Audit of the management of grants and contributions - Internal Audit report

On this page

• Abstract
• Introduction
  • Context
  • Why this audit is important
  • Audit objective, scope, and approach
  • Conclusion
  • Statement of conformance
• Findings and recommendations
  • Governance and strategic direction
  • Risk management
  • Program design and delivery
• Appendix A: Audit criteria and lines of enquiry
• Appendix B: Management action plan
• Appendix C: Table of acronyms

Abstract

The audit examined grants and contribution (G&Cs) processes, operational practices, and controls at the departmental, program and project levels and found that in general, governance structures, risk assessment processes, and internal controls are in place to support the design and delivery of G&Cs programs across the Department. However, the audit found some areas for improvement with respect to the G&Cs management control framework, effectiveness of governance structures, consistency of risk management practices, standardization of operational practices, and documentation management. Additional work is required in these areas to ensure compliance with Treasury Board policy instruments.

Introduction

Context

Fisheries and Oceans Canada (DFO) relies extensively on transfer payments as a key instrument  to meet its policy objectives, priorities and delivery of results, including Indigenous Reconciliation Priorities, the Pacific Salmon Strategy Initiative, Implementation of the Modernized Fisheries Act, the Ghost Gear Program, and the Oceans Protection Plan.^{Footnote 1} The Department provides funding to these programs through G&Cs funding agreements, which include funds for essential community services, First Nations fisheries development, academic research, and the conservation and protection of Canadian fisheries, ecosystems and endangered species.^{Footnote 2}

Transfer payments are a major commitment of the federal government’s resources and are different from other expenditures given that the transfer payment recipient undertakes expenditures and activities that further the Government's mandate, and the Government of Canada does not receive any goods, services, or assets in return. Transfer payments can be administered as either grants or contributions. A grant is subject to pre-established eligibility and other entitlement criteria. A grant is not subject to being accounted for by a recipient nor normally subject to audit by the department, however, the recipient may be required to report on results achieved. A contribution is subject to performance conditions specified in a funding agreement, are to be accounted for, and are subject to audit.

As a federal government department, DFO must adhere to and comply with requirements and expectations set out in government-wide legislation, policies, and directives. The management and administration of the Department’s G&Cs programs is governed by the Financial Administration Act (FAA) and the TB Policy on Transfer Payment and its Directive.

The Chief Financial Officer (CFO) is accountable for the overall financial controls for transfer payment funds at DFO. Within the Budget Planning and Financial Management Directorate (BPFM) of the CFO sector, the Grants and Contributions Centre of Expertise (CoE) provides advice and guidance on the TB Policy on Transfer Payments and the development and implementation of G&C programs, as well as the development of departmental tools, templates and processes for the consistent implementation of such programs. The CoE consists of a mixture of program and policy specialists with a team of 8 FTEs. The G&Cs programs can be delivered nationally or regionally. The responsible ADMs, DGs, Directors, and program managers are accountable for the G&Cs life cycle management processes and the achievement of intended results across the Department. The overall vision, direction and governance of the Department’s G&Cs are set by the G&Cs Steering Committee (SC) aimed at endorsing products going to the DG-level Programs and Operations Committee (POC) and the Financial and Investment Management Committee (FIMC) for information and approval. 

In 2019, as result of the anticipation of DFO’s participation in a TB pilot project related to updating the TB Transfer Payment Policy, and the increases in G&Cs funding, the CFO sector commissioned Deloitte to complete a comprehensive review to assess the Department’s maturity in G&Cs administration related to governance and planning, processes and procedures, technology, recipient engagement and service standards. The review benchmarked the Department’s maturity against leading practices for G&Cs management and assessed its alignment with the TB Policy and Directive on Transfer Payments. The audit takes into consideration the progress towards implementation of the review recommendations, and whether the review findings continue to be relevant.

The audit was identified in the Department’s 2022-2024 Risk-Based Audit Plan given the high materiality of the G&Cs funding envelope and operational challenges due to COVID-19. In July 2022, POC was informed that over 50 G&Cs programs were being delivered, with a total budget of $1.2B for fiscal year 2021-22 (Vote 10 funding). For fiscal year 2022-23, the budget decreased to $967M. Over the last two fiscal years, the annual expenditures accounted for $681M and $403M, thereby resulting in $600M and $564M in surplus funds respectively. Nearly all of the surplus funds were reprofiled to a subsequent year with approximately $7.6M in lapsed funds. Reprofiling provides for unused authorities from one fiscal year to be made available in subsequent fiscal years to reflect changes in the expected timing of program implementation.^{Footnote 3}  The surplus was attributed to process issues and project delays due to COVID-19, recipients claiming less than what was originally anticipated, and other delays (e.g., wildfires, floods, droughts). Even though this audit occurs just prior to an expected decrease in G&Cs spending over the next few fiscal years after a period of growth, overall spending will continue to be significant enough to potentially benefit from the audit findings.

Through a risk assessment, we identified three lines of enquiry with five higher-risk areas that required further examination, namely:

Line of enquiry 1 – Governance and strategic direction 

• governance structures and plans
• roles, responsibilities, and accountabilities

Line of enquiry 2 – Risk management

• risk-based approach to profile the G&Cs programs and projects
• G&C Program and project monitoring

Line of enquiry 3 – Program design and delivery

• G&Cs processes (including lifecycle management) and tools

Why this audit is important

Transfer payments represent a large part of the Government of Canada’s spending.^{Footnote 4} For fiscal year 2021-22, the Government of Canada spent approximately $88 billion on transfer payments that were non-statutory grants and contributions. The total transfer payment expenditures for Fisheries and Oceans and the Canadian Coast Guard accounted for approximately $681 million with over 50 G&Cs programs under its administration.

The G&C programs are managed by the sectors at National HQ and the Canadian Coast Guard, and delivered through the regions. The management and administration of G&C programs is subject to public scrutiny given that the tangible results of transfer payments touch the lives of Canadians every day in all sectors of society. Transfer payments are one of the government’s key instruments in furthering its broad policy objectives and priorities, and assisting eligible recipients in undertaking activities and projects that help achieve the objectives and outcomes of the transfer payment program and contribute to departmental results.^{Footnote 5}

It is important for the Department to ensure that program spending is prudent and G&C programs are designed, delivered, and managed in compliance with TB policy instruments and legislative requirements to ensure integrity, accountability, and transparency in a recipient-focused manner. It is therefore essential that governance and strategic direction, risk management, and control processes for program design and delivery exist to support the administration of grants and contributions.

Audit objective, scope, and approach

The objective of this audit was to assess whether governance, risk management, and program design and delivery processes are in place to support the management of G&Cs.

The scope of the audit was established based on the results of a detailed risk assessment carried out during the engagement planning phase. The audit examined specific aspects of governance, risk management, and program design and delivery activities related to governance structures, annual workplans, roles and responsibilities, program and project risk profiling and monitoring, and lifecycle management of the programs, including processes and tools for administration of G&Cs.  The scope of the audit also included following up on the Current State Diagnostic Assessment that was completed by Deloitte in 2019 to assess and report on the progress made towards the implementation of the assessment recommendations.

The audit was carried out through:

• interviews with key departmental officials, including CFO sector teams, program managers, and program officers at NHQ and in the DFO/CCG regions
• review of applicable legislation, regulations, and management control frameworks
• review of committees’ Terms of Reference, agenda items, and Records of Decisions
• walkthroughs of the G&Cs lifecycle process and transfer payment transactions
• review of strategic plans, workplans, reports, procedures, guidelines, and tools
• transaction testing of selected transfer payments to assess compliance against terms and conditions of the funding agreements and TB policy requirements

The period in scope covered G&Cs program expenditures for fiscal years 2021-22 and 2022-23. The testing criteria were developed based on requirements of the FAA, Treasury Board policies, directives and guidelines outlined in Appendix A of this report.

Conclusion

Overall, the audit concluded that Fisheries and Oceans Canada has processes and controls in place to support the management of G&Cs. However, there are areas for improvement related to the effectiveness of governance structures and frameworks, the risk management approach, and consistent implementation of processes and controls to support program design and delivery.

Statement of conformance

This audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing as supported by the results of the Quality Assurance and Improvement Program of Fisheries and Ocean Canada’s Internal Audit Directorate.

Findings and recommendations

This report presents the findings that cover the three lines of enquiry, namely: governance and strategic direction; risk management; and program design and delivery.

Appendix A outlines the supporting criteria, by line of enquiry, used to conclude on the audit objective.

Governance and strategic direction

The audit examined whether governance structures are established to support the management of G&Cs and that the roles, responsibilities, and accountabilities related to G&Cs are documented, communicated, and understood. Overall, we found that governance structures are established with clear mandates, however, key items and information related to G&Cs management are not being presented to the appropriate committee(s) for effective challenge to take place. In addition, there are elements of the G&Cs management control framework that are in development.  However, we observed a lack of documented guidance on department-wide roles, responsibilities, and accountabilities as it relates to G&Cs management.

Findings and Analysis

Governance structures are established with clear mandates.

National and program-level governance committees and working groups are established with clear mandates.

• At the national level, the Departmental Management Committee (DMC) is the Department’s senior direction-setting and decision-making body that is supported by sub-committees including FIMC and POC. FIMC monitors the financial position of the organization and provides oversight on planning and prioritization of G&Cs management. POC provides recommendations to DMC on departmental program and operational matters, including items related to G&Cs that impact department-wide processes.
• The senior level committees (DMC, FIMC, POC) are supported by the SC that sets the vision and direction for G&Cs governance at DFO and is expected to collaborate in the development and endorsement of G&Cs related items going to POC and FIMC for information and approval. The SC also provides direction and oversight to the work prepared by various G&Cs Working Groups (WG); namely, the Risk Management WG and the User Experience WG.
• At the program level, committees and working groups are established within the regions to varying degrees whose stated purpose is to provide the necessary guidance related to G&Cs programs and to discuss any program-related issues. The programs also have representation at the SC table and participate in national level SC meetings, as well as the Risk Management WG and the User Experience WG.

Key G&Cs items and information are not being consistently presented to the appropriate committee for approval or discussion.

We observed that the committees and working groups have Terms of Reference (ToRs) that define their mandates, membership structures, roles and responsibilities, and meeting frequency. However, key items and information are not being consistently presented to the appropriate committee for approval or discussion. Consequently, effective challenge is not taking place to support G&Cs management. For example:

• The annual SC Workplan that includes key strategic priorities, initiatives, and deliverables to support the management of G&Cs is not being presented to any senior level committee or appropriate authority for endorsement. Furthermore, there is no reporting of progress against the workplan to senior level committees or appropriate authority for feedback and approval, or to ensure action items are completed on time. Under the current practice, the workplan is approved by the SC that is co-chaired by the Director responsible for the CoE, which does not allow for proper segregation of duties and independent oversight. There is also no detailed progress report with clear deliverables, timelines, and responsible leads.
• Through our review of the Financial Situation Reports (FSRs) for the past two fiscal years, we observed that there is a lack of action items that result from presentations at FIMC and DMC on G&Cs financial information, especially since the Department continues to report significant amounts of unspent money against the G&Cs budget. While every year adjustments are made and nearly all of the surplus funds are reprofiled, the FSR does not always provide the justification as to why the money was not spent and had to be reprofiled. Furthermore, RoDs for senior level committees do not indicate action items related to the spending shortfalls including root cause analysis and proposed solutions to address this ongoing issue. For example, we observed that while Indigenous Reconciliation is a key priority for the Department, FSRs for the fiscal year 2022-23 show only $9.0 M was spent on Indigenous reconciliation priorities, whereas the total budget for this was $311M. After adjustments, there is a deficit of $10.5M. However, there is no rationale to justify the unspent money, what the significant adjustments represent and whether there is a lost opportunity to advance funds to the recipients. According to the year-end FSR for 2022-23, the implementation of the Financial Management Framework for Transfer Payments in FY 2023-24 is expected to facilitate the reallocation of funding between programs, however, this does not identify or address the root cause of the underspending.
• Of the twelve recommendations from the 2019 Deloitte review that were to be fully addressed by April 2022, only two have been implemented so far. There was no rationale provided to the SC and subsequent challenge function exercised as to why the recommendations are behind schedule. In addition, the risk of non-implementation was not discussed or accepted by any committee or authority as part of the challenge function and approval process.
• There are three specific service standards that provide turnaround times around the acknowledgment of receipt of an application or proposal, notification of funding decision, and request for payment requisition. The programs are not consistently meeting their service standards and the results are not being reported to governance committees for information and decision-making. As such, there is no feedback loop to discuss the root cause and potential improvements for programs that are not achieving their performance targets.
• We observed instances whereby feedback was solicited on material presented to the SC via emails on an individual basis which does not allow for effective challenge to take place through collective discussion and exchange of ideas. This practice does not foster transparency of feedback provided and the disposition of that feedback.

There are elements of a control framework for G&Cs management in development.

We expected to find a control framework to guide the management of G&Cs. There are elements of a G&Cs management control framework (MCF) that are in development. However, other expected components are missing, such as documented guidance on department-wide roles, responsibilities, and accountabilities as it relates to G&Cs management. More specifically, we found that:

• While components of a departmental management control framework are in development, these are in draft form or awaiting implementation. These include a draft G&Cs management control framework (MCF) document, G&Cs Risk Management Framework (RMF), the Account Verification Framework (AVF), and the Financial Management Framework for Transfer Payments.
• The draft MCF was presented to the Departmental Audit Committee in December 2017 by the interim CFO. This was also part of Deloitte’s 2019 review recommendation, where the Department was expected to leverage existing frameworks to develop a departmental management framework for G&Cs administration at the enterprise level within two years. However, the MCF remains in draft form since its inception and has not been approved and implemented.
• The draft MCF is an overarching framework that contains important guidance and direction for G&Cs programs, such as overall governance principles that align with the TB Policy on Transfer Payments, roles and responsibilities of program managers and the CFO sector, and key control elements that must be built into G&Cs programs. The CoE team, which is leading the development of the G&Cs framework, stated that the MCF was primarily drafted to align with a proposed policy change in the TB Policy on Transfer Payments, which was expected but not yet been implemented during the COVID-19 pandemic, and there are no timelines for when the MCF will be finalized.

We found that guidance and expectations on roles, responsibilities, and accountabilities are lacking.

• The Department has not communicated the department-wide management structure for G&Cs and each group’s individual roles and responsibilities within that structure. Furthermore, while G&Cs related roles and responsibilities for the CoE and for some program authorities are defined on the intranet or in the program’s application guide, the department-wide roles and responsibilities of Program Managers, Financial Management Advisory, Accounting Operations, Internal Controls and Financial Reporting teams are not documented as they relate to G&Cs management.
• Our review of DFO’s Delegation of Spending and Financial Authorities (DSFA) instrument revealed that that G&Cs program delegations must be assigned based on two criteria - program risk and payment size. However, in practice, the DSFA levels are only based on payment size, and there is no formal process to propose DSFA levels based on program risk considerations and the supporting documentation for a given delegation of authority is not kept on file.

Why this matters

It is important to have adequate governance structures, mechanisms and standardized processes in place to oversee G&Cs management and to have key G&Cs information presented to the appropriate committee level as it ensures accountability, effectiveness, sound management, adherence to public service values, and fosters accountability and continuous improvement.

The establishment of a G&Cs framework, including defined and documented roles, responsibilities, and accountabilities, would provide the necessary guidance and direction for program areas to foster compliance with related TB policies and directives.

Recommendation

Recommendation 1:  The ADM and Chief Financial Officer should ensure that information for decision-making and monitoring related to G&Cs is presented when necessary to appropriate senior level committee(s) for endorsement.

Risk management

The audit examined whether the Department has developed a risk-based approach to support the management of G&Cs programs and projects, and whether program and project monitoring is performed in accordance with a risk-based approach, as required by the TB Policy on Transfer Payments.

Overall, we observed that an enterprise level risk management approach is established and takes into consideration priority areas for G&C programs to some extent. However, the risk management approach does not consistently assess and monitor program, project, and recipient-level risks across the Department. Consequently, there is no assessment and evaluation of the program level risks, and no aggregation of risk information to provide insight on high-risk programs, and recipients, and risk trends to support decision-making. At the project level, the risk assessments are not being completed consistently across the Department. In addition, there is no risk-based plan and recipient audits are not being conducted.

Findings and analysis

An enterprise level risk management approach is established and to some extent takes into consideration priority areas for G&C programs.

The Department has established an enterprise-level risk management approach which serves as the foundation for its integrated risk management function. The Departmental Risk Profile (DRP) is a cohesive and integrated approach that allows the CFO sector to incorporate risk intelligence from across the Department and enables ongoing awareness of the risk environment, threats, and opportunities for risk-informed decision-making. The risk information gathered through this annual risk management approach requires collaboration and input from all sectors, regions, and programs across the Department.

Through our review of the DRP, we observed that risk information that was presented included risk statements, risk drivers and existing risk controls. The risk priority areas most relevant to G&C programs were captured under the Indigenous Relationship risk category and related to supporting improvements to grants and contributions processes to improve access to funding, streamline application and reporting processes, provide training for Indigenous proponents, and increase transparency of funding.

The risk management approach does not consistently assess and monitor program, project, and recipient level risks across the Department. 

According to the TB Directive on Transfer Payments (s.6.5), the level of monitoring of recipients should reflect an assessment of the risks specific to the program, the value of the funding, and the risk profile of the recipients. The TB Directive (s.3.4) requires DFO to take a measured response to risks throughout the management of Transfer Payments.  It is up to the Department to determine what is a measured response based on the risk appetite and tolerance.

The TB Directive identifies the key risks related to G&Cs management, including program, project, and recipient risks. The risk level for these varies which impacts how certain programs, projects, and recipients need to be managed. We found that the risk management framework or approach does not consistently assess program, project, and recipient level risks across the Department.

Given the lack of a risk management approach, the following gaps were observed with respect to program, project, and recipient risk management:

• Program level risk assessment: There is no assessment and evaluation of the program level risks, and no aggregation of risk information to provide insight on high-risk programs and risk trends to support decision-making. As such, there is no formal identification and regular update of program level risks and risk mitigation strategies. Interview responses from program managers did indicate that some programs provide risk summaries on program level risks to support the TB submission process. 
• Project level risk assessment: At the project level, while the programs perform risk assessment and evaluation of recipient level risk to determine the terms and conditions of the funding agreement, the risk management approach and subsequent monitoring at the project level is inconsistent across the programs. Review of the selected transfer payments indicated the project level risk assessments are not being performed consistently by the programs. This observation is discussed in detail under the program design and delivery section.
• Risk-based recipient audits: There is no risk-based recipient audit approach or plan in place to evaluate if a recipient audit is necessary, as required by the TB Directive on Transfer Payments (s.6.5.3). Consequently, the majority of the programs are not completing recipient audits. CCG Auxiliary is the only program across the Department that has a risk-based audit framework (dated 2007) and where recipient audits are being conducted. The CCG Auxiliary program provides funding to federally incorporated non-profit volunteer corporations that engage in cost-effective maritime search and rescue activities throughout Canada.

Similar findings were also raised by Deloitte in 2019 as it recommended that the Department develop a common risk management approach and framework for G&Cs within two years and establish a risk-based recipient audit approach and plan within one year to ensure compliance with the TB Policy and Directive on Transfer Payments. These recommendations were not implemented and the CoE stated that the risk management framework including the recipient audit approach and risk related tools are planned to be completed by Q1 2024. Review of the draft strategy document that was shared by the CoE indicated that the Department is in the early stages of developing the risk management strategy for G&Cs.

Why this matters

A cohesive and integrated risk management approach can enable a better understanding of G&Cs risks, allows for consistent risk management efforts, and ensures the integrity of G&Cs processes.

Recommendation

Recommendation 3:  The ADM and Chief Financial Officer should ensure that a risk management approach – inclusive of assessment tools – is developed, implemented, and consistently applied to support program, project, and recipient level risk assessments, and to ensure that recipient audits are conducted. 

Program design and delivery

The audit examined whether processes and control are in place to ensure that the administration of G&Cs complies with the FAA and related TB Policy instruments.

We selected a judgmental sample of 25 transfer payments across seven programs within DFO and CCG regions based on materiality and risk considerations to test the effectiveness of lifecycle process and controls for administering the G&C programs.  The focus of the testing was not to estimate the rate of compliance, but rather to test controls in selected program areas of G&Cs management. As such, our sample selection is not to be used to draw inferences about the population.

Overall, we found that processes and controls are in place to ensure that the administration of G&Cs comply with the FAA and TB Policy and Directive on Transfer Payments. Through our review of the selected transfer payments, we observed that the contribution agreements and subsequent amendments were approved by appropriate delegated authorities pursuant to Section 32 and 34 of the Financial Administration Act (FAA), segregation of duties was properly exercised, and there are pre- and post-payment verification controls in place as part of the monitoring process. However, there is lack of consistent implementation of controls in the areas of risk assessments, service standards and documentation management.

Findings and analysis

Processes and controls are in place to help ensure that contribution agreements are signed, and transfer payments are made in compliance with the FAA and related policy instruments.

We found that controls are working as intended with respect to the execution and signoffs related to the funding agreements and subsequent amendments. In general, we found that mandatory elements are considered in the preparation of agreement terms and conditions, delegated authorities and segregation of duties are properly exercised by appropriate authorities pursuant to Section 32 and 34 of the FAA, and there are pre- and post-payment verification controls in place as part of the monitoring process. In addition, interview responses from program managers indicated that programs are sensitive to the needs, requirements, and challenges of the recipients, and governance bodies are in place to support program activities at various levels. More specifically, we found the following good practices:

• Funding Agreements, Terms and Conditions: Appendix E of the TB Directive on Transfer Payments describes the mandatory elements for which Departmental managers are responsible when they are preparing terms and conditions for a transfer payment program using contributions. We found that controls are in place. For example, for the 10 instances where a holdback was required, it was correctly calculated as part of the payment preparation, and in 24 out of 25 instances, the payment matched the payment schedule for the agreement, whereas one transaction had a payment error that was corrected prior to the audit.
• Delegated Level of Authorities (DLA):  We found controls are in place for Section 32 and Section 34 signoffs by the appropriate authority. In addition, a risk-based approach related to pre- and post-payment verifications has been implemented and account verifications of payments are performed to ensure compliance with Section 32, 34, and 33 and to promote timeliness of payments. In all instances, there was proper signing of each contribution agreement by the appropriate FAA Section 32(1) authority. In 23 of 25 instances, the payment package was authorized by the appropriate FAA Section 34(1) authority, however, for the remaining two instances, the signature card was not updated to reflect the acting DLA. In 15 instances related to funding agreements with amendment, the amendments were signed by the appropriate FAA S.32(1) authority.
• Segregation of Duties: We found there is proper segregation of duties between individuals who evaluate the applicant’s proposal and the individual who approves the contribution agreement. There is also segregation of duties between the individual that submits the payment package into SAP and the individuals approving the payment. Specifically, we found that in all 25 instances sampled, there was appropriate segregation of duties between the individual who submitted the payment package into SAP and the individual who approved the payment package. In 22 of 25 instances, there was segregation of duties between the person who evaluated the proposal and the authorizer. However, for the remaining 3 instances, we could not ascertain the proper segregation of duties due to missing information.

There is inconsistency and a lack of standardized practices in the management of G&C programs across the department.

The TB Directive on Transfer Payments (s.5.2.b), as part of expected results, emphasizes the harmonization of transfer payment programs to the extent possible, and that the administrative processes and procedures for the delivery of transfer payments are standardized within departments. We found that there is a lack of consistent implementation of controls in the areas of risk assessments, service standards and documentation management. More specifically, through our file review of 25 transfer payments we found that:

• Risk assessment processes and tools varied across G&C programs, and we observed inconsistent application of departmental processes for risk assessment completion and utilization of tools. Specifically:  in 10 instances, the program officers did not have guidance documentation for preparing a risk assessment;  in 10 instances, programs did not complete a recipient risk assessment; in 20 instances, the programs did not revisit the risk assessments to determine if the risk profile had changed; and in the 15 instances where amendments were made to the contribution agreement, there was no re-evaluation of the risk assessment completed or rationale documented as to why it was not needed. In addition, we noted inconsistencies related to tools being used to perform the risk assessments as some programs use the Recipient Capacity Assessment Tool (RCAT), whereas others use various tools such as excel spreadsheets. The root cause for the inconsistent application is attributed to the absence of a risk management approach to complete risk assessments.
• Recipient audits are not being conducted by the programs, and the clause to perform a recipient audit that forms part of the agreements is not exercised, nor is an evaluation completed to determine if it is necessary, as required by the TB Directive on Transfer Payments (s.6.5.3). The root cause is attributed to the lack of a risk-based recipient audit approach and guidance discussed under the risk management section of this report. The CCG Auxiliary is the only program across the Department where recipient audits are being completed.
• Service Standards are in place for G&C programs, and achievement targets are set at 90% across the Department. However, there is a lack of clear guidance regarding the commencement and end dates for measuring each service standard. Different programs have adopted varying approaches to measure specific service standards, leading to inconsistencies. In addition, there is no independent challenge function to validate the accuracy and completeness of the service standard results compiled by the programs. 
• Documentation management practices for G&C programs are not consistent across programs and there is no central repository system for programs to access tools, templates, and store recipient specific information. The program areas store recipient specific information across multiple platforms within the same program. For example:
• The Indigenous programs primarily use the Grants and Contributions Agreement Tracking System (GCATS) for storing key documents and utilize OneNote for workflow and saving guidance, tools, templates, or recipient correspondence. Whereas, other programs use various storage options, including program systems (e.g., GCATS, CFFISH, and CPTS), SharePoint, Share Drive, GCDOCS, or OneNote. One program (Ocean and Freshwater Science Contribution Program) has its own storage but plans to transition to SharePoint.
• There is no central guidance and repository for the programs to access tools, templates, and training material on how to incorporate GBA+ and Indigenous Reconciliation (IR) into the G&Cs lifecycle management processes and so the practices differ across the programs. In addition, there is a lack of formal training and tools available to support integration of GBA+ and IR priorities into the G&Cs processes.
• Furthermore, the functionality of key systems and databases is not being fully utilized as we observed instances whereby project documentation was missing in the systems. The audit team had to request the missing documentation from the program officer who then had to extensively search various resources to retrieve it where possible.

The Department is currently in the initial stages of developing an Enterprise Solution for G&Cs, which is expected to address the documentation gaps. The system is targeted to go live as early as FY 2025-26.

Why this matters

DFO has a decentralized approach in administrating the transfer payment processes based on the needs of disparate programs. Given the varied nature of the objectives for contribution agreements, standard guidance on G&Cs processes, tools, and systems would allow for more consistent risk assessments, service standards measurement and documentation management.

Effective management of transfer payments is important to ensure compliance with TB policy instruments, and to demonstrate good stewardship and prudent management of financial resources and public funds.

Recommendation

Recommendation 4: The ADM and Chief Financial Officer should enhance departmental guidance, tools, and systems to achieve consistent implementation of processes and controls related to risk assessments, recipient audits, service standards and documentation management.

Appendix A: Audit criteria and lines of enquiry

Audit criteria

Line of enquiry 1 – Governance and strategic direction

Criterion 1.1: Governance structures are established to support the management of G&Cs. Conclusion: partially met.
Criterion 1.2: The roles, responsibilities, and accountabilities related to G&Cs are documented, communicated, and understood. Conclusion: partially met.

Line of enquiry 2 – Risk management   

Criterion 2.1: G&C program and project monitoring is defined and operating effectively. Conclusion: partially met.

Line of enquiry 3 – Program design and delivery             

Criterion 3.1: Processes and controls are in place to ensure that the administration of G&Cs comply with the Financial Administration Act and related policy instruments. Conclusion: partially met.

The audit criteria were developed from the following sources:

• Financial Administration Act (FAA)
• Treasury Board Policy on Transfer Payments
• Treasury Board Directive on Transfer Payments
• Treasury Board Guideline on the Directive of Transfer Payments
• Guidelines on the Reporting of Grants and Contributions Awards; and
• Access to Information Act

Appendix B: Management action plans

Appendix C: Table of acronyms 

ADM

Assistant Deputy Minister

AVF

Account Verification Framework

BPFM

Budget Planning and Financial Management

CCG

Canadian Coast Guard

CCGA

CCG Auxiliary

CFO

Chief Financial Officer

CoE

Grants and Contributions Centre of Excellence

CPTS

Contribution Program Tracking System

CFFISH

Canadian Fisheries Fund Information Sharing Hub

DFO

Fisheries and Oceans Canada

DLA

Delegated Level of Authority

DMC

Departmental Management Committee

DRP

Departmental Risk Profile

DSFA

Delegation of Spending and Financial Authorities

FAA

Financial Administration Act

FIMC

Financial and Investment Management Committee

FSR

Financial Situation Report

G&Cs

Grants and Contributions

GBA+

Gender Based Analysis Plus

GCATS

Grants and Contributions Agreement Tracking System

GoC

Government of Canada

MCF

Management Control Framework

NHQ

National Headquarters

POC

Policy and Operations Committee

RMF

Risk Management Framework

SC

Grants and Contributions Steering Committee

TB

Treasury Board of Canada

WG

Working Group