Audit of the Management of Revenue

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web

Audit and Evaluation Branch
Industry Canada

August 2008

Recommended for Approval to the Deputy Minister
by the DAC on September 16, 2008
Approved by the Deputy Minister on October 1, 2008

This publication is available upon request in accessible formats. Contact:

Multimedia Services Section
Communications and Marketing Branch
Industry Canada
Room 264D, West Tower
235 Queen Street
Ottawa ON K1A 0H5

Tel.: 613-995-8552

Fax: 613-995-8552

Email: ic.cmb-creative.ic@canada.ca

Permission to Reproduce
Except as otherwise specifically noted, the information in this publication may be reproduced, in part or in whole and by any means, without charge or further permission from Industry Canada, provided that due diligence is exercised in ensuring the accuracy of the information reproduced; that Industry Canada is identified as the source institution; and that the reproduction is not represented as an official version of the information reproduced, nor as having been made in affiliation with, or with the endorsement of, Industry Canada.

For permission to reproduce the information in this publication for commercial redistribution, please email: copyright.droitdauteur@tpsgc.gc.ca

Cat. No.Iu4-141/3-2008E-PDF
ISBN 978-1-100-10966-4
60529
Aussi offert en français sous le titre Vérification de la gestion des recettes.

Table of Contents

1.0 Executive Summary

1.1 Introduction

Industry Canada (IC ) generates revenue from the provision of a wide-range of services. In fiscal year 2006-07, IC reported revenues of $664 million.

The objective of the audit of the Management of Revenue was to assess the effectiveness of the management control framework for revenue and identify residual risks, if any, that may stem from weaknesses in the management control framework.

The audit examined the management control framework (including governance, risk management and controls) for revenues and compliance with applicable requirements and policies. The following revenue streams were examined.

SITT
Spectrum Information Technologies and Telecommunications
CRC
Communications Research Canada
CSBFP
Canada Small Business Financing Program
OSB
Office of the Superintendent of Bankruptcy
CC
Corporations Canada
CB
Competition Bureau
CIPO
Canadian Intellectual Property Office

At the time of our audit, IC was conducting the Financial Statement Audit Readiness engagement. As part of the audit readiness project activities, revenue controls were documented for six revenue streams that were considered material to the accuracy of IC 's financial statements. The revenue controls documents which include detailed control matrices, process narratives, recommendations, and management remediation activities were used extensively throughout the planning phase of this audit.

1.2 Main Findings

Five key findings were identified through this audit as follows:

Governance

  • 1. There is not enough direction on revenue management coming from the Comptrollership and Administration Sector (CAS) to revenue streams.

Risk Management

  • 2. There is no formalized risk management process for the management of revenue.

Internal Control

  • 3. The duties related to handling payments from the public are not properly segregated.
  • 4. There is insufficient evidence of approval and/or review processes related to revenue management.
  • 5. Outdated control documentation for revenue processes does not reflect current practices.

1.3 Recommendations

Governance

  • 1. The Director General, Financial Operations and Systems Branch (FOSB), in partnership with revenue generating entities, should implement and monitor department-wide policies on the management of revenues, such as guidance on segregation of duties, accrual accounting and revenue recognition.

Risk Management

  • 2. The Director General, FOSB, in partnership with revenue generating entities, should ensure that formal risk management processes for revenue streams are developed, reviewed and updated on an annual basis.

Internal Control

  • 3. The Director General, FOSB, in partnership with revenue generating entities, should ensure proper segregation of duties for individuals who have custody of the asset (e.g.: cheque) and individuals who record the transactions.
  • 4. The Director General, FOSB, in partnership with revenue generating entities, should ensure that there is sufficient evidence of approval and/or review related to revenue management documentation such as signature and date.
  • 5. The Director General, FOSB, should ensure that control documentation for revenue processes is updated to reflect changes.

1.4 Statement of Assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The opinion is applicable only to the entities examined and within the scope described herein.

1.5 Audit Opinion

In my opinion, there are multiple areas with risk exposures related to the governance, control, and risk management processes relative to the management of revenue that require management attention.

line

Richard Willan
A/Chief Audit Executive, Industry Canada
line

Date

Return to the Table of Contents

2.0 About the Audit

2.1 Background

The Department generates revenue from the provision of a wide-range of services. In fiscal year 2006-07, IC reported revenues of $664 million. The fees charged for many of these services are prescribed by policies, Order in Council or in statutes. These were generated from the provision of services including, but not limited to: licensing services, trademark, patent and copyright administration, bankruptcy and insolvency administration, competition law and policy administration and investments in ventures and partnerships. Over 95% of the revenue is generated from the following revenue streams:

SITT
Spectrum Information Technologies and Telecommunications
CRC
Communications Research Canada
CSBFP
Canada Small Business Financing Program
OSB
Office of the Superintendent of Bankruptcy
CC
Corporations Canada
CB
Competition Bureau
CIPO
Canadian Intellectual Property Office

At the time of our audit, IC was conducting the Financial Statement Audit Readiness engagement. As part of the audit readiness project activities, revenue controls were documented for six revenue streams that were considered material to the accuracy of IC 's financial statements. The revenue controls documents which include detailed control matrices, process narratives, recommendations, and management remediation activities were used extensively throughout the planning phase of this audit.

This audit was in accordance with the 2007-08 IC Audit Plan approved by the Departmental Audit and Evaluation Committee. The risk-based planning process identified risks associated with the management of revenue that reflect materially significant expenditures, a complex legislative / policy environment and associated internal controls.

2.2 Objective

The objective of the audit was to assess the effectiveness of the management control framework regarding revenue management and identify residual risks, if any, that may stem from weaknesses in the management control framework.

This objective enabled us to report on the effectiveness of governance, control practices and risk for management of revenue across IC .

2.3 Scope

The audit examined the management control framework for revenues and compliance with applicable requirements and policies to the revenue streams.

As assurance is already received by the Department on the revenue-related financial information for CIPO, through audited financial statements, it has been excluded from the scope of the testing of internal controls. Given the significance of CIPO in terms of total revenue, the audit did look at the governance and risk management aspects.

Also at the time of our audit, the OAG was conducting a horizontal audit on user fees charged by the Government of Canada. Specifically, the OAG audit investigated the extent to which user fees were compliant with the underlying legislative framework. The following spectrum license fees of SITT program were included within the scope of the OAG audit and excluded from the governance and risk management lines of inquiry of this audit: Personal Communication Fees, Direct Broadcast by Satellite, Broadband Public Safety Communications and Fixed Stations Land Mobile Service.

The period of coverage encompassed the first nine months of fiscal year 2007-08 (i.e. from April 1, 2007 to Dec  ember 31, 2007). Testing to December 31, 2007 ensured that the results of the audit were current, while ensuring that the sampling criteria were applied consistently.

2.4 Methodology

In support of the requirements under Treasury Board's Policy on Internal Audit, audit criteria were developed and linked to each audit objective under the categories of governance, internal controls and risk management (these are found in Appendix A).

The audit included three separate lines of enquiry. The first two lines of enquiry included an assessment of the overall governance and risk management aspects of the revenue management control framework in place at IC . The audit work consisted of conducting interviews with management in each entities, as well as Financial and Materials Management Directorate (FMMD), to discuss governance and risk management activities. We also reviewed the supporting documentation to corroborate interview findings.

The third line of enquiry focused on the operating effectiveness of internal controls over the various revenue streams using the internal control frameworks developed as part of IC's Financial Statement Readiness Assessment Project. The operating effectiveness testing covered over 75% of the revenue generated by IC .

Return to the Table of Contents

3.0 Findings and Recommendations

3.1 Introduction

This section presents detailed findings from the audit of the management of revenues for the whole department. Findings are based on the evidence and analysis from both our initial risk analysis and the detailed audit conduct.

No additional observations of conditions that were non-systemic and of low materiality and risk have been communicated to management for their consideration.

3.2 Governance

Finding 1: Revenue Management Policy

There is not enough direction on revenue management coming from the Comptrollership Administration Sector (CAS) to revenue streams.

The Department is required to provide financial statements on a department-wide basis, and there should be central coordination of the financial information and transaction recording, including guidance on how to record financial information.

During discussions with entities which manage revenue, it was reported that they operate independently and develop their own processes and procedures regarding recording and managing revenues. Each entity addressed transaction recording differently. Certain control weaknesses such as, poor segregation of duties and insufficient evidence of review, were noted in five out of the six streams.

Based on discussions with management and as demonstrated by the weaknesses observed, entities which manage revenue may not have the expertise to make financial policy decisions and may need guidance (e.g.: understanding proper segregation of duties) in developing processes and procedures. Some guidance is provided from CAS. However, a stronger direction is needed to ensure that control weaknesses are addressed and practices are consistent.

Recommendation 1

The Director General, FOSB, in partnership with revenue generating entities, should implement and monitor department-wide policies on the management of revenues, such as guidance on segregation of duties, accrual accounting and revenue recognition.

3.3 Risk Management

Finding 2: Formalized Risk Management

There is no formal risk management process for the management of revenue.

An effective risk management process should include the identification of potential risks, assessment of impact and likelihood of risk events occurring, development of strategies to mitigate the risk and implementation of risk management strategies.

During our discussion with program staff and review of documents, it was noted that risk is considered in the decision-making process in different activities such as preparation of a business plan, consultations with stakeholders, and budget and forecast analysis. However, we were unable to find evidence to indicate that all potential risks were considered and if mitigating strategies were sufficient to bring risk to a tolerable level. We found no documentation of risk-based decisions.

Recommendation 2

The Director General, FOSB, in partnership with revenue generating entities, should ensure that formal risk management processes for revenue streams are developed, reviewed and updated on an annual basis.

Internal Control

Finding 3: Segregation of Duties

The duties related to handling payments from the public are not properly segregated.

One important element of internal control is that authorization of a transaction, recording the transaction and custody of the asset are considered to be incompatible duties.

During the operating effectiveness testing, it was noted in three of the six revenue streams, that the same individual who recorded the cash receipts also had physical custody of the cheques. In some instances the individual was also responsible for managing accounts receivable reconciliation. In one case in particular, the individual reconciled the cash receipts records to the accounts receivable records.

While there is a mitigating control in that the cheques are made payable to the Department or the Receiver General and would not likely get cashed, proper segregation of duties will reduce the risk of loss.

Recommendation 3

The Director General, FOSB, in partnership with revenue generating entities, should ensure proper segregation of duties for individuals who have custody of the asset (e.g.: cheque) and individuals who record the transaction.

Finding 4: Review Process

There is insufficient evidence of approval and/or review processes related to revenue management.

For a control to be considered effective, evidence is needed to demonstrate that the control has taken place. In the absence of evidence, independent assurance cannot be provided.

During the operating effectiveness testing it was noted that independent reviews were often not signed-off by the reviewer. While there was often evidence that the document was reviewed (e.g.: manual corrections, tick marks), having no formal initial, signature or stamp made it difficult, in many cases, to determine whether the control had taken place.

Recommendation 4

The Director General, FOSB, in partnership with revenue generating entities, should ensure that there is sufficient evidence of approval and/or review related to revenue processes, such as signature and date.

Finding 5: Control documentation

Outdated control documentation for revenue processes does not reflect current practices.

The Department has control documentation for the six revenue streams that were tested. The documentation includes a narrative and control framework as well as a letter of recommendation regarding any deficiencies that were noted. Management reviewed the documents and approved their contents. These documents are an essential component to the preparation for the upcoming financial audit of the departmental financial statements.

While conducting the operating effectiveness of certain controls, it was noted that the description of the control activity did not accurately reflect current practice. The risk of this disparity is that control activities may become inconsistent over time as management addresses deficiencies or due to staffing changes.

Recommendation 5

The Director General, FOSB should ensure that control documentation for revenue processes is updated to reflect changes.

Return to the Table of Contents

4.0 Appendix A: Detailed Audit Criteria

Detailed Audit Criteria
Governance
  • Common or centralized policies, tools and training exist which ensure that revenue is recorded on a consistent basis throughout the Department.
  • CAS ensures that fee determination complies with the legislative framework.
  • Management has processes and structures in place to ensure that established fees are compliant with the legislative framework.
  • Management has processes and structures in place to ensure that only established fees are used to charge for services.
Risk Management
  • Management identifies and monitors revenue related risks.
Internal Control
  • Revenues for the 6 revenue streams are calculated in accordance with GAAP and appropriately recorded. The following sub-criteria will be addressed:
  • Processing revenues
    • Only approved fees are used.
    • All valid revenues are input accurately.
    • Revenues are recorded in the period in which they were earned.
    • All valid adjustments are recorded accurately.
    • Adjustments are recorded in the proper period.

  • Processing and Recording Cash Receipts
    • Cash receipts are recorded in the period (fiscal year) in which they are received.
    • All valid cash receipts data is accurately entered for processing.

  • Maintaining master data
    • Only valid changes are made to the master data.
    • All valid changes to the master data are accurately input on a timely basis.
    • Master data remains pertinent.

  • Segregation of Duties
    • Segregation of duties is appropriate.

Return to the Table of Contents

Appendix B: Management Action Plan

Management Action Plan
Recommendation Planned Action or Justification for no action on the Recommen-dation Responsible Official(s) Target Completion Date Revised Completion Date Current Status
1) The Director General, Financial Operations and Systems Branch (FOSB), in partnership with revenue generating entities, should implement and monitor department-wide policies on the management of revenues, such as guidance on segregation of duties, accrual accounting and revenue recognition. 1) FOSB will meet with material revenue stream sectors to share the results of the audit and strengthen relationships. Karen Cahill / Deborah Guillas & Sector Financial Managers 1) Sept 2008    
2) IC has an Accounting Policy on the Treatment of Revenue, Accounts Receivable, and Deferred Revenue already in place. As part of the Corporate Finance web-site content review this policy will be updated as necessary. 2) Dec 2008
3) FOSB in consultation with sectors will develop a procedure on management of departmental revenues. 3) Mar 2009

4) FOSB will be creating a quarterly discussion group on revenue management with sectors financial officers.

 4) Oct 2008
5) FOSB will widen the scope of its annual monitoring visit to include discussions and monitoring of revenue processes and controls in regional offices and sectors. Each material revenue stream will be visited before the year end. 5) visits to begin Fall 2008
6) FOSB will perform a walkthrough of each remediation measures implemented by sectors to ensure new controls put in place are effective. 6) Mar 2009
7) FOSB will be requesting bi-annually updates on internal control documents which will require management level approval stating that controls designed are in place are working as intended. 7) Oct 2008
8) FOSB will incorporate revenue processes and mandatory controls in its next revision of the Financial Control framework. 8) May 2009
2) The Director General, FOSB, in partnership with revenue generating entities, should ensure that formal risk management processes for revenue streams are developed, reviewed and updated on an annual basis. Develop in partnership with sectors, management strategies for revenue generating entities. Karen Cahill / Deborah Guillas & Sector Financial Managers Mar 2009    
3) The Director General, FOSB, in partnership with revenue generating entities, should ensure proper segregation of duties for individuals who have custody of the asset (e.g.: cheque) and individuals who record the transactions.

1) FOSB will widen the scope of its annual monitoring visit to include discussions and monitoring of revenue processes and controls in regional offices and sectors. Each material revenue stream will be visited before the year end.

 Karen Cahill / Deborah Guillas & Sector Financial Managers

1) visits to begin Fall 2008

    
2) FOSB will be requesting bi-annually updates on internal control documents which will require management level approval stating that controls designed are in place are working as intended. 2)Oct 2008
3) FOSB will work with sectors head to investigate the possibility of creating a quarterly post audit of revenue transaction to test for compliance and accuracy. 3) Jan 2009
4) The Director General, FOSB, in partnership with revenue generating entities, should ensure that there is sufficient evidence of approval and/or review related to revenue processes, such as signature and date.

1) FOSB will widen the scope of its annual monitoring visit to include discussions and monitoring of revenue processes and controls in regional offices and sectors. Each material revenue stream will be visited before the year end.

 Karen Cahill / Deborah Guillas & Sector Financial Managers

1) visits to begin Fall 2008

    
2) FOSB will be requesting bi-annually updates on internal control documents which will require management level approval stating that controls designed are in place are working as intended. 2) Oct 2008
3) FOSB will be developing with Sectors a revenue payment checklist to ensure consistency in the department which will be incorporated in the next version of the Financial Control Framework. 3) Feb 2009
5) The Director General, FOSB should ensure that control documentation for revenue processes is updated to reflect changes. FOSB will be requesting bi-annually updates on internal control documents which will require management level approval stating that controls designed are in place are working as intended. Karen Cahill / Deborah Guillas & Sector Financial Managers Oct 2008    
 Report a problem
Date modified: