgement of the receipt of goods. These are obvious failures to separate duties, which are control weaknesses. Finally, even when there is a review of the statements, reviewing officials told us that they do not have information about every purchase, and they approve consolidated monthly transactions in bulk. This blind approval leaves room for abuse.

4.58 We identified few problems at Correctional Service Canada, but the lack of controls creates vulnerability to abuse.

4.59 Recommendation. The Royal Canadian Mounted Police, Correctional Service Canada, and the Canada Border Services Agency all should ensure that cardholders are given training regarding their responsibilities for the use of acquisition cards. Training should include known compliance problems, including a discussion of representative cases of abuse.

Canada Border Services Agency's response. The Canada Border Services Agency acknowledges that the training of cardholders is important and will continue to ensure that cardholders are appropriately trained. In addition, we will review the training documentation of legacy cardholders and provide additional training where necessary.

Correctional Service Canada's response. Correctional Service Canada remains convinced that adequate training is pivotal in the implementation of good practices and will ensure that all cardholders receive proper training.

RCMP's response. We agree. Currently the cardholder must sign an acknowledgement of their obligations upon receipt of the acquisition card. We also provide the cardholder and section 34 officer with a document outlining his/her responsibility, as well as a copy of the acquisition card policy. A three-hour non-compulsory training session is offered to both the cardholder and the section 34 officer. Besides the acquisition card training, section 34 officers are provided with a Delegation of Authorities non-compulsory training session, which provides examples of potential cases of non-compliance to various policies. Both courses will be made mandatory in fiscal year 2006–07.

4.60 Recommendation. The Royal Canadian Mounted Police, Correctional Service Canada, and the Canada Border Services Agency all should ensure that the system for verifying purchases is fully implemented and the individuals who have signing authority actually verify the transactions.

Canada Border Services Agency's response. The Canada Border Services Agency can confirm that the necessary systems and processes are in place. We have also implemented an internal process where the responsibility centre manager reviews the monthly acquisition card statement to validate that the purchases presented for payment approval are for legitimate government business.

Correctional Service Canada's response. Correctional Service Canada agrees and will continue to ensure that cardholders are fully aware of, and approve, what has been purchased through the acquisition cards.

RCMP's response. We agree. All measures and processes are in place to ensure the proper control of the acquisition card purchases. The process requires that an acquisition card log must be reconciled with the acquisition card statement and signed by a section 34 officer. A Quality Assurance Guide was developed to assist the manager with his/her obligations of compliance to various applicable policies. Acquisition card transactions are monitored on a monthly basis by regional accounting services staff.

4.61 Recommendation. Correctional Service Canada and the Canada Border Services Agency should increase the level of review of transactions.

Canada Border Services Agency's response. The Canada Border Services Agency has already increased the resources to monitor cardholders' usage.

Correctional Service Canada's response. Correctional Service Canada's accounts verification procedures require a 100 percent verification of the invoices received from the credit card provider.

4.62 Recommendation. Correctional Service Canada should take corrective action regarding late-payment interest charges.

Correctional Service Canada's response. Effective December 2005, Correctional Service Canada has implemented a new process, in collaboration with the acquisition card provider, whereby transactions are processed faster and the monthly invoice paid within 14 days of receipt, thus eliminating the issuance of interest charges for late payments.

4.63 Recommendation. The Treasury Board Secretariat should define vehicle operating and maintenance expenses as part of its Policy Suite Renewal Project.

Treasury Board Secretariat's response. The Treasury Board Secretariat accepts the recommendation.

In order to appropriately address this recommendation, the Treasury Board Secretariat's Policy Suite Renewal Project will complete the following:

  • The Fleet Management Directive will be updated to clearly define vehicle operating and maintenance expenses, as well as to outline when it is appropriate to use another method of payment rather than the Fleet Management Card (forecasted completion—September 2006).
  • The Acquisition Card Directive will be updated to cross-reference the updated Fleet Management Directive (forecasted completion—December 2006).

Until both the Fleet Management and Acquisition Card directives are updated, the Treasury Board Secretariat will develop and issue a communiqué to the departments and agencies clarifying the appropriate use of the Fleet Management Card as a method of payment as it relates to the vehicle operating and maintenance expenses.

Compliance with contracting rules requires improvement

4.64 The three agencies included in our audit are responsible for administering almost 90,000 contracts a year; these contracts cost the government over $566 million per year. Correctional Service Canada accounts for the bulk of these contracts, and the breakdown of the dollar amounts in 2004 is as follows:

  • Correctional Service awarded or let almost 79,000 contracts worth over $300 million.
  • The RCMP let about 6,800 contracts worth $255 million.
  • Border Services let about 2,000 contracts worth over $11 million.

4.65 In the federal government, Public Works and Government Services Canada contracts on behalf of other departments for most goods and some services; departments have authority to handle contracts up to a certain dollar amount. Public Works also has in place contracting tools that assist federal departments in the procurement of informatics services below $89,000. Officials at Public Works told us that when departments use those tools, each individual department becomes the contracting authority and takes on ultimate accountability. However, Public Works is responsible for ensuring that the tools are used in accordance with prescribed policies and regulations.

4.66 Audits by the Office of the Auditor General and internal audit units in many departments have found that contracting has been subject to abuse. In the past we have found widespread non-compliance with contracting rules, which endangered both value-for-money and the integrity of the departments involved. We therefore considered contracting to be an activity at risk.

4.67 We looked at contracts let by the three agencies from April 2003 to March 2005. Since Border Services had delegated contracting authority only since April 2004, we could only look at one year of contracts from that agency. We reviewed about 60 contracts from each agency and selected 30 at random. Another 30 were selected on the basis of "red flags" indicating possible abuse. Red flags included the following:

  • contract amounts close to sole-sourcing dollar limits,
  • contracts with amendments of large dollar value,
  • contracts that appeared to be above agency authority limits, and
  • contracts that showed signs of contract splitting.

Because part of the sample was selected judgmentally, results cannot be extrapolated directly to the overall population of contracts. Nevertheless, our expectation was that no more than 10 percent of contracts would be non-compliant.

4.68 Most RCMP contracts complied with regulations. The majority of the contracts we examined at the RCMP complied with government policies. In the last two years, the RCMP has made efforts to improve compliance: contracts above $25,000 are reviewed by procurement personnel with appropriate authority. There is a post-contract review and a quality assurance program. These reforms were made, in part, in response to lapses in control over contracts related to pension administration, (which is covered in the November 2006 Report, Chapter 9, Royal Canadian Mounted Police—Pension and Insurance Administration).

4.69 We did, however note areas requiring improvement. For example, 16 of the 66 contracts we reviewed had compliance problems of one sort or another. Among the most significant were the following.

  • In 2 of 26 sole-sourced contracts, an adequate reason for not using a competitive process was lacking. Both of these contracts involved services supporting security operations where the RCMP claimed that competitive tendering would not have been in the public interest. However, we did not find adequate support for this claim (Exhibit 4.4). Although neither the RCMP nor Public Works agreed with our finding, the RCMP pointed out that it no longer contracts for information technology services in the same manner as was used in 1 of these cases. Public Works also explained that it has made policy changes to address the situation.
  • In 5 of 26 sole-source contracts, a proposal from the vendor identifying time goals, deliverables, and cost was lacking.
  • In 7 out of 66 contracts, goods or services were delivered before the contract or its amendment was in place.

4.70 Recommendation. The Royal Canadian Mounted Police should define what "not in the public interest" means in the context of its contracting practices that involve exceptions for national security reasons and should educate staff accordingly.

RCMP's response. We agree. The RCMP policy is in complete accord with both TBS and PWGSC National Security Exception (NSE) guidelines. Requests for NSEs are rare and are always handled by senior (director level) procurement staff that are fully conversant with NSE requirements. In addition, all NSE requests must be made by the RCMP's Deputy Commissioner of Operations (ADM level) and must include a rationale (justification) that satisfies the concerns of PWGSC's Assistant Deputy Minister, Acquisitions. RCMP Procurement will continue to play a strong challenge role for all such requests, which will be evaluated on a case-by-case basis.

4.71 Recommendation. The Royal Canadian Mounted Police and Public Works and Government Services Canada should make greater use of contractors with pre-approved security clearances in order to increase competitiveness in classified areas.

PWGSC's response. Public Works and Government Services Canada agrees with this recommendation and will make greater use of contractors with pre-approved security clearances in order to increase competitiveness.

RCMP's response. We agree. The RCMP will continue to investigate and prepare lists of pre-cleared contractors where appropriate and where operational concerns over safety and security are not jeopardized. The direct costs associated with security clearances to the RCMP as well as to potential contractors is significant, and the clearance duration is limited. Therefore, the need for these types of lists will continue to be evaluated on a case-by-case basis.

4.72 Border Services has contract compliance problems. The Canada Border Services Agency became responsible for its contracting activities on 1 April 2004. The Agency is experiencing some difficulty in complying with contracting regulations.

4.73 The most significant area of non-compliance was for information technology services to support existing agency systems. Officials told us that as a result of restructuring the government in early 2004, the newly created Canada Border Services Agency was not able to use the contracting arrangements negotiated by its predecessor department, the Canada Customs and Revenue Agency. In order to meet what it viewed as operational requirements in the short term, Border Services used Public Works contracting services, including the IPS Marketplace, to "ensure uninterrupted professional support." Our sample contained ten cases using this contracting method.

4.74 In reviewing these files we found four cases that did not comply with the IPS Marketplace requirement that a minimum of three contractors be considered for the work. In addition to these non-compliant cases, we found other cases where contracting practices called into question whether there had been genuine competition. Examples of these questionable practices are as follows:

  • In eight instances the file began with a request for a contract naming an individual who was already working for the Agency and who was subsequently awarded the contract. An example of a note on one of the files was "Complete Package for position for [name of consultant]." Some individuals had been employed by the Agency or its predecessor for over four years. Officials told us that the Agency's file naming system was "less than ideal," but its intent was not to retain the incumbent, but "to confirm CBSA's requirement for a resource to perform those functions."
  • In a particular file, three individuals from the same firm were the only ones considered, although thirteen other consultants had been identified. The selected consultants included the individual with the highest cost—a daily rate of $610—while the individual with the lowest rate of $450 was not invited to bid. The search for a single senior systems analyst resulted in three contracts being awarded to these individuals on the same day. All three selected individuals were incumbents, one of whom had worked at Border Services or its predecessor agency since 1985, and another since 1990.
  • Files were missing documentation that would indicate why certain firms were eliminated or that would indicate requests for proposals had actually been sent to more than one firm. Officials told us that some firms had been eliminated because they had not responded to the request for proposal and that Border Services officials had reinforced with the contracting officers the need to document these facts on the file.
  • In five cases, the incumbent had been employed by Border Services or its predecessor agency continuously on contract for several years, and in one instance, since 1985.

4.75 Officials told us that they have since put new supply arrangements in place, and work is under way for a long-term solution to provide information technology services on a competitive basis.

4.76 Overall, twenty-one of the sixty-two contracts we examined had compliance problems. In addition to improperly directing contracts to specific suppliers, these problems included

  • two cases of failure to certify that funds were available to pay for the contract,
  • inadequate description of the nature or goods or services to be provided,
  • failure to meet other criteria for sole-sourcing a contract,
  • one case of failure to certify that services had been received before making payment, and
  • delivery of goods before a contract was in place.

4.77 The Canada Border Services Agency has taken a number of measures to further ensure compliance with contracting regulations and with the proper conduct of public business including the following:

  • A Canada Border Services Agency Contracting Policy was approved by the Agency's Executive Management Committee and distributed in fall 2005.
  • Two national training sessions (April 2005 and September 2005) were conducted for all headquarters and regional contract officers.

A CBSA Contract Review Committee (CRC) was created in fall 2005 and has met. The CRC has representatives from the various branches located in headquarters, as well as two regional representatives. The mandate of the CRC includes analyzing trends in contracting as well as providing direction for agency-wide contracting practices (such as information technology services).

4.78 Correctional Service Canada also has compliance problems. We found that Correctional Service had many of the same difficulties as the other two agencies. The most significant problem was misuse of sole-source contracting. Four of the twenty-one contracts that we examined, which had been awarded on a sole-source basis, did not meet criteria for exemption from competition.

4.79 Overall, we found that twenty-five of sixty contracts at Correctional Service Canada had problems with compliance, including the following:

  • failure to certify the funds were available to pay for the contract;
  • failure to maintain proper contract records;
  • delivery of goods and services before the contract was in place;
  • lack of a proposal from the vendor specifying goals, deliverables, and cost; and
  • one instance where a contract was awarded to a firm whose bid had not received the highest rating in the evaluation process.

4.80 Recommendation. Correctional Service Canada should implement a quality assurance system for contracting.

Correctional Service Canada's response. Correctional Service Canada has taken action to improve our quality assurance on contracts and purchases. CSC recently reviewed and strengthened our existing formal contract challenge mechanism. CSC has developed new monitoring tools to review contracting files before approval. CSC has also revised its contracting training course and made the course mandatory for managers with signing authority. Finally, CSC is supporting the TBS certification program for material management officers, and we will ensure that our people working in material management are properly trained to fully exercise their duties.

Conclusion

4.81 The Royal Canadian Mounted Police, Correctional Service Canada, and the Canada Border Services Agency all have the required programs to support ethical conduct and awareness of ethical problems and to support disclosure of wrongdoing.

4.82 Although programs may be in place, relatively few employees report having received specific training and awareness of values, and awareness of the ethics programs appears low. Survey results about disclosing wrongdoing internally are mixed. The majority of employees in the three organizations reviewed in this chapter say they would be willing to report wrongdoing, but they are much less confident that their co-workers would be willing to do this. Willingness to report depends on employees' perceptions that management will take action and that those who report the wrongdoing will be respected. The survey shows that employees perceive support from management as only moderately high at the RCMP and low at both Correctional Service Canada and the Canada Border Services Agency.

4.83 The internal audit units of the three organizations have included areas of overtime and leave, acquisition cards, and contracting in their risks assessments. The internal audit units perform audits of selected items.

4.84 Compliance performance at the three organizations is mixed. Leave abuse is a relatively insignificant cause of overtime use. We also found little actual abuse of acquisition cards for the benefit of the cardholder. However, all three agencies need to improve training and controls over acquisition card use. The RCMP and Border Services had large numbers of cardholders who had made transactions that did not comply with the policies. Correctional Service had fewer instances of misuse, but controls were weak.

4.85 Border Services and Correctional Service had compliance difficulties with contracting, and all three agencies had let non-competitive contracts without adequate justification. This decreased the agencies' ability to show fairness to all suppliers. We raised a similar observation in our May 2006 Status Report, Chapter 4, Canadian Firearms Program. We also raise it elsewhere in this Report, Chapter 9, Pension and Insurance Administration—Royal Canadian Mounted Police.

Subsequent Events

In September 2006, we reviewed our findings and recommendations with each audited organization. They reported that progress had been made in addressing audit findings, especially those related to the use of acquisition cards.

Royal Canadian Mounted Police. The Commissioner of the RCMP issued a directive to his senior executive team in March 2006 to reinforce how serious the misuse of acquisition cards was. He also directed that after-the-fact approvals will not be given.

In addition, there have been messages addressed to all staff and additional messages to financial staff to remind them of their responsibilities.

The RCMP has taken steps to increase monitoring of compliance and to take corrective action. A national working group has been established to oversee these actions.

The RCMP also worked with the Treasury Board Secretariat to resolve policy problems related to the use of acquisition cards for vehicle maintenance.

Canada Border Services Agency. The Canada Border Services Agency has made a number of improvements in the administration of acquisition cards:

  • it has identified improved training materials and is working to provide them to staff,
  • it has begun to develop staff notices and reminders about staff not paying provincial sales tax and about managers verifying transactions, and
  • it has increased the monitoring of the use of cards.

It also reported that it has created a values and ethics action plan intended to take into account findings of the audit related to the agency.

Correctional Service Canada. Correctional Service Canada has redesigned its acquisition card system. It has also retrained all managers, cardholders, and support staff on the new system, including their roles and responsibilities in the use of the card.

Treasury Board Secretariat. The Treasury Board Secretariat issued new fleet management directives and a manager's handbook effective 1 November 2006, which among other matters, addresses the findings of our audit. The new policy makes it clear how staff are to treat supplies bought for inventory and how they are to deal with exceptional cases where vendors do not accept the fleet credit card.

Public Works and Government Services Canada. Our audit of the Canadian Firearms Program, tabled in our May 2006 Status Report, presented findings about the purchase of information technology services similar to those of this audit. Public Works and Government Services Canada has already informed both the Standing Committees on Government Operations and Estimates and Public Accounts that it had taken action on those earlier findings. The Department testified that its actions involved training users in accountabilities and policies, increasing monitoring, and, where appropriate, restricting the use of purchasing tools for information technology services.

About the Audit

Objectives

The objectives of the audit were to

  • determine the adequacy of the design and operation of programs supporting ethical conduct and awareness of ethical problems in areas that have an impact on resource management;
  • determine the adequacy of the design and operation of processes in place to respond to internal disclosures made by employees within an organization;
  • determine whether internal audit adequately supports compliance; and
  • determine whether controls on contracting, acquisition cards, and overtime and leave are adequate.

Scope and approach

The audit was limited to the Royal Canadian Mounted Police, the Canada Border Services Agency, and Correctional Service Canada. For overtime and leave use, only the Canada Border Services Agency and Correctional Service Canada were examined.

To examine values and ethics programs we reviewed documents and records of all three agencies. We also conducted a survey of incumbent members of the three agencies. Non-management staff members were surveyed. The sampling strategy used was a non-proportional stratified sample with approximately 300 surveys sent to each agency. A total of 178 surveys were returned from the RCMP, 90 from Correctional Service Canada, and 159 from the Canada Border Services Agency. The respective response rates were 59 per cent, 30 percent, and 53 percent. The overall response rate was 50 percent. Non-sampling error due to non-response was negligible for the RCMP and the Canada Border Services Agency, but the 33 percent response rate from Correctional Service Canada was of moderate concern. The potential for minor non-response bias should be considered when interpreting the result for that agency. Overall estimates are accurate with plus or minus 4.0 percent 19 times out of 20. The individual confidence intervals for the RCMP, Correctional Service Canada, and the Canada Border Services Agency are 6.4 percent, 9.1 percent, and 6.5 percent respectively. Overall estimates reported in the chapter have been appropriately weighted.

The examination of each agency's controls for the contracting process was based on a selection of about 60 contracts from each department. The selection was partially based on random sampling, and partially on the basis of "red flags" for abuse such as multiple contracts to the same vendor close to cut-off amounts, which could indicate contract splitting. We expected to find no more than 10 percent of the contracts to be non-compliant.

We examined each contract file for adequacy of the documentation that is required for contracts, adequacy, and fairness of competition; appropriate financial sign-offs; and adequacy of justification for amendments. We discussed any inadequacies with management to understand if there was justification for apparent non-compliance.

The examination of overtime and leave use was based on data-mining of computerized employee pay and leave records. We examined these records for patterns indicating possible abuse. We then consulted with managers to determine possible legitimate causes for patterns. We also consulted with managers to determine what analyses they had performed and what controls they had in place.

The examination of acquisition-card use was conducted by making a random selection of about 60 card holders from each agency and then reviewing their transaction records for the current year. Cardholders were asked to explain any potentially non-compliant transactions. Officials were interviewed to determine what controls over card use were in place.

Criteria

We expected to find that the following criteria were being employed by the three agencies reviewed during this audit.

  • The deputy head of each organization should "encourage and maintain dialogue" on values and ethics.
  • Structures to implement the Values and Ethics Code for the Public Service or the relevant service code of conduct would be in place.
  • A senior official would have been designated to oversee the values and ethics program of the Agency.
  • The required reports to the Office of Values and Ethics were filed.
  • The three agencies should be aware of the kind of ethical breakdowns that occur, how frequently they occur, and where they occur.
  • The three agencies should target values and ethics programs to target local key challenges, as follows:
    • the three agencies should have a plan to provide training to target audiences,
    • the three agencies should know how many people are receiving training and how they match the assessed need, and
    • the three agencies should be aware of what the training is intended to achieve.
  • There should be an analysis of requirements for contracted goods and services.
  • Contracts should be based on fair and equitable competition.
  • Contracts that are sole-sourced should meet at least one of the four exceptions listed in the Government Contracts Regulations.
  • Goods and services paid for, through contracts, should be delivered.
  • Officers signing off section 34 of the Financial Administration Act should have adequate proof that the goods and services contracted for were received.
    • The price invoiced by the vendor should be as specified in the contract, and the terms of the contract should be met.
  • There should be a regular review of overtime usage and corrective action in the event of irregularities.
    • Managers should keep overtime to a minimum.
    • Clear standards should exist for justifying overtime.
    • Economical alternatives to overtime should be considered and used.
    • There should be systems in place for approving, authorizing, and monitoring overtime and leave usage.
    • There should be an analysis conducted on workflows.
    • There should be an analysis conducted on the classification and levels of staff assigned to work units.
    • There should evidence of management monitoring of the work demands and the available staff, and plans to rectify any imbalance.
  • The three agencies should ensure that
    • internal mechanisms and assistance are in place to allow staff to bring forward information concerning wrongdoing in the workplace,
    • a senior official receives and investigates disclosures about wrongdoings in an appropriate and timely fashion,
    • employees are fully informed of the internal disclosure process in their agency, and
    • there is an alternative system for cases where the staff believe an issue cannot be discussed in their own agency.
  • The three agencies should ensure that
    • they have an effective, independent, and objective internal audit unit that is properly resourced to provide sufficient and timely assurance services; and
    • they incorporate risk-based planning into internal audit projects; and their internal audit unit provides assurance to senior management about the effectiveness of the department's risk-management, control, and governance processes.

Audit work completed

Audit work for this chapter was substantially completed on 10 February 2006.

Audit team

Assistant Auditor General: Hugh McRoberts
Principal: Peter Kasurak
Directors: Harvey Wasiuta, Paul Pilon

Claudette Blair
Isabelle Dupuis
Dawn-Alee Fowler
Steve Mariani
Bridget O'Grady
Lucie Vallières

For information, please contact Communications at 613-995-3708 or 
1-888-761-5953 (toll-free).

Definitions:

Sole-sourced contract—A contract for which the contracting authority does not seek competitive bids. (Return)

IPS Marketplace—The Informatics Professional Services Marketplace is a procurement database, managed by Public Works, which allows federal departments to search for consultants based on a list of skills and experience. (Return)