Language selection

Search

Archived - Audit of Safeguarding of Moveable Assets
Final Report

This page has been archived

Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

June 2013

Table of Contents

Executive Summary

The Canadian Food Inspection Agency (the CFIA or the Agency) has a responsibility to safeguard public assets. This responsibility includes the implementation of measures for the protection of assets (material) and detection of losses. As well, the Agency must support the national interest and the Government of Canada's business objectives by safeguarding assets and assuring the continued delivery of services.

At the Agency, roles and responsibilities for asset management are defined in the draft CFIA Materiel Management Policy. The Procurement to Payment and Assets Management Proceduresand the Security Management Policy provide further direction. As at March 31, 2012, the Agency had moveable assets with a net book value in excess of $63M.

The Assets and Security Management Directorate (ASMD) of the Corporate Management Branch (CMB) has functional accountability for asset management. Within ASMD, the Assets Management and Accounting group (AMA), located in Calgary, has functional responsibility for asset management in the Agency. This includes maintenance of asset information, management of inventory counts, and provision of day-to-day support through the Assets Helpdesk. The responsibility for the management of desktops and laptops, excluding those associated with laboratory equipment, rests with the Information Management and Information Technology Branch (IMITB). Asset custodians are accountable and responsible for the safe keeping of assets under their control.

Conclusion

The audit identified that the CFIA has a management control framework in place for the safeguarding of moveable assets, including guidance posted on the Agency's intranet. Tools are in place to record moveable assets. Measures to periodically verify assets include a physical asset validation program. Nonetheless, the audit also identified opportunities for improvement in the following respects:

1.0 Introduction

1.1 Background

Management and safeguarding of moveable assets plays an important role in the successful delivery of the Canadian Food Inspection Agency's (the Agency or the CFIA) mandate. As of March 31, 2012, the CFIA had moveable assets with a net book value in excess of $63 million Footnote 1 . Moveable assets include, but are not limited to, laboratory equipment, office furniture, laboratory furniture, laptop computers, cellular phones, personal digital assistants, cameras and notepads Footnote 2 .

The Treasury Board Policy Framework for the Management of Assets and Acquired Services and its associated policy instruments note that Deputy Heads are accountable to their respective Ministers and to Treasury Board for the management of assets. Deputy Heads are responsible for ensuring that the monitoring of assets management practices and controls is in place, and for acting expeditiously when control failures are identified. While the CFIA Security Management Policy identifies the President as accountable for the safeguarding of CFIA assets, managers and employees must identify and safeguard assets under their control.

The Assets and Security Management Directorate (ASMD) of the Corporate Management Branch (CMB) has functional accountability for asset management. Within ASMD, the Assets Management and Accounting group (AMA), located in Calgary, has functional responsibility for asset management in the Agency. This includes maintenance of asset information, management of inventory counts, and provision of day-to-day support through the Assets Helpdesk. The responsibility for the management of desktops and laptops, excluding those associated with laboratory equipment, rests with the Information Management and Information Technology Branch (IMITB). Asset custodians are accountable and responsible for the safe keeping of assets under their control.

An audit in this area was requested by the VP, Corporate Management Branch. Concerns were expressed by CMB management and staff regarding tracking and verification of assets, accountability for moveable assets, and controls related to the employee departure process.

1.2 Objective

The objective of this audit was to provide management with assurance as to (1) the adequacy and effectiveness of controls over the safeguarding of moveable assets, and (2) compliance with Agency and Treasury Board policies as they relate to the safeguarding of moveable assets.

1.3 Scope

The scope of the audit included activities related to the safeguarding of moveable assets from April 1, 2011 to the end of September 2012. It was not designed to assess management's controls related to:

Random and judgmental sample testing was conducted on assets recorded in the Assets Accounting Module (AAM), this included some IMIT assets (laptops / desktops) since weaknesses here were identified in a 2005 CFIA internal audit; Footnote 3 safeguarding of some assets tracked by managers which are not required to be recorded in the AAM was also reviewed.

The audit took place at the Agency's headquarters, Assets Management and Accounting (AMA) Office (Calgary), as well as site visits to the Ottawa (Fallowfield site), Saskatoon and Calgary laboratories.

1.4 Methodology and Approach

Lines of enquiry and detailed audit criteria (see Appendix A) were developed to serve as standards against which our assessment could be made, and form a basis for the conduct of the audit. The audit criteria were derived from a risk and control assessment of asset safeguarding processes against the Treasury Board's (TB) Materiel Management Policyand the Treasury Board Secretariat's (TBS) Audit Criteria related to Management Accountability Framework: A Tool for Internal Auditors. The audit criteria are organized under the lines of enquiry as follows:

A review and analysis of the data in the AAM indicated that the top five locations based on net book value were laboratories (Appendix B) and of the top five asset classes, three were related to laboratories (Appendix C). Consequently, asset sampling and testing was carried out across three laboratories.

The audit approach and methodology included interviews, document review, data analysis, and sample (random and judgemental) testing of assets. Test checks consisted of a random sample of 93 items (33 per location / 6 discarded) and a judgmental sample of 33 items (11 per location) chosen from the records and traced to the physical asset. A sample of 36 items was chosen from the location (12 per location) and traced back to the records. The audit was conducted from the beginning of July 2012 to the end of September 2012.

1.5 Statement of Conformance

The audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the CFIA's Internal Audit quality assurance and improvement program. Sufficient and appropriate auditing procedures were performed and evidence gathered in accordance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditingand to provide a high level of assurance over the findings and conclusion in this report. The findings and conclusion expressed in this report are based on conditions as they existed at the time of the audit, and apply only to the entity examined.

2.0 Findings and Recommendations

The audit identified opportunities to both improve compliance and enhance the design of existing control practices. The balance of this section provides details regarding these opportunities.

2.1 Management framework to ensure compliance with CFIA and TB policies

The suite of compliance documents, including the draft policy, needs to be finalized and communication needs to be strengthened.

We expected the Agency to have a management framework for the safeguarding of moveable assets that reflects the relevant requirements of the Treasury Board Policy on Materiel Managementand related directives and guidance. Further, we expected that compliance requirements and expectations within this framework have been effectively communicated to management and staff.

We found that the Agency has implemented asset safeguarding controls that are generally adequate relative to the safeguarding of moveable assets. Moreover, the audit revealed good business practices, such as controls to ensure timely recording of acquired assets, as well as a commitment to continuous improvement, such as the updated employee departure process.

We also found that key elements of the management framework were not finalized. In particular, the CFIA Materiel Management Policywas identified as being in draft form and, as such, had not been formally communicated or otherwise disseminated to Agency management and staff. In addition, among the guidance that was finalized and communicated via the Intranet (Merlin), we noted that information was not consistently integrated or cross referenced such that management and staff could easily identify the requirements applicable to their position or role.

Given these observations regarding the status of the management framework, there is a risk of non-compliance with procedural requirements and lack of clarity regarding roles and responsibilities for the safeguarding of moveable assets.

Recommendation (1): The Vice President, Corporate Management Branch should expedite finalization of the material management policy and related compliance documents, and ensure all information related to safeguarding of assets is integrated and available to asset custodians.

2.2 Controls over the safeguarding of moveable assets

Controls over the safeguarding of moveable assets are in place; however, compliance and monitoring could be strengthened.

Testing of asset records, physical verification and interviews indicated controls were substantially in place. Issues noted mostly related to older assets and those with an acquisition value of less than $10,000, and with zero net book value. Within this population of assets, the most vulnerable are IT assets, such as laptop and desktop computers. In discussions with CMB, we understand that the Agency has taken steps to enhance the security of its assets, with items over $10,000 being the primary focus of verifications to date. Within this context, the following sections provide details of our findings and recommendations as they relate to compliance and monitoring.

2.2.1 Compliance

We expected to find controls in place to safeguard moveable assets, and that these controls would be effectively and consistently applied by those with responsibility for safeguarding, tracking and recording assets.

We found that the Agency has developed and implemented a number of tools and practices to record and track moveable assets. However, our testing at lab facilities revealed instances of non-compliance with these requirements and 10 out of the total sample of 126 Footnote 4 (8%) could not be found. It is worth noting that the assets which could not be located were older than five years with an acquisition value of less than $10,000.

Managers have a responsibility to safeguard the assets assigned to their employees, including maintenance of a complete, up-to-date inventory of assets. There is no Agency-wide tool or procedure to facilitate and guide the nature and extent of this activity.

While accountability for the departure process currently rests with Corporate Security (CS), without an inventory of assets by custodian /manager, no assurance regarding the return of assets from departing employees can be given.

Given these observations regarding compliance, there is a risk that assets, which may not be material from a financial point of view, are not safeguarded in accordance with Agency requirements.

Recommendation (2): The Vice President, Corporate Management Branch should ensure tools, processes and training are formalized to guide asset custodians/managers in their efforts to safeguard and monitor assets within their control.

2.2.2 Compliance

Physical Validation of Moveable Assets

We expected to find regular inspections and monitoring of asset holdings which included formal risk assessments to develop an appropriate schedule of physical verifications. Moreover the TBS Guide to Management of Materielrecognizes regular physical verifications of departmental assets as a good practice to keep track of the value and condition of assets.

We noted that CMB had implemented two asset verification programs as follows:

In addition, lab assets impacted by ISO 17025 undergo regular calibration, the records of which are required to be maintained Footnote 5. Calibration records identify the specific piece of equipment and results are thereby traceable to that piece of equipment.

The audit found no evidence of a formal Agency-wide process to identify and assess risks to moveable assets, although we are advised that the results of each PAV provide a base line for risk analysis and re-tooling of the PAV criteria on a regular basis. Based on certain mitigating factors in place, such as physical security, the ISO 17025 requirements and the on-going reviews in place, there has been no formal consideration of potential threats or risks. As the TB Policy on Management of Materielrequires a risk-based stock taking schedule, it is important that the risk identification and assessment process supporting the nature and frequency of physical validation is formalized. This process should consider all relevant risks including dollar value, vulnerability to theft and reliability of physical safeguards.

Recommendation (3): The Vice President, Corporate Management Branch should formalize a risk identification and assessment process for moveable assets that the Agency is required to track and monitor. This can then be used to inform the nature and schedule of Physical Asset Validations.

IMITB has the ability to perform a scan of network registrations to confirm the physical existence of laptop and desktop computers. This process is not linked to the asset records which are used to perform physical validations. A comparison between the records and the network scan was performed during the course of FY 2011-2012. Based on this comparison, those computers/laptops which were not registered on the network for the previous two years were removed from the administrative records/asset inventory. The standard process for surplusing computers includes erasing all information, followed by destruction of the hard drive. Although the audit was unable to confirm that this had been completed for the computers removed from the records, we noted that many more hard drives had been destroyed than computers were removed.

This administrative clean up indicates an overall need for IMITB and AMA to address the timeliness and accuracy of information flow regarding the deployment, transfer and ultimate disposal of IMIT assets.

The increased risk of undetected losses or record keeping errors related to IMIT assets under $10,000 is relevant in light of their vulnerability and the Agency's plans for a significant refresh of personal computers in the near future. This planned refresh represents an opportune time for a reconciliation of computer asset records in AAM with information available through IMITB.

Recommendation (4): The Vice President, Information Management and Information Technology Branch should ensure formalized procedures are in place to effectively track and monitor the acquisition, transfer and disposal of IMIT assets; and timely and accurate information regarding IMIT assets is available to those with responsibility for maintaining the integrity of the asset records.

Appendix A: Audit Criteria

Line of Enquiry 1: Moveable assets at the Agency are managed in compliance with both Agency and Treasury Board (TB) policies as well as related directives, and guidance on moveable assets.

Line of Enquiry 2: Accurate and reliable moveable asset information is recorded to support timely, informed asset safeguarding decisions

Line of Enquiry 3: Accurate and timely reporting on moveable assets is communicated internally.

Line of Enquiry 4: Controls over the safeguarding of moveable assets are in place during the asset lifecycle:

Appendix B: Top Five Locations Based on Asset Net Book Value Table Note *

CountAcquisitionDepreciation/Write-offNet Book Value
Fallowfield Laboratory (Ottawa) 3262 $19,878,779 -$13,687,387 $6,191,392
Calgary Laboratory 754 $12,549,751 -$7,307,718 $5,242,033
Animal Disease Research Institute
(Lethbridge)
928 $8,972,255 -$5,164,626 $3,807,629
Dartmouth Laboratory 465 $7,697,840 -$3,908,738 $3,789,102
Health of Animals Lab (Saskatoon) 515 $9,050,594 -$5,297,810 $3,752,784
Total 5924 $58,149,219 -$35,366,279 $22,782,940
Total Moveable Assets 26535 $147,100,034 -$99,547,142 $47,552,892Table Note 1
Percentage of All Moveable Asset 22% 40% 36% 48%

Table Notes

Table note *

SAP Asset Accounting module data provided by AMA as at March 31, 2012.

Return to table note *  referrer

Table note 1

Boats, cars, truck utility vehicles, vans, mainframe equipment and purchased software were scoped out of this audit, hence the difference between a NBV of $63.1M per AAM and the $47.6M subject to this audit.

Return to table note 1  referrer

Appendix C: Top Five Asset Classes Based on Net Book Value Table Note *

CountAcquisitionDepreciation/Write-offNet Book Value
Laboratory Equipment and Optical Instruments 1826 $69,160,087 -$30,931,606 $38,228,481
Office Furniture 303 $13,778,269 -$8,156,784 $5,621,486
Voice Communications Equipment 26 $1,777,227 -$1,140,525 $636,703
Laboratory Equipment and Optical Instruments (Low Value) 6103 $24,270,232 -$23,799,620 $470,612
Laboratory Furniture 17 $464,120 -$100,018 $364,102
Total 8275 $109,449,936 -$64,128,552 $45,321,384
Total Moveable Assets 26535 $147,100,034 -$99,547,142 $47,552,892
Percentage of All Moveable Asset 31% 74% 64% 95%

Table Notes

Table note *

SAP Asset Accounting module data provided by AMA as at March 31, 2012.

Return to table note *  referrer

Appendix D: Management Response and Action Plan

Management Response

Corporate Management Branch Response: We agree with the overall findings of the audit. The Agency will strengthen and widely communicate the policies and compliance documents, which will in turn help to strengthen accountabilities of asset custodians.

Information Management and Information Technology Branch Response: In general, basic policies and procedures are in place to ensure that the proper requirements are followed. Policy documents including the Guidelines for Disposal of Surplus Equipment, Procurement to Payment and Asset Management Procedures, Directive on IMIT Procurement among others support the requirements to manage and maintain assets records and IT assets. What is generally missing is an integrated process to ensure that information is collected and shared across processes, systems and groups.

Management Action Plan

Audit RecommendationsProposed Management ActionsResponsible Official(s)Implementation Date
Recommendation (1): The Vice President, Corporate Management Branch should expedite finalization of the material management policy and related compliance documents, and ensure all information related to safeguarding of assets is integrated and available to asset custodians. CMB will:
  1. Finalize the CFIA material management policy and related compliance documents which will clearly articulate roles and responsibilities for the safeguarding of assets, including acquisition, tracking, monitoring and disposal of assets.
  2. Supplement the current material management information on Merlin, once the compliance documents are finalized, in partnership with Public Affairs.
Executive Director, Asset and Security Management Directorate.
  1. December 2013
  2. March 2014
Recommendation (2): The Vice President, Corporate Management Branch should ensure tools, processes and training are formalized to guide asset custodians/managers in their efforts to safeguard and monitor assets within their control. CMB will:
  1. Develop, in consultations with clients, processes and training to facilitate the safeguarding and monitoring of moveable assets.
  2. Leverage the established laboratory network to enhance awareness related to safeguarding of moveable assets.
Executive Director, Asset and Security Management Directorate. March 2014
Recommendation (3): The Vice President, Corporate Management Branch should formalize a risk identification and assessment process for moveable assets that the Agency is required to track and monitor. This can then be used to inform the nature and schedule of Physical Asset Validations. CMB will:
  1. Develop an approach for conducting risk assessment for assets, incorporating the findings into Physical Assets Validation exercises.
  2. i) Finalize the transfer of responsibility for the Employee Departure Process and
    ii) work with HRB to develop an approach, in partnership with stakeholders, to officially launch an employee departure process.
  1. Director, Contracting and Procurement Division.
  2. i) Director, Corporate Security and Agency Security Officer
    ii) Director, HR Services HR Branch.
  1. December 2013
  2. i) September 2013
    ii) Quarter 3
Recommendation (4): The Vice President, Information Management and Information Technology Branch should ensure formalized procedures are in place to effectively track and monitor the acquisition, transfer and disposal of IMIT assets; and timely and accurate information regarding IMIT assets is available to those with responsibility for maintaining the integrity of the asset records. CMB will:
  1. Develop an integrated process to ensure that information is captured, maintained and reported on the acquisition and proper disposal of IT assets.

Reports will be generated on a monthly basis and provided to IMITB and CMB management. Information will be gathered from multiple systems and integrated into a single report.

Director, Client Services December 2013
Date modified: