Archived - Audit of Values and Ethics
Final Report

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Prepared by Internal Audit and Evaluation for the
Audit and Evaluation Committee meeting of December 7, 2010
Department of Finance Canada

Table of Contents

Executive Summary
Background
Audit Objective and Scope
Approach, Assurance Statement and Auditing Standards Employed
Conclusions
Findings by Audit Criteria
Recommendation and Management Action Plan

Appendices

Executive Summary 

The Department of Finance Canada (the Department) continues to renew and strengthen its commitment to values and ethics in order to ensure that departmental personnel continue to observe the highest standards of professional ethics and conduct.  In 2008, the Department created the Values and Ethics Office and in 2009, the Conflict of Interest Code for the Department was implemented to supplement the Values and Ethics Code for the Public Service.

The objective of the Audit of Values and Ethics was to assess the management and processes related to the application of values and ethics and conflict of interest measures and identify opportunities for improvement; and the management of related protected material.

The audit team concluded that overall, there are adequate management and processes in place relating to the application of values and ethics and conflict of interest measures in the Department.  More specifically, the Department’s Conflict of Interest Code was properly developed, implemented, communicated and managed and there are adequate policies and procedures in place in the Values and Ethics Office in order to protect against the misuse of privileged information. Overall, authorities, roles and responsibilities are clearly defined. 

The report contains one recommendation related to the fact that the functions of Values and Ethics and the Disclosure of Wrongdoing in the Workplace are operated and managed separately by the Director of the Values and Ethics Office and the Disclosure Protection Officer for Wrongdoing (DPO), respectively. It is recommended that the Deputy Minister review the assignment of the role of Disclosure Protection Officer for Wrongdoing to ensure that it is assigned to the appropriate senior official within the Department.

The benefits resulting from this recommendation maybe a reduction in the risk of confusion among employees and an increase of independence for the role of the DPO.

Background 

The Department of Finance Canada (the Department) continues to renew and strengthen its commitment to values and ethics in order to ensure that departmental personnel continue to observe the highest standards of professional ethics and conduct.  Consequently, the Audit of Values and Ethics was included in the Department’s three-year risk-based audit plan, which was approved by the Deputy Minister upon the recommendation of the Audit and Evaluation Committee.

In the Departmental Corporate Risk Profile (CRP), senior management identified a potential risk of the misuse of privileged information and conflicts of interest.  Therefore, as a mitigating strategy, the Department created the Values and Ethics Office in 2008, which consists of a Director, a Program Advisor and an Administrative Assistant. 

On February 23, 2009, the Conflict of Interest Code (the Code) for the Department was implemented to supplement the Values and Ethics Code for the Public Service. The Code establishes specific measures to prevent conflicts of interest for persons working in the Department.  In doing so, it aims to protect the reputation and integrity of both the Department and its staff.

Audit Objective and Scope 

Objective

The objective of the Audit of Values and Ethics is to assess the management and processes related to the application of values and ethics and conflict of interest measures and identify opportunities for improvement, and the management of related protected material.

Scope

The audit scope includes activities under the responsibilities of the Department related to Values and Ethics. The audit work covered the period from September 2008 to February 2010. This time period was chosen as the Department’s Code was implemented in February 2009 and the audit team wanted to review the development period for the Code as well as the post implementation period.

The audit focused on:

  • The development and implementation of the Department’s Code;
  • The protection and safeguarding of personal information obtained by the Values and Ethics Office for reporting purposes.

The scope did not include an assessment of the ethical culture of the Department.  Information on this topic is provided in the Public Service Employee Survey (PSES) and the TBS Management Accountability Framework criteria for the area of management called Values-Based Leadership and Organizational Culture.

Approach, Assurance Statement and Auditing Standards Employed

The audit was conducted in accordance with the Internal Audit Standards of the Government of Canada and the International Standards for the Professional Practices of Internal Auditing*.  These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that the audit objective was achieved.  During the audit, appropriate procedures were followed and sufficient evidence was obtained to support the accuracy of findings and conclusions presented in this report.  Audit procedures included, but were not limited to, interviews, observations, review of supporting documentation, and analytical reviews. The audit criteria used to develop the required audit tests were based on: (1) good management practices; (2) applicable authorities, policies and regulations; and (3) relevant elements of the Office of the Comptroller General’s Core Management Controls.

*This audit was conducted in accordance with the International Standards for the Professional Practices of Internal Auditing.  However, the internal audit function has not undergone an external assessment at least once in the past five years or been subject to ongoing monitoring or to periodic internal assessments of its internal audit activity that would confirm its compliance with these standards.

In total, 14 individuals were interviewed. The complete list of personnel interviewed is provided in Appendix A.  In addition, the audit team conducted a review of relevant legislation, policies and related documentation, the list of which is provided in Appendix B.

The audit approach allowed for the audit results to be communicated in such a manner as to enable management to review and provide feedback on the findings and conclusions before they were finalized.

Conclusions 

The audit team concluded that overall there are adequate management and processes in place relating to the application of values and ethics and conflict of interest measures in the Department of Finance Canada.  More specifically, the audit team noted the following:

  • Overall, the Department’s Conflict of Interest Code was properly developed, implemented, communicated and managed.
  • The Values and Ethics Office has adequate policies and procedures in place in order to protect against the misuse of privileged information.
  • Overall, authorities, roles and responsibilities are clearly defined. The report contains one recommendation related to the fact that the functions of Values and Ethics and the Disclosure of Wrongdoing in the Workplace are operated and managed separately by the Director of the Values and Ethics Office and the Disclosure Protection Officer for Wrongdoing (DPO), respectively. It is recommended that the Deputy Minister review the assignment of the role of Disclosure Protection Officer for Wrongdoing to ensure that it is assigned to the appropriate senior official within the Department.  The benefits resulting from this recommendation maybe a reduction in the risk of confusion among employees and an increase of independence for the role of the DPO.

Findings by Audit Criteria 

The following table presents the assessment of the level of risk exposure identified in the audit. Levels of risk exposure are categorized by audit criteria. 

High exposure
Medium exposure
Low exposure

The risk ranking is based on the level of risk exposure. A high, medium or low ranking corresponds to the potential risk exposure auditors believe may have an impact on the achievement of Department objectives, and is indicative of the priority management should give to address, if applicable, the related recommendations.

The assessment summarizes the audit observations based on the factual evidence gathered and analyzed during the audit. Based on these assessments, the potential causes, impacts and the recommendation are summarized in the “Recommendation and Management Action Plan” section.

Findings by Audit Criteria
Criteria Risk Exposure Assessment
The Department of Finance Canada’s Conflict of Interest Code has been properly developed, implemented, communicated and managed. Low

Overall, the Department’s Conflict of Interest Code (the Code) was properly developed, implemented, communicated and managed.

The Department clearly defines and communicates its standards and expectation for ethical behaviour and the Code is readily available to employees.  

The audit team found that during the development of the Code, the Department created consultation groups to ensure relevant stakeholder participation.  Once developed, the Department properly implemented the Code, which included training materials, promotion of employee awareness and status report updates to senior management.

The audit team found that employees are aware of their reporting requirements for Affirmation/Confidential Reports as per the Code. The audit team examined a sample of 10 Confidential Reports submitted during the period of February 2009 to February 2010 and found that employees properly completed the reports.

Confidential Reports were reviewed by the Values and Ethics Office for conflicts of interest.  If a conflict was identified, a recommendation for  corrective action was provided to the employee and follow-up was conducted  to ensure that appropriate action was taken.

The Values and Ethics Office of the Department of Finance Canada has adequate policies and procedures in place in order to protect against the misuse of privileged information. Low The Values and Ethics Office has adequate policies and procedures in place in order to protect against the misuse of privileged information.

The audit team found that the Values and Ethics Office has documented security procedures and that the best possible practices are in place for the collection, transmission, storage and disposal of personal information.  

While preparing the Corporate Risk Profile (CRP), the Department takes into consideration potential risks and mitigating strategies related to the misuse of privileged information and conflicts of interest.   In addition to the CRP, the Values and Ethics Office conducted a Risk Management Exercise, to analyse in greater detail risks specific to its operations and applicable mitigating strategies.

Authorities, roles and responsibilities are clearly defined. Low

Overall, authorities, roles and responsibilities are clearly defined.

The audit team found that the Department had the proper authority for the creation and implementation of the Conflict of Interest Code.

Senior officials were assigned roles for the management of values and ethics within the Department, which included a Champion of Values and Ethics and a Director of the Values and Ethics Office.  Documented roles and responsibilities have been established for the staff of the Values and Ethics Office, which includes the Director’s authority to fully uphold and advance the Values and Ethics Code and the Conflict of Interest Code within the Department.

The functions of Values and Ethics and Disclosure of Wrongdoing in the Workplace are operated and managed separately by the Director of the Values and Ethics Office and the Disclosure Protection Officer for Wrongdoing (DPO). The current DPO is the Assistant Deputy Minister (ADM), Financial Sector Policy Branch who presently does not have assigned resources for investigations of wrongdoing. The audit team found that some confusion existed among employees.  Many of the employees interviewed were not aware of the differences between the two functions.  For example, some were under the impression that both functions were managed by the Director of the Values and Ethics Office. The audit team reviewed a judgemental sample of 14 federal departments and agencies considered similar to the Department. The majority of them managed the two functions together. Also, the audit team found that some employees perceived a lack of independence due to the fact that the DPO role is assigned to an ADM.

Recommendation and Management Action Plan 

The following section presents the key opportunity for improvement stemming from the audit finding. The impact and recommendation is also stated. Where applicable, the relevant management initiatives already underway are included.  For the recommendation, management has provided:

  • An action plan, which addresses the recommendation;
  • The position responsible for implementing the action plan; and,
  • The target date for completion.
Summary of the Audit Finding and its Impact

The functions of Values and Ethics and Disclosure of Wrongdoing in the Workplace are operated and managed separately by the Director of the Values and Ethics Office and the Disclosure Protection Officer for Wrongdoing (DPO). The current DPO is the Assistant Deputy Minister (ADM), Financial Sector Policy Branch who presently does not have assigned resources for investigations of wrongdoing.

The audit team found that some confusion existed among employees.  Many of the employees interviewed were not aware of the differences between the two functions.  For example, some were under the impression that both functions were managed by the Director of the Values and Ethics Office. The audit team reviewed a judgemental sample of 14 federal departments and agencies considered similar to the Department. The majority of them managed the two functions together.

Also, the audit team found that some employees perceived a lack of independence due to the fact that the DPO role is assigned to an ADM.

Thus, the confusion amongst employees and the perceived lack of independence may decrease the likelihood that advice and guidance will be sought should a situation arise.

Recommendation

It is recommended that the Deputy Minister review the assignment of the role of Disclosure Protection Officer for Wrongdoing to ensure that it is assigned to the appropriate senior official within the Department.



Management Response

The Deputy Minister agrees to review the assignment of the role of the Disclosure Protection Officer prior to March 31, 2011.





Appendix A – List of Departmental Personnel Interviewed

Administrative Assistant, Values and Ethics Division, Law Branch

Executive Director and Chief Information Officer, IMTD, Corporate Services Branch

Senior Counsel & Advisor Values and Ethics, Law Branch

Assistant Deputy Minister and Counsel, Law Branch

Manager, Conflict Management Services, Corporate Services Branch

Director, Values and Ethics Division, Law Branch

Director, Corporate Planning, Corporate Services Branch

Director Tax Counsel, Law Branch

Assistant Deputy Minister and Counsel, Law Branch

 Program Advisor, Values and Ethics Division, Law Branch

Human Resources Advisor, Corporate Services Branch

Senior Human Resources Advisor , Corporate Services Branch

Director, Access to Information and Privacy, Law Branch

Assistant Deputy Minister, Financial Sector Policy Branch

Appendix B – List of Key Documents Consulted

Legislation

  • Privacy Act (2010)
  • Security of Information Act (2010)
  • Public Servants Disclosure Protection Act (2010)
  • Conflict of Interest Act (2006)
  • Personal Information Protection and Electronic Documents Act (2010)

Policies

  • TBS Policy on Information Management (2007)
  • TBS Government Security Policy (2009)

Documents Specific to the Department

  • Department of Finance Canada Conflict of Interest Code (2009)
  • Department of Finance Canada Corporate Risk Profile (2009)
  • Law Branch Business Planning Input – Operating Environment and Risk Analysis (2009-2010 & 2010-2011)
  • Department of Finance Canada Policy on Disclosure of Wrongdoing (2008)
  • Safeguarding of Personal Information Values and Ethics Division (2010)
  • Summary of Finance Canada’s Privacy Impact Assessment of the Conflict of Interest Code for Departmental Personnel (2008)

Other Documents

  • Office of the Comptroller General Core Management Controls: A Guide for Internal Auditors (2007)
  • Values and Ethics Code for the Public Service (2003)
  • Royal Canadian Mounted Police (RCMP) G1-001Security Equipment Guide

Appendix C - Audit Team 

Christian Kratchanov, MBA, CIA, Chief Audit Executive

Ora Tsang, BComm, Audit Manager

Beth McClurg, CMA, Senior Auditor

Kim Romain, BAA, Auditor