Management Action Plan

The OCSEC has reviewed the objective and scope, findings and conclusion, recommendations and overall compliance ratings resulting from the audit. The Management Action Plan sets out the planned actions to address the audit recommendations, which the OCSEC believes represent a desired end state. The implementation of these recommendations will further strengthen the processes and augment the existing documentation within the office.

However, while the recommendations represent a desirable end state, the OCSEC does not agree with almost half of the findings, some of which we believe were not supported by the facts. In particular, the OCSEC disagrees with the findings and the resultant conclusions and overall compliance ratings related to the Policy on Financial Management Governance and the Directive on the Delegation of Financial Authorities for Disbursements. The Management Action Plan explains the basis of our disagreements and responds to those recommendations that will further strengthen the processes and improve on the documentation within the office.

Concerning the Policy on Financial Management Governance which addresses financial management and the stewardship of public resources, the audit used one criterion to assess only one of the more than 30 requirements in the policy. To assign a compliance rating of “not met” overall for the Policy on Financial Management Governance is unsupportable and misleading. By way of contrast, for the Directive on Accountable Advances, which addresses the $300 dollar petty cash fund, the audit used 6 criteria to assess 6 of the 8 requirements of the directive to arrive at a compliance rating of “partially met”

Audit Entity Sign Off on the Management Action Plan

The Honourable Jean-Pierre Plouffe
Commissioner
Office of the Communications Security Establishment Commissioner

July 8, 2016

Recommendations	Priority	Response and Planned Actions	*Responsibilities (position title responsible for the action)*	Timelines
1. The OCSEC should ensure that: All signature cards are validated and approved by an appropriate authority and have an effective date; and	Medium	Response: Agreed All of the signatures have been authenticated in accordance with the directive; the signatures are of individuals occupying positions set out on the delegation document; the delegation document sets out the authorities. The authorizer can be identified in all cases.
Delegated financial authorities are formally reviewed on an annual basis and updated, if deemed necessary.		The audit examined fiscal year 2014-15. In August 2014, all delegations were reviewed prior to submission of the delegation document for approval to the newly appointed Minister. In addition, there were 5 sub-delegations of financial signing authority that occurred during the 14-15 fiscal year, which resulted from a review of existing authorities and the identification of a need for change.
		Planned Actions:
		Signature cards have been validated and approved by an appropriate authority and have an effective start date.	Deputy Chief Financial Officer (DCFO)	Completed January 2016
		The delegated financial authorities were reviewed and updated where necessary with the arrival of new Ministers in June and in December 2015.	DCFO	Completed June 2015 and January 2016
		The delegated financial authorities will be formally reviewed on an annual basis should no other review have already occurred during the fiscal year. (Reminder set in Outlook Calendar.)	DCFO	Dec 2016
		Admin Policy Manual will be updated to reflect the signature card format as well as the dating, validation and approval requirements.	DCFO	June 2016
2. The OCSEC should ensure that: The budget is signed by the Chief Financial Officer and the Deputy Head at the start of the fiscal year; and there is documented evidence that departmental risks were considered in the establishment of the budget.	Medium	Response: Agreed The Main Estimates are signed by the CFO and briefed to the Deputy Head and the Minister prior to the commencement of the fiscal year. The Main Estimates include the Standard Object Report, which is the budget for the Office.
		Planned Actions:
		The Standard Object Report from the 2016-17 Main Estimates, which is the budget, has been printed and signed by both the Deputy Head and the CFO.	DCFO	Completed Dec 2015
		Monthly financial reports presented to and discussed with the CFO are now being signed and dated by the CFO.	DCFO	Completed Aug 2015
		The 16-17 budget has been established, funding was deemed to be adequate, risks on the budget were considered, deemed negligible, and a note to that effect was signed and approved by the Deputy Head, the CFO and the DCFO. Should the operational situation change during the course of the year and the budget require revision, the details necessitating the revision will be documented and signed/approved.	DCFO	Completed Dec 2015
		Admin Policy Manual will be updated (Financial Management Section) to include requirements related to the establishment and revisions of the annual budget.	DCFO	June 2016
3. The OCSEC should ensure that documentation is retained on file for acquisition cards to substantiate their issuance, approval, modification and conditions of use, as well as the acknowledgement of responsibilities by the acquisition cardholder.	Low	Response: Agreed
		Planned Actions:
		Appropriate documentation related to issuance, use and acknowledgement has been placed on file, including: CFO authorization; acknowledgement and responsibilities signed by cardholders; and internal acquisition card guideline developed.	Manager of Internal Services (MIS)	Feb 2016
		The Admin Policy Manual will be updated to include a section on acquisition cards, including the acquisition card guideline.	MIS	June 2016
4. The OCSEC should ensure that responsibility for the accountable advance fund is formally delegated by the Fund Centre Manager to the fund custodian, who should acknowledge related-responsibilities in writing.	Low	Response: Agreed
		Planned Actions:
		Appropriate documentation related to the delegation of the fund and the responsibilities of the custodian have been placed on file, including: Deputy Head authorization; and an OCSEC guideline, acknowledgement and responsibilities document signed by custodian.	MIS	Feb 2016
		The Admin Policy Manual will be updated to include an OCSEC guideline on accountable advances.	MIS	June 2016
5. The OCSEC should ensure that business processes are improved and consistently performed in compliance with the Treasury Board Contracting Policy and that documentation is retained on file to ensure that: Non-competitive contract files contain justification for sole source contracting in accordance with section 6 of the Government Contracts Regulations; Best-value analysis is performed and supporting documentation is kept on file; Appropriate procurement vehicles are chosen and used in compliance with their terms and conditions; A copy of each contract or call-up is retained on file; Contracts and contract amendments are signed by someone with the proper delegated authority (relates exclusively to contracts entered into under the Commissioner's authority); Contract amendments are properly justified and substantiated; and Proactive disclosures of contracts over $10,000.00 are posted on the OCSEC's website (relates exclusively to contracts entered into under the Commissioner's authority).	High	Response: Agree in part. Contracts entered into under the Commissioner's legislated authority have been challenged by the Treasury Board Secretariat. This legal issue is still to be resolved. Pending resolution of this issue, the office will address only the recommendations that apply to those contracts issued under the contracting policy and not those contracts issued under the Commissioner's authority.
		Planned Actions:
		Procurement processes related to contracting will be reviewed and updated, including: developing procurement road maps; developing procurement instrument summary; suppliers being matched to procurement instruments; developing a non-competitive procurement guideline; developing criteria related to best value and sole source justification; and Contract Preparation and File Content Check List developed.	MIS/DCFO	Ongoing; Completion of update of all processes by June 2016
		Documentation to support the contract over its life cycle, including, where required, sole source justification, best value analysis and amendments, will be placed on file. Option year contracts that resulted in contract amendment findings related to justification and substantiation were discontinued prior to the audit.	MIS/DCFO	April 2016
		Admin Policy Manual will be updated to reflect the guidelines, criteria, road maps and procurement processes. Procedures regarding contract file administration will be included as well.	MIS/DCFO	June 2016
6. The OCSEC should ensure that business processes are improved and are consistently performed in compliance with the Travel Directive, and that documentation is retained on file to ensure that: A suitable rest period for travel is justified and documented in the travel file; Accommodations are selected from a pre-approved government supplier using the government rate or accommodations are chosen within the city rate limit, with any exceptions justified and documented in the travel file; and All travel expenses for designated senior level Government of Canada employees are proactively disclosed.	High	Response: Agreed
		Planned Actions:
		Travel practices will result in fair and reasonable travel expenses. Should there be deviation required from the National Joint Council Travel Policy, justification will be documented and retained on file.	MIS	Jan 2016
		Travel is arranged to provide for a suitable rest period as is required by the travel policy. The suitability of rest is reviewed for each and every travel request where a rest period is requested. All requests will be fully documented on the travel file.	MIS	Jan 2016
		Accommodations were and are selected using the government hotel directories as a guide for the cost, location and selection of accommodation. Exceptions will be justified and documented in the travel file.	MIS	Jan 2016
		Since the Office began to disclose travel expenses for the period beginning on June 2, 2014, all travel expenses for the designated senior level employees have been proactively disclosed.	DCFO	Completed (June 2014)
7. The OCSEC should ensure that expenditure initiation is properly documented and commitments are established and entered into the financial system, at the value expected to be incurred.	High	Response: Agreed
		Planned Actions:
		Expenditure initiation process will be documented; commitments will be established and entered into the departmental financial system as they are created in the 2016-17 fiscal year. Changes underway include: expenditure initiation stamp for all initiating documents to ensure approval and dating is documented; and thresholds for the establishment of commitments will be set based on materiality ($500) Commitments are and will continue to be recorded at the value expected to be incurred.	DCFO	April 2016
		Admin Policy Manual will be updated to address documentation requirements related to expenditure initiation.	DCFO	June 2016
8. The OCSEC should ensure that for acquisition cards, account verification is not performed by the cardholder.	High	Response: Agreed
		Planned Actions:
		Account verification of acquisition card expenditures will not be performed by the card holder on their own card expenditures.	MIS	Completed (Dec 2015)
		Admin Policy Manual will be updated to address account verification requirements regarding acquisition cards.	MIS	June 2016

Date modified:: 2016-08-30

Language selection

Search and menus

Search

Management Action Plan