Annex to the statement of management responsibility including internal control over financial management - Fiscal year 2019-20
Financial Policies and Internal Controls
Financial Management Branch
July 2020
Message from the Deputy Minister and Chief Financial Officer
Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2020, and all information contained in these statements rests with the senior management of the Department of Canadian Heritage (PCH). These financial statements have been prepared using the Government of Canada Accounting Handbook, which is based on Canadian public sector accounting standards.
Some of the information in these financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of PCH’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in PCH’s Departmental Results Report, is consistent with these financial statements.
Management is also responsible for maintaining an effective system of internal control over financial management (ICFM), including internal control over financial reporting (ICFR), which is designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.
Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout PCH and through conducting an annual risk assessment of the effectiveness of the system of ICFM. The system of ICFM, including ICFR, is designed to mitigate risks to a reasonable level based on the ongoing monitoring of the key risks, to assess the effectiveness of associated key controls and to make any necessary adjustments.
In accordance with the Treasury Board Policy on Financial Management, a risk-based assessment of the system of ICFM was completed, for the fiscal year that ended March 31, 2020, and the COVID-19 pandemic impacts on the department’s financial business processes were documented. The results and action plans are presented in this annex for FY 2019-20 and the ICFM plan for 2020-21 was modified to reflect the documentation and testing to be performed due to COVID-19.
The effectiveness and adequacy of PCH’s system of internal control is reviewed by the work of internal control and internal audit staff, who conduct periodic reviews and audits of different areas of PCH’s operations. Additionally, the Departmental Audit Committee (DAC) oversees management responsibilities for maintaining adequate control systems and the quality of financial reporting.
The financial statements of PCH have not been audited.
Helene Laurendeau
Deputy Minister
Eric Doiron
Chief Financial Officer
On this page
1. Introduction
This annex provides information on the measures taken by Canadian Heritage (PCH) to maintain an effective system of Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), assessment results and related action plans.
Information on PCH’s authority, mandate and program activities can be found in the Departmental Results Report and the Departmental Plan.
2. Internal control over financial management
The Treasury Board (TB) Policy on Financial Management came into effect on April 1, 2017 and requires the establishment and maintenance of a risk-based system of ICFM.
In this context, PCH must perform the ongoing monitoring of the design and operation of its internal controls and remediate identified deficiencies. This also provides reasonable assurance that public resources are used prudently and that financial legislation, regulations and policies are being complied with.
2.1 Internal control governance
PCH has a well-established governance structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister (DM) and the Chief Financial Officer (CFO), is in place and includes:
- Monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plan to the Departmental Audit Committee (DAC), in order to provide advice to the DM on the adequacy and functioning of the department’s risk management, control and governance frameworks and processes;
- An annual risk-based ongoing monitoring plan and internal audit plan, developed in consultation with senior management across the Department to address areas of higher risk and significance. This plan is instrumental to PCH’s system of ICFM. Reports on completed internal audits are presented to the DAC to seek recommendation for approval by the DM. In order to maximize the efficiency within the department, the ongoing monitoring plan is developed in consultation with the Office of the Chief Audit Executive (CAE) to coordinate the planning activities related to internal control assessments;
- Organizational accountability structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior managers in their areas of responsibility for control management;
- Strong Entity Level Controls, including a “Tone from the top” organizational culture and a department-wide Code of Conduct, which is supported by management and by the Office of Values and Ethics (OVE). The OVE provides confidential, independent, impartial and informal assistance to employees and groups of employees who are experiencing conflicts affecting their work;
- A fraud governance process that creates a transparent and sound anti-fraud culture within the department. This process includes periodic fraud risk assessments and a departmental fraud awareness strategy for all employees; and
- On-going communication and training on statutory requirements, and policies and procedures for sound financial management and control.
2.2 Service arrangements relevant to financial statements
- PCH relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
2.2.1 Common Arrangements
- Public Services and Procurement Canada (PSPC) centrally administers the payment of salaries and the procurement of some goods and services in accordance with PCH’s Delegation of Authority, and provides accommodation services;
- Treasury Board of Canada Secretariat (TBS) provides PCH with information used to calculate various accruals and allowances, such as the accrued severance liability. It also provides policy guidance and interpretation on matters of financial management;
- The Department of Justice provides legal services to PCH; and
- Shared Services Canada (SSC) provides information technology (IT) infrastructure services to PCH in the areas of data centre and network services.
2.2.2 Specific Arrangements
- Parks Canada Agency provides PCH with the PeopleSoft system platform to capture and report human resources data;
- Agriculture and Agri-Food Canada provides hosting services to PCH for its Departmental Financial Management System (SAP).
3. Ongoing monitoring of key controls
Ongoing monitoring is intended to ensure that Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), continues to operate effectively and as designed, following the guidance received from the Office of the Comptroller General.
3.1 Assessment results during fiscal year 2019-20
In Fiscal Year 2019-20, PCH continued the ongoing monitoring of the key financial management business processes. The end of the fiscal year was impacted by COVID-19 pandemic. The following table presents PCH’s progress as at March 31, 2020, based on the previous year action plan.
| Key business process | 2019-20 |
|---|---|
| Salaries | Completed |
| Capital Assets | Completed |
| Costing | Completed |
| Fraud Management | To be completed in FY 2020-21 |
| Revenues | Deferred to FY 2021-22 |
3.1.1 Salaries
In 2019-20, an ICFM salary risk assessment was performed to identify the high-risk sub processes for which control documentation had to be created. The Leave cash-out, Termination and Overtime processes were identified for assessment and design effectiveness testing of the key controls was completed for each process. No major control deficiencies has been identified and HR procedures were in place for all sub-processes.
Additionally, fraud risk scenarios for these sub-processes have been developed and assessed to determine the impact and likelihood for each fraud scenario (refer to the Fraud Management key business process for more details). The following provides more details on the observations.
Leave cash-out
Due to Phoenix issues, the mandatory leave cash out process has been put on hold by the Treasury Board of Canada Secretariat (TBS) for the last 3 years. One of the key risk identified is the accuracy of the leave cash-out balance being paid out to employees. To mitigate the risk, supporting documents must be requested by the Financial Administration Act (FAA) Section 34 Manager, to support the payment request and must be reviewed by the Financial Administration Act (FAA) Section 33 officer in the Accounting Operations division.
This control is of great importance especially when employees are deploying from one department to another. If an employee changes departments more than once in a short period of time, the risk of having an incorrect leave balance will increase. It is important for managers and employees to be aware of this risk and mitigate it as best as possible by retrieving employees’ leave balances from their previous departments and communicating this requirement to their employee.
The next automatic cash out date of excess hours will be on March 31, 2021 and operating effectiveness testing will have to be performed to ensure that the controls are working as they should be.
Overtime
Overtime may be claimed in one of two way:
Overtime in cash
- If the employee requests overtime in cash, the hours are entered in Phoenix by the employee and approved by the manager in the same system. One of the key control deficiencies identified is that Phoenix does not have any controls related to who approves the overtime, which means that the employee can select any delegated manager available in Phoenix. The manager reviews the forecast monthly, to acknowledge that work has been performed and that the appropriate employee has been paid.
Overtime in time
- If the employee requests overtime in time, a form is completed and submitted to the manager for approval. The manager then sends the request to HR Compensation who then sends the information to the Pay center for their action.
As specified in 2.2.1, both risks identified above are under the functional authority of the Pay center (PSPC). To remediate those risks, HR compensation updates and communicates overtime procedures on a regular basis to all employees and provide guidance and support to all managers if they have questions.
Termination
One of the key risk that was identified as part of this assessment is that employee’s pay is not stopped in a timely manner which may result in the employee continuing to receive pay after their termination date, i.e. leaving the Government of Canada.
In November 2019, the termination process was automated by CIOB through an electronic Departure Form and managers can now initiate the process online and all activities are sent to the functional authorities automatically to action. With the introduction of this new electronic process, it makes it easier for managers and employees to initiate the process and complete all the steps required in a timely manner.
3.1.2 Capital Assets
Capital assets are property (facilities, infrastructure, equipment, networks, computer software, etc.) that enable the delivery of public sector services and that are expected to generate value over a long period of time. It is crucial for the organization to assess the risks associated to Capital assets to avoid losses, misuse and/or obsolescence.
In 2019-20 an assessment of the key controls associated with the Asset Under Construction (AUC) sub-process was conducted. GCMI (GCMP), P2P/I2P Electronic signatures and GCDocs were the main projects that were analyzed.
The objective of this review was to determine the operating effectiveness of the key controls for the AUC business process and to ensure that Canadian Heritage (PCH) is compliant with the Financial Administration Act (FAA) and the key financial policy instruments issued by Treasury Board (TB), including the Government accounting standards.
Capitalization of IM/IT enabled projects expenses can be quite complex and accounting principles are not properly applied for AUC. As a result, related capital expenses are not always recorded appropriately but PCH has few capital projects so the impact is minimal.
A report and a management action plan was completed in 2019-20 and the recommendations are:
- Clarify roles & responsibilities of key stakeholders involved in the recording of AUC.
- Clarify the activities to be capitalized for complex IT projects.
- Procedures will be developed for AUC expenses monitoring activities that will define the frequency as well as the reporting requirements.
3.1.3 Costing
The objective of the Costing business process is to support the prudent use of public resources in the delivery of departmental plans and priorities. Departments are required to produce more accurate and credible cost estimates when requesting funding for new projects or program initiatives, which helps the Parliament and cabinet ministers make informed (evidence based) decisions when approving spending proposals and it reduces the possibility of cost overruns.
Additionally, a credible cost estimate will support the assertions and conclusions of the Chief Financial Officer (CFO), as required by the Policy on Financial Management and the supporting Guideline on Chief Financial Officer Attestation for Cabinet Submissions.
In FY 2019-20, the process was outlined to present the controls for the preparation of Cost estimates for new or existing program initiatives in the context of Budget asks (BA), Treasury Board (TB) submissions and Memorandum to Cabinet (MC) and more specifically on the calculation of the Operating resources required to deliver the new program initiative. The TB Submission process was mapped from the preparation of the cost estimates to the final approval by the Minister.
As part of the consultations, PCH costing tools were shared and updated, including the internal services costing model.
No control gap was identified as part of the design.
3.1.4 Fraud Management
Fraud in a federal government can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in public services. The Treasury Board (TB) Policy on Financial Management requires that financial resources are safeguarded against material loss due to waste, abuse, mismanagement, errors, fraud, omissions and other irregularities. Additionally, prompt corrective actions must be taken when fraud risks are identified in the system of internal control over financial management and financial reporting. The combination of effective fraud risk governance, a thorough fraud risk assessment, a strong fraud prevention and detection controls, along with a coordinated and timely investigation process, can significantly mitigate fraud risks.
Grants and Contributions (Gs&Cs) Fraud Risk Assessment
In 2019-20, various Gs&Cs fraud scenarios have been presented to Executive Committee (ExCom) to develop a fraud risk profile for PCH. Following this exercise, a fraud control matrix was developed to document key control activities. A similar exercise will be conducted with the Regions in 2020-21, given that they have direct contact with the applicants.
PCH has also started improving fraud awareness across the department.
- Terms of References were created and approved for a new Fraud Risk Management Working Group.
- A new module on fraud and wrongdoing was integrated to the program officer training and will cover values and ethics, conflict of interest, wrongdoing and fraud awareness.
- A Fraud Management Framework was developed and shared with all relevant stakeholders across the department. Consultations will continue to finalize the document and seek the Executive Committed (ExCom) approval during FY 2020-21.
Salaries Fraud Risk Assessment
In 2019-2020, a salary fraud risk assessment was conducted to evaluate the risk of fraud in the payroll process. Fraud scenarios were shared with key stakeholders to determine the impact and likelihood for each fraud scenario. The final report will be completed in FY 2020-21 and results will be presented to the Fraud Risk Management Working Group.
3.1.5 Revenue
PCH generates very little revenues as part of its core operations, therefore, this business process has not been assessed in the last five years due to its low materiality. Revenues account for approximately $10M annually in the departmental financial statement of which $5.2M is generated by the Canadian Audio-Visual Certification Office (CAVCO) program and approximately $2M from the MOU with Parks Canada for the SAP financial system. This review has been rescheduled for FY 2021-22 with the preliminary objective of providing assurance on the design and operating effectiveness of the CAVCO key controls processes.
3.2 COVID-19 considerations
The Global COVID-19 pandemic had major impacts on PCH’s ICFR business processes and brought financial and operating challenges that needed a rapid shift in business practices.
The 2019-20 year-end close was affected by the pandemic since a lot of the year end activities occurred post COVID-19 and new measures and accrued flexibility had to be implemented. For example, there was an increase use of electronic signature by delegated managers when exercising their financial authorities for the approval of invoices, contracts and Grants and Contributions Gs&Cs).
The Financial Management Community Development team within the Office of the Comptroller General (OCG) provided relevant guidance and information on the impacts of COVID-19 as it relates to financial policy and other-government departments (OGD) best practices.
Additionally, in May 2020, PCH received $500M of COVID-19 Emergency funding to support Cultural, Heritage and Sport Organizations across Canada. The emergency funding for COVID-19 was separated in 2 phases: Phase 1 (for existing clients) and Phase 2 (for new clients). For Phase 2, a new online portal was created for new recipient to apply and provide the required eligibility and payment information. A streamlined batch payment process was also created to expedite payments to all recipients.
Throughout this pandemic, PCH had to adapt its acquisition reconciliation process, as the process was still very manual. A new process using e-signatures and digital supporting documentation will be implemented and communicated to all cardholders and managers.
In FY 2020-21, controls related to the Grants and Contributions (Gs&Cs) key business process will be reviewed to determine if these changes had impacts on the validity, accuracy and completeness of PCH’s Financial Statements.
3.3 Three-year action plan
Based on the results of PCH’s annual risk assessment exercise, the three-year ongoing monitoring plan was revised:
| Key Business Processes | 2020-21 | 2021-22 | 2022-23 |
|---|---|---|---|
| Investment Planning | X | - | - |
| Fraud Management | - | - | - |
|
- | - | X |
|
X | - | - |
|
- | X | - |
| Planning, Budgeting and Forecasting | - | - | - |
|
X | - | - |
| Purchases and Payables | - | - | - |
|
X | - | - |
| Revenues | - | X | - |
| Financial Reporting | - | X | - |
| IT General Controls | - | X | - |
| Costing | - | - | X |
| Salaries | - | - | X |
| Grants and Contributions | X | - | - |
| IT Application Controls | - | - | X |
| Entity Level Controls | - | - | X |
| Capital Assets | - | - | - |
Page details
- Date modified: