2010–11 Annex – Assessment of Internal Control over Financial Reporting

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Annex – Assessment of Internal Control over Financial Reporting
for the fiscal year ending March 31, 2011 (unaudited)

1. Introduction

In accordance with the Treasury Board Policy on Internal Control, this unaudited document is an annex to the Office of the Public Sector Integrity Commissioner of Canada’s (PSIC or the Office) Statement of Management Responsibility Including Internal Control over Financial Reporting for the fiscal year 2010-11. The document provides summary information on the measures taken by the Office to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the internal control assessments conducted by the Office as at March 31, 2011, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Office.

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

  • Transactions are appropriately authorized;
  • Financial records are properly maintained;
  • Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
  • Applicable laws, regulations and policies are complied with.

It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

1.1 Authority, Mandate and Program Activities

The Office of the Public Sector Integrity Commissioner of Canada is an independent Agent of Parliament established to administer the Public Servants Disclosure Protection Act (PSDPA or the Act), which came into force in April 2007. The Office is mandated to provide a confidential, independent and effective response to:

  • disclosures of wrongdoing in the federal public sector from public servants or members of the public; and
  • complaints of reprisal from public servants and former public servants.

The Office has one Strategic Outcome and two Program Activities:

Strategic Outcome and Program Activities

(text version)

Further details on the Office’s authority, mandate and program activities can be found in its Reports on Plans and Priorities, Departmental Performance Reports and Annual Reports.

1.2 Financial highlights

Total expenses for 2010-11 were $5,977,768, which comprised of mainly salaries and professional and special services. Total expenses in 2010-11 increased by 48% over the previous fiscal year primarily relating to:

  • Costs associated with the departure of the former Commissioner and the 3rd party review of past closed case files;
  • Higher salary costs, mainly for the investigations and inquiries unit; and
  • Greater use of professional services (e.g. legal, transcription, performance measurement) related to the Disclosure and Reprisal Management program.

Financial statements:

PSIC’s Financial Statements, audited by the Office of the Auditor General of Canada, can be found on PSIC’s website. Since 2008, PSIC has received unqualified audit opinions on its Financial Statements from the Office of the Auditor General of Canada, including fiscal year 2010-11. Information can also be found on the Public Accounts of Canada website.

1.3 Service arrangements relevant to financial statements

The Office relies on other organizations for the processing of certain transactions that are recorded in its financial statements. These arrangements include, but are not limited to:

Common Arrangements:

Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and benefits, the procurement of some goods and services, as well as, the provision of accommodations on behalf of the Office.

The Treasury Board of Canada Secretariat (TBS) provides an annual dollar figure for the centrally funded health and dental insurance plans, and provides information used to calculate various accruals and allowances, such as the employee severance benefit.

Specific Arrangements:

As a micro agency (fewer than 50 full-time employees), the Office has established shared services agreements through Memorandums of Understanding with other government departments to realize efficiencies and to gain access to specific areas of expertise.

The Canadian Human Rights Commission (CHRC) provides services in the areas of financial management (namely transaction processing and reporting), security clearances and building security arrangements, procurement and contracting, telecommunications, information management, information technology, financial systems and human resources information systems.

PWGSC provides services in the areas of human resources management, namely planning, staffing, classification, labour relations, policies and procedures, and human resources reporting requirements to central agencies.

1.4 Material changes in fiscal year 2010-11

  • The former Commissioner departed in October 2010 and an Interim Commissioner was named in December 2010
  • A new CFO was appointed in February 2011 and the former CFO assumed the role of Executive Director

2. Description ozf the Office’s control environment relevant to ICFR

The Office recognizes the importance of senior management leadership in ensuring that staff at all levels understand their roles in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities effectively. The Office’s objective is to continually improve its control environment using a risk-based approach and targeted resource investment so that the required level of effectiveness is achieved at a manageable cost.

2.1 Key positions, roles and responsibilities

Below are the Office’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Commissioner – The Commissioner is the Office’s Deputy Head and Accounting Officer. As Accounting Officer, the Deputy Head assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Commissioner chairs the Office’s Executive Committee and is a member of the Audit and Evaluation Committee.

Chief Financial Officer (CFO) – The Office’s CFO reports directly to the Commissioner and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Executives and Departmental Managers – The Office’s senior executives and departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their mandate.

Deputy Chief Financial Officer (DCFO) – The Office’s DCFO is a senior financial manager within the Canadian Human Rights Commission, and provides advice and support to the Office’s CFO. The roles and responsibilities of the DCFO are outlined in a Memorandum of Understanding for the provision of financial management services, and the Office’s Instrument of Delegation of Financial Authorities. 

Chief Audit Executive (CAE) – The Office’s CAE reports directly to the Commissioner and establishes risk-based audit plans consistent with organizational objectives.

Audit and Evaluation Committee (AEC) – The AEC is an advisory committee that provides objective views on the Office’s financial statements, risk management, control and governance frameworks and it is comprised of four external members, the Commissioner, the CAE and the CFO. As such, it reviews the Office’s Corporate Risk Profile, its internal reports, and its system of internal control, including the assessment and action plans relating to the system of ICFR.

2.2 Key measures taken by the organization

The Office’s control environment also includes a series of measures to enable its staff to manage risks well through raising awareness, providing appropriate knowledge and tools as well as developing skills and capacity.  Key measures include:

  • A Corporate Risk Profile that is updated annually;
  • Annual performance agreements with senior managers that clearly set out goals and objectives;
  • Periodically updated delegation of financial signing authorities matrix, when necessary.
  • The documentation and assessment of the design and operating effectiveness of its main financial business processes and controls.
  • The preparation and implementation of management action plans in response to observations and recommendations made during the review of the effectiveness of controls.
  • The development of directives and guidelines tailored to the Office’s control environment;
  • Knowledge sharing and communications initiatives in core areas of financial management.

3. Assessment of the system of internal controls over financial reporting

3.1 Assessment process

To meet the requirements of the Policy on Internal Control, in 2008-09, the Office proceeded with the documentation and the review of the design effectiveness of major financial processes and controls. Since 2009-10 the Office has proceeded with the assessment of the operating effectiveness of those processes and controls. As the Office receives financial management services from CHRC, the controls at CHRC were also documented and evaluated during 2009-10 and 2010-11.

Design effectiveness means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate) and that any remediation is addressed. This includes the mapping of key financial processes.

Operating effectiveness means that the application of key controls has been tested over a defined period and that any required remediation is addressed. Such testing covered all departmental financial control levels which include corporate or entity, and business process controls.

Such testing covers all departmental level controls which include corporate or entity, general computer and business process controls.

Testing of design and operating effectiveness of the departmental system of ICFR will lead to ensuring the on-going monitoring and continuous improvement of PSIC’s system of ICFR.

Recommendations and action plans. These assessments provided the baseline for the Office to move forward in implementing action plans to strengthen process controls.

3.2 Assessment scope

To satisfy the Policy on Internal Control, the Office reviewed its financial records, identifying the significant business processes and key control points. Potential gaps in the internal control framework were then identified, and a risk rating was assigned to each control process under review.

Taking into account that the Office is a young organization in its start-up phase, the review comprised nine key business control processes. A preliminary assessment of entity-level controls was conducted, in relation to the business controls processes under review.

Key business control processes were documented and assessed:

  • Pay administration
  • Operating Expenses and supplier payments
  • Use of purchase and travel cards
  • Hospitality expenses
  • Travel expenses
  • Petty cash
  • Use of wireless devices
  • Delegation of financial authorities
  • Financial Reporting and Period closing cycle (CHRC)
  • Budgeting and Forecasting

As of March 31, 2011, the following steps were substantially completed:

  • updated internal control documentation based on changes made to processes, and controls relevant to ICFR, including appropriate linkages to policies and procedures and confirmed that these changes mitigated the identified risks from a design perspective;
  • mapped key processes using flowcharts and various narrative approaches to identify key risks and control points;
  • conducted reviews of each business process to confirm that the controls were functioning as specified in the design documentation;
  • assessed the effectiveness of process controls through transaction testing; and
  • developed action plans in response to recommendations with regards to opportunities for improvement identified.

4. Results of the annual assessment

4.1 Design effectiveness of key controls:

When completing design effectiveness testing, the Office developed and updated business process documentation and validated key processes with the stakeholders. Design effectiveness was assessed through discussions with management, and comparison of practices and controls to Treasury Board policy, directive and guideline requirements.

4.2 Operating effectiveness of key controls

When assessing the operating effectiveness of key controls in 2010-11, the Office considered the results of the financial statement audits by the OAG, as well as the results of the review of the design effectiveness of the key controls performed in the previous years. During the fiscal year of 2009-10 and 2010-11, the Office conducted operating effectiveness tests mostly in the areas of operating expenses.

The results from the design and operating effectiveness testing in 2010-11 identified the need for further improvements in the following areas:

  • strengthening controls relative to procurement, specifically in the area of file documentation with regards to non-competitive contracts;
  • strengthening follow-up and oversight, including developing a directive, for asset management to ensure the proper use and safeguard of assets, and to enhance control effectiveness; and
  • general training and coaching on responsibilities with regards to delegated financial authorities and the use of financial reports.

5. Action plan and timelines 

5.1  Departmental action plan  

This following summarizes the actions taken by the Office to date to deal with any significant adjustments related to ICFR as well as significant elements of work that are planned to be completed in subsequent years.

Progress as of March 31, 2011

As of March 31, 2011, the Office has made significant progress in assessing and improving its key controls within the system of ICFR.  Progress to date is summarized below:

The Office has completed:
  • updated the corporate risk assessment and the development of an internal audit plan for 2010-11 to 2012-13;
  • developed a strategic plan for 2010-13;
  • developed principles guiding budget allocation and forecasting;
  • strengthened knowledge and accountability awareness of stakeholder roles and responsibilities with regards the continuous effectiveness of internal controls;
  • improved file documentation supporting the approval of expenditures;
  • ensured required FAA related authorizations are obtained in a timely manner;
  • developed and implemented financial management process directives and guidelines specific to the Office’s control environment;
  • documented processes and key controls in the areas of financial management and reporting;
  • improved procurement processes, file documentation, to ensure that contracting practices are in compliance with the TB Contracting Policy; and
  • provided training and guidance on exercising financial authorities delegated to managers.  

The Office has commenced or partially completed work to:
  • development of an asset management directive describing clear accountabilities for the safeguard, record keeping and inventory control processes;
  • seek ways to maximize the use of the financial system in relation to financial tools and reports; and
  • address other areas for improvement identified during the assessment in fiscal year 2010-11.

5.2  Action plan for the next fiscal year and subsequent years:

In 2011-12, the Office plans to focus on:

  • based on risks, document and conduct targeted assessments of internal controls;
  • develop an organizational Code of Conduct aligned to the Values and Ethics Code for the Public Sector to be published by TBS;
  • conduct specific assessments based on the Management Accountability Framework, including aspects related to:
    • effectiveness of the management structure;
    • effectiveness of corporate risk management; and
    • business continuity.
  • Develop and implement action plans relating to any recommendations or areas for improvement that arise.

In 2012-13, the Office plans to focus on:

  • based on risks, document and conduct targeted assessments of internal controls; 
  • conduct specific assessments based on the Management Accountability Framework, including aspects related to:
    • organizational culture;
    • IM/IT;
    • Utility of the performance framework;
  • Develop and implement action plans relating to any recommendations or areas for improvement that arise.