THE REGIONAL MUNICIPALITY OF PEEL AUDIT AND RISK COMMITTEE

Similar documents
ANTI-FRAUD POLICY Adopted August 13, 2015

Fiscal Policies and Procedures Fraud, Waste & Abuse

Fraud Policy FEBRUARY 2014

Fraud Risk Management Procedures

Fraud Prevention DEFINITIONS

GLOBAL PORTS INVESTMENTS PLC

SCHOOLS FRAUD RESPONSE PLAN

The University of British Columbia Board of Governors

Standards of. Conduct. Important Phone Number for Reporting Violations

TITLE: Fraud Prevention and Detection Program IDENTIFIER: S-FW-LD-1008 APPROVED: Executive Cabinet (Pending)

Fraud Prevention and Deterrence

Central LHIN Governance Manual. Title: Whistleblower Policy Policy Number: GP-003

MALAYSIAN TECHNOLOGY DEVELOPMENT CORPORATION SDN. BHD.

BARRICK GOLD CORPORATION

Wellesley College Whistleblower Policy Adopted April 2009

Antifraud program and controls assessment grid*

Fraud Awareness and Prevention Program Report

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

EADS-NA Code of Ethics

Fraud Awareness Training

Employee Embezzlement and Fraud. Defending Against Insider Threats

Sharon Kurek, CPA, CFE Director of Internal Audit

Policy-Standard heading. Fraud and Corruption Policy

Northern Grampians Shire Council FRAUD CONTROL PLAN

Policy : Fraud and Abuse Whistle Blower Protection Act Program... 1

POLICY ON FRAUD, MALPRACTICE AND IRREGULARITY

MEDICAID COMPLIANCE POLICY

How To Handle A Fraud At Psc

How To Ensure Health Information Is Protected

Assessment for Establishing a Whistleblower Hotline:

Destiny Media Technology s Code of Conduct

Title: False Claims Act & Whistleblower Protection Information and Education

September 28, Audit s Role in Governance, Risk Management and Internal Control

MOTORCAR PARTS OF AMERICA, INC. CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED EFFECTIVE JANUARY 15, 2015

CODE OF CONDUCT Ethical rules and guidelines

Audit of the Test of Design of Entity-Level Controls

WESTERN ASSET MORTGAGE CAPITAL CORPORATION CODE OF CONDUCT

Disciplinary Policy and Procedure

Disciplinary and Dismissals Policy

PHILIPPINE LONG DISTANCE TELEPHONE COMPANY CODE OF BUSINESS CONDUCT AND ETHICS

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN

Fraud Control Theory

Office of the Inspector General

CORPORATE GOVERNANCE GUIDELINES OF PERFORMANCE FOOD GROUP COMPANY

Governance, Risk and Compliance Charter

WHISTLEBLOWING POLICY NUS policies adopted and adapted by Yale-NUS College

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Enterprise Risk Management

How To Prevent Fraud On A Credit Card

E Distribution: GENERAL POLICY ISSUES. Agenda item 4 WFP ANTI-FRAUD AND ANTI-CORRUPTION POLICY. For approval

Anthony ISD Bank of America and American Express Card Program Policy and Procedures Manual

Administrative Policy and Procedure Manual. Code of Conduct Effective Date: 1/2005 Scope: Organizationwide Page 1 of 9

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

Helix Energy Solutions Group, Inc. Code of Business Conduct and Ethics

IT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

The best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.

ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

POUGHKEEPSIE CITY SCHOOL DISTRICT PUPIL PERSONNEL DEPARTMENT S MEDICAID BILLING COMPLIANCE PROGRAM AND PROCEDURES

A Framework for Managing Crime and Fraud

1.1 Terms of Reference Y P N Comments/Areas for Improvement

STATE OF NORTH CAROLINA

BERKSHIRE HATHAWAY INC. CODE OF BUSINESS CONDUCT AND ETHICS

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

1. Compliance with Laws, Rules and Regulations

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014

RISK ASSESSMENT CHECKLIST

Whistleblowing Policy. Page 2 of 15. Copyright statement. United Gulf Bank B.S.C. 2011

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Compliance Management Systems

WHISTLE-BLOWER POLICY

Does Fraud Matter? ASIS Middle East Security Conference and Exhibition Dubai, February 16, Torsten Wolf, CPP Head of Group Security Operations

FRAUD RISK ASSESSMENT

Is There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner

SM ENERGY COMPANY CODE OF BUSINESS CONDUCT AND CONFLICT OF INTEREST POLICY

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

2014 Whistleblower Policy. Calibre Group Limited ABN Version 1.5

CORPORATE GOVERNANCE

Compliance and Ethics at the Federal Reserve Bank of New York

Aegon Global Compliance

PAYROLL. Prepared By: Craig Hametner, CPA, CIA, CMA, CFE City Auditor. Elizabeth Romero Audit Specialist INTERNAL AUDIT DEPARTMENT.

VCU HEALTH SYSTEM Compliance Program. Updated August 2015

Ethics, Fraud, and Internal Control

CAPACITY BUILDING AND OVERSIGHT BEST PRACTICES

Fundamentals of Computer and Internet Fraud WORLD HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Fraud Prevention Policy

FIVE MANAGEMENT SYSTEM Policies and Procedures Checklist

COHERENT, INC. Board of Directors. Governance Guidelines

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

Transcription:

THE REGIONAL MUNICIPALITY OF PEEL AUDIT AND RISK COMMITTEE AGENDA ARC - 2/2015 DATE: April 2, 2015 TIME: LOCATION: 11:00 AM 12:30 PM Regional Council Chamber, 5th Floor Regional Administrative Headquarters 10 Peel Centre Drive, Suite A Brampton, Ontario MEMBERS: F. Dale; C. Fonseca; M. Medeiros; K. Ras; R. Starr; A. Thompson Chaired by Councillor C. Fonseca or Vice-Chair Councillor M. Medeiros 1. DECLARATIONS OF CONFLICTS OF INTEREST 2. APPROVAL OF AGENDA 3. DELEGATIONS 3.1. Stephen VanOfwegen, Commissioner of Finance and Chief Financial Officer; Dave Bingham, Treasurer and Director, Corporate Finance; and Monique Hynes, Manager, Accounting Services, Presenting the 2013 Government Finance Officers Association Canadian Award for Financial Reporting 4. REPORTS 4.1. Fraud Prevention Policy Presentation by Joan Appleton, Manager, Internal Audit 4.2. 2014 Fraud Information (For information) 4.3. Affordable Housing Audit (For information) Presentation by Juliet Jackson, Director, Service System Management-Housing; and Jennifer Weinman, Manager, Internal Audit

ARC-2015-2 -2- April 2, 2015 4.4. Cash Handling and Controls Audit (For information) Presentation by Dave Bingham, Director, Corporate Finance; and Jennifer Weinman, Manager, Internal Audit 4.5. Public Works Stand-by and Overtime Audit (For information) Presentation by Shaun Hewitt, Director, Operations Support; and Joan Appleton, Manager, Internal Audit 4.6. Driver Certification Program (DCP) Benchmark Compliance Audit (For information) Presentation by Shaun Hewitt, Director, Operations Support; and Joan Appleton, Manager, Internal Audit 4.7. Appointment of External Auditor for 2015 and Extension of External Audit Contract 5. COMMUNICATIONS 6. IN CAMERA MATTERS 7. OTHER BUSINESS 8. NEXT MEETING Thursday, May 7, 2015, 11:00 a.m. 12:30 p.m. Council Chamber, 5 th Floor Regional Administrative Headquarters 10 Peel Centre Drive, Suite A Brampton, Ontario 9. ADJOURNMENT

3.1-1

This page is intentionally left blank

4.1-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee DATE: March 24, 2015 REPORT TITLE: FROM: FRAUD PREVENTION POLICY Michelle Morris, Director, Internal Audit RECOMMENDATION That the Fraud Prevention Policy, attached as Appendix I to the report of the Director, Internal Audit, titled Fraud Prevention Policy, be approved. REPORT HIGHLIGHTS Internal Audit recognized that there was a gap in that the Region of Peel ( Region ) does not have a fraud prevention policy although an Employee Code of Conduct that includes a section on fraud does exist. Internal Audit developed a Fraud Prevention Policy that will: o Clarify roles and responsibilities for conducting fraud investigations; o Provide examples of what is fraud; and, o Advise employees on what to do if fraud is suspected. The Fraud Prevention Policy is a core element of a fraud program. Internal Audit will provide fraud awareness training and manage and maintain the Region s Fraud Prevention Program and Policy. DISCUSSION 1. Background In 2009, Internal Audit engaged an independent assessor to review Internal Audit s conformity to the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing and to provide advice on areas that could be improved. The results of the assessment was reported to the Audit and Risk Committee. The January 6, 2010 report titled The Quality Assessment Review Results identified that: Internal Audit must evaluate how the organization is managing fraud risk. The Region does not have a corporate wide fraud policy. A fraud policy would help manage the risks more effectively and provide the basis for more effective evaluation by Internal Audit. Internal Audit recognized that there was a gap in that the Region does not have a Fraud Prevention Policy although an Employee Code of Conduct that includes a section on fraud does exist.

March 24, 2015 FRAUD PREVENTION POLICY 4.1-2 Fraud by its very nature is an attempt to deceive and override management controls and can be difficult to detect. There are many reasons why an employee may commit fraud and depending on the position, authority and responsibilities there are several ways in which employees can commit a fraud. Asset misappropriation was identified by the Association of Certified Fraud Examiners in the 2014 Report to the Nation on Occupational Fraud and Abuse as a high risk for all organizations and the most common type of fraud. Having a fraud prevention program is a proactive approach and with appropriate communication sends the message that fraud will not be tolerated. The scope of the Fraud Prevention Policy and Program is occupational fraud which is fraud committed by employees. An important part of a fraud prevention program is developing and communicating a Fraud Prevention Policy, providing fraud awareness training and ensuring employees know what to do in the event they suspect fraud. Factors and information that were considered when developing the Fraud Prevention Policy include: All organizations are subject to fraud risks. Research conducted by the Association of Certified Fraud Examiners (ACFE) identifies that Occupational Fraud is the biggest threat which is defined as The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets. To effectively manage fraud risk, all parts of the organization must take responsibility including oversight bodies such as Audit Committees as well as employees at all levels in an organization. Historically, the Region has had relatively few incidents of fraud reported to Internal Audit considering there are over 4,300 employees. 2. Better Practices on Fraud Prevention and Management Professional organizations such as the Institute of Internal Auditors, the Canadian Institute of Chartered Accountants, the ACFE and others advocate on the importance of establishing a fraud prevention program. Internal Audit in many organizations is the organizational lead for corporate fraud programs. Internal Audit has identified the following actions to implement a fraud program: Develop and communicate a Fraud Prevention Policy Conduct fraud risk assessments Provide fraud awareness training Establish a fraud reporting and investigation process There is always a risk that occurrences of fraud will not be reported or detected. Training and reinforcement of a fraud prevention policy will help create an awareness and help address fraud risk. - 2 -

March 24, 2015 FRAUD PREVENTION POLICY 4.1-3 The Director, Internal Audit will provide oversight for fraud investigations as outlined in the Fraud Prevention Policy. Internal Audit resourcing to support this function has been built into the 2015 Internal Audit Work Plan. It will require realignment of existing resources, with resulting impacts on audit project work in the short term. However, the Fraud Prevention Program is considered an important initiative that will help inform the Executive Leadership Team, employees and members of the Audit and Risk Committee on the risk of fraud and will lead to a better understanding of how to manage and mitigate the risk of fraud. Future resource requirements will be assessed as the Fraud Prevention Program evolves. a) Fraud Prevention Policy Internal Audit has developed a Fraud Prevention Policy. The Policy is intended to guide employees and provide clear direction on actions and processes when there is an allegation of fraud, including reporting, roles and responsibilities, investigations and employee protection. The Fraud Prevention Policy is a core element for implementing a fraud prevention program. The Fraud Prevention Policy also reinforces that fraud will not be tolerated at the Region. The Fraud Prevention Policy is outlined in Appendix I of the subject report. b) Fraud Risk Assessment Internal Audit has developed a fraud risk assessment methodology that includes potential fraud risk scenarios. The inherent risk for each scenario will be assessed and validated with each Department. The exercise to review the assessments with each department also provides fraud awareness education and discussion of the controls in place to mitigate fraud risk. The results of the fraud risk assessment will be a Fraud Risk Profile of the Region. The high risk areas will help prioritize the audit projects in our annual Internal Audit Risk Based Work Plan. This will be a point in time document with the requirement for management to update and maintain it. Internal Audit will assess the frequency of conducting fraud risk assessments and refreshing the Fraud Risk Profile as the fraud program evolves. c) Fraud Awareness Training Historically, Internal Audit has provided ethics and fraud awareness training on an informal ad hoc basis and has published fraud awareness bulletins on the Region s intra-net site. With the introduction of the Fraud Prevention Policy, fraud awareness training will be conducted. We will be working with our partners in Communications and Learning and Development to develop a training plan for the fraud program to ensure that all employees have an understanding of their role. - 3 -

March 24, 2015 FRAUD PREVENTION POLICY 4.1-4 d) Fraud Investigations and Reporting There are three areas in the Region that conduct investigations of fraud allegations. They include: Division Area Scope Integrated Business Support Program Assurance and Compliance Coordinates investigating subsidy fraud allegations involving employees and/or clients. Human Resources Total Rewards Coordinates with Sunlife to investigate employee benefit fraud. Internal Audit Internal Audit Coordinates and conducts investigations of occupational or employee fraud allegations. These three areas are on the front line to investigate fraud allegations and provide the support needed to mitigate damages and the risk of fraud. Damage can extend beyond financial and can impact the morale of co-workers and can negatively impact the reputation of the Region. Internal Audit has the overall accountability to oversee and lead investigations related to fraud allegations. The exception to this would be programs that have an established fraud investigation unit or process as noted in the above table. In this case, the program fraud unit would be required to report the results of their investigation(s) to Internal Audit. The benefit of having a centralized function, such as Internal Audit, to oversee fraud investigations can help ensure evidence is not compromised if there is a material criminal element that would require Peel Police Fraud Bureau to investigate. Internal Audit is a trusted partner and has gained the trust that individuals who do come forward with fraud allegations will be appropriately protected and confidentiality maintained to the extent possible. Internal Audit will provide a summary report at the end of each year of fraud allegations. This report will be included on the April Audit and Risk Committee agenda. - 4 -

March 24, 2015 FRAUD PREVENTION POLICY 4.1-5 CONCLUSION The Fraud Prevention Program and Policy will continue to advance the awareness of fraud prevention and detection throughout the Region and more importantly provide the training to ensure that employees know who to contact and what to do if they suspect fraud. The Fraud Prevention Policy is a core element of the program. Internal Audit will have the lead responsibility for the Fraud Prevention Program and will work toward a common goal which is to ensure we have effective processes that prevent and detect fraud and that employees understand their role in mitigating the risk of fraud. Michelle Morris, Director, Internal Audit Approved for Submission: D. Szwarc, Chief Administrative Officer APPENDICES 1. Fraud Prevention Policy For further information regarding this report, please contact Michelle Morris extension 4247. Authored By: Joan Appleton, CPA, CGA, CIA, CRMA and Michelle Morris, CPA, CGA, FCCA, CIA, CRMA - 5 -

Appendix I Fraud Prevention Policy 4.1-6 Corporate Policy Number: to be assigned Policies Page: 1 of 6 CATEGORY: SUBCATEGORY: SUBJECT: INTERNAL AUDIT CONDUCT FRAUD PREVENTION POLICY A. PURPOSE 1. Adopting a Fraud Prevention Policy supports the Region s Strategic Plan Goal 7 - Strive for continued excellence as a municipal government. 2. The Region of Peel (the Region) is committed to protecting its assets including revenue, property, proprietary information and other assets. The Region will not tolerate any misuse or misappropriation of those assets. 3. The Region will have a Fraud Prevention Program primarily conducted through education, training and regular fraud risk assessments. 4. The Region s Fraud Prevention Policy is established to provide guidance on roles, responsibilities, conducting investigations and reporting when misuse or misappropriation of the Region s assets is suspected. 5. It is the Region s intent to fully investigate any suspected acts of fraud as it is defined in this Policy, in an impartial manner regardless of the suspected wrongdoer s length of service, position, title or relationship to the Region. B. SCOPE 1. This policy applies to any fraud, or suspected fraud, involving the Region s employees, volunteers, consultants, vendors, contractors and any other party with a business relationship with the Region. 2. Programs that have established fraud investigation units will continue to lead fraud investigations related to their program area. They may also access Internal Audit fraud expertise as needed. 3. Programs have a responsibility to inform Internal Audit on all fraud allegations and investigations for inclusion in the annual fraud report to the Audit and Risk Committee. 4. The Director, Internal Audit is responsible for the administration, revision, interpretation and application of this policy. The policy will be reviewed annually and revised as needed. Page 1 of 6

Appendix I Fraud Prevention Policy 4.1-7 C. RELATED POLICIES 1. This policy should complement and support contractual arrangements with external organizations including vendors, contractors and consultants. 2. This policy is delivered in accordance with other corporate policies and directives, including the Employee Code of Conduct and Regional Values, and is not intended to replace or preclude them. D. DEFINITIONS 1. Fraud Fraud is an act of using dishonesty as a tool for personal gain. For the purposes of this policy the definition of fraud includes any misuse or attempt to misuse the Region s assets such as property and information for personal gain or purposes unrelated to the Region s business. 2. Employee persons hired to perform service for the Region of Peel as defined by the Definitions Policy HR01-01. 3. Volunteer persons providing service to the Region of Peel as defined by the Volunteer Engagement Guidelines Policy HR05-03A. 4. Management - includes all employees that have direct reports. E. ACTIONS CONSTITUTING FRAUD Examples of fraud may include, but are not limited to: 1. Stealing or removing the Region s assets; 2. Using the Region s equipment, facilities, supplies or funds for personal gain or for purposes unrelated to the Region s business; For acceptable use refer to: Acceptable Use of Technology (I10-01-02) 3. Forgery, misrepresentation or alteration of documents; 4. Impropriety with respect to reporting financial transactions or human resource information, such as hours of work; 5. Obtaining the Region s funds or compensation through dishonesty; 6. Misappropriate use of personal information; 7. Profiteering as a result of insider knowledge of Regional activities; and 8. Bribery, corruption, accepting or seeking anything of material value from contractors, vendors or persons providing goods or services to the Region. For additional information refer to: Code of Conduct (HR02-01). Additional advice can be obtained from the Internal Audit Division should you have any questions whether a specific action constitutes fraud. Page 2 of 6

Appendix I Fraud Prevention Policy 4.1-8 F. RESPONSIBILITIES Management Staff shall: 1. Establish and maintain a system of internal control to ensure the detection and prevention of fraud, waste, abuse and other irregularities. Effective controls protect employees and reduce the risk of fraud occurring. 2. Ensure they are reasonably familiar with the types of fraud that might occur within their program area and have effective controls implemented to mitigate the risk. 3. Inform Internal Audit of all cases of suspected or detected fraud in their Division. 4. Provide the support and resources in collaboration with Internal Audit, to conduct an investigation of all fraudulent or suspected fraudulent acts. All Employees shall: 5. Perform their work following the established system of internal controls. 6. Notify their immediate supervisor of fraud or suspected fraud. a. If the employee, for any reason, does not feel comfortable notifying their immediate supervisor they can contact an employee in the Internal Audit Division. b. Any allegation of fraud involving management should be reported to the Director, Internal Audit or an employee in the Internal Audit Division. 7. Maintain strict confidentiality concerning a reported fraud at all times. There must not be an attempt to personally conduct an investigation or interviews related to any suspected fraud. Internal Audit will conduct or provide guidance on fraud investigations or interviews to management where the suspected fraud has occurred. 8. Cooperate fully during any investigation. 9. Be aware of the seriousness of fraudulent activity on the part of an employee and the likely result of disciplinary action up to and including dismissal and restitution. G. INVESTIGTION AND REPORTING Accountabilities and Responsibilities: 1. The Director, Internal Audit has the lead responsibility for management of the Fraud Prevention Program as defined in this policy and will determine the level and depth of an investigation of fraud based on the unique circumstances of the allegations. 2. The Director, Internal Audit may delegate responsibility for conducting the investigation of fraud allegations to a qualified investigative team that may include members of the Internal Audit division, management of the area where suspected fraud has occurred, and third party investigators. Page 3 of 6

Appendix I Fraud Prevention Policy 4.1-9 3. Management of the area where there is a fraud allegation will have responsibility for providing resources to collaborate with Internal Audit on the investigation. 4. The Director, Internal Audit has overall accountability for the Fraud Prevention Program and responsibility for oversight of all fraud investigations. Scope of Authority of Internal Audit Division: 5. Within the scope of the investigation and the Internal Audit Charter, members of the Internal Audit division will have: i. Access to all the Region s records, employees and premises, whether owned or rented. ii. The authority to examine, copy, or remove all or any portion of the contents of files, desks, cabinets, equipment at all Regional facilities, subject to consultation with the Commissioner, Corporate Services or CAO. Further, iii. The access provided to the members of the Internal Audit division is subject to the application of solicitor client privilege determined with the advice of the Regional Solicitor. Reporting of Findings: 6. If the investigation substantiates that fraud has occurred, the Director, Internal Audit will report all the results as appropriate to the circumstances, and will include members of the Executive Leadership Team, the Regional Solicitor and/or Human Resources. 7. Depending on the nature of the fraud, Internal Audit will also inform Loss Management and Insurance Services. 8. Recommendations will be made to Management where the fraud has occurred as to where controls can be improved in order to minimize future risk of fraud. Management is responsible for implementing the appropriate controls to prevent reoccurrence. 9. The Director, Internal Audit will prepare an annual report on the status of fraud and related matters for review by the Executive Leadership Team, the Audit and Risk Committee and the Region s External Auditors. H. CONFIDENTIALITY 1. Anyone participating in a fraud investigation shall treat the information received confidentially. Investigation results will only be disclosed or discussed with the investigative team. To the extent possible by law, the identity of individuals involved in an investigation including the identity of an individual alleging fraud and the identity of an individual(s) alleged to have committed fraud will be protected. 2. All media contact regarding alleged fraud, actual fraud or other investigations shall be referred in confidence and in writing to the Director, Information Management or designate. The alleged fraud or investigation shall not be discussed with the media by Page 4 of 6

Appendix I Fraud Prevention Policy 4.1-10 any person other than the Director, Information Management or designate, in consultation with the Director, Internal Audit and the Regional Solicitor. I. FRAUD REPORTING PROTECTION A. Employees are encouraged to report suspected acts of fraud. No employee or person shall take action against an individual that in good faith alleges and reports a fraudulent act. Employees that have reported a suspected fraud or assisted in a fraud investigation shall not be: i. dismissed or threatened. ii. penalized. iii. intimidated or coerced. APPROVAL SOURCE: ORIGINAL DATE: February 10, 2015 LAST REVIEW DATE: LAST UPDATE: EFFECTIVE DATE: RESPONSIBILITY: Internal Audit Page 5 of 6

4.1-11 Audit and Risk Committee Fraud Prevention Policy April 2, 2015 1

4.1-12 Background Internal Audit is developing a Fraud Prevention Program A Fraud Prevention Policy is the foundational piece of the program Fraud awareness training will be provided 2

4.1-13 Agenda 1. Definition of Fraud 2. The Fraud Triangle 3. Management Techniques 4. Fraud Prevention Policy 5. Fraud Prevention Program 6. Closing Thoughts 7. Questions 3

4.1-14 Definition of Fraud Fraud is an act of using dishonesty as a tool for personal gain. For the purposes of this policy the definition of fraud includes any misuse or attempt to misuse the Region s assets for personal gain or purposes unrelated to the Region s business. 4

4.1-15 5

4.1-16 Management Techniques Directive (Soft) Designed to encourage positive behavior Examples: policy statements, performance guidelines or a code of conduct 6

4.1-17 Management Techniques Preventative Designed to limit the possibility of an undesirable outcome Examples: segregation of duties, access controls and password protection 7

4.1-18 Management Techniques Detective Designed to identify desirable and undesirable outcomes after the event. Examples include: monitoring activities, exception reporting and reconciliations. 8

4.1-19 Management Techniques Corrective Designed to correct undesirable outcomes which have occurred Examples include: insurance and contingency planning 9

Objective: 4.1-20 Fraud Prevention Policy That the Region is committed to protecting all assets from the risk of fraud or misuse Increase fraud awareness and responsibilities Clarify roles and responsibilities for fraud investigations and reporting 10

4.1-21 Fraud Prevention Program Internal Audit s Role Program owner Responsible to lead investigations Responsible to report fraud 11

4.1-22 Fraud Prevention Program Management s Role Implement and monitor controls to mitigate the risk of fraud Aware of the red flags of fraud Must report all allegations of fraud to Internal Audit 12

4.1-23 Closing Thoughts Internal Audit will continue to educate employees on fraud awareness Internal Audit will communicate and lead the fraud prevention program Internal Audit will provide the Audit and Risk Committee with a summary report on fraud annually 13

4.1-24 Questions 14

4.2-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee For Information DATE: February 27, 2015 REPORT TITLE: FROM: 2014 FRAUD INFORMATION Michelle Morris, Director, Internal Audit OBJECTIVE To provide the Members of the Audit and Risk Committee with information to respond to External Audit enquiries related to fraud. REPORT HIGHLIGHTS The External Auditors are required as part of their professional standards to gather feedback from Members of the Audit and Risk Committee on their perspective of fraud risks, fraud allegations and antifraud programs at the Region of Peel. Internal Audit conducted a survey to gather information on fraud allegations that occurred in 2014 and their outcomes. In 2014 there were ten allegations of fraud that have been included in this report. DISCUSSION 1. Background The External Auditors are required as part of their professional standards to gather feedback from Members of the Audit and Risk Committee on their perspective of fraud risks, fraud allegations and antifraud programs at the Region of Peel ( Region ). Our External Auditor, Trevor Ferguson from Deloitte will be asking Members of the Audit and Risk Committee at the May 7, 2015 Audit and Risk Committee meeting to confirm their understanding of the following: 1. Their views about the risk of fraud; 2. Their knowledge of any actual suspected or alleged fraud; and, 3. The role that they exercise in the oversight of management s antifraud programs. This is the Region s second year coordinating and reporting fraud information. Internal Audit conducted a survey across the Region to gather the information for Members of the Audit and Risk Committee to effectively address the External Audit questions at the May 7, 2015 Audit and Risk Committee meeting.

February 27, 2015 2014 FRAUD INFORMATION 4.2-2 It should be noted that fraud by its very nature is concealed and often difficult to detect. However, there has been an increase in the number of fraud allegations reported to Internal Audit in 2014 vs. 2013. In 2013 there were three fraud allegations included in the Fraud Information report. Whereas in 2014 there have been ten fraud allegations communicated to Internal Audit and included in this report. In 2014, Internal Audit has led several initiatives within the Region to raise fraud awareness and as more employees become aware of fraud risks we anticipate a continued increase in the reporting of fraud allegations. 2. Survey Results Internal Audit received an excellent response rate of 100 per cent to the survey. Thirty-eight Directors across the Region were included in the survey. A definition of fraud was provided from the Region s draft fraud prevention policy: Fraud is an act of using dishonesty as a tool for personal gain. Fraud includes any misuse or attempt to misuse the Region s assets for personal gain or purposes unrelated to the Region s business. The process to gather information required management to answer three questions as outlined below. Additional follow-up was conducted where fraud was identified. The first two questions capture management s perspective of fraud allegations for their area of responsibility, while the third question captures actual or suspected information on fraud allegations that occurred in 2014. The results of the survey are as follows: 1. There is a high risk of fraud occurring in my area of responsibility? 69 per cent felt the risk of fraud in their area was low 23 per cent were unsure 8 per cent felt there was a high risk in their area of responsibility. It should be noted that the Internal Audit Fraud Prevention Program which is being implemented in the Region commencing in 2015, includes conducting a fraud risk assessment by department in order to educate staff on the potential fraud risks in their area of responsibility. 2. There are effective controls and oversight that will detect or prevent fraud in my area? 76 per cent felt that there were effective controls and oversight 16 per cent were unsure 8 per cent felt that there was a risk of ineffective controls and oversight The response identified that management is largely of the opinion that the risk of fraud is effectively mitigated through preventive controls in their areas of responsibility. The eight percent of respondents that disagreed with the question had fraud occur in their area of responsibility over the past year. As with respondents who were unsure of whether risk existed in their program, those who are unsure about the effectiveness of controls and oversight will be assisted by the risk assessments which will be conducted by department and the resulting identification of mitigation strategies, as appropriate. - 2 -

February 27, 2015 2014 FRAUD INFORMATION 4.2-3 3. Has there been any actual suspected or alleged fraud in your area over the past year? The results of the survey indicated there were ten confirmed fraud allegations at the Region in 2014. Management has reviewed the risks for each incident and strengthened controls where necessary in order to prevent or detect occurrences in the future. 3. Internal Audit Fraud Prevention Program The Fraud Prevention Policy is a core element that clarifies roles and responsibilities for reporting and conducting fraud investigations. The Fraud Prevention Policy combined with effective communication of this policy will reinforce that the Region is committed to protecting its revenue, property, proprietary information and other assets. The policy reinforces that the Region will not tolerate any misuse or misappropriation of those assets. 4. Information and Update on 2014 Fraud Allegations The Internal Audit Charter indicates that Internal Audit will Provide an annual report on fraud risk and fraud allegations. As a result of our fraud survey and follow up discussions with management the following ten incidents were identified: 1. Theft of Time. March 2014, management became aware of the theft of time by an employee. The employee was disciplined for misconduct. The employee is no longer employed by the Region. Management conducted an investigation of staff time and service delivery activities from Jan 2012 Dec 2013 that resulted in six employees being found guilty of theft of time. Discipline ranged from five day suspensions to termination with cause. Three supervisors were subsequently disciplined. Mitigation strategies have been put in place to reduce the risk of reoccurrence. 2. Subsidy Fraud. There were three incidents reported to Internal Audit of individuals falsifying information in order to qualify for subsidy benefits, two of which involved Regional employees and one involved a client. a. An employee failed to provide information required to determine ongoing eligibility for Child Care and Ontario Works subsidies. Furthermore they provided false information to assist other individuals in receiving Ontario Works subsidy. The employee is no longer employed by the Region. b. An employee falsified personal information in order to qualify for child care subsidy for which she was not entitled. The employee is no longer employed by the Region. c. A former client failed to provide information required to determine ongoing eligibility for Child Care and Ontario Works subsidies. The client has been - 3 -

February 27, 2015 2014 FRAUD INFORMATION 4.2-4 criminally charged with two counts of fraud over $5,000. This matter is still before the courts. 3. Unauthorized Payments. There were four fraud allegations relating to unauthorized payments. a. An employee with responsibility for issuing Ontario Works subsidy payments generated payments to which the client was not entitled for personal gain. The employee is no longer employed by the Region. b. An employee used their authority to prepare and authorize bi-weekly time sheets for an individual who was not performing work for the Region of Peel. This matter was investigated by Internal Audit and controls have been put in place by management to prevent future occurrences. The employees are no longer employed by the Region. c. An employee placed several personal long distance calls at the expense of the Region as well as processed an Ontario Works subsidy payment to a relative. The employee is no longer employed by the Region. d. An employee organized and authorized repairs to a relative s rental unit that exceeded pre-established standards. This was a breach of trust and conflict of interest. The employee is no longer employed by the Region. 4. Client Credit Card Fraud: Clients reported their credit cards had been compromised and that their statements reflected charges they did not make. As a result of the investigation two employees are no longer employed by the Region. Effective controls were immediately implemented to mitigate any future misappropriation of personal client information. 5. Benefit Fraud: Sun Life Financial, the Region s employee benefit provider, reported that an employee had submitted fraudulent claims through the online self-declaration process. The employee is no longer employed by the Region for violations of the Regional Values, Code of Conduct and Breach of Trust. An overpayment repayment plan with Sun Life was entered into with the employee. Sun Life continues to spot audit benefit claims submitted online. 5. Management Oversight As per the Regional Employee Code of Conduct (Policy No HR02-01) all employees have the responsibility to report suspected fraud, breach of trust and other forms of wrongdoing to management, up to and including the Regional Internal Auditor. As well, the Fraud Prevention Policy which is planned for implementation in the Region outlines expectations of staff at all levels with respect to fraud prevention, detection and reporting. All fraud allegations are investigated by management or Internal Audit and controls are assessed to mitigate any future risk exposure to the Region. Some fraud allegations may lead to criminal charges which are handled by Peel Regional Police. Items referred to Peel Regional Police cannot be disclosed in this report due to the risk of the investigation being compromised. - 4 -

February 27, 2015 2014 FRAUD INFORMATION 4.2-5 Management is responsible to manage the risk of fraud by establishing effective controls in their program. The level of control implemented needs to take into consideration the cost, risk, likelihood and the impact on service delivery. Controls to mitigate the risk of fraud are classified into four categories: 1. Directive controls are designed to ensure that a particular outcome is achieved. These types of controls do not prevent or detect fraud or abuse but instead encourage positive behavior. These are soft controls, embedded in the culture of an organization. Examples include: policy statements, performance guidelines or a code of conduct. 2. Preventative controls are designed to limit the possibility of an undesirable outcome being realized. The most cost effective and proactive controls tend to belong in this category. Examples include separation of incompatible functions whereby no one person has authority to act without the consent of another. Access controls and passwords are also preventative. 3. Detective controls are designed to identify occasions of undesirable outcomes having been realized. Their effect is after the event so they are only appropriate when it is possible to initially accept the loss or damage incurred. Examples include monitoring activities, exception reporting and reconciliations. 4. Corrective controls are designed to correct undesirable outcomes which have occurred. They provide a route of recourse to achieve some recovery against loss or damage. Examples include insurance and contingency planning for recovery after events that could not be controlled. It is management s responsibility to balance the type of control implemented against the risk of fraud in their program. Management has assessed the root cause of the reported fraud and has made changes to mitigate any future risk of fraud. It is noted however, that fraud by its nature is an attempt to deceive and override management controls and can be difficult to detect. Internal Audit will continue to coordinate an annual process to capture and review allegations of fraud occurring throughout the Region in order to inform members of Audit and Risk Committee and satisfy the External Audit requirements. A report will be presented to Audit and Risk Committee at the April meeting each year. - 5 -

February 27, 2015 2014 FRAUD INFORMATION 4.2-6 CONCLUSION The survey results and information captured in this report will inform Members of Audit and Risk Committee of the fraud risks and fraud allegations at the Region of Peel in order to address the requirements of the External Audit. The External Auditors are required to gather feedback from Members of Audit and Risk Committee as part of the professional standards prescribed by the Canadian Institute of Chartered Accountants. Michelle Morris, Director, Internal Audit Approved for Submission: for D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris extension 4247. Authored By: Joan Appleton, CPA, CGA, CIA, CRMA - 6 -

4.3-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee For Information DATE: February 27, 2015 REPORT TITLE: FROM: AFFORDABLE HOUSING AUDIT Michelle Morris, Director, Internal Audit OBJECTIVE To inform Audit and Risk Committee of the results of the Affordable Housing Audit. REPORT HIGHLIGHTS Controls are effective related to planning and construction management of new builds and providing the right technical expertise for maintenance of existing housing stock. There are opportunities for improvement in defining the roles and responsibilities for construction project management in the affordable housing build process. Documentation of processes will increase efficiency for the Service System Manager in the contract management of affordable housing. A comprehensive risk assessment will assist to mitigate risks related to building affordable housing using alternative business and partnership models. DISCUSSION 1. Background The 2013 Internal Audit Risk Based Work Plan included an audit of Affordable Housing. The Region of Peel, as Service System Manager for Affordable Housing, has responsibilities that include: System funding, planning and management of housing on a continuum from homeless, homelessness prevention, rent subsidies and home ownership; Co-ordination of intake and assessment and a centralized waiting list for applicants requesting subsidized social housing; Co-ordination of the Rent Supplement Program and housing allowances; and, New build planning and construction, as federal and provincial funding becomes available. The Housing Service System Manager is responsible for Term of Council Priority #7: Increase supply of appropriate housing options (ToCP). New partnerships with the community to build affordable housing play a part in meeting this Term of Council Priority by reducing costs and extending investment impact. As this involves new business and funding models, there is an increased element of risk. 2. Audit Objective

February 27, 2015 AFFORDABLE HOUSING AUDIT 4.3-2 As a result of the risk assessment of the various responsibilities of the Housing Service System Manager, it was determined that the audit would focus on the planning and building processes of new affordable housing and the Region of Peel s role in oversight of the maintenance of the system s housing stock. The objective of this audit was to assess the effectiveness of the Affordable Housing processes for capital planning and building, management and maintenance to help mitigate the risks related to: Providing affordable housing to meet increasing demand; Maintaining the fiscal sustainability of the affordable housing stock; Involving the right stakeholders at the right time; and, Maintaining current inventory of housing in a state of good repair. The scope of the audit assessed the effectiveness of: staff roles and responsibilities in executing the processes; and, liaison with internal business partners to exchange appropriate and timely information. The scope of the audit excluded Peel Housing Corporation. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing 3. Audit Observations Internal Audit observed that Affordable Housing processes to engage with the necessary stakeholders consistent with the new focus to partner and build with external parties, are effective. Regional partners such as the Human Services Financial Services Unit, Legal, Real Property Asset Management and Integrated Business Support are working towards ensuring the new building process is successful. There are opportunities to increase the effectiveness of stakeholder involvement in alternative business and partnership models. As related to the Region s role in the oversight of maintenance requirements for the housing provider capital assets, the audit showed that Affordable Housing has effective controls in place to bring the right technical expertise and information to the providers for their consideration in maintaining a state of good repair. There are opportunities to bring about increased effectiveness and efficiencies through documented processes and procedures. Three specific areas for improvement are: Evolving Business Process The alternative business and partnership models to build, own and operate have required new processes. The Human Services department has revised the guidelines and process maps for new builds, which have been adopted by Regional Council. The nature of change in this area increases risk levels. As a result, a comprehensive risk assessment that includes Regional stakeholders would help ensure the Region of Peel is balancing risk, costs and value and ensure awareness of risks that may arise during affordable housing builds or once the building is operational. - 2 -

February 27, 2015 AFFORDABLE HOUSING AUDIT 4.3-3 Management committed to ensuring that a comprehensive risk assessment of the new partnership models for the development of affordable housing options with external stakeholders is completed. Work has commenced as a result of the Affordable Housing Development review. Roles and Responsibilities The operational level roles and responsibilities related to construction project management are not clear in the affordable housing planning and build process. Uncertainty over roles and responsibilities may result in missed opportunities for professional input in key decisions and may impact outcomes. There is a need to establish and document roles and responsibilities, including establishing the appropriate timing of input and degree of authority to ensure project build requirements are met efficiently and effectively. The enterprise real property transformation project will help define the roles and responsibilities for real property consistent with the Executive Leadership Team s approved service delivery model and this will include responsibilities related to construction contract management. The Project Sponsor will ensure the project addresses this finding. Policies and Procedures Human Services is responsible for administration of the 48 social housing providers which involves contract management responsibility. Tasks such as the Operational Reviews of housing providers are comprehensive and require input from multiple areas within the Human Services Department. Presently, Integrated Business Support, within Human Services, has documented processes supporting the review of housing provider finances, but the Housing Program Specialists and the Technical Advisors do not have established procedures. Without this, there may be a risk that the work completed will not be done efficiently or consistently. Additionally, documented policies and procedures can be used as a training tool for new staff. Development of the procedures is underway and management will ensure they are communicated to staff. - 3 -

February 27, 2015 AFFORDABLE HOUSING AUDIT 4.3-4 CONCLUSION Management has developed action plans to address the audit observations noted. Internal Audit has reviewed these plans and is satisfied that the actions planned will address the risks identified. Internal Audit will follow-up on the status of the management action plans related to this audit and will report the status to the Audit and Risk Committee. Michelle Morris, Director, Internal Audit Approved for Submission: for D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, x4247. Authored By: Jennifer Weinman, CPA, CA, CIA and Barb Morris, CIA, CPA, CMA, CFE - 4 -

4.3-5 Affordable Housing Program Audit Presentation to Audit Committee Jennifer Weinman, Manager, Internal Audit Juliet Jackson, Director, Service System Management-Housing Gayle Bursey, Project Director, Real Property Transformation Initiative

4.3-6 Audit Objective & Scope Objective - to assess the effectiveness of the Affordable Housing processes for the capital planning and building, and management and maintenance. The scope of the audit focused on assessing: Providing affordable housing to meet increasing demand Maintaining the fiscal sustainability of the affordable housing stock Involving the right stakeholders at the right time Maintaining present inventory of housing in a state of good repair

4.3-7 Audit Observations Affordable Housing processes are effectively designed for: Planning and construction management of new builds, and Providing the right technical expertise for maintenance of existing housing stock.

4.3-8 Audit Observations Improvement opportunities exist: To define roles and responsibilities for construction project management in the affordable housing build process. To document processes in the contract management of affordable housing. To conduct a comprehensive risk assessment to mitigate risks related to building affordable housing using alternative business and partnership models.

4.3-9 Management Response Comprehensive Risk Assessment Will conduct a comprehensive risk assessment of the alternative business and partnership models for the development of affordable housing options with external stakeholders. Process Documentation Development of procedures is in process.

4.3-10 Management Response Roles And Responsibilities Using Manager and Director committees composed of representatives from the programs and client support services, review the construction process from end to end Identify areas for improvement Test to ensure effectiveness and begin adopting the improved process and adjustments to governance, roles, responsibilities, accountabilities and performance measurement

4.3-11 Next Steps Internal Audit is satisfied that the provided action plans will address the observations in this report Internal Audit will follow-up and report on the status of management action plans

4.3-12 Thank You Questions?

4.4-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee For Information DATE: March 6, 2015 REPORT TITLE: FROM: CASH HANDLING AND CONTROLS AUDIT Michelle Morris, Director, Internal Audit OBJECTIVE To inform the Audit and Risk Committee of the results of the Cash Handling and Controls Audit. REPORT HIGHLIGHTS Overall, controls are working effectively to achieve the objective of safeguarding cash assets. Opportunities for improvement exist in a few areas such as corporate oversight, compliance with corporate policies and strengthening controls over safe storage and transporting of cash and equivalents. Management has developed action plans to address the observations noted through the audit. DISCUSSION 1. Background The Internal Audit 2014 Risk Based Work Plan included an audit of cash handling and controls. At the time of the audit, there were a number of petty cash funds across the Region of Peel ( Region ). The majority of Regional revenues is collected through third party agencies or direct withdrawal from customer accounts; divisions such as Access Peel, the Community Recycle Centers (CRCs), Water Billing Collections and Ontario Works (OW) Recovery collect revenues that are not routine payments. The Corporate Finance division provides corporate oversight for the decentralized cash handling functions of revenue receiving, overpayment collection and petty cash claims. 2. Audit Objective and Scope Audit Objective The objective of the audit was to evaluate whether controls are effective as related to safeguarding cash assets, specifically: Policies and procedures are in place and are designed to meet the needs of safeguarding cash assets; and, Policies and procedures are being followed.

4.4-2 March 6, 2015 CASH HANDLING AND CONTROLS AUDIT Audit Scope The scope of the audit was determined to include: Revenue collections at Regional offices, in particular, Access Peel, Community Recycle Centers (CRCs), Overpayment Recovery Human Services, and Water Billing Collections; and, Petty cash handling. The audit scope excluded Peel Living rent collections, Peel Regional Police, the trust funds at Long Term Care homes, and debit and credit card payments. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. 3. Audit Observations Overall, controls are working effectively to achieve the objective of safeguarding assets in revenue receiving departments and in the administering of petty cash funds. Opportunities exist in improving the effectiveness of controls in a few areas. The specific observations related to opportunities for improving controls are summarized below: Corporate Oversight Corporate oversight is needed in an organization to ensure policies are developed and communicated and that cash custodians are properly equipped to safeguard cash and equivalents. Absence of corporate oversight may result in staff not keeping proper control practices and thereby putting cash at risk of being inaccurately accounted for or misappropriated. Opportunities to strengthen corporate oversight include: Provide corporate guidelines on how cash and equivalents are to be stored for safeguarding; Update, communicate and monitor corporate policies; and, Provide mandatory training to staff who handle cash and equivalents. Compliance with Corporate Policies Corporate financial policies help to ensure cash and equivalents are handled in a manner that meets the organization s expectations and that the level of risk the organization is willing to take in managing cash is understood across the organization. When staff members are given the role of cash custodian, whether for the purpose of cash revenue collections or providing petty cash disbursement, they have a duty to handle the cash and equivalents in a manner as outlined in the policies. When corporate policies are not followed, there is a risk of corporate assets being lost or misappropriated, and may result in reputational damage to the Region. There are opportunities for cash handlers to strengthen their control practices and to ensure their practices are in compliance with corporate policies. - 2 -

4.4-3 March 6, 2015 CASH HANDLING AND CONTROLS AUDIT Safeguarding of Assets Cash and cash equivalent items are highly vulnerable to theft and loss, and should be secured at all times with access limited to authorized personnel. When the storage and transportation of large amount of cash and equivalents is not sufficiently secured, it places the Region at risk of both financial loss and reputation damage. Opportunities for improvement in the area of safeguarding cash assets include: Use secured storage such as portable lockbox or safe to store cash and equivalents; Move cash and equivalents using armored car service, where the cash value warrants; and, Deliver cash deposits to the bank in a secured manner that also takes staff safety into consideration. Department Procedure Design Department procedures for cash handling should be designed to provide further department specific guidance to staff related to their roles and responsibilities and to incorporate controls that meet corporate standards for safeguarding the Region s assets. There is a risk of cash handling practices not meeting corporate expectations when department procedures are not aligned with corporate policies. Opportunities for improvement in department procedure design include: Develop and document departmental cash handling procedures to provide direction and guidance; and, Department procedures related to cash handling be developed in line with corporate expectations of safeguarding assets. CONCLUSION Management has developed action plans to address the audit observations noted above. Internal Audit has reviewed these plans and is satisfied that actions planned address the risks observed. Internal Audit will be following up on the status of management action plans related to this audit and will report the status to the Audit and Risk Committee. Michelle Morris, Director, Internal Audit Approved for Submission: for D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, extension 4247, michelle.morris@peelregion.ca. Authored By: Jennifer Weinman, CPA, CA, CIA, CRMA, Lynn Guo, MBA, CIA - 3 -

4.4-4 Cash Handling and Controls Audit Presented by: Jennifer Weinman, Manager Internal Audit Dave Bingham, Director Corporate Finance 1

4.4-5 Background Cash handling in the Region is decentralized Petty cash funds are available across Region Access Peel, CRCs, OW Recovery and Water Billing Collections and other areas collect non-routine revenues Corporate Finance provides oversight 2

4.4-6 Audit Objective To evaluate whether controls in place are effective as related to safeguarding cash assets, specifically: Policies and procedures are in place and are designed to meet the needs of safeguarding cash assets Policies and procedures are being followed 3

4.4-7 Scope Revenue collections at Access to Peel, CRCs, OW Overpayment Recovery, and Water Billing Collections Petty cash handling 4

4.4-8 Audit Observations Overall, controls in place are working effectively to achieve the objective of safeguarding cash assets Opportunity exists in improving control effectiveness in the areas of: Corporate oversight Compliance with corporate policies Safe storage and moving of cash and equivalents Department procedure design 5

4.4-9 Management Response Management across the organization, who were involved in the audit, have developed specific actions plans to address observations related to compliance with corporate policies and safekeeping of cash A number of action plans are actively being implemented at this time or have already been implemented 6

4.4-10 Management Response Mandatory online training for Petty Cash custodians & their supervisors and revisions to the replenishment form have been developed Cash Handling & Control policies and procedures are being reviewed Alternative deposit-making processes have started to be implemented These are expected to be completed by June 30, 2015 7

4.4-11 Next Step Internal Audit has reviewed the action plans developed by management and is satisfied the proposed actions address the risk observed Internal Audit will follow up with management to ensure action plans are implemented 8

4.4-12 Questions 9

4.5-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee For Information DATE: March 5, 2015 REPORT TITLE: FROM: PUBLIC WORKS STAND-BY AND OVERTIME AUDIT Michelle Morris, Director, Internal Audit OBJECTIVE To inform the Audit and Risk Committee of the results of the Public Works Stand-by and Overtime Audit. REPORT HIGHLIGHTS There are effective processes in place to authorize and approve stand-by and overtime pay in the Public Works Department. There are opportunities to improve processes to track and monitor overtime and standby payments and assess future needs. Stand-by practices are not consistent across the Public Works Department. The inconsistencies are a result of unique business requirements and service levels. Management has developed action plans that will improve the overall monitoring process and address the audit observations. DISCUSSION 1. Background The 2013 Internal Audit Risk Based Work Plan included an audit of Regional Employees Overtime. At the request of the Executive Leadership Team, stand-by was also included in the audit scope. In Phase I, Internal Audit reviewed overtime and stand-by practices at the Region of Peel s Paramedic Services within the Health Services Department and results were reported to the Audit and Risk Committee on September 4, 2014. In Phase II, the focus was stand-by practices across Public Works business units due to the high dollar value and management s concern over inconsistencies within the department.

4.5-2 March 5, 2014 PUBLIC WORKS STAND-BY AND OVERTIME AUDIT Overtime and Stand-by Expenses for Public Works Three Year Summary Division Stand-by Pay Expense Overtime Expense 2011 2012 2013 2011 2012 2013 Operations Support $227,600 $257,704 $250,781 $1,075,306 $1,200,059 $1,118,324 Water $200,101 $208,340 $279,197 $2,069,605 $1,577,488 $1,055,866* Wastewater $136,840 $128,850 $185,452 $963,133 $728,812 $524,288* Transportation Services $119,444 $133,005 $149,232 $693,961 $641,994 $857,812 * The Water and Wastewater Divisions have contracted out a portion of after-hours emergency activities to manage requirements under the Employment Standard Act (Hours of work) and Highway Traffic Act (Mandatory rest period) and their subsequent impact on operations staffing during normal business hours. This has resulted in a significant decrease in overtime cost. Due to the unique business objectives of each division, Internal Audit took into consideration service level requirements, practices, collective agreements and legislative requirements during the review of stand-by practices across Public Works. 2. Audit Objective and Scope Audit Objective: The objective of the audit was to assess the processes and practices in place in the Public Works Department to authorize, approve, track, monitor and control stand-by pay and the related overtime. Audit Scope: The audit focused on business units within Public Works with high stand-by expense and overtime in the fiscal years 2011 to 2013. The audit scope included the following: Review of relevant Regional policies, procedures and business practices; Review of relevant legislation and collective agreements as it relates to stand-by pay; Interviews with staff and management to gather information; - 2 -

4.5-3 March 5, 2014 PUBLIC WORKS STAND-BY AND OVERTIME AUDIT Review of various reports and payroll documents; and, Analysis of stand-by and overtime data. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. 3. Audit Observations The results of this audit identified that stand-by is pre-authorized, approved, tracked and monitored across all divisions in the Public Works Department. Opportunities for improvement include: Implementation of a process to monitor and assess actual overtime occurrences during the stand-by period; Periodic assessment of the need for stand-by; Assessing opportunities for coordinating stand-by coverage among divisions; and, Updating the Stand-by policy and procedures to include management suggestions. Internal Audit will follow-up on the status of outstanding Management Action Plans related to this audit and will report the status to the Audit and Risk Committee. The audit observations are briefly described in the following section: On-going Needs Assessment Currently, there is no on-going formal needs assessment performed to determine the requirement for staff to be on stand-by in the Operations Support Division. While a needs assessment in many cases was undertaken when the stand-by practice was first established, a more formal ongoing needs assessment will enable management to identify events and/or situations where stand-by could be eliminated or minimized, resulting in cost savings. Operations Support management has identified potential opportunities for tracking stand-by and the related overtime in the work order system. The call data once recorded in the work order system can be analyzed to determine the type of events occurring after-hours and help identify potential opportunities for improvements and the need for increased or decreased stand-by coverage. Without monitoring and managing the business needs, staff may be paid stand-by when it is not required. Opportunities to Coordinate Resources Among Divisions There are opportunities where divisions within Public Works can use resources from one another to achieve efficiencies and cost savings. Management has agreed to review opportunities in the following areas where responsibilities can be re-defined and coordinated among divisions: - 3 -

4.5-4 March 5, 2014 PUBLIC WORKS STAND-BY AND OVERTIME AUDIT a) There is an opportunity to use Road Operators from Transportation Services to clear road hazards during winter months surrounding dormant construction sites that are currently being managed by Inspectors from Engineering and Technical Services. Changes to processes and updated procedures (where appropriate) will be implemented throughout 2015. b) Management in Water will review roles and responsibilities for Operators and the Supervisory Control and Data Acquisition (SCADA) specialist to ensure only those staff required for each given situation are being called out. Further, management will also investigate opportunities to transfer the Public Works call centre functions related to SCADA alarms for the facilities, reservoirs and pumping stations to the Ontario Clean Water Authority (OCWA) which could create further efficiencies. Analysis of Overtime Data Internal Audit identified a number of employees in Public Works who earned overtime between $10,000 and $46,000 each year for the past three years. Management indicated that overtime is assigned based on the pre-established criteria from the Collective Agreement and there is no significant grievance for overtime assignment received by management which confirms management assertion that overtime is assigned based on pre-established criteria. Management explained that in: Water and Wastewater Division - overtime is used to respond to non-routine work; Operations Support Division overtime is used to meet after-hours service demands; Transportation Service Division overtime is used to respond to weather events and roadway infrastructure emergencies. Internal Audit did not find any evidence of abuse of overtime. Management will continue to authorize and approve overtime based on their business needs. Stand-by Policy The management team of Public Works has made suggestions to elaborate the Stand-By Policy for clarity and consistent implementation. The Human Resources management has a plan to review all Human Resources policies and will consider suggestions for the stand-by policy during their review. CONCLUSION Internal Audit found that there are effective processes in place to authorize and approve standby and overtime pay. There are opportunities to improve processes to track and monitor overtime and stand-by payments and assess future needs. Internal audit noted that stand-by practices are not consistent across the Public Works Department. The inconsistencies are a result of unique business requirements and service levels. - 4 -

4.5-5 March 5, 2014 PUBLIC WORKS STAND-BY AND OVERTIME AUDIT Michelle Morris, Director, Internal Audit Approved for Submission: D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Joan Appleton. Authored By: Joan Appleton, CPA CGA, CIA, CRMA and Anila Lalani, CIA, CISA - 5 -

4.5-6 Audit & Risk Committee Public Works Stand-by and Overtime Audit April 2015 1

4.5-7 Audit Objective To assess the processes and practices in place in the Public Works Department to authorize, approve, track, monitor and control stand-by pay. 2

4.5-8 Audit Scope Review of relevant policies, procedures, business practices, relevant legislation and collective agreements; Interview staff and management to gather information; Review various reports & payroll documents and Analysis of stand-by and overtime data. 3

4.5-9 Observations/Opportunities for Improvement Implement monitoring processes for standby and related overtime; Periodic needs assessment of stand-by; Assess opportunities for coordinating stand-by coverage between divisions. Consider management suggestions for improvements to the Standby policy 4

4.5-10 Conclusion The processes to manage stand-by and overtime pay is effective. Opportunities exist to implement processes to monitor overtime and standby activity. The inconsistencies in stand-by practices across Public Works are a result of unique business requirements and service levels. 5

4.5-11 Action to Strengthen Processes Implement processes to monitor overtime and standby activity On-going assessment will be performed to confirm the need for stand-by; and Management will review opportunities where responsibilities can be re-defined and coordinated between divisions. 6

4.5-12 Next Steps Management has developed action plans to address the risks identified Internal Audit will follow-up and report on the status of management action plans 7

4.5-13 Questions 8

This page is intentionally left blank

4.6-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee For Information DATE: March 5, 2015 REPORT TITLE: FROM: DRIVER CERTIFICATION PROGRAM (DCP) BENCHMARK COMPLIANCE AUDIT Michelle Morris, Director, Internal Audit OBJECTIVE To inform Audit and Risk Committee of the results of the Driver Certification Program (DCP) Benchmark Compliance Audit. REPORT HIGHLIGHTS The Driver Certification Program Benchmark Compliance Audit was conducted in accordance with Ministry of Transportation requirements. The overall result is that the Region of Peel as the Recognized Authority is in compliance with program requirements. Two opportunities to strengthen controls and practices in the driver certification program were identified involving the need to standardize the maintenance of driver file documentation and secondly the need to effectively manage criminal background checks. DISCUSSION 1. Background Public Works Operations Support has been designated by the Ministry of Transportation Ontario (MTO) as a Recognized Authority (RA) under the provincial Driver Certification Program. Under this authority, the Fleet Services section of Operations Support provides program related training and testing to employees for the purpose of upgrading or renewing applicable classified licences, which for the Region of Peel ( Region ) are classes A, B, C, D, E, F, and Z. Each RA must nominate an individual employee to be the Recognized Authority Official (RAO) who is directly responsible for the administration and overall maintenance of the driver training program. The current RAO for the Region is the Director, Operations Support. The Signing Authority (SA) is the ministry approved trainer and tester who delivers the program. Fleet Services has three approved Signing Authority s. As part of the MTO s new Driver Certification Program model, the MTO has implemented a process to ensure that all RAs are in compliance with ministry requirements; specifically by conducting independent compliance audits. The MTO has introduced three types of audits:

4.6-2 March 5, 2015 DRIVER CERTIFICATION PROGRAM (DCP) BENCHMARK COMPLIANCE AUDIT the Benchmark Compliance Audit; the Compliance Audit; and the Validation Audit. A Benchmark Compliance Audit is required of all existing RAs as the first audit. In subsequent years a Compliance Audit will be required. No sanctions will be issued based on the results of the initial Benchmark Compliance Audit. Internal Audit meets the criteria to conduct this audit, which was required to be completed and reported to the MTO by October 30, 2014. 2. Audit Objective and Scope The objective of the audit was to assess whether management has processes in place which ensure that they are in compliance with Ministry requirements. The scope of this Benchmark Compliance Audit is as determined by the MTO and incorporated into the predefined audit program and its reporting requirements. Random sample testing was conducted to assess the effectiveness of the Region s processes for testing, training and approving licence class upgrades and renewals including classes A, D, F, and Z and others as required. The scope included verifying the requirements for the following: The Recognized Authority general requirements including stock, driver, facilities/ teaching aid requirements, and vehicles used for testing; The Recognized Authority Official; The Signing Authority; and, Vehicle safety. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. 3. Audit Observations The Driver Certification Program Benchmark Compliance Audit was conducted in accordance with ministry requirements and was submitted within the required reporting timeframe. The overall opinion based on the results of the Audit is that the Recognized Authority, the Region, is In Compliance with the Driver Certification Program requirements. One program infraction falling under the category of major was reported. This infraction involved two incidents where drivetest results had not been appropriately filed. Results of the Audit identified two opportunities to strengthen controls and practices in place over the driver certification program. Drive Test Documentation Audit testing disclosed that the documentation of drive test results were missing for two driver files sampled. The Driver Certification Program policy requires that driver files include the documented test results for all tests conducted by the Signing Authority as proof of the testing conducted and its outcome. There is the risk that supporting documents for certifications issued will be lost when documentation is not filed in a consistent and standardized manner. - 2 -

4.6-3 March 5, 2015 DRIVER CERTIFICATION PROGRAM (DCP) BENCHMARK COMPLIANCE AUDIT Management has implemented a number of changes to help standardize and streamline the maintenance of driver files including eliminating any past duplication of training logs by ensuring that all data is in one main log only in the driver files. Criminal Reference Checks / Vulnerable Sector Checks The Driver Certification Program requires that both the Recognized Authority Official and each Signing Authority obtain the appropriate Criminal Reference Check or Vulnerable Sector Check at the time of the audit and every three years thereafter. This is a new requirement commencing with the current Benchmark Compliance Audit. There are a number of factors and associated risks as a result of this new program requirement. The renewal process must be managed including ensuring that confidential personal information is appropriately secured and that a reminder process is established to ensure the three year criminal reference check renewal requirement is met. Management will develop a policy for obtaining and maintaining criminal background checks for the Signing Authority s and the Recognized Authority Official using current policies that exist in the organization as guidelines. CONCLUSION The Driver Certification Program Benchmark Compliance Audit was conducted in accordance with Ministry of Transportation Ontario requirements. The overall result is that the Region of Peel as the Recognized Authority is in compliance with program requirements for purposes of the current Benchmark Compliance Audit and the program is delivered effectively. Michelle Morris, Director, Internal Audit Approved for Submission: for D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris extension 4247. Authored By: Joan Appleton CPA CGA CIA CRMA and Sean Lee, CPA CGA CIA CISA CGAP CRMA PMP - 3 -

4.6-4 Audit & Risk Committee Driver Certification Program (DCP) Benchmark Compliance Audit April 2015 1

4.6-5 Background Recognized Authority to test and issue licenses Audits were previously conducted by MTO Responsibility shifted to the Recognized Authority 2

4.6-6 Audit Objective To assess whether management has processes in place which ensure that they are in compliance with Ministry requirements for the operation of the Driver Certification Program. 3

4.6-7 Audit Scope The scope was to complete the audit program provided by MTO Verify responsibilities and deliverables for each role: 1. Recognized Authority 2. Recognized Authority Official 3. Signing Authority Vehicle safety and inspection 4

4.6-8 Audit Observations Records management and filing processes can be improved Establish processes to meet the requirements to conduct criminal reference checks 5

4.6-9 Conclusion The Region s DCP is in compliance with MTO requirements Processes to deliver the DCP are effective Management has implemented action plans to address the audit observations 6

4.6-10 Actions to Strengthen Processes Processes were immediately implemented to standardize filing processes between Signing Authorities A procedure for ensuring criminal reference checks are conducted has been developed. 7

4.6-11 Next Steps Internal Audit will include the next MTO request to complete the DCP audit in our Audit Work Plan 8

4.6-12 Questions 9

4.7-1 REPORT Meeting Date: 2015-04-02 Audit and Risk Committee DATE: March 9, 2015 REPORT TITLE: FROM: APPOINTMENT OF EXTERNAL AUDITOR FOR 2015 AND EXTENSION OF EXTERNAL AUDIT CONTRACT Stephen VanOfwegen, Commissioner of Finance and Chief Financial Officer David Bingham, Treasurer, Peel Living RECOMMENDATION That Deloitte LLP be appointed as the Region s external auditor for the fiscal year 2015; And further, that the five-year external audit contract (Document 2010-354P) awarded to Deloitte LLP be extended by one year to cover the 2015 fiscal year external audit as per the report of the Commissioner of Finance and Chief Financial Officer and the Treasurer, Peel Housing Corporation; And further, that the audit fee for the 2015 fiscal year be increased by 5 per cent to $133,875 (excluding applicable taxes) of which $17,440 would pertain to Peel Living and $116,435 would pertain to the Region of Peel, based on satisfactory service, performance, and pricing. REPORT HIGHLIGHTS Council awarded a five-year external audit contract to Deloitte LLP based on competitive bid RFP 2010-354P for the 2010 to 2014 fiscal year audits, inclusive. The last year of the external audit contract is for the 2014 fiscal year and this report recommends that Deloitte LLP be retained for the 2015 fiscal year audit. The Public Sector Accounting Board is mandating a new accounting standard for the liability for contaminated sites which will be effective for the 2015 fiscal year. The Peel Living Board of Directors composition is changing in 2015 and it is recommended that stability with the external audit contract be maintained during this transition year. In the five-year period, the audit fees have not increased, however the external auditors have proposed a 5 per cent increase for the 2015 fiscal audit.

4.7-2 March 9, 2015 EXTENSION OF EXTERNAL AUDIT CONTRACT DISCUSSION Deloitte LLP was awarded the external audit contract in 2010 under competitive bid process RFP 2010-354P. Audit Committee approved the appointment of Deloitte on June 6, 2010 and the Region of Peel Council as shareholder has approved their appointment each year for Peel Living at the Annual General Meeting. Deloitte is now completing this five-year contract which spanned the 2010 to 2014 fiscal year audits, inclusive. This report recommends retaining Deloitte as the Region s external auditor for one year for the 2015 fiscal year, due to accounting standard changes and a change in the Peel Living Board of Directors governance structure. The Region of Peel s financial statements are prepared in accordance with Canadian public sector accounting standards, as recommended by the Public Sector Accounting Board ( PSAB ) of the Chartered Professional Accountants of Canada. PSAB has introduced a new liability for contaminated sites, effective for federal, provincial and municipal governments as well as crown corporations, universities, hospitals and school boards with a fiscal year-end on or after April 1, 2014. This new section will be mandatory for the 2015 fiscal year and addresses liabilities for remediation related to sites or parts of sites no longer in active or productive use. The estimate of the liability will include the costs directly attributable to remediation activities. This new section will not apply to liabilities for closure and post-closure of solid waste landfill sites since this is addressed under another section of the PSAB standards. Corporate Finance is currently working with Peel s Real Estate division and impacted departments to identify Peel contaminated sites. A few sites have been identified. Since the external auditors have in-depth knowledge of Regional operations, it is prudent to extend the external audit contract for a one-year period for the 2015 fiscal year as we transition to this new standard. At the time that the Tangible Capital Assets was introduced by PSAB effective for the 2009 fiscal year, the contract for the external audit was extended as well in order to leverage the existing external auditors knowledge of the Regional operations. Although the liability for contaminated sites is not as complex as tangible capital assets, it is considered significant in terms of scope of work. The Peel Living Board of Directors composition is changing during 2015. To maintain stability given the governance changes, it would be favourable to retain the external auditors for a year. This extension would include the external audit of the Peel Housing Corporation. The audit fees for the five-year period was the same for each of the five years with no increases and Deloitte is requesting a 5 per cent increase in their 2015 fee which includes work related to the new standard. Once the transition to the new standard and the new Peel Housing Corporation Board have occurred over 2015, Corporate Finance staff will issue a competitive bid with Purchasing in the spring of 2016 for the 2016 fiscal audit. FINANCIAL IMPLICATIONS A 5 per cent audit fee increase for a total contract amount of $133,875 (excluding applicable taxes), is minimal and was included in the 2015 operating budget. Of this amount, the Peel Living audit fee portion would be $17,440 while the Region of Peel audit fee would be $116,435. - 2 -

4.7-3 March 9, 2015 EXTENSION OF EXTERNAL AUDIT CONTRACT CONCLUSION The retention of the external auditors for a one-year period is recommended as a transitional move due to the new accounting standard regarding the liability for contaminated sites being introduced for 2015 and due to the Peel Living Board of Directors governance changes for 2015. Stephen VanOfwegen, Commissioner of Finance and Chief Financial Officer David Bingham, Treasurer, Peel Living Approved for Submission: D. Szwarc, Chief Administrative Officer c. Muliwa Mwarigha, General Manager, Peel Housing Corporation For further information regarding this report, please contact David Bingham, Treasurer, Peel Living at extension 4292 or via email at dave.bingham@peelregion.ca Authored By: Monique Hynes Reviewed in workflow by: Purchasing Financial Support Unit - 3 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information