Core Control Audit of the Immigration and Refugee Board of Canada Audit Report

​​ On this page

About the Immigration and Refugee Board of Canada

The Immigration and Refugee Board of Canada (IRB) is an independent tribunal established by the Parliament of Canada. The IRB is responsible for making decisions on immigration and refugee cases efficiently, fairly and in accordance with the law.Footnote 1

Among other responsibilities, the IRB decides who needs refugee protection among the thousands of claimants who come to Canada annually.Footnote 2

The IRB reports to Parliament through the Minister of Citizenship and Immigration, but the IRB remains independent from Immigration, Refugees and Citizenship Canada (IRCC).Footnote 3

Based on IRB’s departmental plan for 2020–21 and 2021–22,Footnote 4IRB had:

  • planned spending of approximately $279.1 million (2020–21) and $282.7 million (2021–22)
  • planned full-time equivalents (FTEs) of 1,876 (2020–21) and 2,095 (2021–22)

About the core control audit

Context and objective

The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policies and procedures. Core control audits provide deputy heads with assuranceFootnote 5 on the effectiveness of core controls over financial management in their organization.

The objective of this core control audit is to examine and assess whether key controls over financial managementFootnote 6 within IRB result in compliance with requirements and expected results of corresponding legislation, Treasury Board (TB) policies, and directives.

Scope

  • Key policy areas of focus were contracting, delegation of spending and financial authorities and acquisition cards
  • A targeted risk-based audit sample of IRB transactions, records and processes were selected from fiscal year 2020–21: contracting (21 transactions), delegation of spending and financial authorities (13 transactions) and acquisition cards (20 transactions)Footnote 7
  • Legislation, policies and directives scoped in (versus excluded) are listed in Appendix A

Conformance with professional standards

This audit engagement was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Mike Milito
Assistant Comptroller General and Chief Audit Executive
Internal Audit Sector, Office of the Comptroller General

Overall conclusion

Overall, the audit found that, based on transactions tested, key controls over financial management were generally in accordance with the requirements of applicable legislation, policies and directives.

Effective controls were observed in the area of delegation of spending and financial authorities.

Areas of improvement were observed with respect to contracting, approvals, documentation and timeliness.

Overview of audit findings

Contracting

Non-competitive procurement

  • With respect to contracting, it was noted that justification for non-competitive procurement contracts and best value analysis were not always sufficiently documented and substantiated (Recommendation 2a).

Security requirements

  • In some cases, security requirements were not fully addressed prior to the commencement of the contract (Recommendation 2e).

Processes/procedures

  • For two competitive contracts related to the Interpretation Service Program, IRB did not follow some of the bid evaluation steps normally expected as part of a competitive procurement process. Specifically, both contracts were processed as contract renewals without their corresponding bid evaluations (Recommendation 2b)Footnote 8.
  • There were also instances where contracts and amendments, valued at over $10,000, did not meet the proactive disclosure requirements (Recommendation 2h).

Why this is important

Sound contracting practices are important to ensure that they stand the test of public scrutiny of prudence and probity, facilitate access, and encourage competition and fairness in the spending of public funds and achieve better value.

Approvals

  • For acquisition cards, in all instances, the acquisition card application form was not signed by the acquisition card coordinator, which is a responsibility of this role (Recommendation 1b).
  • There were a few instances where expenditure initiation and certification authority were either not documented or not performed by the appropriate delegated authorities in the areas of acquisition cards and contracting (Recommendations 1e, 2c, 2g).

Why this is important

Approvals are a key control in ensuring that funds are available and used prudently and that transactions are authorized, complete, accurate and valid.

Documentation

  • For the management of acquisition cards, in many cases, although the cost centre manager recommended for the employee to have an acquisition card with reasonable credit limit based on planned use, there was no bank statement documentation indicating the credit limit to verify that it matches the limit noted in the acquisition card application form. Additionally, although the cost centre manager recommended for the employee to have an acquisition card, in two cases, there was no recommended credit limit on the acquisition card application form (Recommendation 1a).
  • In some cases, for acquisition cards and contracting, it could not be determined whether the expense was approved prior to the expense being incurred or prior to the signing of the contract as the approval was not dated (Recommendations 1c, 2c). In all instances, for acquisition cards, no documentation was on file to demonstrate that commitments were recorded at the value expected to be incurred (Recommendation 1d).
  • For several instances in the areas of acquisition cards and contracting, certification authority and payment authority were not properly supported with proof of execution or cost (Recommendations 1f, 2g).
  • In one case, a contract signed by the vendor was not on file (Recommendation 2d). In another case, it could not be determined if amendments were issued before services were received, as amendments were not properly signed and dated. For one contract, justification for amendments was not always documented (Recommendation 2f).

Why this is important

Maintaining sufficient and appropriate documentation to support transactions and justify decisions made is essential in demonstrating due diligence and sound stewardship.

Timeliness

  • In one case, for acquisition cards, the acknowledgement of responsibilities for the cardholder was approved after the transaction occurred.
  • There were several instances where certification authority and payment authority were not performed in a timely manner (net 30 days) in the area of contracting (Recommendation 2g).

Why this is important

Timeliness is an important part of the payment process to ensure efficiency and due diligence, and to minimize costs associated with late payments.

Recommendations

Guide to readers

The recommendations provided in this audit report are intended as targeted enhancements to IRB’s process controls and procedures and to help ensure compliance with the applicable legislation, policies and directives.

The recommendations and priority levels are provided based on multiple factors such as types of transactions examined in each area; the number and type of exceptions (instances) noted and resulting risk considerations; government-wide perspective on risk considerations; and, if applicable, results from previous audits.

Recommendation numberRecommendationsPriority

Recommendation 1

In the area of acquisition cards, IRB should ensure that:

  1. proper documentation, including bank statement limit documentation, is retained on file for all acquisition cards in order to substantiate the approved transaction and monthly limits of the cards

Low

  1. the acquisition card application form is approved by the acquisition card coordinator prior to the use of the card

High

  1. expenditure initiation (pre-approval) is properly documented before expenses are incurred

Low

  1. there is a consistent process in place for recording commitments at the expected itemized value

Medium

  1. certification authority be performed by an individual with appropriate delegated authority

Low

  1. expenses are certified with properly supported proof of execution and cost

Low

Recommendation 2

In the area of contracting, IRB should ensure that:

  1. sufficient documentation is retained on file to ensure that non-competitive contract files contain justification for sole-source contracting in accordance with section 6 of the Government Contracts Regulations and best-value analysis is documented and performed prior to contract award

High

  1. the appropriate procurement methods are chosen and that the requirements of the selected method are followed

High

  1. expenses are properly documented and approved by an individual who has the appropriate delegated authority, prior to the signing of the contract

Medium

  1. contracts are signed by all required parties (vendor and department)

Medium

  1. security requirements are addressed before work starts

Medium

  1. contract amendments are properly documented, signed, justified and dated by all required parties before goods and services are received

Medium

  1. certification authority and payment authority are properly documented, supported with proof of execution and cost, and performed in a timely manner by an individual who has appropriate delegated authority

High

  1. contracts, and applicable contract amendments, valued at over $10,000 are publicly disclosed, in the right amount

Low

Management response

The findings and recommendations of this audit were presented to the management of IRB.

Management has accepted the audit findings in this report and has developed an action plan to address the recommendations.

It is expected that the management action plan will be fully implemented by the fourth quarter of fiscal year 2023–24.

The results of the audit and the management action plan have been discussed with the Chairperson and Chief Financial Officer of IRB and with the Small Departments Audit Committee. The Office of the Comptroller General will follow up on the implementation of the management action plan.

Appendix A: Legislation, policies and directives

The following are applicable legislation, policies and directives tested in the scope of the audit based on applicability and risk assessment conducted in the planning phase.

Legislation

  • Financial Administration Act
  • Conflict of Interest Act

Policies

  • Rescinded [2022-05-13] - Contracting Policy
  • Policy on Government Security

Directives

  • Directive on Delegation of Spending and Financial Authorities
  • Directive on Mandatory Training
  • Directive on Payments
  • Government Contracts Regulations
  • Guidelines on the Proactive Disclosure of Contracts

Appendix B: Audit criteria and compliance

Contracting
CriteriaCompliance level
  1. Procurement: non-competitive: There is documentation on file to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations.

Less than 80% complianceFootnote 9

  1. Procurement: competitive: Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner.

Less than 80% complianceFootnote 9

  1. Procurement strategy: Appropriate tendering processes for bids are used in the proper circumstances.

Greater than or equal to 90% complianceFootnote 10

  1. Expenditure initiation / commitment authority (section 32): Funds commitment availability is certified by someone with the delegated authority prior to the expenditure at the value expected to be incurred. (section 32 of the Financial Administration Act).

Greater than or equal to 90% complianceFootnote 10

  1. Contract management: Contracts and contract amendments were approved prior to the receipt of any goods or services or the expiration of the original contract, and supporting documentation is retained on file.

Greater than or equal to 90% complianceFootnote 10

  1. Certification authority (section 34): Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner, and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).

Greater than or equal to 80% and less than 90% complianceFootnote 11

  1. Payment authority (section 33): Payment authority is performed by someone with the appropriate delegation of authority and in accordance with the Directive on Delegation of Spending and Financial Authorities (section 33 of the Financial Administration Act).

Greater than or equal to 80% and less than 90% complianceFootnote 11

  1. Proactive disclosure: Contracts valued at over $10,000 are publicly disclosed.

Greater than or equal to 80% and less than 90% complianceFootnote 11​

Delegation of spending and financial authorities
CriteriaCompliance level
  1. Delegation of financial authorities for disbursements: Delegation instruments are appropriate, current and approved in accordance with the directive.

Greater than or equal to 90% complianceFootnote 10

  1. Learning, training and development: Employees successfully complete mandatory training in accordance with requirements pertaining to financial management, contracting and human resources.

Greater than or equal to 90% complianceFootnote 10​

Acquisition cards
CriteriaCompliance level
  1. Acquisition card issuance: Acquisition card issuance is controlled, and cardholders have acknowledged their responsibility in writing.

Less than 80% complianceFootnote 9

  1. Expenditure initiation / commitment authority (section 32): Funds commitment availability is certified by someone with the delegated authority prior to the expenditure at the value expected to be incurred (section 32 of the Financial Administration Act).

Less than 80% complianceFootnote 9​

  1. Certification authority (section 34): Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner, and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).

Greater than or equal to 90% complianceFootnote 10

  1. Payment authority (section 33): Payment authority is performed by someone with the appropriate delegation of authority and in accordance with the Directive on Delegation of Spending and Financial Authorities (section 33 of the Financial Administration Act).

Greater than or equal to 90% complianceFootnote 10

  1. Authorized purchases: Cards are to be used solely for authorized government business–related purchases of goods and services.

Greater than or equal to 90% complianceFootnote 10​