Audit of the Financial Management Control Framework - Revenue

Transcription

1 N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of the Financial Management Control Framework - Revenue I n t e r n a l A u d i t, N R C N O V E M B E R 2011

2

3 1.0 Executive Summary and Conclusion Background This audit report presents the findings of the National Research Council (NRC) Canada s audit of the Financial Management Control Framework for Revenue. The decision to conduct this audit was approved by the President following the recommendation of the Senior Executive Committee and thereafter by the Departmental Audit Committee on April 21, 2009 as part of the NRC to Risk-Based Internal Audit Plan. Audit objective, scope and methodology The overall objective of this audit was to provide assurance that NRC s financial management control framework for revenue complies with Treasury Board and NRC financial management policies, directives and guidelines. The audit was conducted between October 2010 and May 2011 and examined the elements of the NRC control environment around financial management for revenue. Emphasis was placed on the financial management and control systems, processes and practices employed by NRC Finance Branch. However, key financial management practices were also examined within a random sample of fifty (50) revenue agreements administered by four research institutes and one business technology centre. The audit was conducted using a series of detailed audit criteria that addressed the audit objective against which we drew our observations, assessments and conclusions. These audit criteria, presented in Appendix A, were derived primarily from the Treasury Board Financial Management Policy Framework. Audit opinion and conclusion We found that NRC has established overall a good financial management control framework for revenue with some strong elements in that most of its control elements are compliant with Government of Canada policies and directives. However, a detailed review of fifty (50) revenue agreements demonstrated that the framework is November

4 inconsistently applied across NRC resulting in an overall audit opinion of needs improvement. Significant strengths were found with respect to governance, financial signing authorities and the segregation of duties. Opportunities for further strengthening of the framework include: developing formal processes for financial risk management particularly with respect to credit, foreign exchange, liquidity, collection of long-term royalty rights and fraud; and establishing standardized practices for managing revenue which could include enhancing the use of existing SAP modules and / or replacing IBP-unique MS Excel-based reporting tools. This latter opportunity will also have the added benefit of providing senior management with more timely and accurate entity-wide revenue information necessary for effective decision making. Our review of the revenue agreements identified the following areas which could benefit from additional clarification and training: Reviews by corporate experts such as Sector Financial Services, Legal Services, and Central Business Services prior to signing income agreements; Authorization of other government departments and other types of agreements and amendments in accordance with NRC s financial signing authorities; Consistent costing and pricing practices that comply with Treasury Board and NRC policies; and Appropriate costing and timely billing reconciliation upon project completion. Recommendations 1. NRC should strengthen the revenue management control framework by identifying formal criteria under which conditions and when NRC should exercise its right of audit clauses included in technology licence agreements. [Moderate Priority] November

5 Management Response: Finance Branch will work with CBS to document formal criteria under which NRC would exercise our audit rights under the audit clauses in NRC technology licence agreements by June 30, (a) NRC should strengthen the revenue management control framework by developing formal financial risk management policies and procedures. (b) NRC should also clearly define roles and responsibilities as they pertain to OGD Financial Arrangements and developing OGD standard agreement templates. [Moderate Priority] Management Response: Finance Branch is currently in the process of reviewing and updating its suite of revenue related financial management policies which also includes finalizing its credit management policy. Finance Branch will ensure that business and financial risk management policy statements are included in the contracting-in policy by March 31, Finance Branch will work with CBS to incorporate the key concepts of the credit management policy in the overall contracting-in guidance and tools by March 31, The contracting-in guidance and tools include checklists with the purpose of assisting employees involved in the contracting-in process to ensure due diligence (assessment of business and financial risk) is exercised when developing an agreement with a client. Finance Branch will work with CBS to clarify policies for their applicability to OGD Financial Arrangements and to develop a standard approach or template for OGD agreements to ensure a more efficient and less administrative burdensome process by June 30, NRC should examine the potential costs, benefits and feasibility of introducing November

6 additional systems controls and better linking the different modules within SAP in order to ensure NRC financial systems are better leveraged and that the NRC financial management control framework for revenue is consistently applied across NRC. This should include a review of potentially strengthening SD systems controls to prevent inappropriate modifications of transaction terms. [High Priority] Management Response: In light of the initiative to implement the new NRC business model strategy which is currently underway for implementation by April 1, 2012, the NRC internal reporting requirements will mandate the use of the SAP Project Systems (PS) module for overall project management at NRC. The integration between the SAP PS and Sales and Distribution (SD) modules already exists but is underutilised. In order to address the issues related to revenue recognition and in support of the NRC internal reporting requirements, Finance Branch has identified in the project implementation work plan, the development and implementation of training strategies including the utilization of the integration between PS and SD by March 31, Finance Branch will review the feasibility of implementing system controls to prevent inappropriate modifications of transactions terms by June 30, Manual and detective compensatory controls have been in place since 2007 to review on a monthly basis the payment terms that deviate from the payment standard prior to the execution of the interest charging program. 4. NRC should strengthen the revenue management control framework through providing additional training, guidance and monitoring in order to ensure better understanding of the revenue management process and its more consistent application within NRC. This could include expanding the current training curriculum pertaining to revenue management by identifying minimum requirements by employee groups (including Project Managers, Business Development Officers and those with Contracting-in Authorities) and increasing their frequency. [High Priority] November

7 Management Response: In order to address the issues related to revenue recognition and in support of the NRC business model strategy implementation project, Finance Branch has developed a detailed revenue management action plan that addressed policy, business processes, systems and training. Finance Branch is currently working with CBS to develop and implement policy changes, business process changes and training strategies pertaining to revenue management by March 31, Statement of assurance In my professional judgement as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon by management. The opinion is applicable only to the entity examined. Jayne Hinchliff-Milne, CMA, Chief Audit Executive NRC Audit Team Members: Irina Nikolova, F.C.C.A, CIA, CISA Allison Smith, BA November

8 Appendix: Potential Overall Ratings Management Attention Required significant issues exist that require management s attention. Needs Improvement some areas of practices / processes are in compliance with Government of Canada and NRC laws, regulations, policies and directives pertaining to management of revenue but many deficiencies exist. Adequate most of the areas of practices / processes are in compliance with Government of Canada and NRC laws, regulations, policies and directives pertaining to management of revenue but there are opportunities for continuous improvement. Strong all areas of practices / processes are in compliance with Government of Canada and NRC laws, regulations, policies and directives pertaining to management of revenue. No areas for improvement were identified. November