Highlights

INTRODUCTION

Pages 3 - 6

1.1 This will be my last Annual Report as Auditor General. I will retire on March 31, 2006 after fourteen years in the position. When I accepted the position in 1992, I had some specific objectives and I believe that for the most part they have been achieved.

1.2 Many things have changed over the course of those years. Improvements can still be made and I have made a number of recommendations which are reproduced below.

1.3 The other chapters contain many positive findings as well as a number of recommendations. I acknowledge the efforts of public servants to deliver effective programs and I appreciate their cooperation in dealing with my staff. Being audited is not always easy, and some would say it is disruptive, but for the most part public servants recognize the benefits.

1.4 I have enjoyed the fourteen years. I have worked with many fine people both within the Office, across government, and in the Public Accounts Committee. Nothing can be accomplished without dedicated professional staff and there have been many over the years.

1.5 My recommendations to government are as follows:

Government-wide issues

Government Financial Reporting

Chapter 2 in pdf

Pages 8 - 22

2.1 The Auditor General’s audit report on the Province’s March 31, 2005 consolidated financial statements was unqualified. It was tabled September 28, 2005 as part of the March

31, 2005 Public Accounts. A management letter on this year’s audit was issued to government in November 2005.

2.2 During 2004-05, there were two audits conducted by private sector firms which resulted in reporting of significant control weaknesses. One audit was of the governance and control framework of the operations of the Investment, Liability Management and Treasury Services and Capital Markets Administration Divisions of the Department of Finance and the other was a service auditor report on Finance’s SAP Customer Competency Centre. Certain of the more significant issues identified in these audits are consistent with concerns raised by our Office a number of times in the past. The issues reported as a result of these audits should be fully addressed on a timely basis and subject to appropriate audit coverage.

2.3 No additional appropriations have been approved since our last Report, released in June 2005. Additional spending authority for 2004-05 of $132,992,000 for net program expenses and $26,451,000 for debt servicing costs, where approved vote totals were exceeded, requires Order in Council (OIC) approval within 90 days of the release of the March 31, 2005 Public Accounts. No special warrants have been approved since our last Report.

2.4 Current legislation does not provide for effective control by the House of Assembly of spending authority limits. For example, there was no debate in the House of Assembly concerning the funding of certain tourism and other strategic initiatives which resulted in $61.6 million in additional appropriations.

2.5 There is a need to clarify what constitutes a special warrant versus an additional appropriation. There were a number of

strategic funding initiatives announced in 2004-05. Some of these initiatives may have met the criteria for a special warrant and, thus, should have been approved by OIC prior to the related spending. Management has indicated that a legal review of Section 29 of the Provincial Finance Act will be performed prior to the implementation of any similar strategic initiatives.

2.6 In order for government’s consolidated financial statements to become more compliant with generally accepted accounting principles (GAAP), there is a need to examine the basis upon which the government’s budget is prepared. It should be prepared on the same basis as the consolidated financial statements and comply with GAAP.

2.7 The openness and transparency of government’s reporting in its budget and forecasting documents would be improved if there was disclosure of the uncertainty associated with the numbers included in those documents and how government has addressed those uncertainties. For example,

• Government budgets have included amounts for crown entities when business plans have yet to be approved.

• Any contingencies in government budgeting or forecasting information, to deal with uncertainties, should be clearly disclosed in the applicable document.

2.8 Our recommendations to government from this chapter are as follows:

Recommendation 2.1

Consulting Contracts and Service
Arrangements

Chapter 3 in pdf

Page 23 - 30

3.1 The results from the audit are specific to the projects and contracts we reviewed and should not be generalized to the broader population of consulting contracts within these departments and government as a whole.

3.2 We examined the procedures and controls in place for the planning, selection, monitoring, payment and evaluation of 25 consulting service contracts. For the most part, we found the procedures and controls were adquate to ensure the projects and consulting contracts were properly managed. However, we also noted a number of instances where procedures and controls were weak and improvements could be made.

3.3 The weaknesses identified included the following:

• The business need for the project was not always documented.
• Certain aspects of the Procurement Policy were not always followed.

• Changes to the projects were not always documented.

• Invoices did not always provide adequate details to determine if the amount paid for the work received was reasonable.

• Formal, post-completion evaluations of projects and the performance of the consultants were not prepared.

• Assessments of the consultant’s report and related action plans were not always documented.

3.4 Our recommendations to government from this chapter are as follows:

Electronic Information Security and
Privacy Protection

Chapter 4 in pdf

Pages 31 - 41

4.1 The level of assurance provided on the findings and conclusions in this chapter is less than for an audit (i.e., a review provides moderate assurance while an audit provides high assurance). This is because of the type of work we performed. Our evidence was based on management representations and review of applicable documentation. We did not test controls in place at the various departments we reviewed.

4.2 In all the departments we reviewed, departmental staff were aware of security and privacy issues, and all staff were concerned with protecting the privacy of citizens. While this general culture of respect for security and privacy is a very positive condition, we have, however, noted a number of areas where improvements should be considered. In general terms, we believe that these areas for improvement are not due to any lack of concern regarding security and privacy, but rather to differing or competing priorities in departments. In every department, we found that some things were being done well but others needed improvement, and those were not the same in each case.

4.3 There is a need for a comprehensive government-wide privacy policy as well as individual departmental privacy policies. In addition to other matters, these policies should address the following areas which need improvement.

• Formal training programs in privacy should be included.
• Detailed risk analysis should be conducted on the personal information collected by the departments.
• Departmental staff should be required to read and sign confidentiality agreements.
• Policies and practices should be developed and implemented to control the transmission of personal information.

4.4 Personal information can only be protected if there is effective security in place. Security is a complex issue and can only be addressed by good planning. There is a need for a government-wide comprehensive security architecture and for consistent departmental security architectures.

4.5 The Government of Nova Scotia should continue to assess the implications of the changes enacted by the U.S. government through the Patriot Act which could pose a risk to the security of the personal information of Nova Scotians.

4.6 Our recommendations to government from this chapter are as follows:

Follow up of 2002 Audit Recommendations

Chapter 5 in pdf

Pages 42 - 57

5.1 We requested government management to self-assess progress in implementing the recommendations in the 2002 Report of the Auditor General. We performed a review of the self-assessments and supporting documentation and provide moderate assurance to readers of this chapter. Nothing has come to our attention to cause us to believe that the representations made by government management are not complete, accurate and reliable.

5.2 In 2002, we made 90 recommendations to government which included a total of 104 sub-recommendations. Implementation status is summarized as follows:

- Work complete - 35%
- Work in progress - 42%
- Planning stage - 7%

- No progress to date, but plan to take action
- 7%

- No action taken or planned - 5%
- Other - 4%

5.3 Although government has completed implementation of 35% of our 2002 recommendations, a significant number (56%) are described as work in progress, planning stage or government plans to take action. Government has taken no action on another 5%. Three years have elapsed since these recommendations were made. Progress has been slow and we encourage government to proceed with addressing and implementing the remaining recommendations as quickly as practical.

department audits

• • Community Services

Income Assistance and Child Care Centres

Chapter 6 in pdf

Pages 60 - 73

6.1 The Department of Community Services delivers a wide range of social services to Nova Scotians. Included in the Department’s responsibilities are the licensing of child care centres and the provision of financial assistance to persons in need. The Day Care Act and regulations provide the mandate and authority for the licensing of child care centres. The Employment Support and Income Assistance Act and regulations provide the Department with the mandate and authority for its largest financial assistance program.

6.2 The systems and controls used by the Department to ensure compliance with the Day Care Act and associated regulations, policies and procedures are adequate.

6.3 Roles and responsibilities related to the licensing of child care centres are clearly defined and communicated, and licensing staff is adequately trained.

6.4 We identified areas where the child care centre licensing system could be improved to strengthen controls and increase efficiency.

6.5 The systems and controls used by the Department to provide financial assistance through the Employment Support and Income Assistance Program are inadequate. There is inadequate segregation of incompatible duties and reviews and approvals are insufficient to compensate for the deficiency. Such weaknesses create higher risks of inappropriate assistance payments to clients, establishment of ineligible or non-existent clients in the payment system, and remittance of inaccurate or fraudulent payments to suppliers of the program.

6.6 There are adequate policies and procedures in the Employment Support and Income Assistance Program for monitoring continuing eligibility of clients for assistance.

6.7 Our recommendations to government from this chapter are as follows:

• • Education

Student Assistance

Chapter 7 in pdf

Pages 74 - 95

7.1 We performed our last audit of the Student Assistance Division in 2002. Since that time, the Department has begun to deal with some of our recommendations. However, progress has been slow and we repeat certain of the recommendations in this chapter. We understand that some of the delay is attributable to turnover in the Division’s senior management positions and we acknowledge that the Division has included many of these areas in its priorities. However, action needs to be taken in the short term to address the need for improved controls in certain areas.

7.2 We concluded that there is an appropriate level of accountability with respect to specific Student Assistance initiatives and priorities included in the Department of Education’s Business Plan. However, because the Business Plan relates to the entire Department, it does not include detailed planning for the Student Assistance Division. We recommend more detailed short and long-term operational planning for the Division and formal monitoring of achievement of performance targets. For example, we would expect the Division to be setting and

monitoring performance targets related to the efficiency of the Division’s operations and turnaround time for application processing.

7.3 The Student Assistance Division has not performed a formal risk assessment with respect to its activities and responsibilities. An assessment would attempt to identify significant, potential risks and ensure that adequate controls exist to mitigate them. For example, fraud and error would likely be identified as risks and strategies for prevention, quality control and verification would be planned to mitigate the risks.

7.4 We tested a sample of student assistance files and used data extraction software to perform analysis of specific aspects of the Student Assistance Division’s electronic databases for 2003-04. In the vast majority of cases tested, assistance awards complied with policies. However, there were a few cases identified in our sample where errors during the assessment process led to errors in the amount of the assistance awarded to students. We extended our sample size and found no further errors. We have recommended internal quality control improvements to assist in preventing such errors.

7.5 Section 23(1) of the Provincial Finance Act requires Executive Council approval for write off of debts owing to the Province. We believe the Act is unclear as to whether it applies to payments made by the Province to the Bank under the student loan guarantee. If the Section does apply, the accounting policy followed effectively writes off student loans deemed uncollectible without Executive Council approval and approval should have been sought to write off $3,582,000 in 2004-05. We

believe the Department should seek a formal legal opinion on whether Executive Council approval is required.

7.6 Our recommendations from this audit are as follows:

• • Office of Health Promotion

Sport and Recreation Program Area

Chapter 8 in pdf

Pages 96 - 117

8.1 The Office of Health Promotion’s Sport and Recreation program area has reasonable planning and financial management processes which comply with requirements specified by central government. The linkages between various aspects of the planning process are apparent, and progress in achieving goals is tracked. We recommend the provision of periodic reports on progress in achieving the strategic plan.

8.2 Over the past two years, the Department has received a total of $5.7 million in “strategic initiative” funding, of which $5.3 million was allocated for recreation facility construction. These grants were approved by Executive Council and required additional appropriations. They were not subject to the regular Estimates process. These amounts should be budgeted like other grant programs and approved by the House.

8.3 Controls over awarding and monitoring of grants are generally adequate.

8.4 We found cases where grant payments for specific projects had been made in advance. We recommend that OHP and financial support staff at DOH develop policies which require analysis of all advance payments before they are made to determine (1.) whether the advance is necessary, and (2.) the appropriate fiscal year for recording of the related expenditure in accordance with generally accepted accounting principles.

8.5 The accounting and control over unpaid grant amounts at year end needs to be improved.

Cheques for final grant payments are requisitioned prior to year end and then held in various offices until recipients meet conditions for payment. At the time of our audit, one month after year end, cheques with a value of $1.1 million were being held in unsecured storage locations which results in risk of loss. Subsequent to the audit, management developed and implemented a policy on the security of cheques.

8.6 Our recommendations from this audit are as follows: