Report 1—Managing the Risk of Fraud

Audit at a Glance Report 1—Managing the Risk of Fraud

What we examined (see Focus of the audit)

Fraud can happen in any organization. Fraud in a federal government organization can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in public services. Therefore, federal organizations must manage their fraud risks.

This audit examined whether the selected organizations had mechanisms in place to appropriately manage the risk of fraud.

The audit also examined whether the Treasury Board of Canada Secretariat provided support to federal organizations to manage their risks, including fraud risks, and monitored the implementation of its relevant policies and directives.

Why we did this audit

This audit is important because the risk of fraud is inherent in all federal government programs, and Canadians expect federal government organizations to minimize the chances of fraud happening in their programs.

What we concluded

We concluded that in the areas we examined, the selected federal organizations did not appropriately manage all of their fraud risks. We did, however, see a number of good practices in all the organizations we examined. Overall, the organizations had appropriate governance structures to help them manage their risk of fraud, but some organizations did not use a strong enough approach to assess those risks, and none of the organizations made sure that the specific controls we looked at worked as they should have. For example, the organizations did not make sure that all their employees received mandatory training in values and ethics.

We also concluded that the Treasury Board of Canada Secretariat developed guidance for departments and agencies to help them assess and manage overall departmental risks. However, the Secretariat did not provide specific guidance on fraud risk management or monitor how departments and agencies managed their risk of fraud.

What we found

Fraud risk management

Overall, we found that the five federal organizations we looked at had ways to manage their fraud risks. For example, they managed fraud risks by ensuring the organization’s risk governance, conducting risk assessments, providing training on values and ethics and conflicts of interest, managing conflicts of interest, justifying sole-source contracts and contract amendments, and analyzing procurement data.

We found that all the organizations we looked at demonstrated the importance of managing their risk of fraud, as evidenced by some good practices we saw in risk governance and risk assessment. However, we were concerned that the organizations did not always implement fraud risk controls. For example, few employees had received mandatory training on values and ethics and conflicts of interest, many conflicts of interest declared by employees took too long to resolve, and standard controls, such as justifications for sole-source contracts, were sometimes not implemented.

We also found that the Treasury Board of Canada Secretariat supported and monitored how federal organizations managed their overall risks. However, it did not monitor how federal organizations managed fraud risks or provide specific guidance about fraud risks, as some other countries did.

These findings matter because good fraud risk management with appropriate controls helps an organization reduce its exposure to losses from fraud.

  • Processes to manage conflicts of interest had weaknesses

    Recommendation. The Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada should ensure that logs used to track and manage declarations of conflict of interest and the related mitigation measures have sufficient and complete information to support the timely resolution of employee declarations of conflict of interest.

    Recommendation. The Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada should:

    • identify operational areas at high risk for conflict of interest and ensure that public servants occupying positions in those areas are regularly required to indicate whether or not they are in a conflict of interest, and
    • follow up on the implementation of mitigating measures for conflicts of interest on a risk basis.
  • Some controls that could manage the risk of fraud in procurement were not always applied

    Recommendation. The Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada should ensure that contract files and contracting data are complete and accurate. They should also conduct data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis.

  • Guidance on risk management did not specifically address fraud risk management

    Recommendation. To help improve fraud risk management at federal organizations, the Treasury Board of Canada Secretariat should:

    • increase awareness of the importance of managing fraud risks, by supporting senior management in implementing fraud risk management; and
    • consider issuing specific guidance on managing fraud risks and how its implementation could be monitored.

Entity Responses to Recommendations

The audited entities agree with our recommendations, and have responded (see List of Recommendations).

Related Information

Report of the Auditor General of Canada
Type of product Performance audit
Topics
Entities
Completion date 6 March 2017
Tabling date 16 May 2017
Related audits

For more information

Media Relations
Telephone.: 1-888-761-5953
E-mail: infomedia@oag-bvg.gc.ca

Twitter: OAG_BVG