relation to…. it would be narrow nancial management policy, but we do need to connect some of the nan- cial and non-nancial fraud risk information to get to a more holistic picture.
G. Gentner: Just one more question, hon. chair. "transition limits above $5,000 require the additional approval of common business services, and approval for monthly limits of $100,000 must be attained from the oce of the comptroller general." So you do have some relationship to what's being spent and what you author- ize — correct?
S. Newton: if there is a request for a limit above $100,000, those requests would be dealt with very specically.
in my role in the last three weeks, i'm not aware of any that have come through my oce.
b. Ralston (Chair): ere's been no rush since you joined?
S. Newton: maybe they think i'm a little bit rmer, coming from internal audit.
G. Gentner: With that, maybe i'll submit some written questions, if there's no time that permits, hon. chair.
b. Ralston (Chair): ank you. i think that's prob- ably an area worth pursuing.
J. Rustad: ank you for the presentation. i'm not one of the people that think there's a problem under every pebble, but i am interested in history. i'm wondering: the system of controls that are in place…. obviously, the auditor general has done a report, and there have been a number of recommendations. e government has taken some steps around those recommendations.
i'd also like to look back at where we have come from. how has the system evolved over the last ten, 20 or 30 years in terms of monitoring and protecting against fraud? Perhaps that's a question to ask you as well as the auditor general.
S. Newton: i can speak from my perspective that pre- viously is limited to my internal audit role. ere used to be a requirement for all transactions to have a number of steps occur within the ministry, with no central co- ordination or review of the transactions.
if you go further back, i think there used to be people in the comptroller general's oce who actually signed cheques. So there used to be very central control. en it was decentralized out to the ministries.
With the move to when we implemented the con- tinuous controls monitoring group — it was called something dierent, previous — that eliminated a dupli-
W, n ,
cate step that lived out in the ministries and provided a central view of, i guess, payment review processing to determine how compliant we are with existing pay- ment standards. at's given us a nice central view of our compliance rates.
 i would say, too, that over the last four or ve years we've become more fraud aware. is occurred when my predecessor started within this oce and talked to me in my role in nancial management branch at the time around beeng up loss policy, which was given its own chapter and enhanced a bit.
en when i moved to the internal audit role, i was
looking at how we implement more of an investigative capacity and how we start building awareness in relation to fraud and fraud issues.
We're on a continuum. i would say that we're in a much better place than we were three years ago. and with the recommendations we've received, we will be in a much better place next year, the year aer, moving forward. i think part of it is getting attention on fraud as a key risk and understanding it more fully. i think, through our ability to respond to key fraud issues in the last two or three years, we have been able to raise awareness every time we go into deal with a particular issue.
i think that would increase with some central coordin- ation of the groups to be able to share information. We've come quite a ways, and we do have a ways to go.
b. Ralston (Chair): ank you. i wanted to pose a question. Sometimes an issue arises when….
Rustad: i think John wanted to comment.
Ralston (Chair): oh, did he? Sorry. it's a rare oc-
casion when the auditor general wants to comment. i know i don't want to interrupt him.
J . D o y l e : i w a s j u s t g o i n g t o u s e m y 3 7 y e a r s ' e x p e r i ence in the public sector to respond. -
b. Ralston (Chair): now, now we have le that be- hind. Just let go. let go.
J. Doyle: fraud is always going to be in the pub- lic sector. e issue is its magnitude and how you can fraud-proof, as much as possible, the system itself and also how you can help the public servants that work within the system to feel that they are not just swamped with red tape, just because of a possible fraud that may exist.
getting the balance right is quite important. at's why a principle-based approach is just as important as the control framework that's in place.
a lot of fraud is about opportunity, and if the sys- tems are poor, opportunity arises quite easily. a lot