The Secret Fund

Hiring an auditor general and having strong policies and controls can make it harder for city managers to make unauthorized payments.

Comments Views

​An internal audit has revealed that senior staff members of the Brampton city government set up a secret fund that paid nonunion employees CAN$1.25 million between 2009 and 2015, the Brampton Guardian reports. The audit report noted that these payments were difficult to monitor because they were not appropriately coded under the suburban Toronto city's transactions procedure and were made without consent from the city council. The council voted in June to request a criminal investigation to uncover who authorized the payments and whether they broke any rules. The internal audit itself was notable because it took place over a two-year period, during which the head auditor who had launched the investigation left her position.

Lessons Learned

This is not the typical fraud story. Indeed, fraudulent activity has neither been alleged nor proven yet. The essence of the case is that the City of Brampton council has requested a police investigation into a secretive, unapproved bonus program. Based on additional reporting I've reviewed, an audit report notes that the bonus scheme was devised by senior staff members, who allegedly kept elected officials in the dark for years. These senior employees used an obscure mechanism called an "outside policy request" (OPR) to make "discretionary salary increases determined by the operating department heads" that were "outside of council-approved policies and documented procedures." But these reports note that the objective of the OPR was to "align the salaries within the respective grades to achieve fairness and equity."

The facts of this case are not all clear yet. Whether or not Brampton Council has made the best choice in calling in the police — it had considered conducting an internal forensic investigation instead — a formal investigation to uncover everything behind the bonus payment scheme will be needed to determine whether fraud and criminal activity took place. That investigation should include who approved the program, when it was approved, who received payments, and whether any of these activities contravened policies or laws. And if ultimately fraud has been committed, those found guilty should be held responsible, no matter whether they are an employee or politician.

In the meantime, there are several actions internal auditors can and should recommend to address the many gaps in management and controls revealed by this story. At the heart of these are:

  • Make key governance and accountability changes, such as appointing an independent auditor general at city hall with powers to investigate and report on a wide range of financial and management issues. Some Brampton councillors are already calling for this measure. Many cities have an auditor general already. Officials should review and revise delegations of authority to senior and other managers to prevent unnecessary discretion in approving financial payments — including to employees in unusual or special circumstances — unless there is full council approval. Council and its committees, especially for budgeting and audit, should review their mandates and how they operate to ensure more thorough scrutiny to detect unusual practices — this would be helped by a city audit department and auditor general.
  • Address gaps in compensation policies and financial controls. Brampton's council has dropped the OPR mechanism, but it also needs to address the underlying weaknesses in its compensation policies and systems that gave rise to the use of such a mechanism. (I've learned that the city will conduct a separate audit of its compensation structure.) That should include how compensation policies and systems deal with both union and nonunion employees, and a more general examination of how current and relevant those policies are today.

    Brampton's auditors said the bonuses were not authorized under relevant rules and that over time OPR "requests were approved for reasons beyond its initial intention." "Scope creep" in policy interpretations can occur over time in situations where original policies become out of date in relation to current practices. Often, those in charge simply ignore the rules because it is difficult and time consuming to formally change them.

    In addition, OPR payments to nonunion staff could not be tracked because there was a "lack of coding" that would have allowed internal controls to monitor this activity. This also is a common internal control gap organizations create for themselves when deciding how far to extend formal controls over "special" transactions — it should be included in tracking, reporting, and monitoring systems scope.

Art Stewart
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Art StewartArt Stewart<p>​Art Stewart is an independent management consultant with more than 35 years of experience in internal audit, financial management, performance measurement, governance, and strategic policy planning.​​​</p>


Comment on this article

comments powered by Disqus
  • AuditBoard-August-2021-Premium-1
  • SCCE-August-2021-Premium-2
  • FSE-August-2021-Premium-3



Thanks, We Already Know That, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Newswire: Week of July 5, 2021 Week of July 5, 2021
7 Steps to Transformation Steps to Transformation