Annex to the Statement of Management Responsibility Including Internal Control Over Financial Management - Fiscal year 2018-19

Financial Policies and Internal Controls
Financial Management Branch
July 2019

Message from the Deputy Minister and Chief Financial Officer

Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2019, and all information contained in these statements rests with the senior management of the Department of Canadian Heritage (PCH). These financial statements have been prepared using the Government of Canada Accounting Handbook, which is based on Canadian public sector accounting standards.

Some of the information in these financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of PCH’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in PCH’s Departmental Results Report, is consistent with these financial statements.

Management is also responsible for maintaining an effective system of internal control over financial management (ICFM), including internal control over financial reporting (ICFR), which is designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.

Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout PCH and through conducting an annual risk assessment of the effectiveness of the system of ICFM.

The system of ICFM, including ICFR, is designed to mitigate risks to a reasonable level based on the ongoing monitoring of the key risks, to assess the effectiveness of associated key controls and to make any necessary adjustments.

A risk-based assessment of the system of ICFM, including ICFR, for the year ended March 31, 2019 was completed in accordance with the Treasury Board Policy on Financial Management and the results and action plans are summarized in the annex.

The effectiveness and adequacy of PCH’s system of internal control is reviewed by the work of internal control and internal audit staff, who conduct periodic reviews and audits of different areas of PCH’s operations. Additionally, the Departmental Audit Committee oversees management responsibilities for maintaining adequate control systems and the quality of financial reporting.

The financial statements of PCH have not been audited.

Helene Laurendeau
Deputy Minister

Eric Doiron
Chief Financial Officer

On this page

1. Introduction

This annex provides information on the measures taken by Canadian Heritage (PCH) to maintain an effective system of Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), assessment results and related action plans.

Information on PCH’s authority, mandate and program activities can be found in the Departmental Results Report and the Departmental Plan.

2. Internal control over financial management

The Treasury Board (TB) Policy on Financial Management came into effect on April 1, 2017 and requires the establishment and maintenance of a risk-based system of ICFM.

In this context, PCH must perform the ongoing monitoring of the design and operation of its internal controls and remediate identified deficiencies. This also provides reasonable assurance that public resources are used prudently and that financial legislation, regulations and policies are being complied with.

2.1 Internal control governance

PCH has a well-established governance structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister (DM) and the Chief Financial Officer (CFO), is in place and includes:

2.2 Service arrangements relevant to financial statements

PCH relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.

2.2.1 Common Arrangements

2.2.2 Specific Arrangements

3. Ongoing monitoring of key controls

Ongoing monitoring is intended to ensure that Internal Control over Financial Management (ICFM), including Internal Control over Financial Reporting (ICFR), continues to operate effectively and as designed, following the guidance received from the Office of the Comptroller General.

3.1 Assessment results during fiscal year 2018-19

In Fiscal Year 2018-19, PCH continued the ongoing monitoring of the key financial management business processes. The following table presents PCH’s progress as at March 31, 2019, based on the previous year action plan.

Table 1. PCH's progress with regards to its previous year action plan
Key business process 2018-19
Salaries Completed
Planning, Budgeting and Forecasting Completed
IT Application Controls To be completed FY 2019-20
Fraud Management Completed

3.1.1 Salaries

Compensation services were completely transferred to Miramichi as at March 31, 2015. Additionally, the implementation of the Phoenix pay system at the end of February 2016 changed PCH’ salary processes significantly.

An updated Guideline on Financial Management of Pay Administration was issued by TBS to assist departments in implementing revised business processes and control documentation, as they relate to the new pay administration model.

PCH relies on the effectiveness of the PSPC’s control framework to ensure that information is valid, timely, complete and accurate. Additionally, PCH relies on the automated controls of Phoenix for pay processing and time and labor reporting. However, Canadian Heritage remains responsible for monitoring controls related to the salaries key business process within the department.

Many employees are still experiencing pay issues as of today and may qualify for Emergency Salary Advances (ESA) and priority payments. In 2018-19, an assessment of the design effectiveness of key controls surrounding salary advances (ESA and priority payments) was completed. The advance recovery process will be documented in FY 2019-20 following the implementation of the PSPC pilot project for the recording of ESA and priority payments in Phoenix, schedule for July 2019. Once the process is fully implemented, the design effectiveness will be re-assessed and operating effectiveness testing of key controls in relation to ESA and priority payments will be performed.

3.1.2 Planning, Budgeting and Forecasting

Planning, Budgeting and Forecasting is a key business process that supports the prudent use of public resources and helps the Department achieve its objectives. Effective budgeting and forecasting activities provide timely and accurate financial information to senior management for decision making.

In 2018-19, an ICFM risk assessment was performed to determine the scope of the process. It has been determined that the Planning, Budgeting and Forecasting would be divided into three main sub-processes:

  1. Planning and budgeting;
  2. Forecasting;
  3. Manage funding pressures, surpluses and financial risks.

An assessment of the design effectiveness of key controls for the Planning, Budgeting and Forecasting key business process was completed. Additionally, operating effectiveness testing of key controls will be completed in FY 2019-20 after the implementation of the recommendations stemming from the Management Action Plan of the Joint Audit and Evaluation of Budgetary Controls.

3.1.3. IT Application Controls (ITAC)

These controls relate to specific computer software/applications and to individual transactions. They typically include controls over authorizing, recording and processing of transactions. The scope of the ITACs is defined within the ITGCs.

An assessment of the IT application controls associated with PCH’s Human Resources Management System PeopleSoft was conducted in FY 2018-19. Effective internal controls within the PeopleSoft application are required to ensure that data is valid, complete and accurate as this data directly impacts the quality of information used for payroll processing.

The objective of the assessment was to:

Overall findings have been documented in a report to management and a final action plan will be prepared for approval in fall 2019. The results will be reported in the 2019-20 Statement of Management Responsibility – Internal controls over financial Management annex.

3.1.4 Fraud Management

Fraud in the federal context can cause the loss of public money or property, hurt employee morale, and undermine Canadians’ confidence in the public service. The TB Policy on Financial Management requires that financial resources are safeguarded against material loss due to waste, abuse, mismanagement, errors, fraud, omissions and other irregularities. Prompt corrective actions must be taken when fraud risks are identified in the system of internal control over financial management and financial reporting. The combination of effective fraud risk governance, a thorough fraud risk assessment, a strong fraud prevention and detection controls, along with a coordinated and timely investigation process, can significantly mitigate fraud risks.

In 2017-18, a Fraud Risk Assessment was performed for the Grants and Contributions (G&Cs) business process. The objective of this engagement was to identify, assess and prioritize fraud risks within PCH, and to better understand PCH’s control environment and requirements. In 2018-19, a Management Action Plan was developed with the following recommendations to be put in place:

3.2 Three-year action plan

Based on the results of PCH’s annual risk assessment exercise, the three-year ongoing monitoring plan was revised:

Table 2. Three-year Ongoing Monitoring Plan
The X indicates the year in which the monitoring for each key control area will take place.
Key Business Processes 2019-20 2020-21 2021-22
Salaries x - -
Capital Assets x - -
Revenues x - -
Fraud Management & Risk Assessments - - -
Grants and Contributions x - -
Salaries x - -
Operating (contracting) - x -
Costing and CFO Attestation x - -
Financial Reporting - x -
Planning, Budgeting and Forecasting - x -
Grants and Contributions - x -
Purchases and Payables - x -
IT General Controls - - x
IT Application Controls - - x
Entity Level Controls - - x

Page details

Date modified: