2011–12 Annex – Assessment of Internal Control over Financial Reporting
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Annex – Assessment of Internal Control over Financial Reporting
for the fiscal year ending March 31, 2012
In accordance with the Treasury Board Policy on Internal Control, this unaudited document is an annex to the Office of the Public Sector Integrity Commissioner of Canada’s (PSIC or the Office) Statement of Management Responsibility Including Internal Control over Financial Reporting for the fiscal year 2011-12. The document provides summary information on the measures taken by the Office to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the internal control assessments conducted by the Office as at March 31, 2012, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Office.
As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.
Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:
- Transactions are appropriately authorized;
- Financial records are properly maintained;
- Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
- Applicable laws, regulations and policies are complied with.
It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.
The maintenance of an effective system of ICFR is an ongoing process designed to identify, assess effectiveness and adjust as required key risks and associated key controls, as well as to monitor its performance in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to the other based on risks and taking into account their unique circumstances.
1.1 Authority, Mandate and Program Activities
The Office of the Public Sector Integrity Commissioner of Canada is an independent Agent of Parliament established to administer the Public Servants Disclosure Protection Act (PSDPA or the Act), which came into force in April 2007. The Office is mandated to provide a confidential, independent and effective response to:
- disclosures of wrongdoing in the federal public sector from public servants or members of the public; and
- complaints of reprisal from public servants and former public servants.
Detailed information on the Office’s authority, mandate and program activities can be found in its Reports on Plans and Priorities, Departmental Performance Reports and Annual Reports.
1.2 Financial highlights
Total expenses for 2011-12 were $5,931,422, of which salaries and professional and special services accounted for 87% of the costs. Total expenses in 2011-12 decreased by $50,081 or 1% over the previous fiscal year primarily relating to:
- reduced costs associated with one-time costs incurred in 2010-11 for the separation, severance and benefit costs paid to the former Commissioner, totalling $533,420, and the net change in professional service costs for the 3rd party review of past closed case files, $170,911;
- reduced severance expenses as certain collective agreements and conditions of employment for executives eliminated future severance pay accumulation for voluntary departure or retirement during 2011-12, $42,656;
- higher salary and benefit costs in 2011-12, $440,760, as the Office staffed vacancies throughout the year, mainly for investigators and analysts who administer the disclosure and reprisal program;
- increased professional fees to support the level of staffing activity, $118,025 and increased equipment costs of $96,559 largely for office furniture to accommodate the expanded Office as it reaches full capacity; and
- the remaining net increase, $41,562, reflects less significant changes in activities and costs.
PSIC’s Financial Statements, audited by the Office of the Auditor General of Canada, can be found on PSIC’s website. PSIC has received unqualified audit opinions of its Financial Statements from the Office of the Auditor General of Canada, who have been PSIC’s auditors since 2008. Information can also be found on the Public Accounts of Canada website.
1.3 Service arrangements relevant to financial statements
The Office relies on other organizations for the processing of certain transactions that are recorded in its financial statements. These arrangements include, but are not limited to:
Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and benefits, the procurement of some goods and services, as well as, the provision of accommodations on behalf of the Office.
The Treasury Board of Canada Secretariat (TBS) provides the Office with information used to calculate various accruals and allowances such as Employee Benefits.
As a micro agency (fewer than 50 full-time employees), the Office has established shared services agreements through Memorandums of Understanding with other government departments to realize efficiencies and to gain access specific areas of expertise.
The Canadian Human Rights Commission (CHRC) provides services in the areas of financial management (namely transaction processing and reporting), security clearances and building security arrangements, procurement and contracting, telecommunications, information management, information technology and human resources information systems.
PWGSC provides services in the areas of human resources management, namely planning, staffing, classification, labour relations, policies and procedures, and human resources reporting requirements to central agencies.
1.4 Material changes in fiscal year 2011-12
- The Interim Commissioner, Mario Dion, was appointed Commissioner in December 2011
- A new CFO, Patricia Fraser, joined the Office in September 2011
2. Description of the Office’s internal controls environment relevant to ICFR
The Office recognizes the importance of senior management leadership in ensuring that staff at all levels understands their roles in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities. The Office`s objective is to continually improve its internal control environment using a risk-based approach and targeted resource investment so that the required level of effectiveness is achieved at a manageable cost.
2.1 Key positions, roles and responsibilities
Below are the Office’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.
Commissioner – The Commissioner is the Office’s Deputy Head and Accounting Officer. As Accounting Officer, the Deputy Head assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Commissioner chairs the Office’s Executive Committee and is a member of the Audit and Evaluation Committee.
Chief Financial Officer (CFO) – The Office’s CFO reports directly to the Commissioner and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.
Senior Executives and Departmental Managers – The Office’s senior executives and departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their mandate.
Deputy Chief Financial Officer (DCFO) – The Office’s DCFO is a senior financial manager within the Canadian Human Rights Commission, and provides advice and support to the Office’s CFO. The roles and responsibilities of the DCFO are outlined in a Memorandum of Understanding for the provision of financial management services, and the Office’s Instrument of Delegation of Financial Authorities.
Chief Audit Executive (CAE) – The Office’s CAE reports directly to the Commissioner and establishes risk-based audit plans consistent with organizational objectives.
Audit and Evaluation Committee (AEC) – The AEC is an advisory committee that provides objective views on the Office’s financial statements, risk management, control and governance frameworks and it is comprised of three members external to the government and the Commissioner. As such, it reviews the Office’s Corporate Risk Profile, its internal reports, and its system of internal control, including the assessment and action plans relating to the system of ICFR.
2.2 Key measures taken by the organization
The Office’s control environment includes a series of measures to enable its staff to manage risks well through raising awareness, providing appropriate knowledge and tools as well as developing skills and capacity. Key measures include:
- A Corporate Risk Profile that is updated annually;
- Annual performance agreements with senior managers clearly set out goals and objectives;
- Periodically updated delegation of financial signing authorities matrix, when necessary;
- The documentation and assessment of the design and operating effectiveness of its main financial business processes and control points to support the management and oversight of its ICFR;
- A risk-based internal audit plan;
- The preparation and implementation of management action plans in response to observations and recommendations made during the review of the effectiveness of controls;
- Use of secure financial and contracting information technology processing systems to achieve data integrity, security, and efficiency and effectiveness of transactions; and
- Knowledge sharing and communications initiatives in core areas of financial management.
3. Assessment of the internal controls over financial reporting
3.1 Assessment process
In 2008-09, the Office commenced with documentation and the review of the design effectiveness of major financial processes and controls. Since 2009-10 the Office has proceeded with the assessment of the operating effectiveness of those processes and controls. As the Office receives financial management services from CHRC, the controls at CHRC were also documented and evaluated during 2009-10 and 2010-11.
In support of the Policy on Internal Control, an effective system of ICFR has the objective to provide reasonable assurance that:
- transactions are appropriately authorized;
- financial records are properly maintained;
- assets are safeguarded; and
- applicable laws, regulations, policies, and directives are followed.
The Office proceeded with the assessment of design and operating effectiveness of the departmental system of ICFR leading to ensuring the on-going monitoring and continuous improvement of its system of ICFR.
Design effectiveness means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate) and that any remediation is addressed. This includes the mapping of key financial processes.
Operating effectiveness means that the application of key controls has been tested over a defined period and that any required remediation is addressed. Such testing covered all departmental financial control levels which include corporate or entity, and business process controls.
Recommendations and action plans. These assessments provided the baseline for the Office to move forward in implementing action plans to strengthen process controls.
As part of the annual assessment, the Office completed the following:
- reviewed the existing comprehensive assessment reports that had been prepared by an independent external consulting firm in previous years and discussed the reports with the consulting firm; and
- updated business process documentation and validated key processes with the stakeholder, and verified that the documented processes correspond to actual practices, and adjustments were made to documentation and/or the actual process, as required.
3.2 Assessment scope
In proceeding with the preparation for sustaining a controls-based audit, the Office, with the assistance of an independent external consulting firm, reviewed its financial records, identifying the significant business processes and key control points. Potential gaps in the internal control framework were then identified, and a risk rating was assigned to each control process under review.
The following business control processes were documented and assessed during 2008-09 through 2010-11:
- Pay administration
- Operating expenses and supplier payments
- Use of purchase and travel cards
- Hospitality expenses
- Travel expenses
- Petty cash
- Use of wireless devices
- Delegation of financial authorities
- Financial reporting and period closing cycle
- Budgeting and forecasting
For each business process, the following steps were substantially completed:
- updated internal control documentation based on changes made to processes, and controls relevant to ICFR, including appropriate linkages to policies and procedures and confirmed that these changes mitigated the identified risks from a design perspective;
- mapped key processes using flowcharts and various narrative approaches to identify key risks and control points;
- conducted reviews of each business process to confirm that the controls were functioning as specified in the design documentation;
- assessed the effectiveness of process controls through transaction testing; and
- developed action plans in response to recommendations with regards to opportunities for improvement identified.
4. Results of the annual assessment
4.1 Design effectiveness of key controls:
When completing design effectiveness testing, the Office updated business process documentation and validated key processes with the stakeholders. It verified that the documented processes correspond to actual practices, and adjustments were made to documentation and/or the actual process, as required. In addition, open action plans related to past assessments and audits were reviewed to determine what actions were not completed. As a result of these assessments, the Office identified the need for:
Asset Management: Completion of the inventory record keeping initiative, to ensure the proper use and safeguarding of assets. Development of an investment plan.
Financial planning: Increased utilization of the financial reporting system and commencement of the planning process with managers earlier in the planning the cycle.
4.2 Operating effectiveness of key controls
When assessing the operating effectiveness of key controls in 2011-12, the Office considered the results of the financial statement audits by the OAG, as well as the results of the review of the design effectiveness and operating effectiveness of the key controls performed to date. In addition consideration was given to the current operating environment at the Office. As a result of these assessments, the Office identified the need for:
Governance and oversight: Improved standard monthly financial reporting and presentation of information to the management team.
Information and communication: Continued emphasis on information sharing by Finance with senior managers, a number of whom were new to their roles or the organization, including provision of tools to assist in interpreting system generated reports to effectively manage resources and ensure data integrity.
5. Action plan and timelines
5.1 Departmental action plan
As a result of the initiatives undertaken from 2008-2012, the Office has made significant progress in assessing and improving its key controls within the system of ICFR. The Office is in a position to sustain controls-based audits in future years. An assessment of risk is an ongoing activity that will determine the priorities in assessing the design of and operating effectiveness of internal controls, this risk assessment is also a key element in determining the upcoming internal audits planned.
Progress in 2012
Overall, the Office completed the following activities that were either planned in the 2010-11 annex for ICFR or identified during the year:
- Addressed recommendations for improvements in maximizing the utilization of the financial planning and reporting system.
- Improved standard monthly financial reporting and presentation of information to the management team.
- Developed a financial reporting objectives and monitoring guidance tool and communicated it with managers.
5.2 Action plan for the next fiscal year and subsequent years:
In 2012-13, the Office plans to focus on:
- Complete the implementation of the inventory record keeping initiative, to ensure the proper use and safeguarding of assets.
- Development of an investment plan.
- Assess the design effectiveness of controls with regards to the use of wireless devices.
- Develop and implement action plans relating to any recommendations or areas for improvement that arise, or are a result of the planned internal audits of the contribution program and contracting and acquisition cards.
In 2013-14, the Office plans to focus on:
- Develop and implement action plans relating to any recommendations or areas for improvement that arise, or are not yet completed, or are a result of the planned internal audit of travel and hospitality.