Managing the Risk of Fraud

Opening Statement to the Standing Committee on Public Accounts

Managing the Risk of Fraud

(Report 1—2017 Spring Reports of the Auditor General of Canada)

3 October 2017

Michael Ferguson, Chartered Professional AccountantCPA, Chartered AccountantCA
Fellow Chartered Professional AccountantFCPA, Fellow Chartered AccountantFCA (New Brunswick)
Auditor General of Canada

Mr. Chair, thank you for this opportunity to discuss our spring 2017 report on managing the risk of fraud.

Fraud can happen in any organization. In federal government organizations, fraud can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in public services. Federal organizations must manage the risk of fraud.

The audit looked at how the five selected federal organizations managed their risk of fraud.

We also wanted to know whether the Treasury Board of Canada Secretariat provided support to federal organizations to help them manage their risks, including fraud risks, and whether it monitored the implementation of its relevant policies and directives.

Overall, we found that the five federal organizations we looked at had some ways to manage their fraud risks. However, no single organization covered all the basics.

For example, we found that the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada had completed fraud risk assessments. However, some key elements were missing from these assessments. For example, none of the three organizations evaluated all of their fraud risks mitigating controls to assess whether they were operating effectively and efficiently.

For Health Canada and Public Services and Procurement Canada, although they each had a fraud risk management framework in place, neither had completed a fraud risk assessment.

We were concerned that controls we looked at to manage the risk of internal fraud were not always implemented. Very few employees of the five organizations we looked at received the mandatory training on values and ethics and conflicts of interest.

We found that while Public Services and Procurement Canada adequately managed employee declarations of conflict of interest, the four other federal organizations did not. They either took too long to resolve conflicts of interest or did not have an adequate approach to make sure that measures to mitigate conflicts of interest were in place.

In addition, we found that all five federal organizations we examined had controls and review committees in place to prevent and detect selected inappropriate contracting practices, which were contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting. However, the controls were not always applied, and review committees may not have been involved when required. For example, some organizations did not justify some sole-source contracts or contract amendments as required.

Also, the organizations did not analyze their procurement data to help them identify all three types of inappropriate contracting practices. In addition, in all five organizations, we found data quality problems that limited the organizations’ ability to analyze their contract data. For example, they did not make sure that company names were recorded in a consistent way.

Finally, the Treasury Board of Canada Secretariat supported and monitored how federal organizations managed their overall risks. However, it did not monitor how federal organizations managed their risk of fraud or provide specific guidance about fraud risk management.

We are pleased to report that all organizations have agreed with all of our recommendations and have committed to taking corrective action.

Mr. Chair, this concludes my opening statement. We would be pleased to answer any questions the Committee may have. Thank you.