ARCHIVE - Audit of Leave and Overtime
Audit Report - June 2010

Archived Content

Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Adobe Acrobat version (PDF 195KB)

Table of Contents

Acknowledgements

The audit team would like to thank those individuals who contributed to this project and, particularly, employees who provided insights and comments as part of this audit.

1.0 Executive Summary

1.1 Background

Public Safety Canada (PS) manages a budget of approximately $426 million1 and has a workforce of approximately 1000 people2. With approximately twenty occupational groups, seven related collective agreements, and six non-unionized employee occupational groups, the management of leave and overtime (OT) can be a complex activity. Leave and OT administration is governed by various acts, regulations, policies, collective agreements, directives and guidelines.

At PS, the activities related to Leave and OT are performed by various functions:

The Corporate Management Branch (CMB):

Managers, supervisors, and employees:

1.2 Why it’s Important

Persons appointed to the core public administration must receive appropriate monetary and non-monetary compensation and be accorded leave benefits in accordance with their relevant collective agreements or terms and conditions of employment. Departments must ensure that terms and conditions are administered in an equitable, accurate, consistent, transparent and timely manner. Costs associated with errors, inappropriate administration of leave, or inappropriate application of the terms and conditions of employment, must be paid by departments. The results of the risk-based audit planning exercise conducted in 2008-09, identified the overall risk exposure to pay and benefits as medium-high and an audit priority was directed to the management of leave and overtime. This was supported by the results of a preliminary risk survey conducted in 2006-07 in the area of pay and benefits which indicated that management of leave and overtime was deemed to be a high operational risk.

Public Safety Canada administers leave and overtime for approximately 1000 employees. In 2008-09, approximately 30,000 days of leave were taken by employees and actual overtime expenditures were $1.9M, representing approximately 2% of total salary expenditures (approximately $84M).

1.3 Audit Objective and Scope

The purpose of the audit was to assess the adequacy of the management control framework in place to effectively and efficiently support leave and OT activities and to ensure that transactions were consistently complete, valid and compliant with applicable policies, procedures and regulations.

During the past few years procedural changes were introduced to the administration of Leave, specifically the implementation of the LSS module and the revision of The Instrument of Delegation of Human Resources Management Authorities. Therefore, the audit period selected for leave transactions covered the period August 1, 2008 to February 28, 2009 after the changes were in place. This seven month period was accepted by management as a representative period from which to extrapolate the findings and provide an overall opinion. The audit period for OT transactions covered the period April 1, 2008 to February 28, 2009.

1.4 Audit Opinion

The management control framework in place to support leave and overtime activities, to ensure payments are correct, and to ensure compliance with applicable policies, regulations and collective agreements, was not adequate. The absence of monitoring and reporting controls based on an assessment of risk, combined with insufficient procedural guidelines, exposes the department to the risk that Leave and OT transactions are not processed appropriately.

1.5 Summary of Audit Findings

The audit found that key components of the Management Control Framework required strengthening. While the overall strategic plan, the operational business plan, and the HR plan existed and were aligned with the HR mandate, the lack of performance standards prevented an adequate assessment of capacity. Further HRD has not conducted a risk assessment of the leave and overtime environment, nor developed the associated risk mitigation strategies including monitoring and reporting requirements. As a result, HRD was limited in their ability to provide assurance of compliance, and when necessary, to make adjustments for lessons learned.

Limited operational procedures existed to guide the Compensation Advisors in processing leave and OT transactions, which contributed to a material number of errors with regard to OT transactions including, incorrect posting of hours into the system, double entry for hours in the same period, misinterpretation of Collective Agreement conversion rate factors, and inappropriate exercising of Section 34 of the Financial Administration Act. Generally, the dollar value of these errors was material in regard to the specific OT expenditures based on a materiality guideline of 1% of the OT population’s actual expenditures for the audited period. Such errors may be an indication of other qualitative impacts such as the hardship and frustration to employees caused by the subsequent recovery of any overpayment, or the potential of additional errors beyond the scope of OT transactions as many of these same procedures and controls are used in processing general payroll.

Generally, the audit found the leave credits earned, and the leave usage and respective approvals, were in compliance with applicable policies. There were no significant trends in regard to sick, vacation, or other leave taken. However, the audit noted that HRD does not perform any specific trend analysis of leave activities nor has there been any definition of what would be important to track.

1.6 Summary of Audit Recommendations

  1. Under the direction of the ADM CMB, HRD should conduct a risk assessment of the HR activities specifically related to leave and OT, and identify the core controls and procedures that will mitigate the identified risks to an appropriate level.
  2. Under the direction of the ADM CMB, HRD should develop measurable performance standards and define the operational requirements for monitoring and systems needs.
  3. Under the direction of the ADM CMB, HRD should document the key leave and OT processes and ensure they are clearly communicated to the appropriate compensation advisors.
  4. Under the direction of the ADM CMB, HRD should review and align the Delegation of HR Management Authorities and The Delegation of Financial Signing Authorities Instruments, to ensure consistency between the two authorities documents. Further, HRD should review their processes surrounding the validation of the Financial Authorities to ensure they are compliant with the TB Directive on Delegation of Financial Authorities for Disbursements and the Financial Administration Act.
  5. Under the direction of the ADM CMB, HRD should continue to strengthen communication and training of employees to ensure an understanding of the leave and OT policies and procedures.

1.7 Management Response

Management acknowledges that the leave and overtime control framework needs to be strengthened to reduce the risk of errors, especially as it pertains to overtime expenditures.  In this context, management agrees with the recommendations included in this audit and work has already been initiated to ensure they can be implemented by the end of the year.  Furthermore, specific actions have been taken to correct the specific errors detected during the audit.

Approved By:

Rosemary Stephenson
Chief Audit Executive

2.0 Background

Public Safety Canada (PS) manages a budget of approximately $426 million3 and has a workforce of approximately 1000 people4. With approximately twenty occupational groups, seven related collective agreements, and six non-unionized employee occupational groups, the management of leave and overtime (OT) can be a complex activity. Leave and OT administration is governed by various acts and regulations, policies, collective agreements, directives and guidelines.

At PS, the activities related to Leave and OT are performed by various functions:

The Corporate Management Branch (CMB):

Managers, supervisors, and employees:

These activities are supported through two separate software systems; the Regional Pay System (RPS) and PeopleSoft. These two systems currently have no interface between them to share or upload information.

The RPS is a government wide compensation system administered by Public Works and Government Services Canada (PWGSC). Operational procedures for the system and reporting functionality are driven by PWGSC who also provide an oversight function on all compensation transactions; however, the ultimate accountability remains with line departments.

PeopleSoft is the departmental human resources management system for which there is a Memorandum of Understanding with Correctional Service Canada for its use, while still allowing PS to retain full ownership of its business processes and HR data. Among other types of information, it captures data leave entitlements and usage. The system automatically calculates each employees leave entitlements such as vacation and sick leave credits based on their respective collective agreements and number of years as a public servant or the relevant terms and conditions of employee if non-unionized. In July 2008, PS introduced the PeopleSoft Leave Self Serve (LSS) module which allows the employees to enter their own leave transactions and for managers to have automatic notification of transactions requiring their approval.

The following table illustrates the OT dollars and respective number of employees at year end for the last three fiscal years.

Table of Overtime (OT) $ Actual and Total employees by Branch

The following table illustrates the average number of leave days per employee for the fiscal year 2008-09.

Table of Leave by Branch for the Fiscal Year 2008-2009

2.1 Audit Objective

The purpose of the audit was to assess the adequacy of the management control framework in place to effectively and efficiently support leave and OT activities and to ensure that transactions were consistently complete, valid and compliant with applicable policies, procedures and regulations.

2.2 Scope

During the past few years procedural changes were introduced to the administration of Leave, specifically the implementation of the LSS module and the revision of The Instrument of Delegation of Human Resources Management Authorities. Therefore, the audit period selected for leave transactions covered the period August 1, 2008 to February 28, 2009 after the changes were in place. This seven month period was accepted by management as a representative period from which to extrapolate the findings and provide an overall opinion. The audit period for OT transactions covered the period April 1, 2008 to February 28, 2009.

The elements of the management control framework that were examined included: business plans, risk management processes, roles, responsibilities, accountabilities, authorities, policies, procedures, and monitoring mechanisms.

2.3 Approach

The audit was planned and conducted in such a way as to obtain reasonable assurance that audit objectives were achieved. The audit included various tests, as considered necessary, to provide such assurance. These tests included, but were not limited to, interviews, observations, walkthroughs, review of supporting documentation, sampling of transactions and analytical reviews. The audit criteria (See Appendix A) used to develop the required audit tests were based on The Canadian Institute of Chartered Accountants “Criteria for Control” (COCO) model, the Management Accountability Framework (MAF) and on applicable policies, legislation, regulations and collective agreements.

The audit approach involved interviews with CMB personnel and departmental staff, reviews of documentation (organization charts, roles and responsibilities, allocation of resources), and walkthroughs and flowcharting of the leave and overtime processes. Sampling techniques used to identify the transactions for testing compliance were generally based on a statistical model which allowed the audit findings to be extrapolated over the entire leave and OT population.

2.4 Audit Opinion

The management control framework in place to support leave and overtime activities, to ensure payments are correct, and to ensure compliance with applicable policies, regulations and collective agreements was not adequate. The absence of monitoring and reporting controls based on an assessment of risk, combined with insufficient procedural guidelines, exposes the department to the risk that Leave and OT transactions are not processed appropriately.

2.5 Statement of Assurance

In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to provide senior management with reasonable assurance of the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The opinion is applicable only to the entity examined.

2.6 Findings, Recommendations and Management Response

2.6.1 HRD should develop performance standards and further define operational requirements for monitoring and systems needs.

The audit expected to find defined and communicated objectives, applicable to all levels within HRD, aligned with its mandate, such as an objective to develop measurable performance standards, and to consider operating requirements, including, amongst other things, the systems and monitoring requirements for external and internal environments. Further, the audit expected that the HR plan would include information on recruitment, hiring and promotion, and identify the necessary training, tools, resources and information to support HRD employees in the discharge of their responsibilities aligned with the operational requirements and performance standards.

The audit found that generally the key components required in the overall strategic plan, the operational business plan, and the HR plan existed and were aligned with the HR mandate. Service standards were also identified which included specific collective agreement timeline requirements. However, there was no operational objective to develop measurable performance standards. There was an operational objective to monitor and report on HRD activities however it was not defined in sufficient granularity. Without these operational objectives defined and implemented, it is difficult for HRD to measure its capacity to deliver services on a timely basis and to process transactions in compliance with policies, legislation, regulations and collective agreements. Further, while training for compensation advisors was identified and planned, it was only partially taken.

The audit also noted that a long-term operational systems strategy was not in place. Currently, there is a significant amount of duplication of effort in the recording of personal data in the PeopleSoft system and RPS as they are separate systems. This increases the inherent risk of input errors and inefficiencies, and as a result there are discrepancies in employee information between the two systems (i.e. pension dates, substantive position classification of employees). HRD has informed us that they intend to upgrade to version 8.9 of PeopleSoft by October 2010, however this will not resolve the issues. These issues will require a formal analysis to determine the long-term strategy.

2.6.2 Limited operational procedures exist to guide compensation advisors in processing leave and OT transactions.

The audit expected to find appropriate leave and OT policies and procedures to support managers and employees and to guide HRD in conducting leave and OT control activities.

The audit noted that there were limited operational procedures to guide compensation advisors in processing leave and OT transactions. The CU had developed a few ad hoc checklists and “helpful hints” for certain leave activities such as Parental Leave and Calculating Leave Service Date, however, these did not cover the main activities such as processing OT claims or updating LSS with leave data. Given the complexity and voluminous information, it is important that all leave and OT activities be supported by internal control procedures. These operational procedures would also help to ensure that compensation advisors and HR Labour Relations provide consistent guidance to managers as to when and how to challenge and monitor leave usage and complete OT submissions, 2 out of 7 managers (29% of the sample or approximately 2% of the total number of PS managers) interviewed felt advice was unclear or inconsistent.

The audit did find defined and accessible PS leave and OT policies and procedures to support managers and employees. Generally, these policies and procedures were comprehensive and aligned with TB policies and Collective Agreements. Improvements could be made to:

2.6.3 The clarity and documentation surrounding the authority, responsibility and accountability for leave and OT activities requires improvement.

The Deputy Minister has sub-delegated certain authorities, including those surrounding leave and OT, to those positions which can most effectively exercise responsibilities and be accountable for results. As such, an appropriate HR accountability framework should include: a defined and documented Instrument of Delegation of HR Management Authorities; roles and responsibilities; and process accountabilities to ensure that those with delegated authorities have the knowledge and tools to appropriately discharge their duties.

The audit found a comprehensive Delegation of HR Management Authorities (DHMA) however it was not fully aligned with the Delegation of Financial Signing Authorities Instruments (DFSA), creating inconsistency in regard to financial HR expenditures. The DFSA requires section 32 of the FAA, to be exercised only by those with the delegated financial authority; however the DHMA allows a supervisor who may not have the delegated financial authority, to perform certain pre-approvals representing the exercising of section 32 of the FAA. .

Further there was no documentation of roles and responsibilities for the various units within HRD including the CU. Although job descriptions exist for compensation advisors, they are not a substitute for operational level roles and responsibilities which help employees understand what they are responsible for, particularly in light of the recent process changes.

Generally, there was sufficient segregation of duties in regard to the tasks performed by HRD and the system access granted to them; with the exception of the RPS user access and in particular the “verifier” access. This access is a key control for validating and approving a compensatory OT payment before its routing for payment to the Financial Services and Systems Division. However, this access was shared across multiple compensation advisors. While the audit found no misuse of this authority, sharing “verifier” access prevents the CU from monitoring individual performance and increases the difficulty in monitoring for unusual or inappropriate transactions.

2.6.4 HRD has not conducted a risk assessment of the leave and overtime environment, nor developed the associated risk mitigation strategies including monitoring and reporting requirements.

The audit expected to find a risk assessment had been conducted to identify the key HRD processes, their inherent risks and mitigating activities. The results of this risk assessment would establish the baseline for internal control procedures, and the monitoring and reporting requirements which would ensure that all key activities are adequately reviewed to allow management the ability to track compliance, develop lessons learned and provide effective oversight and decision making.

The audit noted that neither a risk assessment nor an overall monitoring framework had been completed and that limited monitoring was performed on transactions or on fundamental internal controls. Further, the monitoring done was not consistently documented with sufficient detail to identify specific areas of weakness and to develop action plans to improve the situation. For example, there was no monitoring done on the number or nature of incorrect OT form submissions, or recurring interpretation errors. Also, the audit found 1 out of 7 (14%) managers did not correctly interpret the internal Sick Leave Policy which creates an inequitable environment. The audit also noted that HRD does not perform any specific trend analysis of leave activities nor has there been any definition of what would be important to track. While the audit did not find any significant trends in regard to unusual leave activity, it is important to analyze leave activity at a departmental level as one indicator to help understand the health of the organization and to identify potential issues that could impact the achievement of objectives.

Further the identification of information that needs to be collected, reported on and to whom, within designated time periods was not done. As there were no established performance standards to monitor, very little management information was collected. There were limited management reporting requirements and only ad hoc informal reports generated to support HRD such as PWGSC pay reports, and PWGSC statistical summaries. However, these were not useful for performing trend analysis, validating compliance, or for management oversight and decision making.

Specifically with regard to the implementation of the PeopleSoft LSS module, employees interviewed were generally satisfied with the information available and its reporting ability as it provided timelier and readily accessible information for their day-to-day management of leave usage.

2.6.5 Leave transactions are generally compliant.

Operational control testing focused on ensuring that all valid leave transactions were accurately entered into the system on a timely basis and were supported by appropriate documentation and approval. Generally, the audit found the leave credits earned, and the leave usage and respective approvals, were compliant. There were no significant trends in regard to sick, vacation, or other leave taken. However, in 8 out of a sample of 88 (9%) transactions, the appropriate leave code was not used within LSS.

There are certain leave transactions that only CU has the ability to enter into LSS, such as Leave Without Pay (LWOP). It was expected that there would be appropriate communication between compensation advisors, and the employee and their manager when adjustments were made by CU on the leave form submitted by the employee. However the audit found there was limited documentation and communication. This communication would provide evidence of acknowledgement by the employee and their manager in the event of future disputes as well as prevent potential future errors as both would be made aware of how to apply specific clauses of the Collective Agreement such as statutory holidays.

2.6.6 The accuracy, approval and documentation of OT transactions require improvement.

Accuracy:

On a monthly basis, an employee who worked OT is required to submit an approved OT form including the hours worked, the code indicating the reason for the OT, and whether the OT should be paid in cash or “banked” as compensatory time off. The employee and manager are responsible for validating this information and ensuring compliance with the applicable collective agreement or policy. The manager is then responsible for approving the OT and forwarding the signed OT form to the CU. Once the OT form is received in the CU, the team has several levels of review to ensure; the validity and accuracy of the claim, compliance with the CA clause, and no duplication of payment. However, the audit found that errors are not consistently caught by the CU validation process. The following errors were noted in the various audit tests applied to a sample of OT transactions:

Generally, the dollar value of these errors was material in regard to the specific OT expenditures, based on a materiality guideline5 of 1% of the OT population’s actual expenditures for the audited period. Such errors may be an indication of other qualitative impacts such as the hardship and frustration to employees caused by the subsequent recovery of any overpayment or the potential of additional errors beyond the scope of the OT transactions as many of these same procedures and controls are used in processing general payroll.

The following table shows the absolute value of errors detected during the audit for the fiscal year 2008-09.

Table of the $ value of errors found within the various audit tests

It should be noted that Internal Audit has informed HRD of the errors found and they are in the process of reclaiming overpayments and compensating for under payments.

Approval:

Pre-approval of OT activities:

The internal OT Policy, which is aligned with the various Collective Agreements, requires the manager to plan for OT to ensure sufficient funding is available, and that OT is justified, pre-approved and fairly allocated. However the policy does not provide any guidance on the appropriate method of documentation for these requirements. The audit found that 13 out of a sample of 22 (60%) employees did not have evidence of pre-approval as the auditors were told it was done verbally. Further, the individual Responsibility Centre Manager’s salary budget was generally not allocated down to the OT expenditure level within the financial planning system or to the appropriate operating level, we found 4 out of a sample of 8 (50%) managers did not know if they had sufficient funds in their budget for the OT to be worked before approving the OT. While those interviewed said they did informally plan for workload issues, 13 out of a sample of 22 (60%) employees believed that their OT was of an ad hoc nature and therefore not controllable to any great extent. As per the OT table, there are two branches which incur over 54% of the total value of OT expenditures. Given the nature of the PS mandate which must routinely deal with unplanned emergency activities it is a recognized challenge to plan for OT.

Section 34 of the Financial Administration Act (FAA):

The audit expected to find that each transaction resulting in a cash payment or expenditure accrual would have an appropriate Section 34, which ensures the appropriate performance of the OT, as required by the FAA; however, the following errors were noted in the various audit tests applied to a sample of OT transactions:

Overall, it was noted that compensation advisors do not perform any validation of the signature or authority level of the person approving the OT. Further, 5 out of 21 (24%) employees interviewed submit their own OT forms directly to the CU after obtaining their manager’s signature. Allowing employees to submit their OT claim directly to the CU creates a potential risk of the employee altering the OT form for unapproved hours. Given this is a key control to prevent unauthorized payments, the CU should establish monitoring controls to assess compliance and re-enforce procedures with managers.  

Documentation:

As evidence of due diligence and to facilitate management decisions, the audit expected to find sufficient documentation for OT transactions. However, throughout the review of audit evidence, it was noted that compensation advisors were not consistently documenting their analysis, calculations, discussions with employees, or explanations for adjustments. For the purposes of the audit, the CU was able to reconstruct the payment calculation trail; however, it was difficult as some cases had no evidence of why or how the calculation was made. It was evident, based on discussions with the compensation advisors and the review of available correspondence in the employee files, that the compensation advisors were finding some of the miscalculations and making the necessary adjustments, however without more formal documentation and a tracking mechanism, the ability to develop appropriate corrective measures is limited as is the ability to effectively review and monitor.

Recommendations:

1. Under the direction of the ADM CMB, HRD should conduct a risk assessment of the HR activities specifically related to leave and OT, and identify the core controls and procedures that will mitigate the identified risks to an appropriate level. These core controls and procedures should include:

Management Action Plan Completion Date
Management agrees with the recommendations.
The following steps will be actioned by the Human Resource Directorate:
Comprehensive risk assessment for leave and OT will be conducted to determine the appropriate mitigation controls and procedures. Management has also volunteered to have compensation services be part of the internal control framework pilot project. Initially, the actions below will be taken: December 2010
  • To hire a new compensation Technical Advisor position (proposed AS-03) within existing FTE complement, which duties will include developing monitoring and reporting requirements.
October 2010
  • Operational procedures will be established for compensation advisors for managing OT and leave, as well as verification procedures.
September 2010
  • Track when HRMS supervisor authority was granted.
July 2010
  • Operational procedures to be established for compensation advisors to address required documentation to support analysis of OT calculations.
September 2010
  • OT Policy reviewed to reflect requirement to document OT pre-approval.
September 2010
  • Training on OT requirement for managers.
September 2010
  • Develop simplified guidelines on completion of OT form for employees and managers.
October 2010

2. Under the direction of the ADM CMB, HRD should develop measurable performance standards and define the operational requirements for monitoring and systems needs.

Management Action Plan Completion Date
Management agrees with the recommendations.
The following steps will be actioned by the Human Resource Directorate:
Development of performance standards. December 2010
Monitoring procedures to be established. December 2010

3. Under the direction of the ADM CMB, HRD should document the key leave and OT processes and ensure they are clearly communicated to the appropriate compensation advisors.

Management Action Plan Completion Date
Management agrees with the recommendations.
The following steps will be actioned by the Human Resource Directorate:
Prepare guidelines for compensation staff on leave and OT processes. November 2010

4. Under the direction of the ADM CMB, HRD should review and align the Delegation of HR Management Authorities and The Delegation of Financial Signing Authorities Instruments, to ensure consistency between the two authorities documents. Further, HRD should review their processes surrounding the validation of the Financial Authorities to ensure they are compliant with the TB Directive on Delegation of Financial Authorities for Disbursements and the Financial Administration Act.

Management Action Plan Completion Date
Management agrees with the recommendations.
The following steps will be actioned by the Human Resource Directorate:
Review Delegation of HR Management Authorities with a view to ensure alignment with financial signing authorities. July 2010
Provide access to compensation advisors to the appropriate financial signing authorities for signature verification. July 2010

5. Under the direction of the ADM CMB, HRD should continue to strengthen the communication and training processes with PS employees to ensure an understanding of leave and OT policies and procedures.

Management Action Plan Completion Date
Management agrees with the recommendations.
The following steps will be actioned by the Human Resource Directorate:
Develop communications tools on leave and OT procedures for managers and employees. Ongoing

Appendix A – Audit Criteria

The following general audit criteria provided the framework for the audit testing:

Appendix B –Audit Scope Specifics

Leave activities examined:

Of particular note, the following activities were excluded from the scope of the audit:

Appendix C –Audit Scope Specifics

(List includes those available within the system*, but not limited to the following)

Appendix D – Types of leave without pay included in audit scope:

(List includes those available for use in PS but not limited to the following)

Notes

123 and 4 2009-2010 Integrated Human Resources and Business Plan

5 Where appropriate the financial impact of an error has been calculated by extrapolating the dollar value of the errors found within a sample, to the entire population from which the sample was derived. A population has been defined as a group of transactions with common characteristics. For example all compensatory OT claims were considered a population for purposes of a specific audit test. The extrapolated dollar value of errors was then compared to the dollar value of 1% of this defined population, of compensatory OT claims, which was considered the materiality threshold. This threshold establishes the management risk tolerance level, above which management and external users of this report would reassess their operational practices and decisions. Extrapolated errors greater than the 1% were considered material errors. The department has not set its materiality threshold and the Treasury Board Accounting Standard on materiality has determined quantitative materiality to range between .5% and 2% of total expenses.

Date modified: