Audit of the Community Futures

Audit and Evaluation Branch

January 2010

Recommended for Approval to the Deputy Minister by Departmental Audit Committee on January 8, 2010

Approved by the Deputy Minister on January 26, 2010

Table of Contents

• 1.0 Executive Summary
  • 1.1 Introduction
  • 1.2 Main Findings
  • 1.3 Recommendations
  • 1.4 Statement of Assurance
  • 1.5 Audit Opinion
• 2.0 About the Audit
  • 2.1 Background
  • 2.2 Objective
  • 2.3 Scope
  • 2.4 Methodology
• 3.0 Findings and Recommendations
  • 3.1 Introduction
  • 3.2 Governance
  • 3.3 Internal Control
  • 3.4 Risk Management
• Appendix A: Audit criteria
• Appendix B: Management action plan

1.0 Executive Summary

1.1 Introduction

The Community Futures (CF) Program, administered by Federal Economic Development Initiative for Northern Ontario (FedNor), supports community economic development and capacity building. FedNor is a federal regional development organization in Ontario that works with a variety of partners. The Director General (DG) of FedNor reports to the Assistant Deputy Minister (ADM) of Regional Operations. Effective August 2009, the Federal Economic Development Agency for Southern Ontario (FedDevOn) was created. Some of the files reviewed in this audit are now within the accountability of this new agency and therefore management of this agency should be made aware of the audit results contained in this report.

The aim of the Community Futures program is to: support local rural communities and small and medium-sized enterprises (SMEs) in meeting their economic needs; help rural communities to develop and implement long-term community strategic plans leading to the sustainable development of their local economies; and provide resources to local CF organizations to build community capacity to adapt to and manage change. In Ontario, the CF program is delivered through a network of 61 non-profit Community Futures Development Corporations (CFDC) in seven regions (East, Southeast, South Central, Southwest, West, Northwest and Northeast).

The program provides financial support to small and medium enterprises (SMEs) through Community Future Development Corporations (CFDCs) in collaboration with other partners. CFDCs assess their community's situation and develop strategies to meet identified needs. Using this assessment, CFDCs provide support to small and medium-sized enterprises and social enterprises, as well as undertake community economic development initiatives.

This audit was conducted in accordance with the 2008–2009 risk-based audit plan of the Audit and Evaluation Branch (AEB), which was recommended for approval by the Departmental Audit Committee and approved by the Deputy Minister. An audit of the CF program previously occurred in 2004. The objective of the audit was to provide assurance that FedNor's management of CF transfer payments complies with relevant legislation, policies, directives and procedures. The scope of the audit covered transfer payments administered during the fiscal year 2007–2008 and up to June 2009 for the current year.

During the planning phase of the audit, AEB completed an entity risk assessment, utilizing Treasury Board's 69 Core Management Controls (CMC), which are aligned to three broad areas: governance, internal control and risk management. Each CMC was risk ranked as high, medium or low. This risk ranking was then utilized to determine the audit criteria.

1.2 Main Findings

The Community Futures (CF) Program has a defined management control framework that does assist FedNor to deliver the Program at both the program and project level. With the exception of a few files which are not material, the Program generally complies with appropriate acts, regulations and policies. The Program has established key controls that define the roles and responsibilities of all parties involved in the Program; its policies, guidelines and processes are documented and provide guidance and direction to the Program's recipients and to their clients; and the Program's decision-making process is clearly outlined and transparent.

Program Development Officers (PDOs) have an excellent network for information sharing and problem solving. They get together regularly in both formal and informal meetings. During these meetings, PDOs share information that helps ensure consistency across CFDCs and encourages better problem solving through group involvement.

However, the audit identified six main findings.

Governance

1. Not all overpayments were returned to FedNor at the end of a contribution agreement, which does not comply with the Treasury Board Transfer Payment Policy.
2. Investment Funds were transferred for non-investment purposes and were frequently not repaid in a timely manner.
3. All CFDCs are given a base of $300,000 for operating expenses despite significant variances in population size and/or complexity of portfolio.

Internal Control

4. To determine if any irregularities, such as repayable amounts or non-compliance with the terms and conditions, exist, program management relies on budget variances and audits of funding recipients conducted by accounting firms.
5. Although sections 32, 33 and 34 of the Financial Administration Act were generally discharged in accordance with applicable legislation and policies, claim forms and payments varied from what was originally submitted and approved.

Risk Management

6. Based on the current risk assessment methodology and format, risk assessments are sometimes completed to meet a desired risk level rather than the actual, which can result in inappropriate monitoring requirements. Documented risks are not regularly updated.

1.3 Recommendations

The following recommendations address the findings described above:

Governance

1. The Director General of FedNor should ensure that CF Program funds remaining at the end of the contribution agreement are returned to the Crown as required by Treasury Board.
2. The Director General of FedNor should ensure that all temporary transfers are repaid promptly and that, outstanding temporary and permanent transfer amounts, terms and conditions be disclosed by FedNor to Industry Canada senior management for decision making purposes.
3. The Director General of FedNor should review and document operating funding requirements for CFDCs.

Internal Control

4. The Director General of FedNor should document regular reviews and monitoring of CFDC financial information submitted.
5. The Director General of FedNor should ensure that financial officers obtain documented approvals on any changes they make to claim forms and/or payments.

Risk Management

6. The Director General of FedNor should update the risk assessment process and form as well as ensure appropriate tailoring of documentation occurs to reflect risk.

1.4 Statement of Assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria (see Appendix A). The opinion is applicable to FedNor and only those CFDC files examined within the scope described herein.

1.5 Audit Opinion

In my opinion, the Community Futures Program has moderate weaknesses, with moderate risk exposures related to governance, internal control and risk management processes that require management attention.

2.0 About the Audit

2.1 Background

The Community Futures (CF) Program, administered by Federal Economic Development Initiative for Northern Ontario (FedNor), supports community economic development and capacity building. FedNor is a federal regional development organization in Ontario that works with a variety of partners. The Director General (DG) of FedNor reports to the Assistant Deputy Minister (ADM) of Regional Operations. Effective August 2009, the agency FedDevOn was created. Some of the files reviewed in this audit are now within the accountability of this new agency therefore management of this agency should be made aware of the audit results contained in this report.

The aim of the Community Futures program is to: support local rural communities and small and medium-sized enterprises (SMEs) in meeting their economic needs; help rural communities to develop and implement long-term community strategic plans leading to the sustainable development of their local economies; and provide resources to local CF organizations to build community capacity to adapt to and manage change. In Ontario, the CF program is delivered through a network of 61 non-profit Community Futures Development Corporations (CFDC) in seven regions (East, Southeast, South Central, Southwest, West, Northwest and Northeast).

The program provides financial support to small and medium enterprises (SMEs) through Community Future Development Corporations (CFDCs) in collaboration with other partners. CFDCs assess their community's situation and develop strategies to meet identified needs. Using this assessment, CFDCs provide support to small and medium-sized enterprises and social enterprises, as well as undertake community economic development initiatives.

The overall objectives of the program in support of the mandate include:

1. fostering economic stability, growth and job creation;
2. helping to create diversified and competitive local rural economies; and
3. helping to build sustainable communities.

CFDCs are community-based, not-for-profit organizations that are run by a board of local volunteers. CFDCs work closely with communities as they plan and help implement development strategies for small and medium local businesses.

The Ontario Association of Community Futures Development Corporations' 2008 Annual Review noted that the CF program has 264 staff members and an additional 781 volunteer workers. Based on this, the CF Program has influenced 9,638 jobs by issuing loans and providing business counselling to clients in 2008.

All CFDC financing decisions are made at the community level by a local board of directors, independent of FedNor.

An audit of the CF program previously occurred in 2004.

2.2 Objective

The objective of the audit was to provide assurance that FedNor's management of CF transfer payments complies with relevant legislation, policies, directives and procedures.

2.3 Scope

The scope of the audit covered transfer payments administered during fiscal year 2007–2008 and up to June 2009 for the current year.

2.4 Methodology

This internal audit was conducted in accordance with the Treasury Board Policy on Internal Audit and Internal Auditing Standards for the Government of Canada. The audit approach consisted of the following:

• review of program documentation, including past audit and evaluation reports, to gain an understanding of the internal control framework, CF processes and procedures, and supporting analysis and documentation used by the program;
• entity and project risk assessments based on the information reviewed and interviews with members of the CF Program — these risk assessments, along with the results of interviews and document review, formed the basis for the audit program followed for this audit;
• a random sample of 42 case files, selected and examined to test key controls for compliance and consistency in application—this sample represented a statistical sample of all files that issued funds between April 2007 and June 2009 and the audit team chose an additional five samples that represented files that had payments issued long after the expiry date of the agreement;
• a total of 12 interviews with program management and staff, conducted for inquiry and corroboration; and
• two site visits to the program's head office in Sudbury.

The information gathered through the above procedures was analyzed against the audit criteria in Appendix A. The audit criteria selected for this audit were based on Treasury Board Core Management Controls, in combination with risk-based controls that were specific to the program. The audit criteria were designed to enable an assessment of key practices, procedures and controls in place within the program.

Audit fieldwork was conducted between June 2009 and September 2009.

3.0 Findings and Recommendations

3.1 Introduction

This section presents detailed findings from the audit of the CF Program.

The Community Futures (CF) Program has a defined management control framework that does assist FedNor to deliver the Program at both the program and project level. The Program generally complies with appropriate acts, regulations and policies. The Program has established key controls that define the roles and responsibilities of all parties involved in the Program; its policies, guidelines and processes are documented and provide guidance and direction to the Program's recipients and to their clients; and the Program's decision-making process is clearly outlined and transparent.

Program Development Officers (PDOs) have an excellent network for information sharing and problem solving. Interviews revealed that PDOs get together regularly in both formal and informal meetings. During these meetings, PDOs share information that helps ensure consistency across CFDCs and encourages better problem solving through group involvement.

In addition to the findings presented below, the auditors made observations of conditions that were non-systemic and of low materiality and risk. These findings have been communicated to management in the form of a Management Letter for its consideration.

3.2 Governance

Finding 1.0: Policies are generally adhered to.

The Treasury Board policy requires that the recipient return all unspent CF Program funds at the end of a contribution agreement. In 10% of all the files examined by AEB, CFDCs had overpayments outstanding at the end of the contribution agreement. An overpayment is the result of excess funding from the CF Program. Of this 10%, 75% of CFDCs repaid their overpayments either voluntarily or by request while 25% retained the funds with the approval of Program management. Management indicated that this is done instead of requesting repayment of the funds and then issuing an advance on the new contribution agreement.

Program management indicated that most excess funding identified in the audit testing was not from the CF Program but from other sources such as the Self-Employment Benefits Program administered by Human Resources and Social Development Canada — such funds are considered surplus. In 28% of the files examined, CFDCs reported surpluses at the end of the fiscal year.

The lack of detail in the financial reporting by CFDCs in the files reviewed made it impossible to match expenditures to sources of funds. As a result, AEB was unable to substantiate management's claim and determine whether funds remaining were overpayments or surpluses.

The above findings are based on the frequency of compliance to the Treasury Board policy. The dollar amount within the sample was not material.

Allowing some CFDCs to keep overpayments, while requiring others to pay them back, may be perceived as an inconsistent application of the terms and conditions of the contribution agreements, and represents non-compliance with the Treasury Board policy.

Recommendation 1.0

Finding 2.0: Investment Funds are used for non-investment purposes.

The CF Program provides funds to the CFDCs for operating costs and investments. In the last Treasury Board Submission, the operating and investment funds are provided through one funding source and are not broken down, leaving the allocation of funds to be determined by the program.

The Operating Fund, is meant to cover operating expenses CFDCs incur related to the program. The Investment Fund, is for providing funds to CFDCs to lend to small and medium-sized businesses that are unable to receive financing through conventional banking. In 30% of the files examined, Investment Fund monies were transferred into Operating Fund accounts and used for non-investment related activities. While 79% of these transfers were identified as temporary, 21% were permanent.

Temporary transfers are to be repaid prior to fiscal year end. Of the temporary transfers reviewed, 64% were still outstanding at the end of the fiscal year. The issue of prompt reimbursement for temporary transfers was also raised in the 2004 Audit Report.

The permanent transfers were used for such things as office renovations, office moves, severance payments and covering operating deficits. In all these cases, the transfers were approved by FedNor.

FedNor's explanation for these transfers was that operating funds were insufficient to cover large or unusual expenditures. During the audit, FedNor was able to produce only one policy on transfers from the Investment Fund, entitled the Investment Fund Transfer Policy, and it stated that only costs directly attributable to increased investment activity could be covered by transfers. That policy also stated "the annual transfer amount will not exceed 20% of the previous year's investment fund interest income to a maximum of $40,000 and cannot reduce the cumulative contribution made by the federal government to the fund." Of the transfers identified, all are from the Investment Fund itself and not from the interest earned; many of the noted transfers also exceeded the $40,000 limit.

Subsequent to the completion of the audit, another policy was provided that allows for permanent transfers above the $40,000 limit but restricts all transfers to revenue generated by the investment fund. None of the files examined included an analysis that would document whether the funds being requested were sourced from revenue generated by the fund.

By allowing these transfers, FedNor is reducing decision makers' ability to rely on reported information on the amount of funds provided as investment and operating costs. Non-disclosure of utilizing investment funds for operating expenditures may result in errors in management and/or government decision making.

Recommendation 2.0

Finding 3.0: Program management does not document active monitoring and analysis of the operating activities of recipients to ensure funding levels are appropriate.

A consistent message throughout the audit was that CFDCs need more funding for operations. Currently, all CFDCs are provided with $300,000 for operating costs with the possibility of receiving up to an additional $40,000 per year for extraordinary travel costs (for those in very remote locations, or that cover a particularly large geographic area), and up to an additional $30,000 per year for CFDCs required to provide bilingual services.

When asked, 71% of interviewees indicated that the even distribution of operating funds across CFDCs was not ideal but that with the current level of funding it is the best option to ensure all CFDCs are able to continue operations. While reviewing selected files, it was evident that the majority of CFDCs were spending all the funding provided. However, in a few cases, CFDCs posted surpluses or did not use all the funding available to them consistently year over year. This was discussed with FedNor staff but it was indicated that no CFDC could operate with less than $300,000 per year. Management indicated that preparing detailed costing per CFDC would exceed the benefit to the program.

As observed in the previous two findings, some CFDC operating funds are insufficient to cover all expenses resulting in Investment Fund transfers while others have surpluses or overpayments.

The risk posed by the lack of detailed information provided by CFDCs is that FedNor CF Program management cannot demonstrate adequate monitoring of spending levels or that operating fund requirements are appropriate.

Recommendation 3.0

3.3 Internal Control

Finding 4.0: Active FedNor monitoring of the CF Program is not always being demonstrated.

While the audit reports prepared by the accounting firms at the end of each agreement provide some level of assurance, they should not be the sole measure of compliance and sound financial operations. During interviews, it was indicated that additional monitoring was unnecessary as the recipient audit would identify any non-compliance with the terms and conditions.

Recipient audits are scheduled to be undertaken every second year, and only two of 61 CFDCs were audited during the most recent round. In the last two recipient audits, despite clean audit opinions, amounts were determined to be repayable to the Crown over a year after the files were closed.

One CFDC demonstrated a best practice by attaching to each financial statement sent into FedNor a detailed description of variances from budgeted amounts and explanations of expenses that may not have been otherwise clear. This would be particularly beneficial in assisting a thorough yet quick review of the financial information by FedNor staff.

The 2004 Audit Report identified minimal analysis by FedNor of the information CFDCs provide in quarterly reports and this remains an issue.

The risk is that FedNor could be overlooking financial problems at CFDCs that could be corrected early in the process; if the main mechanism for identifying these problems is after the agreement has expired, there is a potential for them to be material and there would no longer be a current agreement in place leaving little room for recovery.

Management indicated that they do review budget variances on a regular basis as well as annual CFDC Financial Statements prepared on a fund basis. One financial statement reviewed, however, showed revenue funds from various sources but salaries and most other expenditures charged only to the CF Program. Ineligible expenditures may occur but not be detectable by budget variance analysis as other expenditures may not have occurred leaving no variance.

Recommendation 4.0

Finding 5.0: Initial approvals conform with the Financial Administration Act, but there is no documentation showing that the PDO's were informed of changes made in claims and payments.

General compliance with aspects of the Financial Administration Act was high. FedNor is diligent in ensuring claims are signed off appropriately with 100% of files reviewed having three or more signatories on claim forms. However, 11% of claims had changes made by the financial officer to one or more of the payments without documented evidence that the PDO or previous signatories were informed of the change.

Program management assured AEB that whenever a change was made to the payment of a claim and the supporting form, all the signatories were informed; during the file review, however, no physical evidence was found to substantiate management's claim. When a change occurs after the original claim submission and approval, it should be appropriately re-approved and documented.

The risk in not having the requirement to document such changes could enable improper payments to be made.

Recommendation 5.0

3.4 Risk Management

Finding 6.0: Risks and risk management strategies are not always meaningful, pertinent and timely.

The review of the initial CFDC risk assessments prepared by FedNor at the onset of each agreement revealed that risk rankings were sometimes being adjusted to meet a desired score of low. This is in part due to the overall scoring system. Currently there are 16 criteria to evaluate the risk of a CFDC. Rating each criterion with a 1, low risk, would total to 16, making it almost impossible to rank a CFDC a low risk.

In many cases, while some criteria were rated higher than 1, others were rated as N/A or 0 to maintain an overall risk ranking of low, even though these are not part of the scoring system. On the other hand, completing the overall scoring system correctly increases the likelihood that a low-risk CFDC would be ranked as a medium risk.

An examination of selected three-year agreements found no evidence of updated risk assessments on file. PDOs may be aware of changes in risk at their assigned CFDCs however documentation on file does not reflect these updates.

Lack of documentation of ongoing risk management could result in limited monitoring of a high-risk situation.

Finally, based on observations during file review, there does not seem to be a correlation between the level of risk of a CFDC and the amount of monitoring required. From the files reviewed, CFDCs with a low-risk ranking had as many, or more, reporting requirements than those with medium-risk rankings, resulting in the collection of information that may not have been necessary.

Many of the files reviewed contained excessive documents and information not necessarily related to any specific reporting requirements. Collecting too much information for review can lead to ineffective and inefficient monitoring.

Recommendation 6.0

Appendix A: Audit Criteria

The following audit criteria were used in this audit:

• Terms and conditions are valid, complete and in line with program requirements and authorities.
• The processes in place adhere to relevant legislative and regulatory requirements and Treasury Board policies, and are in line with the organization's values, ethics and codes of conduct.
• Processes are understood and are complied with, and the use of assets is protected from waste, abuse or fraud.
• For services delivered by third parties, management has implemented a program to monitor their activities.
• The organization's direction and approach to risk management are formally articulated (i.e., documented), well-communicated and well-understood.
• Risks and risk management strategies are meaningful, pertinent and timely, and conform to legal and regulatory requirements.
• Reporting is submitted and reviewed for completeness, accuracy, relevance, timeliness, appropriateness and reasonableness (quality assurance performed).
• Approval is evidenced (signoff, email, minutes, etc.).
• Active monitoring is demonstrated.
• A schedule of regular reporting is prepared and communicated in advance.
• Incompatible functions must not be combined.
• Sections 32, 33 and 34 of the Financial Administration Act are discharged in accordance with applicable legislation and policies.
• Operating objectives and priorities exist for all key activities, are documented, and are linked to strategic objectives and priorities.
• Management establishes, communicates and implements codes of conduct and other policies that describe expected standards of ethical or moral behaviour, acceptable business practices and conflicts of interest.
• Administrative expenses are reasonable and in line with industry standards.
• A formal process exists to ensure user satisfaction measurement is conducted on an ongoing basis, is used to set improvement targets, and is considered in performance evaluation, incentives and objective-setting for relevant individuals.
• Funds are used for intended purposes.

Appendix B: Management Action Plan

Project Name /
Number:

Community Futures Audit

Updated as at: