Annex to the Statement of Management Responsibility Including Internal Control Over Financial Management - Fiscal year 2018-19
Financial Policies and Internal Controls
Financial Management Branch
July 2019
Message from the Deputy Minister and Chief Financial Officer
Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2019, and all information contained in these statements rests with the senior management of the Department of Canadian Heritage (PCH). These financial statements have been prepared using the Government of Canada Accounting Handbook, which is based on Canadian public sector accounting standards.
Some of the information in these financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of PCH’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in PCH’s Departmental Results Report, is consistent with these financial statements.
Management is also responsible for maintaining an effective system of internal control over financial management (ICFM), including internal control over financial reporting (ICFR), which is designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.
Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout PCH and through conducting an annual risk assessment of the effectiveness of the system of ICFM.
The system of ICFM, including ICFR, is designed to mitigate risks to a reasonable level based on the ongoing monitoring of the key risks, to assess the effectiveness of associated key controls and to make any necessary adjustments.
A risk-based assessment of the system of ICFM, including ICFR, for the year ended March 31, 2019 was completed in accordance with the Treasury Board Policy on Financial Management and the results and action plans are summarized in the annex.
The effectiveness and adequacy of PCH’s system of internal control is reviewed by the work of internal control and internal audit staff, who conduct periodic reviews and audits of different areas of PCH’s operations. Additionally, the Departmental Audit Committee oversees management responsibilities for maintaining adequate control systems and the quality of financial reporting.
The financial statements of PCH have not been audited.
Helene Laurendeau
Deputy Minister
Eric Doiron
Chief Financial Officer
On this page
1. Introduction
This annex provides information on the measures taken by Canadian Heritage (PCH) to maintain an effective system of Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), assessment results and related action plans.
Information on PCH’s authority, mandate and program activities can be found in the Departmental Results Report and the Departmental Plan.
2. Internal control over financial management
The Treasury Board (TB) Policy on Financial Management came into effect on April 1, 2017 and requires the establishment and maintenance of a risk-based system of ICFM.
In this context, PCH must perform the ongoing monitoring of the design and operation of its internal controls and remediate identified deficiencies. This also provides reasonable assurance that public resources are used prudently and that financial legislation, regulations and policies are being complied with.
2.1 Internal control governance
PCH has a well-established governance structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister (DM) and the Chief Financial Officer (CFO), is in place and includes:
- Monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plan to the Departmental Audit Committee (DAC), in order to provide advice to the DM on the adequacy and functioning of the department’s risk management, control and governance frameworks and processes;
- An annual risk-based ongoing monitoring plan and internal audit plan, developed in consultation with senior management across the Department to address areas of higher risk and significance. This plan is instrumental to PCH’s system of ICFM. Reports on completed internal audits are presented to the DAC to seek recommendation for approval by the DM. In order to maximize the efficiency within the department, the ongoing monitoring plan is developed in consultation with the Office of the Chief Audit Executive (CAE) to coordinate the planning activities related to internal control assessments;
- Organizational accountability structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior managers in their areas of responsibility for control management;
- Strong Entity Level Controls, including a “Tone from the top” organizational culture and a department-wide Code of Conduct, which is supported by management and by the Office of Values and Ethics (OVE). The OVE provides confidential, independent, impartial and informal assistance to employees and groups of employees who are experiencing conflicts affecting their work;
- A fraud governance process that creates a transparent and sound anti-fraud culture within the department. This process includes periodic fraud risk assessments and a departmental fraud awareness strategy for all employees; and
- On-going communication and training on statutory requirements, and policies and procedures for sound financial management and control.
2.2 Service arrangements relevant to financial statements
PCH relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.
2.2.1 Common Arrangements
- Public Services and Procurement Canada (PSPC) centrally administers the payment of salaries and the procurement of some goods and services in accordance with PCH’s Delegation of Authority, and provides accommodation services;
- Treasury Board of Canada Secretariat provides PCH with information used to calculate various accruals and allowances, such as the accrued severance liability. It also provides policy guidance and interpretation on matters of financial management;
- The Department of Justice provides legal services to PCH; and
- Shared Services Canada (SSC) provides information technology (IT) infrastructure services to PCH in the areas of data centre and network services.
2.2.2 Specific Arrangements
- Parks Canada Agency provides PCH with the PeopleSoft system platform to capture and report human resources data;
- Agriculture and Agri-Food Canada provides hosting services to PCH for its Departmental Financial Management System (SAP).
3. Ongoing monitoring of key controls
Ongoing monitoring is intended to ensure that Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), continues to operate effectively and as designed, following the guidance received from the Office of the Comptroller General.
3.1 Assessment results during fiscal year 2018-19
In Fiscal Year 2018-19, PCH continued the ongoing monitoring of the key financial management business processes. The following table presents PCH’s progress as at March 31, 2019, based on the previous year action plan.
Key business process | 2018-19 |
---|---|
Salaries | Completed |
Planning, Budgeting and Forecasting | Completed |
IT Application Controls | To be completed FY 2019-20 |
Fraud Management | Completed |
3.1.1 Salaries
Compensation services were completely transferred to Miramichi as at March 31, 2015. Additionally, the implementation of the Phoenix pay system at the end of February 2016 changed PCH’ salary processes significantly.
An updated Guideline on Financial Management of Pay Administration was issued by TBS to assist departments in implementing revised business processes and control documentation, as they relate to the new pay administration model.
PCH relies on the effectiveness of the PSPC’s control framework to ensure that information is valid, timely, complete and accurate. Additionally, PCH relies on the automated controls of Phoenix for pay processing and time and labor reporting. However, Canadian Heritage remains responsible for monitoring controls related to the salaries key business process within the department.
Many employees are still experiencing pay issues as of today and may qualify for Emergency Salary Advances (ESA) and priority payments. In 2018-19, an assessment of the design effectiveness of key controls surrounding salary advances (ESA and priority payments) was completed. The advance recovery process will be documented in FY 2019-20 following the implementation of the PSPC pilot project for the recording of ESA and priority payments in Phoenix, schedule for July 2019. Once the process is fully implemented, the design effectiveness will be re-assessed and operating effectiveness testing of key controls in relation to ESA and priority payments will be performed.
3.1.2 Planning, Budgeting and Forecasting
Planning, Budgeting and Forecasting is a key business process that supports the prudent use of public resources and helps the Department achieve its objectives. Effective budgeting and forecasting activities provide timely and accurate financial information to senior management for decision making.
In 2018-19, an ICFM risk assessment was performed to determine the scope of the process. It has been determined that the Planning, Budgeting and Forecasting would be divided into three main sub-processes:
- Planning and budgeting;
- Forecasting;
- Manage funding pressures, surpluses and financial risks.
An assessment of the design effectiveness of key controls for the Planning, Budgeting and Forecasting key business process was completed. Additionally, operating effectiveness testing of key controls will be completed in FY 2019-20 after the implementation of the recommendations stemming from the Management Action Plan of the Joint Audit and Evaluation of Budgetary Controls.
3.1.3. IT Application Controls (ITAC)
These controls relate to specific computer software/applications and to individual transactions. They typically include controls over authorizing, recording and processing of transactions. The scope of the ITACs is defined within the ITGCs.
An assessment of the IT application controls associated with PCH’s Human Resources Management System PeopleSoft was conducted in FY 2018-19. Effective internal controls within the PeopleSoft application are required to ensure that data is valid, complete and accurate as this data directly impacts the quality of information used for payroll processing.
The objective of the assessment was to:
- document the PeopleSoft data entry process (control documentation);
- determine if the controls of the PeopleSoft application are designed to mitigate risks to a reasonable level; and
- determine the Department’s readiness to assess their design and operating effectiveness.
Overall findings have been documented in a report to management and a final action plan will be prepared for approval in fall 2019. The results will be reported in the 2019-20 Statement of Management Responsibility – Internal controls over financial Management annex.
3.1.4 Fraud Management
Fraud in the federal context can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in the public service. The TB Policy on Financial Management requires that financial resources are safeguarded against material loss due to waste, abuse, mismanagement, errors, fraud, omissions and other irregularities. Prompt corrective actions must be taken when fraud risks are identified in the system of internal control over financial management and financial reporting. The combination of effective fraud risk governance, a thorough fraud risk assessment, a strong fraud prevention and detection controls, along with a coordinated and timely investigation process, can significantly mitigate fraud risks.
In 2017-18, a Fraud Risk Assessment was performed for the Grants and Contributions (G&Cs) business process. The objective of this engagement was to identify, assess and prioritize fraud risks within PCH, and to better understand PCH’s control environment and requirements. In 2018-19, a Management Action Plan was developed with the following recommendations to be put in place:
- A Fraud Risk Management Working Group was established (established during the 2019-2020 fiscal year);;
- Various G&Cs fraud scenarios were presented to the Executive Committee in June 2019;
- A Fraud Risk Management Framework (including a Fraud Awareness Strategy) is set to be completed during fiscal year 2019-20;
- Key controls will be identified within the G&Cs process and additional controls will be implemented, if required.
- Conduct of fraud risk assessments for the Salaries and Contracting business processes in fiscal year 2019-20 and 2020-21, respectively.
3.2 Three-year action plan
Based on the results of PCH’s annual risk assessment exercise, the three-year ongoing monitoring plan was revised:
Key Business Processes | 2019-20 | 2020-21 | 2021-22 |
---|---|---|---|
Salaries | x | - | - |
Capital Assets | x | - | - |
Revenues | x | - | - |
Fraud Management & Risk Assessments | - | - | - |
Grants and Contributions | x | - | - |
Salaries | x | - | - |
Operating (contracting) | - | x | - |
Costing and CFO Attestation | x | - | - |
Financial Reporting | - | x | - |
Planning, Budgeting and Forecasting | - | x | - |
Grants and Contributions | - | x | - |
Purchases and Payables | - | x | - |
IT General Controls | - | - | x |
IT Application Controls | - | - | x |
Entity Level Controls | - | - | x |
Page details
- Date modified: