Skip to main content

PACP Committee Report

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

PDF

REPORT 1, MANAGING THE RISK OF FRAUD, FROM THE 2017 SPRING REPORTS OF THE AUDITOR GENERAL OF CANADA

INTRODUCTION

According to the Office of the Auditor General of Canada (OAG), fraud in a federal government organization “can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in public services. Therefore, federal organizations must manage their fraud risks.[1]

The OAG also added that federal organizations “must make sure they effectively manage risk to ensure that their information, assets, and organizational integrity are protected. They are also responsible for making sure staff are aware of their organization’s code of values and ethics.”[2] To wit, the “Treasury Board of Canada Secretariat’s role is to encourage management excellence in government organizations. It provides guidance, tools, and expertise to federal organizations to help them implement a risk-informed management approach.”[3]

In the spring of 2017, the OAG released a performance audit that focused on fraud risk management in the following five federal organizations (selected for their variance in operations and size):[4]

  • Canadian Food Inspection Agency (CFIA);
  • Global Affairs Canada (GAC);
  • Health Canada;
  • Indigenous and Northern Affairs Canada (INAC); and
  • Public Services and Procurement Canada (PSPC).

On 3 and 5 October 2017, the House of Commons Standing Committee on Public Accounts (the Committee) held hearings to study the matters raised in the audit.[5] Witnesses included Michael Ferguson, Auditor General of Canada; Paul Glover, President, Canadian Food Inspection Agency; Ian Shugart, Deputy Minister, Global Affairs Canada; Simon Kennedy, Deputy Minister, Health Canada; Hélène Laurendeau, Deputy Minister, Indigenous and Northern Affairs Canada; Marie Lemay, Deputy Minister, Public Services and Procurement Canada; and, Bill Matthews, Comptroller General of Canada, Treasury Board of Canada Secretariat.[6]

Throughout this report, the following definitions are used:

  • Fraud Risks – The risks of various types of fraud that an organization could face, both internal and external, or types of wrongdoing that could involve fraud, depending on the organization’s operations.[7]
  • Fraud Risk Assessment – A process aimed at identifying and addressing an organization’s vulnerabilities to both internal and external fraud.[8]

FINDINGS AND RECOMMENDATIONS

A. Identifying Fraud Risks and Mitigating Measures, Completing Fraud Risk Assessments

The OAG examined “whether the selected organizations had fraud risk governance processes in place and whether the organizations conducted periodic assessments of their fraud risks,”[9] as well as whether the assessments included the best practices for fraud risk assessments recommended by audit and accounting organizations.

According to the OAG, “all five federal organizations had governance structures in place, including independent audit committees and values and integrity offices, to oversee their management of risks, including fraud risks.”[10]

However, the OAG also noted that “only the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada completed a fraud risk assessment.”[11]

The OAG found that “the selected federal organizations had governance structures in place that contributed to fraud risk management”[12] and that “all organizations had some additional elements of governance in place,”[13] such as the Ombudsman, Integrity and Resolution Office at Health Canada, or the National Centre for Allegations and Complaints at Indigenous and Northern Affairs.[14]

The OAG noted that “the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada each conducted a fraud risk assessment,” but that “some best practices were missing from the assessments.”[15] In addition, while “both Health Canada and Public Services and Procurement Canada had fraud risk management frameworks in place, neither completed a fraud risk assessment.”[16]

As a result, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada should ensure that their current fraud risk assessments are reviewed and updated periodically, following best practices.”[17]

In response, in its detailed action plan, CFIA stated that it “will review the current formal fraud risk assessment and update it periodically incorporating best practices” by December 2017.[18]

Also in response to the OAG’s recommendation, GAC stated in its action plan that it “will take steps to ensure that a fraud risk assessment is reviewed and updated annually, including verifying whether controls are operating effectively and efficiently. The actions associated with this recommendation will be completed by December 2017.”[19]

To the same recommendation, INAC stated in its action plan that it will “review its current formal fraud risk assessment and update it periodically, incorporating best practices beginning 1 September, 2017.”[20] Furthermore, Hélène Laurendeau, Deputy Minister, INAC, added the following:

My department and I agree with the recommendation that fraud risk assessments be reviewed and updated periodically following best practices. Our current fraud risk assessment was first completed in 2014 and updated in 2016. A review and update of the department-wide fraud risk assessment will commence in 2017-18. We intend to follow a regular cycle of review from that point on.[21]

Notwithstanding these commitments, the Committee recommends:

RECOMMENDATION 1

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to ensuring that their current fraud risk assessments are reviewed and updated periodically, following best practices.

Additionally, the OAG also recommended that “Health Canada and Public Services and Procurement Canada should conduct a fraud risk assessment that considers all areas of their organizations and follows best practices.”[22]

In their detailed action plans, these departments committed to the following:

  • Health Canada will complete a “formal report on fraud risk assessment that identifies fraud risks, assesses existing controls and recommends additional controls if appropriate. The report will be used to assist the department in effectively managing the risk of fraud.”[23]
  • PSPC will “provide a departmental-wide fraud risk assessment and mapping of existing and recommended mitigation measures including management controls. This assessment will be input into the Departmental Risk Profile.”[24]

On this subject, Simon Kennedy, Deputy Minister, Health Canada, added the following:

Health Canada is in the process of conducting a comprehensive fraud risk assessment. The risk assessment will be conducted jointly by our chief audit executive, the chief financial officer, and Deloitte. Deloitte was chosen through a competitive contracting process for its expertise in the area of fraud risk assessment. The draft risk assessment is expected to be completed for March 31 of next year and finalized following our departmental audit committee meeting in June of next year. We intend to use that risk assessment to inform our internal control framework, as well as our risk-based audit plan.[25]

Consequently, the Committee recommends:

RECOMMENDATION 2

That, no later than 120 days after the tabling of this report, Health Canada and Public Services and Procurement Canada provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to conducting fraud risks assessments that consider all areas of their organizations and that follow best practices.

B. Mandatory Training on Values and Ethics and Conflicts of Interest

The OAG “examined whether the selected federal organizations trained their employees on values and ethics, conflicts of interest, and fraud.”[26]It noted that “all five federal organizations had employee training programs on values and ethics and conflicts of interest. However, many employees did not receive the training, even though it was mandatory. When it was required, fewer than 20 [%] of Health Canada and Public Services and Procurement Canada employees received the training. At the Canadian Food Inspection Agency, 34 [%] of employees received the required training.”[27]

Additionally, the OAG “could not calculate the percentage of Global Affairs Canada employees who received the training because the Department did not have the information … needed to make the calculation. In the case of Indigenous and Northern Affairs Canada, it made its training mandatory toward the end of the audit period; therefore, [the OAG was] unable to assess its monitoring.”[28]

The OAG also acknowledged that GAC and INAC provided fraud awareness training even though it was not required by the Government of Canada.[29]

To address these concerns, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada should

  • identify operational areas at higher risk for fraud and develop targeted training for employees in these areas, and
  • ensure that employees are taking mandatory training in a timely manner.”[30]

In response to this recommendation, in its action plan, CFIA stated it “is committed to increasing employee awareness through regular reminder communications” and that it will “also conduct a needs assessment by June 2017 to identify the best approach for mitigating areas of higher fraud risk. This assessment will consider the need for additional training or other products to mitigate fraud risk.”[31] Paul Glover, President, CFIA, made an additional commitment to the Committee:

That's why, at the beginning of this fiscal year, we wrote into all of my executives' management contracts that mandatory means mandatory, and it is part of their performance objectives to make sure we achieve that.
We will be following up. We are approaching the six-month, mid-year review to give them feedback. We have a quarterly report that is shared with us at the management table to ensure that we are actually doing what we said we would do.[32]

GAC responded to the recommendation by stating in its action plan that it will “take steps to identify operational areas at higher risk for fraud, the nature of those risks, and measures to mitigate those risks” and that it will “develop a training strategy and communications plan to promote values and ethics training in the workplace. The actions associated with this recommendation will be completed by November 2017.”[33]

Health Canada, in response to this recommendation, stated in its action plan that it will “enhance specialized training for new regulators and increase communication and monitoring efforts on mandatory value and ethics training for managers.”[34] Simon Kennedy added the following:

Health Canada agrees with the need for targeted training in high-risk areas and will continue to deliver its enhanced specialized training for new regulators. This was recommended by the Office of the Auditor General in its 2011 report on regulating pharmaceutical drugs, which is a particular area in which we have to worry about those kinds of issues.[35]

INAC responded to the recommendation by committing in its action plan that it will “identify areas at high risk of fraud, continue providing targeted fraud training to employees and ensure that mandatory values and ethics training is completed as required” by 1 September, 2017.[36] Hélène Laurendeau added the following:

My department has complied with both aspects of this item. The first was to provide targeted training for employees in operational areas at higher risk for fraud. Specifically, applicable employees in all regions received training on construction fraud awareness by December 2016.
The second aspect of this recommendation was to ensure that all employees take mandatory training in values and ethics in a timely manner. Since 2008, INAC has offered values and ethics training to staff at headquarters and in the regions. In 2016, values and ethics training became mandatory for all staff. I should note that I receive monthly reports on sessions delivered and on attendance. We have also added a component on fraud to ensure that this topic remains top of mind to staff.[37]

Finally, PSPC responded to the recommendation by stating in its action plan that it will “continue to identify occupational areas at higher risk of fraudulent practices and determine training needs, as necessary” and to “ensure accurate tracking of employee completion rates, the department will implement a new Learning Management System in April 2017.”[38]

The Committee was very concerned upon learning about the low rate of completion of mandatory training across the audited federal organizations.  Thus, in order to better ensure that departments and agencies seriously examine what operational areas warrant mandatory specialized training and that affected employees undertake it, the Committee recommends:

RECOMMENDATION 3

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada, provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to identifying operational areas at higher risk for fraud and developing targeted training for employees in these areas, and ensuring that employees are taking mandatory training in a timely manner.

C. Process to Manage Conflicts of Interest

The OAG “examined how the five federal organizations managed employee declarations of conflict of interest and whether they were resolved in a timely manner,” and also “examined whether the organizations regularly required employees in high-risk areas to declare whether or not they were in a conflict of interest.”[39] The OAG noted that “all organizations had logs to track and manage conflict of interest declarations, but the logs were missing key information.”[40]

Consequently, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada should ensure that logs used to track and manage declarations of conflict of interest and the related mitigation measures have sufficient and complete information to support the timely resolution of employee declarations of conflict of interest.”[41]

The departments, in response to this recommendation, stated the following in their detailed action plans:

  • CFIA completed “reviewing the Conflict of Interest Secretariat’s tracking and logging system to ensure critical data is captured for enhanced tracking and reporting capabilities.”[42]
  • GAC “recently implemented a new case management system, which will improve tracking and reporting on all values and ethics cases, including conflicts of interest” and that the “actions associated with this recommendation will be completed by March 2018.”[43]
  • Health Canada added “new tracking elements to its conflict of interest case management system to ensure sufficient information is captured to support timely resolution of employee declarations of conflict of interest.”[44]
  • INAC modified its systems such that logs now include the date declarations are received and closed, as well as an assessment of the risk involved (low, medium, high).[45]
  • PSPC “added a column to its Conflict of Interest (COI) tracking log, as of January 2017, to indicate the COI determination (none, real, potential or apparent) resulting from the declaration.”[46]

The level of completion of that recommendation varied across departments. For example, Paul Glover, CFIA, said that they “had completed it [commitments related to recommendation 1.54 of the OAG audit]”.[47] Marie Lemay, PSPC, stated that it was completed.[48] As for GAC, whose target was to complete requirements related to the same recommendation by March 2018, Ian Shugart reported that the “migration of the case files is complete, and the rest is on track, in our opinion.”[49]

To better ensure that that these federal organizations address this matter, the Committee recommends:

RECOMMENDATION 4

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada, provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to ensuring that the logs used to track and manage declarations of conflict of interest and the related mitigation measures have sufficient and complete information to support the timely resolution of employee declarations of conflict of interest.

D. Employee Declarations in High-risk Areas

A previous OAG report, published in the fall of 2010, recommended that “federal organizations identify areas at high risk for conflict of interest and require employees in these areas to report regularly whether or not they were in a conflict of interest.”[50]

The OAG noted that Health Canada and Public Services and Procurement Canada had processes in place, but that “the other three organizations did not regularly require employees in high-risk areas to declare whether or not they were in a conflict of interest.”[51]

As a result, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada should

  • identify operational areas at high risk for conflict of interest and ensure that public servants occupying positions in those areas are regularly required to indicate whether or not they are in a conflict of interest, and
  • follow up on the implementation of mitigating measures for conflicts of interest on a risk basis.”[52]

In response to this recommendation, the departments committed to the following in their detailed action plans:

  • CFIA will “commence a review to identify areas of high risk for conflict of interest and to consider whether additional mechanisms are required to confirm whether or not there is a conflict of interest,” to be completed by March 2018.[53]
  • GAC “will review and amend current practices for reporting and managing conflicts of interest, in order to ensure that effective monitoring and control measures are in place” by January 2018.[54]
  • INAC will “follow up on the implementation of mitigating measures for conflict of interest on a risk basis, identify areas of high risk and ensure that employees regularly update their declaration,” to be completed by 1 September 2017.[55]

On this matter, Hélène Laurendeau, INAC, added the following comment:

On this particular issue I would like to report that we have put in place revisions to our conflict of interest log system to provide the level of detail that is required for better follow-up and for better tracking. We have also done the necessary follow-up work for employees working in operational areas at high risk for conflict of interest.[56]

Consequently, the Committee recommends:

RECOMMENDATION 5

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to identifying operational areas at high risk for conflict of interest; ensuring that public servants occupying positions in those areas are reminded annually of their requirements to indicate whether or not they are in a conflict of interest; and, following up on the implementation of mitigating measures for conflicts of interest on a risk basis.

E. Controls to Manage the Risk of Fraud in Procurement

The OAG examined “whether the federal organizations had selected controls and review committees in place to manage the risk of fraud in the procurement of goods and services conducted within their authority and whether the controls were applied and review committees involved consistently. [The OAG] examined whether organizations sufficiently and routinely analyzed contracting information to identify trends and signs of fraudulent behaviour or non-compliance and followed up on exceptions.”[57]

The OAG also looked for signs of inappropriate use of three practices accepted by the Treasury Board that could lead to fraud:

  • Contract splitting: Unnecessarily dividing a requirement into a number of smaller contracts, thereby avoiding controls on the duration of assignments or contract approval authorities.
  • Inappropriate contract amendments: An agreed addition to, deletion from, correction to, or modification of a contract that is inappropriate: for example, awarding a contract at a low price, followed promptly by making an amendment to evade competition.
  • Inappropriate sole-source contracting: Directing a contract to a supplier on a sole-source basis when other suppliers are capable of doing or providing the work.[58]

The OAG found that “all the federal organizations had controls over procurement conducted within their authority to prevent and detect” these three practices. However, according to the OAG, “these controls were not always applied, even when they were mandatory.”[59] According to the OAG, CFIA, Health Canada, and INAC “had mandatory checklists to prompt their procurement officers to identify signs of inappropriate contracting practices. However, the checklists were not always used or were incomplete at the Canadian Food Inspection Agency and Indigenous and Northern Affairs Canada.”[60]

The OAG also found that there were “limited proactive prevention and detection activities. For the three selected contracting practices, [the OAG] found that none of the federal organizations sufficiently and routinely analyzed contracting data to identify trends and signs of fraudulent behaviour or non-compliance and followed up on exceptions.”[61]

For these reasons, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada should ensure that contract files and contracting data are complete and accurate. They should also conduct data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis.”[62]

In response to this recommendation, CFIA committed to “reviewing how best to increase the use of data analytics to evaluate procurement and contracting controls and identify possible areas of concern. Identified opportunities to increase the data analytics will be implemented by March 2018.”[63]

Paul Glover, CFIA, added the following:

We believe we are well on track to be doing this. We are working very closely with our bargaining agents. I will say that as a regulatory agency too, we are using this opportunity not just to look at our own internal risk of fraud; a lot of the work that our inspectors do is to find inappropriate behaviour on the regulated parties. We are working collaboratively to deal with both of those issues. We feel we are well on track to be reviewing our suite of training and to be able to deliver it as per the work plan.[64]

GAC responded to this recommendation by stating in its action plan that it “will take steps to improve system data integrity and introduce automated tools for analyzing procurement data to detect potential fraudulent activities” by September 2017.[65]

Health Canada stated in its action plan, in response to this recommendation, that it will “enhance its data analytics, data mining, and other practices to improve data quality and to better detect potential contract splitting, abuse of amendments, and inappropriate sole source contracting.”[66]

INAC, in response to this recommendation, stated in its detailed action plan that it will “ensure contract files are complete and will explore opportunities to better utilize data analytics and data mining to detect red flags and potential procurement fraud risks,” to be completed by 30 June 2017.[67]

Finally, PSPC stated in its action plan that it will “continue its initiative to improve data quality through measures that ensure complete information is captured in the departmental financial and materiel management system” and that it “has implemented risk-based reviews of contracts through a monitoring program to detect anomalies and ensure corrective action is taken where appropriate.”[68]

Notwithstanding these measures, the Committee recommends:

RECOMMENDATION 6

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to A) ensuring that contract files and contracting data are complete and accurate; and B) conducting data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis.

F. Internal Investigations of Fraud Allegations and Information Used to Track the Status of Allegations

The OAG examined “whether selected federal organizations

  • had a group to manage allegations of fraud;
  • had an approach to coordinate, monitor, investigate, and report on such allegations; and
  • took corrective actions to help mitigate future incidents.”[69]

The OAG found that “all five federal organizations established one or more groups to manage allegations of fraud and conduct internal investigations as needed,” and also that “they all had policies and guidelines that outlined investigation processes and roles and responsibilities.”[70] In addition, “all the organizations used either a log or a file management system to manage allegations and investigations. However, problems with the information in the logs at the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada limited the logs’ usefulness.”[71]

According to the OAG, the investigation groups it examined “reported the results of their investigations to senior management or a senior committee. However, it was not always clear how or whether the recommendations or systemic corrective measures were implemented.”[72]

Therefore, the OAG recommended that the “Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada should maintain a comprehensive and complete log that captures and tracks the status of all allegations, where appropriate, including where corrective measures were implemented to prevent fraud.”[73]

In response to this recommendation, the departments committed to the following in their action plans:

  • CFIA “is currently implementing a centralized function for the coordination, management and reporting for any instances of fraud activity. A tracking system will be used to capture and monitor the status of suspected fraud cases and their related corrective action plans,” to be completed by March 2018.[74]
  • GAC “has recently implemented a new case management system, which will improve tracking and reporting on internal investigations, including tracking of the status of allegations;” this is expected to be completed by March 2018.[75]
  • INAC is “currently working to develop a comprehensive log to track the status of all allegations, including systemic corrective measures implemented,” to be completed by 30 September, 2017.[76]

Hélène Laurendeau, INAC, added the following:

I am happy to report that we are in the process of developing a tracking log that will be ready by this coming December. We take very seriously allegations of fraud, and we use every opportunity to educate or improve our processes based on findings made in assessing such allegations.[77]

Consequently, the Committee recommends:

RECOMMENDATION 7

That, no later than 120 days after the tabling of this report, the Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to maintaining a comprehensive and complete log that captures and tracks the status of all allegations, where appropriate, including where corrective measures were implemented to prevent fraud.

G. Guidance on Risk Management

The OAG examined “whether the Treasury Board of Canada Secretariat had developed clear policies, guidance, and tools on assessing and managing fraud risks as part of its guidance and support on overall departmental risks.” It also examined “whether the Secretariat monitored how federal government organizations managed their risk of fraud.”[78]

According to the OAG, “the Treasury Board of Canada Secretariat provided guidance, tools, and expertise to support federal organizations in managing their risks” and “had a Framework for the Management of Risk to support organizations in risk management.” However, the Framework and the other directives and policies the OAG examined “did not mention fraud risks or fraud risk management.”[79]

As a result, the OAG recommended that, to “help improve fraud risk management at federal organizations, the Treasury Board of Canada Secretariat should

  • increase awareness of the importance of managing fraud risks by supporting senior management in implementing fraud risk management, and
  • consider issuing specific guidance on managing fraud risks and how its implementation could be monitored.”[80]

In response to this recommendation, the Treasury Board Secretariat stated in its detailed action plan that, in consultation with federal organizations, it will  “examine the need to update its guidance on the management of fraud risks by December 2017 and will communicate any consequent changes to departments and agencies by March 2018. On a periodic basis, the Secretariat will increase awareness, within the financial management and internal audit communities, of the importance of managing fraud risks, through its regular engagement events and communication vehicles.”[81]

Bill Matthews, Comptroller General of Canada, Treasury Board of Canada Secretariat, agreed with the recommendation, but made the following statement:

Going forward, the secretariat will continue to consult with departments and agencies on the need to update its guidance on the management of fraud risks. Going forward, this challenge is one of striking a balance between raising awareness and not overburdening departments and agencies with new requirements in the area of reporting and monitoring.[82]

Therefore, the Committee recommends:

RECOMMENDATION 8

That, no later than 120 days after the tabling of this report, the Treasury Board of Canada Secretariat provide the House of Commons Standing Committee on Public Accounts with a report detailing what progress has been made with regard to A) increasing awareness across the Government of Canada of the importance of managing fraud risks by supporting senior management in implementing fraud risk management; and B) the consideration of issuing specific guidance on managing fraud risks and how its implementation could be monitored.

CONCLUSION

The Committee finds that the federal organizations selected for this audit did not appropriately manage all of their fraud risks; however, there were a number of sound practices in all the organizations examined.[83]  And although these organizations had appropriate governance structures to help manage fraud risk, some “did not use a strong enough approach to assess them,” and none made sure that the specific controls examined worked as intended.[84] Furthermore, the Committee also found that while the Treasury Board of Canada Secretariat developed guidance for departments and agencies to help them assess and manage overall departmental risks,” it did not “provide specific guidance on fraud risk management or monitor how departments and agencies managed their risk of fraud.”[85]

To address the concerns identified in this study, the Committee has made 7 recommendations to help ensure that the selected federal organizations better manage the risk of fraud, and one recommendation to the Treasury Board of Canada Secretariat to help ensure it continues to monitor and advise federal organizations on how to manage the risk of fraud.

SUMMARY OF RECOMMENDED ACTIONS AND ASSOCIATED DEADLINES

Table 1 – Summary of Recommended Actions and Associated Deadlines

Recommendation

Recommended Action

Deadline

Recommendation 1

The Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada need to provide the Committee with a report detailing what progress has been made with regard to ensuring that their current fraud risk assessments are reviewed and updated periodically, following best practices.

No later than 120 days after the tabling of this report.

Recommendation 2

Health Canada and Public Services and Procurement Canada need to provide the Committee with a report detailing what progress has been made with regard to conducting fraud risks assessments that consider all areas of their organizations and that follow best practices.

No later than 120 days after the tabling of this report.

Recommendation 3

The Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada, need to provide the Committee a report detailing what progress has been made with regard to identifying operational areas at higher risk for fraud and developing targeted training for employees in these areas, and ensuring that employees are taking mandatory training in a timely manner.

No later than 120 days after the tabling of this report.

Recommendation 4

The Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada need to provide the Committee with a report detailing what progress has been made with regard to ensuring that the logs used to track and manage declarations of conflict of interest and the related mitigation measures have sufficient and complete information to support the timely resolution of employee declarations of conflict of interest.

No later than 120 days after the tabling of this report.

Recommendation 5

The Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada need to provide the Committee with a report detailing what progress has been made with regard to identifying operational areas at high risk for conflict of interest; ensuring that public servants occupying positions in those areas are reminded annually of their requirement to indicate whether or not they are in a conflict of interest; and, following up on the implementation of mitigating measures for conflicts of interest on a risk basis.

No later than 120 days after the tabling of this report.

Recommendation 6

The Canadian Food Inspection Agency, Global Affairs Canada, Health Canada, Indigenous and Northern Affairs Canada, and Public Services and Procurement Canada need to provide the Committee with a report detailing what progress has been made with regard to A) ensuring that contract files and contracting data are complete and accurate; and B) conducting data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis.

No later than 120 days after the tabling of this report.

Recommendation 7

The Canadian Food Inspection Agency, Global Affairs Canada, and Indigenous and Northern Affairs Canada provide the Committee with a report detailing what progress has been made with regard to maintaining a comprehensive and complete log that captures and tracks the status of all allegations, where appropriate, including where corrective measures were implemented to prevent fraud.

No later than 120 days after the tabling of this report.

Recommendation 8

The Treasury Board of Canada Secretariat needs to provide the Committee with a report detailing what progress has been made with regard to A) increasing awareness across the Government of Canada of the importance of managing fraud risks by supporting senior management in implementing fraud risk management; and B) the consideration of issuing specific guidance on managing fraud risks and how its implementation could be monitored.

No later than 120 days after the tabling of this report.


[1]              Office of the Auditor General of Canada (OAG), Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.1.

[2]              Ibid., para. 1.4.

[3]              Ibid., para. 1.5.

[4]              Ibid., para. 1.6.

[5]              House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68 and 5 October 2017, Meeting 69.

[6]              Ibid.

[7]              OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor General of Canada – Spring 2017, para. 1.1.

[8]              Ibid., para. 1.16.

[9]              Ibid., para. 1.20.

[10]            Ibid., para. 1.16.

[11]            Ibid.

[12]            Ibid., para. 1.22.

[13]            Ibid., para. 1.23.

[14]            Ibid.

[15]            Ibid., para. 1.25.

[16]            Ibid., para. 1.27.

[17]            Ibid., para. 1.29.

[18]            Canadian Food Inspection Agency, Detailed Action Plan, p. 1.

[19]            Global Affairs Canada, Detailed Action Plan, p. 1.

[20]            Indigenous and Northern Affairs Canada, Detailed Action Plan, p. 1.

[21]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1010.

[22]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor General of Canada – Spring 2017, para. 1.30.

[23]            Health Canada, Detailed Action Plan, p. 1.

[24]            Public Services and Procurement Canada, Detailed Action Plan, p. 1.

[25]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1005.

[26]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.35.

[27]            Ibid., para. 1.36.

[28]            Ibid., para. 1.37.

[29]            Ibid., para. 1.38.

[30]            Ibid., para. 1.39.

[31]            Canadian Food Inspection Agency, Detailed Action Plan, p. 1.

[32]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 5 October 2017, Meeting 69, 1005.

[33]            Global Affairs Canada, Detailed Action Plan, p. 1.

[34]            Health Canada, Detailed Action Plan, p. 1.

[35]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1005.

[36]            Indigenous and Northern Affairs Canada, Detailed Action Plan, p. 2.

[37]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1010.

[38]            Public Services and Procurement Canada, Detailed Action Plan, pp. 1-2.

[39]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.44.

[40]            Ibid., para. 1.46.

[41]            Ibid., para. 1.54.

[42]            Canadian Food Inspection Agency, Detailed Action Plan, p. 2.

[43]            Global Affairs Canada, Detailed Action Plan, pp. 1-2.

[44]            Health Canada, Detailed Action Plan, p. 1.

[45]            Indigenous and Northern Affairs Canada, Detailed Action Plan, p. 3.

[46]            Public Services and Procurement Canada, Detailed Action Plan, p. 2.

[47]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 5 October 2017, Meeting 69, 1020.

[48]            Ibid.

[49]            Ibid.

[50]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor General of Canada – Spring 2017, para. 1.53.

[51]            Ibid.

[52]            Ibid., para. 1.55.

[53]            Canadian Food Inspection Agency, Detailed Action Plan, p. 2.

[54]            Global Affairs Canada, Detailed Action Plan, p. 2.

[55]            Indigenous and Northern Affairs Canada, Detailed Action Plan, p. 4.

[56]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1010.

[57]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.60.

[58]            Ibid., para. 1.61.

[59]            Ibid., para. 1.62.

[60]            Ibid., para. 1.66.

[61]            Ibid., para. 1.69.

[62]            Ibid., para. 1.71.

[63]            Canadian Food Inspection Agency, Detailed Action Plan, p. 3.

[64]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 5 October 2017, Meeting 69, 1010.

[65]            Global Affairs Canada, Detailed Action Plan, p. 2.

[66]            Health Canada, Detailed Action Plan, pp. 1-2.

[67]            Indigenous and Northern Affairs Canada, Detailed Action Plan, pp. 4-5.

[68]            Public Services and Procurement Canada, Detailed Action Plan, p. 2.

[69]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.76.

[70]            Ibid., para. 1.77.

[71]            Ibid., para. 1.78.

[72]            Ibid., para. 1.79.

[73]            Ibid., para. 1.80.

[74]            Canadian Food Inspection Agency, Detailed Action Plan, p. 3.

[75]            Global Affairs Canada, Detailed Action Plan, p. 3.

[76]            Indigenous and Northern Affairs Canada, Detailed Action Plan, p. 6.

[77]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1015.

[78]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.85.

[79]            Ibid., para. 1.86.

[80]            Ibid., para. 1.91.

[81]            Treasury Board of Canada Secretariat, Detailed Action Plan, p. 1.

[82]            House of Commons Standing Committee on Public Accounts, Evidence, 1st Session, 42nd Parliament, 3 October 2017, Meeting 68, 1025.

[83]            OAG, Managing the Risk of Fraud, Report 1 in Reports of the Auditor  General of Canada – Spring 2017, para. 1.92.

[84]            Ibid.

[85]            Ibid., para. 1.93.