Audit of the Monitoring and Oversight of the Contribution Agreements Process

December 2022
Prepared by: Audit and Assurance Services Branch

Table of content

Acronyms
Executive Summary
1. Context
2. About The Audit
3. Key Findings And Recommendations
4. Conclusion
5. Management Action Plan
Annex A : Audit Criteria

Acronyms

CFRDO: Chief Finances, Results and Delivery Officer
CIRNAC: Crown-Indigenous Relations and Northern Affairs Canada
COI: Conflict of Interest
FNIHB: First Nations and Inuit Health Branch
FY: Fiscal Year
GA: General Assessment
GCIMS: Grants and Contribution Information Management System
ISC: Indigenous Services Canada
RO: Regional Operations
TB: Treasury Board
TPAS: Transfer Payment Advisory Services

Executive Summary

Context

The Government of Canada provides transfer payment funding to further its policy objectives and priorities to a variety of recipients through grants and contributions. Grants are not normally subject to audit by departments; however, contributions are subject to performance conditions and to various levels of oversight and monitoring.

The TB Policy on Transfer Payments and its supporting Directive provides the requirements for financial stewardship and monitoring mechanisms. As per the Directive, departments must ensure that contributions are managed in a way that reflects sound stewardship, integrity and transparency. Accordingly, departments are required to exercise effective monitoring of their contribution funding, including monitoring of compliance with funding agreements and the use of funds by recipients.

ISC administers contribution funding to First Nations, tribal councils and other Indigenous organizations and funding recipients. The Grants and Contribution Information Management System (GCIMS) is used to track contribution agreements across the Department.

Within the Chief Finances, Results and Delivery Officer (CFRDO) Sector, Transfer Payment Advisory Services is the functional authority for developing harmonized policies and directives on the administration of transfer payments. In addition to policy support, TPAS also provides advisory support to regional offices related to implementing monitoring processes to ensure contribution agreement requirements are adhered to.

The regional offices of both the First Nations and Inuit Health Branch and Regional Operations sector are responsible for exercising diligence through monitoring contribution agreements. This includes reviewing recipient reporting (financial and non-financial) for compliance with contribution agreement requirements.

The overall contribution funding administered in Fiscal Year (FY) 2020-21 by ISC was approximately $10 billion, which was delivered to 1,703 recipients.

Why it is important

The audit was identified as a priority because a strong recipient monitoring function demonstrates that the Department is being diligent in ensuring that funds are being used as intended and in compliance with contribution agreements.

What we examined

The objective of the audit was to provide assurance that ISC had fulfilled its monitoring and oversight requirements for its contribution agreements.

What we found

Positive Observations

The audit observed the following areas of strength:

Documented monitoring roles and responsibilities were aligned to the expected steps and actions for reviewing recipient reports and recommending corrective actions as per Directives 121 and 123.
The Department has tools in place to support monitoring and oversight.
Recipient reporting requirements were accurately captured in GCIMS and recipient reports were subject to review and conclusions with regard to their compliance within the Department’s target timeframes.
ISC regional offices have separated duties for reviewing recipient reports for compliance, including the initial report review, independent challenge function and sign-off on results in order to mitigate any potential conflict of interest.
ISC provides guidance for non-compliance but allows for some flexibility/professional judgment in the approach used when recipients are deemed non-compliant with the terms of the agreement. This helps facilitate better relationship management and is aligned with the Department’s work towards reconciliation.

Opportunities for Improvement

The audit team identified areas where management control practices and processes could be improved, resulting in the following recommendations:

The Chief Finances, Results and Delivery Officer should complete the implementation of the actions to address the Fraud Risk Assessment recommendations for which they are responsible as the implementation of these actions will also address the weaknesses noted in this audit.
The Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations, Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and the Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to engage departmental programs in the identification of the level of risk being taken when reports are late and decide if this risk is acceptable. If there is an unacceptable level of risk being taken, then approaches should be developed to ensure this information is gathered on time while maintaining positive relations with recipients.
The Chief Finances, Results and Delivery Officer should engage with departmental programs to review the reporting requirements in order to streamline reporting. This includes reviewing reports necessary and timelines for delivery of reports based on the time sensitivity of information.
Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations, the Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to ensure that the approach to addressing non-compliance, the rationale for the corrective action taken, the identified risks and the follow up plans are documented.
The Chief Finances, Results and Delivery Officer should stand up the planned Compliance Unit within the CFRDO sector.

Overall conclusion

The Department is faced with the challenge of balancing enforcement of the contribution agreement terms and conditions with the need to support relationship building in recipient communities. The pandemic has also added to the complexity of that dynamic as it impacted the operations of the Department as well as its recipients.

The audit concluded that although ISC has guidance, tools and systems in place to facilitate the monitoring and oversight process, there is an opportunity for improvement in mitigating the risks related to potential conflicts of interest and delayed recipient reporting. For recipients that are in reporting default, there are also opportunities to mitigate the risks associated with not being able to support the choice of corrective action or when corrective actions cannot be demonstrated.

Statement of conformance

The audit conforms with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and the Government of Canada's Policy on Internal Audit, as supported by the results of the Quality Assurance and Improvement Program.

Management’s response

Management is in agreement with the findings, has accepted the recommendations included in the report and has developed a management action plan to address them. The management action plan has been integrated into this report.

1. Context

The Government of Canada provides transfer payment funding to further its policy objectives and priorities to a variety of recipients through grants and contributions. Grants are not normally subject to audit by departments as no accounting for the use of funding is required from grant recipients. Contributions, however, are transfer payments subject to performance conditions specified in the funding agreement and are subject to various levels of oversight and monitoring.

The overall contribution funding administered in FY 2020-21 by ISC was approximately $10 billion, which was delivered to 1,703 recipients.

Monitoring of contribution agreements at ISC

Indigenous Services Canada (ISC) administers contribution funding to First Nations, tribal councils and other Indigenous organizations and funding recipients. The Grants and Contribution Information Management System (GCIMS) is used to track contribution agreements across the Department.

Within the Chief Finances, Results and Delivery Officer (CFRDO) Sector, Transfer Payment Advisory Services (TPAS) is the functional authority for developing harmonized policies and directives on the administration of transfer payments. In addition to policy support, TPAS also provides advisory support to regional offices related to implementing monitoring processes to ensure contribution agreement requirements are adhered to.

The regional offices of both FNIHB and Regional Operations (RO) sectors are responsible for exercising diligence through monitoring contribution agreements. This includes reviewing recipient reporting (financial and non-financial) for compliance with contribution agreement requirements. Financial reports include Audited Consolidated Financial Statements, Schedules of Remuneration and Expenses, Schedules of Movable Asset Reserve, Program Activity Revenue and Expenses Schedules and more. Non-financial reports include program data to support statutory requirements, resource allocation, performance reporting, accountability, program planning, policy analysis and operational requirements.

Additional monitoring and follow up activities can also be performed as needed. These activities may include recipient audits, program compliance reviews, management action plans, capacity and training support, on-site visits and ad-hoc communications with recipients to review and advise on program progress.

Although the Department utilizes the full range of activities as needed, the only activity that is mandatory is the review of recipient reports. All other actions (i.e., capacity support, check-in meetings, etc.) are supplementary and help facilitate sound monitoring and oversight.

The suite of common monitoring activities are captured in Figure 1 below.

2. About the Audit

The Audit of the Monitoring and Oversight of the Contribution Agreements Process was included in the Crown-Indigenous Relations and Northern Affairs Canada (CIRNAC) and Indigenous Services Canada (ISC) Risk-Based Audit Plan for 2021-22 to 2022-23, which was presented to the Audit Committee in June 2021.

2.1 Why it is important

2.2 Audit objective

The objective of the audit is to provide assurance that ISC has fulfilled its monitoring and oversight requirements for its contribution agreements.

2.3 Audit scope

The audit covered ISC activities related to the monitoring and oversight of contribution agreements within CFRDO, RO and FNIHB. The period of review covered April 2018 to April 2021.

The assessment of monitoring and oversight processes focused on the activities performed to assess recipient compliance, performance and risk as well as the resulting corrective actions. The audit examined the receipt and review of recipient reports and whether any recipient monitoring activities were documented. The focus of this audit was not the non-mandatory supplementary actions such as recipient audits, program compliance reviews, management action plans; however, where supplementary actions were taken to support monitoring and oversight of contribution agreements, the audit aimed to ensure those actions were documented and the choice of supplementary actions were aligned with the departmental guidance.

The audit team did not re-perform procedures used to monitor recipients (e.g., review of recipient reports). The audit also did not examine the methodology in developing the reporting requirements established in the contribution agreements or how the respective programs are using the information received from recipients.

Grants were excluded from the scope of this audit because the level of oversight and reporting required is significantly less for grant agreements compared to contribution agreements.

2.4 Audit approach and methodology

The audit was conducted in accordance with the requirements of the TB Policy on Internal Audit and followed the Institute of Internal Auditors International Professional Practices Framework. The audit examined sufficient, relevant evidence and obtained sufficient information to provide a reasonable level of assurance in support of the audit conclusion. The approaches used to address the audit objective included the development of audit criteria, against which observations and conclusions were drawn. The audit criteria can be found in Annex A.

The audit was performed from October 2021 to February 2022 and consisted of three phases: planning, conduct and reporting. The main audit techniques used included :

Interviews with key stakeholders involved in recipient monitoring processes;
Process walkthroughs of recipient monitoring processes;
Documentation review including monitoring responsibilities and workflows, conflict of interest procedures, tools and checklists used to fulfill responsibilities, reporting on recipient monitoring activities and results; and
Testing of files related to monitoring recipient compliance to contribution agreements, including documented reporting requirements, recipient reports provided and reviews and signoffs by ISC regional office employees, communication of results of report reviews to recipients and actions taken based on the results of monitoring.

Sampling Strategy

The audit examined a sample of contribution agreement files that were entered into within the period of April 1, 2018 and April 1, 2021. This period was chosen to ensure coverage of monitoring activities that occurred before the COVID-19 pandemic as well as during it.

To assess whether contribution agreement monitoring and oversight mechanisms were operating as intended, a judgmental sample of 66 contribution agreements was selected from the regions of Manitoba, Saskatchewan, Quebec and British Columbia. These regions were selected based on the level of process maturity, observed trends of financial reporting compliance with policy requirements and financial value of the regional contribution agreement portfolio.

For each of the sampled regions, a stratified sampling approach was used to select a sample of contribution agreements based on the following criteria:

Funding type: (block, fixed, set and flex);
Recipient risk profile, as defined by the GA score;
Financial value of the contribution agreement; and
Fiscal Year (2018-2019, 2019-2020, 2020-2021).

3. Key Findings and Recommendations

3.1 Design of monitoring processes

As per the TB Directive on Transfer Payments, the Department must ensure through the timely assessment of recipient reports and other monitoring activities deemed necessary that the recipient has complied with the funding agreement. Furthermore, the level of monitoring and reporting should reflect risks specific to the program, the value of the funding in relation to administrative costs and the risk profile of the recipients.

At a departmental level, there are several directives that provide additional guidance on monitoring recipients. Directive 102 – Funding Agreement Management, Directive 121 – Financial Reporting and Directive 123 – Reporting Management outline the expectations for diligence when reviewing recipient financial and non-financial reports.

Based on Treasury Board and departmental directives, it was expected that regional office employees would have clearly defined expectations, roles and responsibilities for monitoring contribution agreements, as well as supplementary guidance materials and tools that facilitate their monitoring and oversight work.

There was a risk that monitoring processes may not be aligned with policies and directives correctly and may not be consistently followed across the Department, resulting in inability to determine and take actions on recipient non-compliance to contribution agreements.

Findings

Documentation and communication of roles and responsibilities

The audit team reviewed monitoring process documentation and conducted process walkthroughs with regional representatives from the 4 sampled regions (Manitoba, Saskatchewan, Quebec, British Columbia). It was found that the documented roles and responsibilities for monitoring were aligned to the expected steps and actions for reviewing recipient reports and recommending corrective actions as per ISC Directives 121 and 123. Specifically, regional monitoring plans and processes (e.g., procedure manuals and process flows) were found to include assigned roles and responsibilities for completing key actions such as:

Receiving and reviewing recipient reports within target timeframes;
Following up on overdue reports, including early warning of potential funding sanctions if reports cannot be provided by a certain date;
Performing initial and detailed reviews of recipient reports;
Concluding on recipient compliance after detailed review of reports;
Taking corrective actions where recipients are non-compliant;
Following up on corrective actions through communicating concerns to recipient, establishing follow up plan and considering funding intervention if concerns cannot be addressed;
Considering halting funds under certain authorized conditions (e.g., insufficient management control framework, reporting unobtainable);
Engaging default prevention and management process where applicable, including default risk assessment, remediation strategies and follow up on remediation progress; and
Escalation of any management override for recommended corrective actions.

As a result, ISC regional employees were provided with adequate guidance to fulfill their monitoring roles and responsibilities.

Systems and tools to support employees in carrying out responsibilities

The key system in place to support monitoring and oversight of contribution agreements is GCIMS. As part of file testing, the audit team requested and reviewed documentation related to a sample of contribution agreements across the 4 regions. File testing showed that financial and non-financial reporting requirements were accurately entered into GCIMS for each contribution agreement.

Furthermore, to track the status of recipient reporting against these requirements, regional offices updated GCIMS on an ongoing basis to identify when reports are due and/or how many days they are overdue, the status of the review and the review’s conclusion on recipient compliance to reporting requirements. It was found that financial reports were being reviewed by regional office employees in a timely manner consistent with the target timeframes outlined in Directive 121.

The Department has implemented a General Assessment (GA) tool which supports the management of funding agreements. The GA tool is completed by departmental staff and then shared and discussed with recipients. The General Assessment provides an annual snapshot of the funding recipient's past performance. It also identifies strengths and emerging risks that may have an impact on how the Department manages its transfer payments to recipients. The GA tool informs monitoring efforts and the transfer payment approach based on risk.

The Department also has a Default Assessment tool that is used by the Funding Service Officer to complete a default assessment when requirements are not met by a recipient. The completion of the Default Assessment Tool helps assess if an actual default has occurred or not. If a default does exist, the Default Assessment tool helps identify the level of risk of the default and aids the Department in deciding the appropriate Default Management action.

The audit found that the system and tools were being used.

3.2 Conflict of interest

As per the TB Directive on Conflict of Interest, departments must have the appropriate mechanisms in place to help individuals identify, report and effectively resolve real, apparent or potential conflicts of interest.

Accordingly, the audit team expected to see defined procedures and guidance to identify, escalate and address conflicts of interest associated with recipient monitoring activities.

There is a risk that monitoring may be influenced by conflicts of interest between ISC employees and external recipients, resulting in a potential lack of diligence on taking action on instances of non-compliance and/or corrective actions.

Findings

Separation of duties

Separation of duties is a basic building block of risk management and internal controls. One of the primary reasons an organization or department implements separation of duties is to prevent a conflict of interest.

Financial and non-financial reports provide evidence that funds being used as agreed and that finances are being soundly managed so appropriate review is a key element of oversight and monitoring. It was found during walkthroughs and file testing that regional offices have separated duties for the review and the approval of the review for the reports received from the recipients. Specifically, the following separation of duties was observed:

Program Officers perform initial reviews of recipient reports and maintain working relationship with recipients through check-ins and follow ups on progress;
Managers perform a challenge function on Program Officer’s monitoring results; and
Directors sign off on the recipient compliance conclusion.

Upon completion of sampled file testing, the audit team noted that the Program Officer assigned to the file performed reviews of provided reports with a secondary review of results being conducted by the Manager and sign-off at the Director level. These workflows and supporting audit trails were clearly documented in GCIMS.

Separation of duties helps ensure that reviewers reached fair and reasonable decisions on recipient compliance, partially reducing the risk of a lack of diligence due to conflict of interest.

Conflict of interest (COI) procedures and guidance

In addition to the implementation of separation of duties, well understood supporting procedures and guidelines are needed to enhance risk mitigation. Regional offices were not able to provide specific procedures and guidelines used to manage conflict of interest (COI). Employees are required to report COIs, and this is especially important since the team noted that limited controls exist to reinforce conflict of interest reporting. For example, the audit team did not observe controls in place to ensure periodic conflict of interest checks and/or training and awareness on how to manage conflict of interest when monitoring recipients.

In addition to not observing specific COI guidance, the audit team also was not able to observe evidence of any instances where a COI was reported in the 66 files that were tested. There is a risk that COI may not be actively considered and mitigated when regional employees monitor recipients. This may be due to the weakness in formal procedures and the limited controls in place to ensure that potential conflicts of interest are identified and mitigated.

Departmental initiatives to address COI

A Fraud Risk Assessment was conducted for ISC in May 2021 which presented an analysis of the Department’s vulnerability to specific types of fraud scenarios. One of the fraud scenarios identified was:

An employee involved in the funding process, fails to disclose an actual, potential, or perceived conflict of interest with a funding recipient, resulting in an intentional increased benefit to be provided. Additional funding benefits relatives.

With regard to this fraud scenario, the following recommendations were made in the Fraud Risk Assessment to address the identified control gaps:

Requiring all employees working in high-risk sectors to sign an annual compliance declaration affirming they are aware of the COI Policy, their obligations and expected behaviors and to attest that they did not have any conflict of interest (real, perceived, potential) since their last annual declaration;
Providing fraud awareness training with coverage of COI to employees upon hire and periodically (e.g., annually);
Assessing and reporting any suspected employee risks related to the fraud triangle model (i.e., perceived financial need, perceived opportunity, rationalization);
Increasing the accessibility of the Department’s Policies and Procedures by making them available in one central location on the intranet;
Requiring employees to acknowledge, on an annual basis, their understanding of their requirements under the Code of Conduct and the Values and Ethics;
Providing periodic communications to employees of both their obligation to report suspicions of fraud and wrongdoing and the respective reporting process; and
Issuing periodic reminders to Delegated Authorities of their responsibilities when signing off on S.34 of the Financial Administration Act and the consequences if they do not perform the required review procedures prior to approving payment.

A response to these recommendations in the Fraud Risk Assessment was developed by CFRDO and other sectors responsible for the recommendations. At the time of the audit, the actions identified in that response had been partially implemented.

The lack of an annual COI compliance declaration and awareness training led to the Department not having ongoing assurance that COI was being considered and mitigated within the recipient monitoring processes.

Recommendation

The Chief Finances, Results and Delivery Officer should complete the implementation of the actions to address the Fraud Risk Assessment recommendations for which they are responsible as the implementation of these actions will also address the weaknesses noted in this audit.

3.3 Recipient compliance

Directive 102 – Funding Agreement Management notes that Regions and Sectors must establish procedures to ensure contribution agreements are actively monitored, reporting obligations are followed up and appropriate actions are taken in cases of non-compliance. This direction is further covered through Directives 121 and 123, which define the conditions for a default on reporting and what actions can be taken by the Department when a default is identified. Professional judgement is used by regional office employees when determining what action or mix of actions to take when a recipient defaults on reporting requirements. Figure 2 summarizes the process.

Figure 2 - Recipient Reporting Default Identification and Corrective Actions

It was expected that appropriate actions were taken when non-compliance was identified through recipient monitoring. There is a risk that the Department may not be diligent in monitoring contribution agreements, which amount to roughly $10 billion in annual commitments and may be unable to articulate the level of compliance, risk and results associated with these funding arrangements.

Finding

The audit found that delays in receiving reports is an issue for both financial and non-financial reports.

Prior to examining the data, the assumption was that there would be a large decline in reports received during the pandemic due to the operational challenges associated with the public health guidance as well as ISC’s policy exemptions that provided flexibility for First Nations reporting in order to prevent the potential hardship of halting funds when reports were not received. The data shows that the number of reports received on time declined during the pandemic period by approximately 10% for financial reports and 5% for non-financial reports from 2018-19 to 2020-21. Table 1 and 2 provide the data on reports received on time for the period under review.

Table 1 – Financial Report Provision by Fiscal Year (as of the due date for the specified years)
Recipient Reporting Type	FY 2018-19	FY 2019-20	FY 2020-21
% Of Financial Reports Received On Time	32%	26%	22%

Table 2 – Non-Financial Report Provision by Fiscal Year (as of the due date for the specified years)
Recipient Reporting Type	FY 2018-19	FY 2019-20	FY 2020-21
% Of Non-Financial Reports Received On Time	14%	10%	9%

As illustrated in table 1 and 2, there are significantly fewer non-financial reports coming in on-time compared to financial reports. This may be partly due to the volume of non-financial reports that are expected by the different programs providing contribution funding to recipients. For example, in 2018-19 there were approximately 29,000 non-financial reports expected in the GCIMS system, compared to approximately 1,500 financial reports expected from recipients. The volume of reports being requested from recipients, coupled with the capacity challenges facing First Nations which the audit team was informed of by regional personnel, resulted in delays in reporting.

The audit team further examined the GCIMS data for the period under review and found that approximately 71% of delayed financial and non-financial reports are received within 180 days of the date due. Approximately 90% of reports are received within a year. Figure 3 below provides a breakdown of the average wait time for delayed reports based on the GCIMS data received.

Figure 3 – Average Wait Times for Delayed Reports

Recipient reporting is a key tool in the oversight and monitoring of contribution agreements and these reports provide evidence of effective financial management and information to programs for decision making. As illustrated by the data, the significant majority of reports are eventually received; however, the delays in reporting means that the Department must make decisions with less relevant data. It is unclear what level of risk the Department is taking by waiting for these reports.

Actions taken after non-compliance

The audit found that before and during the Covid-19 pandemic there were gaps in the documentation to support that corrective actions occurred when recipients did not meet the reporting requirements. As part of file testing, the audit team reviewed whether corrective actions were documented for instances when recipients defaulted on reporting requirements.

Table 3 and 4 below show the number of instances that were noted in the sampled files where corrective action needed to be taken when reporting requirements were not met. As outlined in Figure 2 above, corrective actions should be taken in all instances of recipient default.

Table 3 – Sampled Recipient Financial Reporting Compliance and Corrective Actions Taken by Region
Region	Corrective actions taken
Region	Withhold funds	Recover funds	Additional monitoring/ capacity support	No documentation to support that the corrective action occurred
Saskatchewan	2	2	4	4
Manitoba	0	0	0	11
Quebec	0	1	1	2
British Columbia	0	1	0	9
Total	2	4	5	26

Table 4 – Sampled Recipient Non-Financial Reporting Compliance and Corrective Actions Taken by Region
Region	Corrective actions taken
Region	Withhold funds	Recover funds	Additional monitoring/ capacity support	No documentation to support that the corrective action occurred
Saskatchewan	2	2	0	8
Manitoba	0	0	0	9
Quebec	0	1	0	6
British Columbia	0	1	0	9
Total	2	4	0	32

Overall, the data in the tables above indicates that regions were in most cases unable to demonstrate that they took the appropriate actions when a recipient defaulted. Where corrective actions were taken (or not taken), there was typically no documented rationale to demonstrate that corrective actions taken were commensurate to risks/issues observed.

With regard to following up on corrective actions, halted funds (which did not include any funds supporting critical services for communities) and funds flagged for recovery were observed to be entered and tracked in specific GCIMS financial modules. However, non-financial corrective actions were not consistently subject to tracking and follow-up to confirm they were carried out or that identified risks/issues were mitigated. Non-financial corrective actions include management action plans, capacity and training support, additional reviews and more frequent check-ins on progress.

Due to the importance of maintaining relationships with the recipients and the fact that regional personnel are aware of the challenges some recipients face, it is understandable that the Department would not rush to punitive measures when reports are late or deemed non-compliant with the expectations of the contribution agreement. This approach is supported by the flexibility in the guidance from CFRDO on dealing with default situations, which allows for some professional judgement in which course of action to take. However, it is important that the Department be able to demonstrate the approach taken and the associated rationale be documented and reflected in the file. Without documenting this information, it is difficult to demonstrate effective monitoring, consistency in dealing with instances of non-compliance and effective follow-up.

Recommendation

The Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations, Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and the Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to engage departmental programs in the identification of the level of risk being taken when reports are late and decide if this risk is acceptable. If there is an unacceptable level of risk being taken, then approaches should be developed to ensure this information is gathered on time while maintaining positive relations with recipients.
The Chief Finances, Results and Delivery Officer should engage with departmental programs to review the reporting requirements in order to streamline reporting. This includes reviewing reports necessary and timelines for delivery of reports based on the time sensitivity of information.
Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations, the Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to ensure that the approach to addressing non-compliance, the rationale for the corrective action taken, the identified risks and the follow up plans are documented.

3.4 National level oversight

Directives 102, 121 and 123 outline that compliance activities relating to the directives should be carried out by the Compliance Unit of the Transfer Payments Advisory Services (TPAS). It was also noted in Directive 121 that the directive should be enforced through relevant recipient information being made available for trend analysis.

Based on these Directive requirements, it was expected that there would be defined and implemented national oversight processes and controls that help demonstrate that the Department is being diligent in its monitoring activities.

There is a risk that the Department may not have sufficient oversight to conclude that contribution agreement monitoring activities are being performed in accordance with policy and leading to positive recipient outcomes on an on-going basis.

Finding

As noted in the previous section, there was an opportunity to better document and follow up on corrective actions. This creates a challenge in determining at a departmental level that monitoring activities are effective and leading to positive recipient outcomes.

While recipient report status was tracked in GCIMS, there was no further observed reporting on recipient monitoring activities to support departmental analysis. For example, there was not a process at the national level to review recipient monitoring data to assess common and emerging risks and trends, number of non-compliances and extent of corrective actions carried out.

As per departmental directives, TPAS was expected to have a Compliance Unit that monitors regional adherence to directives on recipient monitoring. This Compliance Unit was not active for the period of the audit; however, TPAS was able to share plans that show it is being considered for re-implementation. These plans were at the visioning stage (no approval, costs and resourcing estimates, etc.) and planned to achieve the following objectives:

Provide data analysis services on financial/non-financial reports and General Assessments;
Ensure compliance of financial and non-financial reporting and provide management quarterly reports;
Provide advice, guidance and interpretations of the departmental directives and guides on financial reporting and reporting management; and
Development, execution and reporting of results of monitoring plan for Grants and Contribution policy compliance based on risk.

Due to the lack of a national governance structure in place during the audit, there was limited oversight and analysis to demonstrate that the Department was being diligent in its recipient monitoring activities.

In the absence of oversight and analysis of recipient monitoring results, the Department is not able to effectively demonstrate compliance with policies and directives and that objectives for recipient monitoring are being achieved.

Recommendation

The Chief Finances, Results and Delivery Officer should stand up the planned Compliance Unit within the CFRDO sector.

4. Conclusion

5. Management Action Plan

In the last two years in response to the COVID pandemic, Indigenous Services Canada (ISC) and Crown-Indigenous Relations and Northern Affairs Canada (CIRNAC), approved various flexibilities and developed risk-based approaches to reporting requirements, general assessments, default measures (i.e. halting of funds), approval of funding agreements and amendments via email, and extensions of flexible and fixed contribution funding.

Disabling the auto-halt functionality in the Grants and Contribution Information Management System (GCIMS) supported Indigenous communities in addressing the repercussions of the COVID pandemic by reducing follow-ups of overdue reports. While appreciated by recipients, programs, and regions, this strategy significantly increased the amount of overdue reports mentioned in section 3.3 of the Audit of the Monitoring and Oversight of Contribution Agreements Process.

Since May 2022, Transfer Payment Advisory Services (TPAS) has been coordinating the Late Reporting Cleanup exercise with Programs and Regions. This exercise seeks to assess the risk associated with overdue reports and identify opportunities for waiving some requirements to avoid halting of non-essential funds transfers.

Resolving the late reporting backlog and reinstating the auto-halts is required before addressing the Management Action Plan (MAP). This exercise affects the same stakeholders (CFRDO, Sectors, Programs) and touches the same themes as the MAP (risk assessment of reporting requirements, burden on recipients, compliance requirements, necessary information for outcomes based reporting, etc.).

Recommendations	Management Response / Actions	Responsible Manager (Title)	Planned Implementation Date
1. The Chief Finances, Results and Delivery Officer should complete the implementation of the actions to address the Fraud Risk Assessment recommendations for which they are responsible as the implementation of these actions will also address the weaknesses noted in this audit.	Corporate Accounting, Policies and Internal Control (CAPIC) directorate in the Chief Finances, Results and Delivery Officer (CFRDO) Sector will monitor progress of the management response to the recommendations and actions to address the Fraud Risk Assessment that are under CFRDO responsibility. Of those that impact this audit include the following actions:
	CAPIC issue periodic reminders to Delegated Authorities, through various methods (e.g. policy advice, emails, during the refresher training, etc.) of their responsibilities when signing-off on S.34 of the FAA and the consequences (i.e., disciplinary action) if they do not perform the required review procedures prior to approving payment of the expenditure. Progress has been made with the development of a refresher presentation which will be delivered to senior management by Q3 2022-23.	Director CAPIC	Financial Delegation Refresher Session Q3 2022-23
	Fraud Risk Assessment recommendations: CAPIC will be developing an ISC Fraud Risk Management Framework that centers around the concept of identifying, prioritizing, monitoring and mitigating fraud risks. This will strengthen the awareness of fraud risk management responsibilities across the Department.	Director CAPIC	Fraud Risk Management Framework Q1 2023-24
2. The Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations, the Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to engage departmental programs in the identification of the level of risk being taken when reports are late and decide if this risk is acceptable. If there is an unacceptable level of risk being taken, then approaches should be developed to ensure this information is gathered on time while maintaining positive relations with recipients.	CFRDO is currently working diligently with Regional Operations, First Nations and Inuit Health Branch (FNHIB) and Program Sectors in order to address the backlog of late reports. The backlog of late reports has significantly increased since fiscal year 2020-21 due to the COVID pandemic. Disabling the GCIMS feature that halts non-essential funds due defaults (ex: overdue reports) relates directly to the Department taking a recipient-centered approach, informed by outcomes and considerate of risks (discussion held with DAC in September 2020 on the overarching departmental approach). This more particular measure was one of the flexibilities specific to the Pandemic context the Department employed to ensure ongoing responsiveness in a special circumstance to avoid impacting the flow of funding and focus efforts on emergency measures.	Director TPAS will lead the work in collaboration with programs and with the support of the DG Departmental Planning and Management Practices (DPMP) in tracking actions taken, risk considerations and ensuring accountability of the functional authority and program leadership in quality assurance and compliance of updated measures.	Work around the reinstatement of the auto-halt functionality if mandatory reports are not provided for non-essential funding has commenced with anticipated delivery by Q4 of 2022-23. The work around the development of a risk-based reporting profile will be initiated in alignment with expected decisions on the department’s new Departmental Results Framework for 2023-24, and should be delivered in Q4 of 2023-2024. This work is dependent on the results of recommendation #3.
	Step 1 - particular to contribution agreements and addressing the backlog aims to avoid halting payments on non-essential funding where missing reports are considered to have a low risk impact on the Departments. A risk–based approach to reinstate the auto-halt functionality is being proposed and discussed with all programs to ensure that risks around the missing reports are mitigated. The strategy also takes into consideration the exceptional situation surrounding the decision to lift the auto-halt during COVID in order to avoid any negative consequence to first nations that benefited of the exceptional measures.		Step 1 planned completion by end of fiscal year 2022-23
	Step 2 - TPAS will continue to work closely with Regions and Programs on revising reporting requirements in order ensure that reports being requested meet program needs while also reducing the reporting burden on recipients.		Step 2 planned completion Q1-Q2 of 2023-24
	Step 3 - The final step will be to develop a risk based approach on reporting. CFRDO will work on developing a risk profile for reporting requirements that will allow an assessment of the risk taken when reports are late or unobtainable. The roles, responsibilities, and expected steps will be developed with programs and documented in the ISC Directives 121 and 123 (section 3.1 / findings) As with all other flexibilities leveraged by the Department to ensure responsiveness, an assessment of whether they are purely contextual to the Pandemic and business resumption context (and thus, related risks requires the department fully resuming the initial posture post business resumption); or beyond displaying responsiveness, such measures also display proper recipient-centered consideration and modernization/agility in practices and maintains proper risk mitigation (thus, consideration to sustaining, perhaps scaling, and adapting to ensure compliance and risk management).		Step 3 planned completion by the end of 2023-24
3. The Chief Finances, Results and Delivery Officer should engage with departmental programs to review the reporting requirements in order to streamline reporting. This includes reviewing reports necessary and timelines for delivery of reports based on the time sensitivity of information.	CFRDO in collaboration with Regional Operations, FNIHB and Program Sectors, is currently in the process of finalizing the late Reporting Backlog exercise for the Departments to reduce the number of late reports. Once the late reporting backlog has been resolved and the auto halt system reinstated, the reporting requirements will be reviewed with programs to find opportunities to lessen the burden on recipients. The review will take a risk based approach that is focused on reporting outcomes while meeting compliance requirements. The CFRDO is committed to developing a streamlined reporting framework in consultation with internal and external stakeholders which will allow for transformation towards outcome based reporting.	Director TPAS, the DG of Information Management Branch, program officials implicated, and with the support from DG, DPMP in ensuring measures are captured in the Department’s risk framework with clarity in accountability at the functional authority level and program in determining plan of action and ensuring its quality assurance.	Fall 2022 for the New Results Framework Streamlined Reporting Framework work will commence in Q1 2023-24 and it is expected to be ready for implementation and transition phase starting on April 2024. This work is dependent on the completion of certain items of recommendation #2.
4. Chief Finances, Results and Delivery Officer should work with the Senior Assistant Deputy Minister of Regional Operations and the Senior Assistant Deputy Minister of the First Nations and Inuit Health Branch and Assistant Deputy Minister, Regional Operations, First Nations and Inuit Health Branch to ensure that the approach to addressing non-compliance, the rationale for the corrective action taken, the identified risks and the follow up plans are documented.	Following the work identified under Recommendation 3, CFRDO, in partnership with Regional Operations, FNIHB and programs, will implement a compliance framework aligned with the outcome-based reporting vision. A full review of the reports collected will be conducted in order to establish their appropriateness and the alignment to the DRF outcomes. The compliance framework will include clear guidance on tracking of monitoring activities, identification of evolving risk and challenges and corrective or mitigation actions. This work will be carried out in Q4 2023-24 after the completion of Recommendation 3.	Director, TPAS will lead the work in collaboration with programs	Q4 2023-24 This work is dependent on the completion of recommendation #3.
5. The Chief Finances, Results and Delivery Officer should stand up the planned Compliance Unit within the CFRDO sector.	Based on an updated compliance framework, CFRDO, in partnership with programs, will determine the most effective approach, process and structure to ensure compliance. CFRDO will ensure the compliance function is carried out to ensure there is departmental oversight of compliance with policies and directives as part of the Grants and Contribution process. The initial phase will consist of program and regional engagement to assess what value added activities could be performed and what resources would be required.	Shared responsibility between TPAS and programs	Work to begin in Q4 of 2022-23 (Jan) with anticipated delivery one year later or Q4 of 2023-24

Annex A: Audit Criteria

To ensure an appropriate level of assurance to meet the audit objectives, the following audit criteria were developed to address the objectives.

Audit Criteria

Criteria 1: Management addresses real and perceived conflict of interest associated with monitoring and oversight of contribution agreements

1.1 Employees with monitoring and oversight responsibilities are provided with guidance to identify real or perceived conflicts of interest with respect to the contribution agreements.

1.2 There are defined procedures to identify and address potential conflicts of interest

Criteria 2: Roles and responsibilities for monitoring and oversight of contribution agreements are adequately defined and communicated.

2.1 Employees have received defined expectations for monitoring and oversight of contribution agreements.

2.2 Employees involved in performing monitoring and oversight have been identified and their roles and responsibilities have been defined and communicated.

Criteria 3: Plans are in place to perform monitoring activities in a timely manner.

3.1 Plans for monitoring the requirements of the contribution agreements are approved.

3.2 Timeframes are established and adhered to for requesting, storing and reviewing recipient information.

Criteria 4: Risk is managed using the monitoring and oversight activities.

4.1 There are guidance, training and tools to determine if the monitoring and reporting requirements of the contribution agreements are met.

4.2 When the monitoring and reporting requirement of the contribution agreements are not met, there are additional procedures in place to manage the risks.

4.3 There are a defined set of tools and procedures that are used to ensure that:

Results of the procedures are documented, and reported;
Analysis of risks and trends is performed; and
Used to inform sufficient and appropriate follow up actions.

Did you find what you were looking for?

What was wrong?

I can't find the information

The information is hard to understand

There was an error or something didn't work

Other reason

Please provide more details

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Date modified:: 2023-09-28