2017–18 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting
2017–18 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting
1 Introduction
This document provides summary information on the measures taken by the Office of the Auditor General of Canada to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results, and related action plans.
Detailed information on the Office’s authority, mandate, and program activities can be found in the 2017–18 Departmental Results Report and the 2018–19 Departmental Plan.
2 Departmental system of internal control over financial reporting
2.1 Internal control management
The Office has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental framework for internal control management is in place and includes
- organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their control management areas;
- values and ethics that guide and support employees in their professional activities;
- ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
- regular monitoring and updates on internal control management, as well as the provision of related assessment results and action plans to the Auditor General, senior management, and, as applicable, the Audit Committee.
The Office’s Audit Committee meets quarterly and provides advice to the Auditor General on the adequacy and functioning of the Office’s risk management, control, and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The Office relies on other organizations for processing certain transactions that are recorded in its financial statements, as follows:
- Public Services and Procurement Canada centrally administers the payment of salaries and invoices, and provides accommodation services.
- The Treasury Board of Canada Secretariat provides services related to public sector insurance for employees of the Office and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans (that is, the Public Service Pension Plan, Employment Insurance, the Canada Pension Plan, the Québec Pension Plan, and the Public Service Supplementary Death Benefit Plan) on behalf of the Office.
3 Departmental assessment results during the 2017–18 fiscal year
3.1 Previous fiscal year’s areas for improvement
As part of our 2017–18 assessment, we followed up on areas for improvement identified in past assessments. We found that remedial actions had been taken in many of the areas identified. Remedial actions are also under way to address outstanding observations, which primarily relate to information technology (IT) general controls.
3.2 Assessment results
The work performed, key findings, and areas for improvement identified as part of the 2017–18 assessment of ICFR are as follows.
New or significantly amended key controls. In the 2017–18 fiscal year, there were no new or significantly amended key controls in existing processes requiring reassessment.
Ongoing monitoring program. The Office conducted ongoing monitoring according to its rotational plan. As part of this work, the Office evaluated entity-level controls. We tested the operating effectiveness of controls for processing payroll and revenues, and the design and implementation of controls for other business processes.
Area for improvement. The Office identified the following area for improvement in the 2017–18 fiscal year:
- Processing controls. Improvements are being made to address the observations noted in our evaluation of payroll processing controls. The observations mainly pertained to the need to strengthen the efficiency and effectiveness of controls by improving procedures and related documentation.
Despite the area for improvement noted above, the Office did maintain an effective system of ICFR in the 2017–18 fiscal year, as effective mitigating controls were in place to reduce the risk of material misstatement in financial reporting to an appropriately low level.
4 Action plan for the next three fiscal years
The following table shows the Office’s rotational ongoing monitoring plan over the next three fiscal years. This plan will be revisited annually based on the validation of high-risk processes and controls.
Rotational ongoing monitoring plan
| Key control areas | 2018–19 | 2019–20 | 2020–21 |
|---|---|---|---|
| Entity-level controls | checkmark | checkmark | checkmark |
| IT general controls | checkmark | checkmark | checkmark |
| Payroll | checkmark | checkmark | checkmark |
| Operating expenses | checkmark | ||
| Revenues | checkmark | ||
| Year-end reporting | checkmark |