Managing risk is an important component of school board work.  Comments from recent Auditor Generals included below demonstrate the need to create and implement risk management processes over the internal controls used by school jurisdictions. In light of this commentary, your school jurisdiction may wish to audit its internal control processes to ensure they are working and to improve them as required.

November 2018 Report of Alberta's Auditor General

Alberta's Department of Education provided $6 billion to Alberta school jurisdictions

for the 2018 fiscal year to execute Minister of Education's expectations.

Alberta's Auditor General found that the Department of Education failed to consistently follow its own processes for monitoring, assessing, and reporting on school jurisdictions' accumulated operating reserves and failed to provide the Auditor General with complete formal documentation of its processes.

2018 Special Report - Auditor General of Newfoundland and Labrador

The Auditor General determined that the Newfoundland and Labrador English School District failed to comply with its own procurement policies and its obligations under the Public Tender Act. School board trustees and senior management failed to exercise the required oversight over the school district's internal control environment as seen in these examples:

  • lack of open and transparent procurement process in the selection of vendors and establishment of fair and reasonable prices, or best value, for public goods and services;
  • failure to address repeated recommendations from the external auditor to improve internal controls for safeguarding assets;
  • the need to ensure staff had sufficient knowledge, training and responsibility for ethical organizational behaviour.

2018 Report of Nova Scotia's Auditor General

The Auditor General determined that two Nova Scotia school boards demonstrated weak controls over school-based funds. Specific findings included determinations that:

  • cash deposits were untimely;
  • the boards had insufficient proof of purchases;
  • cash activity was not reconciled to cash floats; and
  • a reimbursement to employee over $1,000 was contrary to the board's own purchasing policy.

2018 Report of Ontario's Auditor General - IT System Use and Classroom Technology

According to Ontario's Auditor General

, Ontario school boards have not:

  • systematically assessed to what extent their students are using IT in the classroom;
  • assessed how to best use IT resources in curriculum delivery;
  • taken all reasonable steps to prevent unwanted access to student information; nor,
  • provided formal security awareness training, and did not draft cyber security policies. (75% of Ontario school boards do not provide either and only 6% of school boards are aware of IT risks and have a formal disaster recovery plan).

2018 B.C.'s Auditor General Report – Executive Expenses 

While the school district in question was doing a good job of managing executive expenses overall, it needed to improve transparency. The Board only disclosed travel and accommodation expenses where an employee could be seen to have received personal benefit (ex. attending a conference). To see the audit, click here.

Reimbursements of employee expenses provides for greater oversight than paying the corporate credit card bills directly.

Risk Management Tools to Manage Internal Controls

  • Properly articulated and maintained internal controls reduce the risk of asset loss, improve the completeness and accuracy of financial information, and ensure that the conduct of school boards is legally sound, including in the area of the procurement of goods and services;
  • Lack of action to address known internal deficient controls or a disregard of administrative policies significantly increases the risk of errors, unauthorized actions, unethical behaviour and fraud by school board employees;
  • Formal documentation of operational processes should clearly articulate what steps in the process must be applied, when, by whom, and what documentation is to be filled out;
  • Consistent documentation of compliance reduces the risks of employees misunderstanding or inconsistently applying operational processes;
  • Take all identified and reasonable steps to prevent unwanted access to student, teacher and staff information, maintain clearly drafted cyber security policies and provide security awareness training.
  • In managing the risk associated with internal controls, school jurisdictions must properly develop, maintain, monitor and update their internal control procedures

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.