Audit of CANSOFCOM Financial Management Practices

 

March 2012

7050-53 (CRS)

Reviewed by CRS in accordance with the Access to Information Act (AIA). Information UNCLASSIFIED.

 

 

Acronyms and Abbreviations

427 SOAS

427 Special Operations Aviation Squadron

ADM(Fin CS)

Assistant Deputy Minister (Finance and Corporate Services)

ADM(Mat)

Assistant Deputy Minister (Materiel)

CANSOFCOM

Canadian Special Operations Forces Command

CF

Canadian Forces

CFSM

Canadian Forces Supply Manual

CFSS

Canadian Forces Supply System

CJIRU—CBRN

Canadian Joint Incident Response Unit—Chemical, Biological, Radiological and Nuclear

CRS

Chief Review Services

CSOR

Canadian Special Operations Regiment

DND

Department of National Defence

DRMIS

Defence Resource Management Information System

JTF2

Joint Task Force 2

MIMS

Material Information Management System

OPI

Office of Primary Interest

Results in Brief

Overall Assessment

  • CANSOFCOM financial controls are in place.
  • Additional work is required to ensure all CANSOFCOM assets are reflected in the supporting inventory system and departmental financial statements.

Chief Review Services (CRS) conducted this audit to assess the financial management practices and controls in place to ensure sound management of Canadian Special Operations Forces Command (CANSOFCOM) resources. This assessment was based on a review of controls in place to ensure goods are properly accounted for, expenditures are properly recorded and contracting practices adhere to government contracting regulations.

Key Findings and Recommendations

Information and Reporting. At the time of the audit, most of CANSOFCOM assets were recorded in a classified inventory system that is not visible or accessible from the Department’s corporate inventory system. Sample stock counts revealed that CANSOFCOM’s inventory system did not accurately reflect all account holdings or their value for reasons including inaccurate price information, discrepancies in quantities, and a significant amount (in quantity and value) of assets that had never been recorded in the accounts. In addition, although the classified inventory system was a solution to operational security concerns associated with using the departmental inventory system, solutions have not been identified to ensure that CANSOFCOM assets are included in the DND/CF financial statements.

It is recommended that CANSOFCOM

  • ensure all assets, and their value, are accurately reflected in the inventory system; and
  • in consultation with Assistant Deputy Minister (Materiel) (ADM(Mat)) and Assistant Deputy Minister (Finance and Corporate Services (ADM(Fin CS)) staff, ensure that assets are reflected in the departmental financial statements while still protecting operations security.

Note: For a more detailed list of CRS recommendations and management response, please refer to Annex A—Management Action Plan.

Introduction

Background

The 2009 – 2010 CRS internal audit work plan included an audit of financial management practices for a selected operational unit. Given the sometimes secret nature of CANSOFCOM activities and operations it was selected as the subject for this audit.

The mission of CANSOFCOM is to “provide the government of Canada with agile, high-readiness Special Operations Forces capable of conducting special operations across the spectrum of conflict at home and abroad.”1 CANSOFCOM is comprised of four units (the Joint Task Force 2 (JTF 2), the Canadian Special Operations Regiment (CSOR), 427 Special Operations Aviation Squadron (427 SOAS), and the Canadian Joint Incident Response Unit—Chemical, Biological, Radiological and Nuclear (CJIRU—CBRN)) and a Command headquarters which is divided into Operations, Support and Force Development functions.

Although CANSOFCOM receives funding from other parts of the Department of National Defence and Canadian Forces (DND/CF) for some activities such as deployed operations, the baseline annual funding allocated to the Command has historically approached $200 million per year.

Objective

The objective of this audit was to assess the financial management practices and controls in place to ensure sound management of resources. This included an assessment of the controls in place to ensure goods are properly accounted for, expenditures are properly recorded and contracting practices adhere to government contracting regulations.

The audit criteria used to assess this objective are detailed in Annex B—Audit Criteria.

Scope

The scope of this audit included CANSOFCOM expenditures between 1 January 2010 and 31 December 2010, contracts expiring after 1 April 2009, and inventory accounts and associated transactions beginning 1 March 2010.

Methodology

  • Conducted site visits to CANSOFCOM headquarters and each unit between April and July 2011.
  • Interviewed key finance and supply staff.
  • Analysed financial and inventory data.
  • Reviewed:
    • Applicable departmental policies and CANSOFCOM directives;
    • Relevant CANSOFCOM documentation (e.g., correspondence, business plans);
    • Files supporting a sample of financial transactions and, where applicable, the associated contracts; and
    • Files supporting a sample of inventory adjustments.
  • Performed stock counts for a sample of stock codes.

Findings and Recommendations

CANSOFCOM Directives and Practices

CANSOFCOM directives are established; however, communication of supply directives and the documentation retained to support inventory adjustments and approvals of sole-source and national security exemption justifications should be improved.

CANSOFCOM Directives

CANSOFCOM has produced a number of directives dealing with topics such as accountabilities, financial support, travel, hospitality, acquisition cards, procurement and equipment management functions. A review of these directives found that they were aligned with departmental policy—some even duplicating departmental policy requirements. Unit finance and procurement staffs indicated that the CANSOFCOM directives and any revisions were generally communicated effectively; however, most unit supply staffs interviewed were unaware that CANSOFCOM directives had been published and instead relied solely on the Canadian Forces Supply Manual (CFSM) for policy direction. While the CFSM is the departmental source of policy and procedures for supply functions, CANSOFCOM directives could be used to provide direction to staff where unique procedures are required in the deployed Material Information Management System (MIMS) environment to fulfill normal supply functions, (e.g., repair and disposal). In these cases, it would be critical that CANSOFCOM directives and any revisions are communicated to unit staff as a foundation for consistent understanding and application in day-to-day activities.

Responsibilities, Authorities and Accountabilities

In general, CANSOFCOM staff had a good understanding of their respective responsibilities and accountabilities. Authorities for spending (commonly referred to as Section 32 and 34), contracting, and write-off of material were documented using the departmental delegation of authority forms, and processes were established to ensure the requisite training was completed and forms were periodically reviewed and revised. Unit financial officers indicated that they had received feedback from, or observed that, resource managers/administrators could benefit from training that is more relevant to their day-to-day duties within the CANSOFCOM environment (e.g., CANSOFCOM funding envelopes, tools/techniques for forecasting and monitoring, etc.). The message from unit financial officers was that the requisite training courses for spending and contracting authorities provides a global, yet technical, perspective of the government financial framework, associated requirements and processes and perhaps not enough information that is relatable to operators who are being asked to forecast and monitor their respective allocations within the CANSOFCOM environment.

CANSOFCOM Practices

A sample of financial transactions, and where applicable the associated contracts, were reviewed to determine whether they were adequately supported and approved. In general financial transactions had sufficient supporting documentation, although it was not always readily available, and spending authority was clearly exercised with only minor errors observed. Similarly, only minor errors were observed through the review of the associated contracts where applicable. In most cases, sufficient documentation was retained to support an appropriate number of quotes prior to selecting a vendor. Justifications to enter into a sole-source contract or to exercise the national security exemption were typically on file; however, approval of these documents sometimes had to be assumed based on the contracting authority’s approval of the contract.

Periodic stock counts are meant to be conducted to ensure inventory accounts accurately reflect the holdings and unit prices at a point in time, and to act as an indicator for the strength of inventory controls. Units did not have a documented detailed schedule for stock counts and built-in system controls were not used to automatically set an appropriate schedule. However, unit supply staff responded that the frequency of stock counts was quarterly or monthly for all stock with                                                                                                                     and a 100-percent stock count every two years as part of the change of command procedures for the unit. The CFSM schedule requirements are different and it is difficult to determine whether the CANSOFCOM approach at least meets the quarterly and semi-annual stock count schedule; however, the risk-based approach implemented by CANSOFCOM should provide sufficient assurance that highly sensitive and expensive assets are counted frequently. During the site visits, two units did not have evidence that the 100-percent stock counts had been conducted during the last change of command and one of these units was only starting to establish a schedule for counts of                                    

A sample of inventory adjustment files were reviewed to determine whether they were properly supported, approved, recorded and reported. In general, the availability and level of supporting documentation varied between units. For example:

  • One unit did not have documentation to support the adjusting entries that had been made to unit accounts.
  • In most cases, the other units could produce the DND 2227—the primary source document to initiate an adjusting entry—however, information to explain the circumstances leading to the adjustment and to support the quantity adjusted was often lacking.
  • Only one unit had retained the associated stock count sheets as supporting documentation for the resulting adjusting entries.

As a result, it was often difficult to assess whether the adjusting entries were properly recorded in the inventory system. During the course of the audit, the requirement to forward all inventory write-offs to the CANSOFCOM comptroller after they were approved by the approval authority was communicated and implemented; this requirement had not previously been met.

Recommendation

1. Ensure all CANSOFCOM directives and revisions are communicated and that sufficient documentation is retained as evidence of approval for sole-source and national security exemption justifications, and to support the quantity, price and circumstances leading to the discrepancy for inventory adjustments.

OPI: CANSOFCOM

Information and Reporting

CANSOFCOM assets are not included in the DND/CF financial statements, and the supporting inventory system did not accurately reflect all account holdings or value. 

Financial Information and Reporting

The Defence Resource Management Information System (DRMIS) is used to record all CANSOFCOM financial transactions. Although some units and resource managers may have their own Excel spreadsheets to track expenditures, there are procedures in place to ensure DRMIS accurately reflects expenditures on at least a quarterly basis. This reconciliation coincides with the departmental quarterly reporting requirements. Quarterly report information is submitted by the unit financial officer through the chain of command to the CANSOFCOM comptroller for consolidation and further distribution.

DRMIS is the official financial system for the DND/CF. However it resides on the Defence Wide Area Network, a platform certified and accredited to process, transmit and store information up to the Protected A level (and Protected B only if properly encrypted). CANSOFCOM staff, located at both headquarters and the units, consistently voiced operations security risks associated with using DRMIS that have yet to be mitigated. For example:

  •                                                                                                                                                                      
  •                                                                                                                                                                                                                                                          
  • Information about vendors and what goods or services they provide may reveal CANSOFCOM capabilities, exercises, or operations, or provide a means to access CANSOFCOM facilities.
  •                                                                                                                                                                                                                                                                  

While CANSOFCOM staff had made efforts to conceal some of these transactions they later learned it was likely drawing more attention to the information they were trying to protect. For example,                                                                                                                                                                                 ZAP number.2 It was later discovered that                                                                                                                                     —a good information system control; however, it leaves this mitigation strategy with having no, or even the reverse, effect.

The CANSOFCOM comptroller was able to provide correspondence dating back to 2005 communicating these types of security concerns. However, to date mitigation strategies and solutions to these security risks have not been developed and implemented, despite the Department having transitioned to a new resource management system in that time period. While this observation is both serious and significant in the context of impact to the Department and success of its operations, it will be communicated and followed-up on through an alternate means as it requires a more in-depth review, particularly in terms of identifying other organizations that may have the same requirement to process classified transactions, the various options to consider and associated costs, and coordination of numerous stakeholders to identify and implement appropriate mitigation strategies and solutions.

Asset Information and Reporting

At the time of the audit, CANSOFCOM was using a phased approach to transfer headquarter and unit asset accounts from the corporate Canadian Forces Supply System (CFSS) to a deployed MIMS.3 The deployed MIMS resides on CANSOFCOM’s classified network and was the strategy implemented to mitigate the operational security risks of revealing unit strength, capabilities, and/or operations, if assets and their movement were visible in the corporate CFSS. In addition,                                                                                                                                                                                                                                                                                                                               these are referred to as “black” assets. For items that the CF continue to purchase and use—referred to as “green” assets—CANSOFCOM retains the corporate CFSS stock code. This allows CANSOFCOM to continue to use established DND/CF procedures to replenish, repair, and dispose of these items.

Although the deployed MIMS was a solution to operational security concerns associated with using the departmental inventory system, solutions have not been identified to include CANSOFCOM assets in the departmental accounts. The deployed MIMS                                                                                                                                                                                                     In response to an ADM(Fin CS) memo referencing “Recording and Reporting of Tangible Capital Assets Acquired During Fiscal Year 2010-2011,” and in consultation with ADM(Mat)/Director Material Group Comptrollership staff, it was decided that the operational security risks associated with the level of detail recorded in DRMIS (including description of items, location and quantities)—the corporate financial system running on an insecure platform—were too high to include CANSOFCOM capital asset information which is classified at the secret level. As a result, a nil response was provided.

The total recorded value of CANSOFCOM assets, as of December 2011, is over                            Table 1 provides a breakdown of asset holdings and the recorded value in the warehouse and supply customer accounts, by CANSOFCOM unit. ADM(Fin CS) has set a materiality threshold of $200 million for the DND/CF financial statements.

Table 1. Breakdown of CANSOFCOM Inventory Accounts. This table provides a breakdown of asset holdings and recorded value in the warehouse and supply customer accounts, by CANSOFCOM unit.

Table Summary:

Six CANSOFCOM units are listed in the left-hand column. Read across each row to determine the breakdown of asset holdings and recorded value in the warehouse and supply customer accounts (note that the dollar amounts have been severed).

 

UnitWarehouse AccountsSupply Customer Accounts
HoldingsValueHoldingsValue
Total                                                                                      
JTF2                                                                                  
CSOR                                                                                
Headquarters                                                            
CJIRU-CBRN                                                                    
Afghanistan[4]                                    
427 SOAS[5]                                                            

During site visits to the units (conducted between April and July 2011) it was evident that significant CANSOFCOM assets needed to be reflected in the accounts. For example:

  •                                                                                                                                        
  • One unit estimated that between $8 and $10 million of its assets (both green and black) had yet to be reflected in its accounts, including some expensive and                                                                
  • One other unit did not have access to deployed MIMS in order to record their black assets. At the time of the site visit, the unit supply staff did not know the extent of assets—nature, quantity or value—that were not reflected in the accounts, including those that should have been recorded in the corporate CFSS.

In addition, discrepancies in pricing and holding information were found during the performance of sample stock counts and data analysis. For example:

  • In December 2011, CANSOFCOM had 136 stock codes (representing 296,052 units) in its warehouses, and 355 stock codes (representing 41,347 units) in its supply customer accounts with a zero-dollar unit price.
  • The absolute discrepancy in stock holding information for the sample of stock codes selected from CANSOFCOM warehouse and supply customer accounts was 59,529 units (49,840 in surplus and 9,689 in deficit). This represents an 18.6-percent error in the recorded holdings (319,743 units) for the sample stock codes.
    • Although some of the sample stock codes selected were determined to be consumable items, 35,574 units of the 59,529 absolute discrepancy was explained during the site visits simply by identifying transactions that had not been reflected in the system in a timely or appropriate manner (e.g., movement between accounts, receipting items into a temporary warehouse and not moving them to the account in which they are ultimately held, etc.). In other words, had more attention been paid to administrative tasks, the percentage discrepancy would have dropped to 7.5 percent of the recorded holding information.

Recommendations

2. In consultation with ADM(Mat) and ADM(Fin CS) staff, ensure CANSOFCOM assets are reflected in the departmental financial statements while still protecting operations security.

3. Ensure all CANSOFCOM assets, and their value, are accurately reflected in the inventory system.

OPI: CANSOFCOM

Monitoring and Risk Management

The quality of the quarterly monitoring and reporting of expenditures relies on a varied level of understanding/knowledge of resource managers. Monitoring of inventory has not matured beyond manual and intuitive monitoring by unit staff.

Financial Monitoring and Risk Management

Similar to other groups in DND, CANSOFCOM uses the quarterly reporting process to formally monitor Command expenditures against its annual allocation. Unit finance staff indicated that while they do review expenditures on a monthly basis, the quarterly reporting process provides them with the opportunity to have a more in-depth look at expenditures to date compared to the expectations expressed in the business planning process to identify any financial risks associated with the annual allocation. The quarterly reporting process is used to formally communicate any of these risks (shortfalls or surplus) in order for the unit and Command to determine whether these risks can be managed within their current allocation or what action needs to be taken outside the Command to mitigate these risks. Some unit financial officers noted there has been at least one occasion where unit surpluses were not identified until late in the fiscal year. They indicated that this was as a result of resource managers not fully understanding the funding sources for some of the operations undertaken that fiscal year.

Inventory Monitoring and Risk Management

Although unit supply staffs were aware of reports that could be generated using the inventory systems, report generation and monitoring was done at most on an ad hoc basis. In general, units relied on the knowledge and experience of supply staff to manually monitor and manage their inventory. Most senior unit supply staff interviewed felt they did not have sufficient time to review reports to identify and mitigate various types of inventory risks. However, if done using a risk-based approach periodically, monitoring certain performance and/or risk indicators can facilitate unit staffs to identify and manage inventory risks on a more proactive basis, efficiently and effectively. For example:

  • Low turnover rates could indicate obsolescence.
  • The number and nature of adjustments could indicate that, among other things, units are not counting and making the necessary adjustments to account holdings or price information, or that inventory controls are weak in a particular area.
  • Exception or targeted anomaly reporting could indicate instances of inaccurate location, pricing or holding information (e.g., negative holding balance, stock codes where the stock on hand with serial numbers does not equal the total stock on hand, stock codes with prices greater than $30,000 or no price information, holdings recorded in intermediary accounts).

Control Assessments

CANSOFCOM uses command comptroller inspections to assess financial practices and staff inspection visits to assess supply practices (including local procurement practices). These inspections are performed at the units annually. Results are documented and communicated in a formal report and units are expected to respond to recommendations through the chain of command with actions planned or taken to resolve the issue. Results may also be used to plan subsequent inspections. Reports and unit responses from 2010 and 2011 were reviewed and determined to be an effective mechanism for CANSOFCOM to periodically assess and revise, where necessary, processes and associated controls.

Recommendations

4. Provide periodic training focused on improving the understanding of the following:

  • financial practices and structures within the context of the CANSOFCOM environment; and
  • risks other than those directly related to operations (e.g., finance, asset management and accountability) and how monitoring can assist with their early identification and management.

OPI: CANSOFCOM

Annex A—Management Action Plan

CRS Recommendation

1. Ensure all CANSOFCOM directives and revisions are communicated and that sufficient documentation is retained as evidence of approval for sole-source and national security exemption justifications, and to support the quantity, price and circumstances leading to the discrepancy for inventory adjustments.

Management Action

Commencing in February 2012, the local contracting authorities (Director Land Procurement 5) have been engaged with providing remedial training to CANSOFCOM units.  In addition, in early February 2012, the position of J4 Contracts has been filled with a Reserve Officer who will be not only responsible for providing command-level guidance and direction with regards to contracting practices, but will also be responsible for ongoing compliance verification. When completed, a copy of the CRS audit report will be provided as a reference for that individual’s use. 

CANSOFCOM J4 will be verifying that documentation to support the quantity, price and circumstances leading to inventory discrepancies are maintained on file as part of our annual unit staff assistance visits.

OPI: CANSOFCOM

Target Date: March 2012

CRS Recommendation

2. In consultation with ADM(Mat)/ADM(Fin CS) staff, ensure CANSOFCOM assets are reflected in the departmental financial statements while still protecting operations security.

Management Action

CANSOFCOM J8 has addressed this issue with ADM(Fin CS) operations staff, seeking additional guidance.  In that the Command’s assets are                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

OPI: CANSOFCOM

Target Date: September 2012

CRS Recommendation

3. Ensure all CANSOFCOM assets, and their value, are accurately reflected in the inventory system.

Management Action

CANSOFCOM J4 has recently hired a team of four contractors (subject matter experts) who have been contracted to perform the required data clean-up to ensure all CANSOFCOM units’ inventory values are properly reported.  This review will be extensive and monitored on a routine basis through the annual staff inspection visits, conducted by the J4 staff.

OPI: CANSOFCOM

Target Date: March 2013

CRS Recommendation

4. Provide periodic training focused on improving the understanding of the following:

  • financial practices and structures within the context of the CANSOFCOM environment; and
  • risks other than those directly related to operations (e.g., finance, asset management and accountability) and how monitoring can assist with their early identification and management.

Management Action

Financial:  Through an annual training forum, the CANSOFCOM J8 will be confirming with unit financial staff, the various practices and structures in use within the Command.  In addition, on an annual basis, through the command comptroller inspection process, confirmation of the proper application of regulations will continue.  In April 2012, the CANSOFCOM J8 will be conducting this training forum, during which Command subject matter experts will provide detailed CANSOFCOM specific training to the unit financial staff.

Risks: Though financial risks will be dealt with as described above, CANSOFCOM J4 will provide similar instructions on asset management and impress upon unit staff responsible for procurement and inventory control as to the need to properly follow supply management procedures, to minimize risk of loss of departmental assets.  CANSOFCOM is in the process of blueprinting and implementing DRMIS to better track material assets.

OPI: CANSOFCOM

Target Date: March 2013

Annex B—Audit Criteria

Objective

Assess the financial management practices and controls in place to ensure sound

management of resources.

Criteria

  • Policies (including authority, responsibility and accountability) are established, communicated and practiced.
  • Sufficient and relevant information is identified and communicated in a timely manner.
  • Performance is monitored and plans adjusted based on identified risks.
  • Controls are periodically assessed and follow-up is performed to ensure appropriate change or action occurs.

___________________________________________________________________________________________________________________________

Footnote 1 CANSOFCOM website: www.cansofcom.forces.gc.ca/gi-ig/ckt-dcc-eng.asp.

Footnote 2 A ZAP number is assigned to each member as they are deployed. They are used to protect the member’s identity in case of injury or death while deployed, until the next of kin can be notified.

Footnote 3 At the time of the site visits, only 427 SOAS                                                                   deployed MIMS was expected to roll out in February 2012.

Footnote 4 This account was set up in the deployed MIMS to support operations in Afghanistan. These assets, most of which CANSOFCOM staff have indicated are black assets, will be redistributed to other CANSOFCOM accounts once all units are using deployed MIMS.

Footnote 5 427 SOAS                                                                                                               CANSOFCOM staff indicated that 427 SOAS black assets                                                                                                         .

Date modified: