Core Control Audit of the Immigration and Refugee Board of Canada Audit Report

About the Immigration and Refugee Board of Canada

The Immigration and Refugee Board of Canada (IRB) is an independent tribunal established by the Parliament of Canada. The IRB is responsible for making decisions on immigration and refugee cases efficiently, fairly and in accordance with the law.^{Footnote 1}

Among other responsibilities, the IRB decides who needs refugee protection among the thousands of claimants who come to Canada annually.^{Footnote 2}

The IRB reports to Parliament through the Minister of Citizenship and Immigration, but the IRB remains independent from Immigration, Refugees and Citizenship Canada (IRCC).^{Footnote 3}

Based on IRB’s departmental plan for 2020–21 and 2021–22,^{Footnote 4}IRB had:

planned spending of approximately $279.1 million (2020–21) and $282.7 million (2021–22)
planned full-time equivalents (FTEs) of 1,876 (2020–21) and 2,095 (2021–22)

About the core control audit

Context and objective

The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policies and procedures. Core control audits provide deputy heads with assurance^{Footnote 5} on the effectiveness of core controls over financial management in their organization.

The objective of this core control audit is to examine and assess whether key controls over financial management^{Footnote 6} within IRB result in compliance with requirements and expected results of corresponding legislation, Treasury Board (TB) policies, and directives.

Scope

Key policy areas of focus were contracting, delegation of spending and financial authorities and acquisition cards
A targeted risk-based audit sample of IRB transactions, records and processes were selected from fiscal year 2020–21: contracting (21 transactions), delegation of spending and financial authorities (13 transactions) and acquisition cards (20 transactions)^{Footnote 7}
Legislation, policies and directives scoped in (versus excluded) are listed in Appendix A

Conformance with professional standards

This audit engagement was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Mike Milito
Assistant Comptroller General and Chief Audit Executive
Internal Audit Sector, Office of the Comptroller General

Overall conclusion

Overall, the audit found that, based on transactions tested, key controls over financial management were generally in accordance with the requirements of applicable legislation, policies and directives.

Effective controls were observed in the area of delegation of spending and financial authorities.

Areas of improvement were observed with respect to contracting, approvals, documentation and timeliness.

Overview of audit findings

Contracting

Non-competitive procurement

With respect to contracting, it was noted that justification for non-competitive procurement contracts and best value analysis were not always sufficiently documented and substantiated (Recommendation 2a).

Security requirements

In some cases, security requirements were not fully addressed prior to the commencement of the contract (Recommendation 2e).

Processes/procedures

For two competitive contracts related to the Interpretation Service Program, IRB did not follow some of the bid evaluation steps normally expected as part of a competitive procurement process. Specifically, both contracts were processed as contract renewals without their corresponding bid evaluations (Recommendation 2b)^{Footnote 8}.
There were also instances where contracts and amendments, valued at over $10,000, did not meet the proactive disclosure requirements (Recommendation 2h).

Why this is important

Sound contracting practices are important to ensure that they stand the test of public scrutiny of prudence and probity, facilitate access, and encourage competition and fairness in the spending of public funds and achieve better value.

Approvals

For acquisition cards, in all instances, the acquisition card application form was not signed by the acquisition card coordinator, which is a responsibility of this role (Recommendation 1b).
There were a few instances where expenditure initiation and certification authority were either not documented or not performed by the appropriate delegated authorities in the areas of acquisition cards and contracting (Recommendations 1e, 2c, 2g).

Why this is important

Approvals are a key control in ensuring that funds are available and used prudently and that transactions are authorized, complete, accurate and valid.

Documentation

For the management of acquisition cards, in many cases, although the cost centre manager recommended for the employee to have an acquisition card with reasonable credit limit based on planned use, there was no bank statement documentation indicating the credit limit to verify that it matches the limit noted in the acquisition card application form. Additionally, although the cost centre manager recommended for the employee to have an acquisition card, in two cases, there was no recommended credit limit on the acquisition card application form (Recommendation 1a).
In some cases, for acquisition cards and contracting, it could not be determined whether the expense was approved prior to the expense being incurred or prior to the signing of the contract as the approval was not dated (Recommendations 1c, 2c). In all instances, for acquisition cards, no documentation was on file to demonstrate that commitments were recorded at the value expected to be incurred (Recommendation 1d).
For several instances in the areas of acquisition cards and contracting, certification authority and payment authority were not properly supported with proof of execution or cost (Recommendations 1f, 2g).
In one case, a contract signed by the vendor was not on file (Recommendation 2d). In another case, it could not be determined if amendments were issued before services were received, as amendments were not properly signed and dated. For one contract, justification for amendments was not always documented (Recommendation 2f).

Why this is important

Maintaining sufficient and appropriate documentation to support transactions and justify decisions made is essential in demonstrating due diligence and sound stewardship.

Timeliness

In one case, for acquisition cards, the acknowledgement of responsibilities for the cardholder was approved after the transaction occurred.
There were several instances where certification authority and payment authority were not performed in a timely manner (net 30 days) in the area of contracting (Recommendation 2g).

Why this is important

Timeliness is an important part of the payment process to ensure efficiency and due diligence, and to minimize costs associated with late payments.

Recommendations

Guide to readers

The recommendations provided in this audit report are intended as targeted enhancements to IRB’s process controls and procedures and to help ensure compliance with the applicable legislation, policies and directives.

The recommendations and priority levels are provided based on multiple factors such as types of transactions examined in each area; the number and type of exceptions (instances) noted and resulting risk considerations; government-wide perspective on risk considerations; and, if applicable, results from previous audits.

Recommendation number	Recommendations	Priority
Recommendation 1	In the area of acquisition cards, IRB should ensure that:
	proper documentation, including bank statement limit documentation, is retained on file for all acquisition cards in order to substantiate the approved transaction and monthly limits of the cards	Low
	the acquisition card application form is approved by the acquisition card coordinator prior to the use of the card	High
	expenditure initiation (pre-approval) is properly documented before expenses are incurred	Low
	there is a consistent process in place for recording commitments at the expected itemized value	Medium
	certification authority be performed by an individual with appropriate delegated authority	Low
	expenses are certified with properly supported proof of execution and cost	Low
Recommendation 2	In the area of contracting, IRB should ensure that:
	sufficient documentation is retained on file to ensure that non-competitive contract files contain justification for sole-source contracting in accordance with section 6 of the Government Contracts Regulations and best-value analysis is documented and performed prior to contract award	High
	the appropriate procurement methods are chosen and that the requirements of the selected method are followed	High
	expenses are properly documented and approved by an individual who has the appropriate delegated authority, prior to the signing of the contract	Medium
	contracts are signed by all required parties (vendor and department)	Medium
	security requirements are addressed before work starts	Medium
	contract amendments are properly documented, signed, justified and dated by all required parties before goods and services are received	Medium
	certification authority and payment authority are properly documented, supported with proof of execution and cost, and performed in a timely manner by an individual who has appropriate delegated authority	High
	contracts, and applicable contract amendments, valued at over $10,000 are publicly disclosed, in the right amount	Low

Management response

The findings and recommendations of this audit were presented to the management of IRB.

Management has accepted the audit findings in this report and has developed an action plan to address the recommendations.

It is expected that the management action plan will be fully implemented by the fourth quarter of fiscal year 2023–24.

The results of the audit and the management action plan have been discussed with the Chairperson and Chief Financial Officer of IRB and with the Small Departments Audit Committee. The Office of the Comptroller General will follow up on the implementation of the management action plan.

Appendix A: Legislation, policies and directives

The following are applicable legislation, policies and directives tested in the scope of the audit based on applicability and risk assessment conducted in the planning phase.

Legislation

Financial Administration Act
Conflict of Interest Act

Policies

Rescinded [2022-05-13] - Contracting Policy
Policy on Government Security

Directives

Directive on Delegation of Spending and Financial Authorities
Directive on Mandatory Training
Directive on Payments
Government Contracts Regulations
Guidelines on the Proactive Disclosure of Contracts

Appendix B: Audit criteria and compliance

Contracting
Criteria	Compliance level
Procurement: non-competitive: There is documentation on file to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations.	Less than 80% compliance^{Footnote 9}
Procurement: competitive: Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner.	Less than 80% compliance^{Footnote 9}
Procurement strategy: Appropriate tendering processes for bids are used in the proper circumstances.	Greater than or equal to 90% compliance^{Footnote 10}
Expenditure initiation / commitment authority (section 32): Funds commitment availability is certified by someone with the delegated authority prior to the expenditure at the value expected to be incurred. (section 32 of the Financial Administration Act).	Greater than or equal to 90% compliance^{Footnote 10}
Contract management: Contracts and contract amendments were approved prior to the receipt of any goods or services or the expiration of the original contract, and supporting documentation is retained on file.	Greater than or equal to 90% compliance^{Footnote 10}
Certification authority (section 34): Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner, and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).	Greater than or equal to 80% and less than 90% compliance^{Footnote 11}
Payment authority (section 33): Payment authority is performed by someone with the appropriate delegation of authority and in accordance with the Directive on Delegation of Spending and Financial Authorities (section 33 of the Financial Administration Act).	Greater than or equal to 80% and less than 90% compliance^{Footnote 11}
Proactive disclosure: Contracts valued at over $10,000 are publicly disclosed.	Greater than or equal to 80% and less than 90% compliance^{Footnote 11}

Delegation of spending and financial authorities
Criteria	Compliance level
Delegation of financial authorities for disbursements: Delegation instruments are appropriate, current and approved in accordance with the directive.	Greater than or equal to 90% compliance^{Footnote 10}
Learning, training and development: Employees successfully complete mandatory training in accordance with requirements pertaining to financial management, contracting and human resources.	Greater than or equal to 90% compliance^{Footnote 10}

Acquisition cards
Criteria	Compliance level
Acquisition card issuance: Acquisition card issuance is controlled, and cardholders have acknowledged their responsibility in writing.	Less than 80% compliance^{Footnote 9}
Expenditure initiation / commitment authority (section 32): Funds commitment availability is certified by someone with the delegated authority prior to the expenditure at the value expected to be incurred (section 32 of the Financial Administration Act).	Less than 80% compliance^{Footnote 9}
Certification authority (section 34): Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner, and verifies the correctness of the payment requested (section 34 of the Financial Administration Act).	Greater than or equal to 90% compliance^{Footnote 10}
Payment authority (section 33): Payment authority is performed by someone with the appropriate delegation of authority and in accordance with the Directive on Delegation of Spending and Financial Authorities (section 33 of the Financial Administration Act).	Greater than or equal to 90% compliance^{Footnote 10}
Authorized purchases: Cards are to be used solely for authorized government business–related purchases of goods and services.	Greater than or equal to 90% compliance^{Footnote 10}

Footnotes

Footnote 1

See mandate and role on IRB’s webpage "About the Board"

Return to footnote 1 referrer

Footnote 2

See mandate and role on IRB’s webpage "About the Board"

Return to footnote 2 referrer

Footnote 3

See mandate and role on IRB’s webpage "About the Board"

Return to footnote 3 referrer

Footnote 4

See Planned Spending and Planned Full-Time Equivalents (FTEs) in the IRB’s Departmental Plans for 2020-21 and 2021-22

Return to footnote 4 referrer

Footnote 5

An audit is designed to provide a reasonable but not absolute assurance over its findings and conclusions.

Return to footnote 5 referrer

Footnote 6

A risk-based approach, in which all areas of financial management were assessed, was used during the planning phase to determine relevant high risk policy areas to include in this audit.

Return to footnote 6 referrer

Footnote 7

Methodology includes selecting items based on specific criteria and some random sampling. Findings of this audit provide an indication of the types of issues being observed; however, given the sample size, the audit findings cannot be used to make statistical inferences.

Return to footnote 7 referrer

Footnote 8

IRB mentioned that it handles numerous interpretation services contracts for which they follow certain procedures. The need for interpreters is communicated publicly via IRB’s website. IRB further indicated that in order to qualify, candidates must comply with the rules set out in the Code of Conduct for Interpreters. IRB noted work is then distributed on an as and when required basis and the basis of payment (rates) is the same from one contract to the other. IRB also acknowledged the need to reassess its practices in consideration of the unique nature of its Interpretation Services Program and in consultation with Treasury Board of Canada Secretariat.

Return to footnote 8 referrer

Footnote 9

IRB’s processes and procedures were not always in accordance with the applicable legislations, policies and directives.

Return to footnote 9 referrer

Footnote 10

IRB’s processes and procedures were in accordance with the applicable legislations, policies and directives and few exceptions were noted.

Return to footnote 10 referrer

Footnote 11

IRB’s processes and procedures were generally in accordance with the applicable legislations, policies and directives; however, some exceptions were noted.

Return to footnote 11 referrer

Language selection

Search

Search and menus

Core Control Audit of the Immigration and Refugee Board of Canada Audit Report

On this page

About the Immigration and Refugee Board of Canada

About the core control audit

Context and objective

Scope

Conformance with professional standards

Overall conclusion

Overview of audit findings

Contracting

Non-competitive procurement

Security requirements

Processes/procedures

Why this is important

Approvals

Why this is important

Documentation

Why this is important

Timeliness

Why this is important

Recommendations

Guide to readers

Management response

Appendix A: Legislation, policies and directives

Legislation

Policies

Directives

Appendix B: Audit criteria and compliance

Thank you for your help!

Core Control Audit of the Immigration and Refugee Board of Canada Audit Report

​​ On this page

About the Immigration and Refugee Board of Canada

About the core control audit

Context and objective

Scope

Conformance with professional standards

Overall conclusion

Overview of audit findings

Contracting

Non-competitive procurement

Security requirements

Processes/procedures

Why this is important

Approvals

Why this is important

Documentation

Why this is important

Timeliness

Why this is important

Recommendations

Guide to readers

Management response

Appendix A: Legislation, policies and directives

Legislation

Policies

Directives

Appendix B: Audit criteria and compliance

Thank you for your help!

On this page