Archived: Unaudited Financial Statements for the period ending March 31, 2015, Environment Canada chapter 7
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2014-2015
Table of Contents
- Annex to the Statement of Management Responsibility
- Introduction
- Environment Canada's System of Internal Control Over Financial Reporting
2.1 Internal Control Management
2.2 Service Arrangements Relevant to Financial Statements - Departmental Assessment Results During Fiscal Year 2014-2015
3.1 Design Effectiveness of Key Controls
3.2 Operating Effectiveness of Key Controls
3.3 Ongoing Monitoring of Key Controls - Environment Canada’s ICM Action Plan
4.1 Progress During Fiscal Year 2014-2015
4.2 Status and Action plan for Fiscal Year 2015-2016 and Subsequent Years
1. Introduction
This document is an annex to Environment Canada’s (EC) Statement of Management Responsibility (SOMR) Including Internal Control Over Financial Reporting (ICFR) for the fiscal year 2014-2015. This document provides summary information on the measures taken by EC to maintain an effective system of ICFR, including information on Internal Control Management (ICM) and assessment results and related action plan.
Detailed information on EC's authority, mandate and program activities can be found in the Departmental Performance Report and Report on Plans and Priorities.
2. Environment Canada's System of Internal Control Over Financial Reporting
2.1 Internal Control Management
EC’s ICM is governed by an over-arching Internal Control Framework (ICF) that includes a Financial Management Framework as an integral component. ICM includes the following elements:
- governance and accountability structures for internal control management;
- an integrated ICFR approach and methodology;
- effective oversight, assessment and remediation mechanisms; and
- a comprehensive ICFR monitoring program which includes an annual monitoring plan.
EC has invested significant effort into aligning, streamlining and integrating these components essential to effective ICM. These efforts have been undertaken to ensure continuous progression towards a state of maturity that is consistent with the guidance and common practices set by the Office of the Comptroller General of Canada (OCG) and in accordance with the Treasury Board (TB) Policy on Internal Control (PIC).
Internal Control Framework
EC has an ICF approved by the Deputy Minister (DM), demonstrating an increased departmental focus on ICM and reinforcing management’s leadership and commitment towards openness, honesty, integrity, and ethical behavior. The EC ICF incorporates leading practices and departmental lessons learned over the last six years of ICFR assessments under the TB PIC.
The ICF provides an anchor point for ICM, and describes the structure, context and processes by which internal controls are identified, assessed and monitored. The purpose of the ICF is to:
- describe the roles and responsibilities of the DM, Senior Departmental Managers, Managers and employees for ICM;
- set out the commitments to provide regular updates/reports on the effectiveness of internal controls to Senior Departmental Managers and the External Audit Advisory Committee;
- establish a common foundation for ICM within the Department;
- address the TB requirements relating to internal controls, including ICFR; and
- establish a context and structure that allow for effective ICM.
Organizational Accountabilities Structure
As described in its ICF, EC has a well-established governance and accountability structure which supports departmental assessment efforts and oversight of its system of internal controls throughout the organization.
Roles and responsibilities as they relate to ICM are as follows:
- Deputy Minister (DM) - EC's DM, as Accounting Officer, assumes overall stewardship responsibility and leadership for ICM. The DM is responsible for oversight of the establishment, monitoring and review of the departmental system of internal control, as well as for monitoring compliance with the PIC.
- Chief Financial Officer (CFO) - EC's CFO reports directly to the DM and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICM, inclusive of ICFR. The CFO's key roles are as a strategic advisor and steward of sound internal control and financial management practices.
- Senior Departmental Managers (SDMs) - SDMs, who report directly to the DM, are responsible to provide leadership in financial management, internal controls, and financial reporting and disclosure. They are also responsible for seeking the advice and support of the CFO in the development and maintenance of an effective financial management, risk and control framework over programs. Additionally, SDMs must provide the DM with assurance that business processes and appropriate controls are in place to ensure the effectiveness of their organization’s financial management and internal control systems to meet the requirements set out in the SOMR including ICFR.
- Chief Audit Executive (CAE) - The CAE provides independent assurance to the DM regarding the effectiveness of risk management, control and governance processes.
- External Audit Advisory Committee (EAAC) - The EAAC is an independent committee, consisting of three external members, which provides the deputy ministers with objective advice and recommendations regarding the sufficiency, quality and results of assurance on the adequacy and functioning of the Department’s risk management, control and governance frameworks and processes (including accountability and auditing systems). The EAAC also reviews the Departmental Financial Statements, the annual SOMR including the related Annex.
- Executive Management Committee (EMC) - The EMC is the most senior management committee with oversight responsibilities for the Department. The EMC is responsible for monitoring the organization's response to corporate risks and ensuring the effectiveness of risk mitigation measures and that internal controls are in place to address key corporate risks.
- Corporate Transformation Oversight Committee (CTOC) - Supporting the EMC, the CTOC, formerly known as the Corporate Accountability and Administrative Renewal (CAAR) Committee, provides coordination and oversight on the integrated implementation of department and government-wide enabling business transformation initiatives and also provides support to managers and employees in adopting change.
- Directors General - Business Integration Committee (DG BIC) Functions as a horizontal forum for broader inclusive discussions and engagement on department-wide issues. The BIC is comprised of DGs representing most branches and regions of the Department.
- Financial Policy, Systems and Controls (FPSC) Division of the Procurement, Accounting and Controls Directorate - Leads the integrated management, stewardship of departmental Internal Control Management (ICM) and continual transformation and improvement of departmental financial systems, corporate financial policy and business process management. FPSC internal control assessments and remediation of control deficiencies involve the engagement of all branches and regions. Strong ICM is a requirement under the TB PIC and is a key assessment area under the Treasury Board Secretariat (TBS) Management Accountability Framework - Area of Management 7 - Finance.
Governance and Oversight Measures
EC's control environment includes a series of measures which help ensure that risks are effectively managed through a responsible and risk-based approach.
Key measures include:
- EC continues to advance and support public service values and ethical standards for its employees and managers by providing a mandatory online Values and Ethics Course. During 2014-2015, 86% of the Department`s employees have completed this training;
- an Integrated Risk Management Framework,a strengthened Risk Governance Structure, and a broadly communicated CorporateRisk Profile contribute to effective risk management at EC. Increased employee awareness, ongoing monitoring and timely mitigating activities ensure that emerging/changing risks are appropriately managed;
- the Delegation of Financial Signing Authorities and Designation Order Instrument was updated in 2014-2015 as per TBS Directive on Delegation of Financial Authorities for Disbursements requirements;
- an annual Performance Management Agreements for SDMs that assess accountabilities and financial management responsibilities;
- a Public Accounts Letter of Representation signed by SDMs confirming that the respective organization had maintained a system of financial management and internal control and that all known deficiencies in the operation of disclosure controls and procedures and of ICFR have been disclosed; and
- training programs and regular communication to departmental employees on core areas of financial management and financial policies to correspond to the EC Departmental Financial Management System (DFMS) Renewal (SAP).
EC Monitoring Strategy for ICM
EC’s Monitoring Strategy for ICM provides a description of the approach and methodology to ensure that ICM activities, including monitoring of its system of ICFR, align with the PIC. This Strategy describes in detail EC’s ongoing system of testing, remediation and monitoring of its internal controls to ensure key controls are working as intended. The Strategy references and adopts generally accepted internal control assessment leading practices, including Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information and Related Technology (COBIT) standards.
The key components of the ICM Monitoring Strategy include:
- an enhanced annual risk-based assessment based on a combination of quantitative and qualitative elements, as well as the findings of other oversight/assurance providers;
- an annual Controls Assessment Plan which includes documentation, design and operating effectiveness testing, and remediation and ongoing monitoring plans;
- the requirements for pre-payment, payment and post-payment verification, in accordance with the TBS Directive on Account Verification;
- comprehensive remediation monitoring activities that systematically address required adjustments stemming from assessments;
- the requirements for reporting to the TBS, EC’s EAAC, CTOC, and the DG BIC regarding ICM, inclusive of ICFR;
- FPSC collaboration with multi-disciplinary areas of responsibility across EC; namely, with the Finance Branch Corporate Development Unit and the Audit and Evaluation Branch for the risk-based assessment and monitoring of all key control elements; and
- stakeholder engagement and horizontal/cross functional integration to provide a coordinated approach to monitoring the effectiveness of EC’s ICM.
2.2 Service Arrangements Relevant to Financial Statements
EC relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
Common Arrangements
- Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and benefits, the procurement of some goods and services, as well as the cost of accommodations on behalf of EC. In addition, PWGSC, with the implementation of Pay Consolidation with its newly established Pay Centre in Miramichi, is now responsible for processing and the quality assurance of most of EC’s salaries and benefits transactions;
- The TBS provides EC with information used to calculate some accruals and allowances such as the accrued severance liability;
- The Department of Justice provides legal services to EC;
- The Public Prosecution Service of Canada provides prosecution services to Environment Canada; and
- Shared Services Canada (SSC) provides IT infrastructure services to EC in the areas of data centre and network services. The scope and responsibilities are outlined in interdepartmental agreement between SSC and EC.
Specific Arrangements
EC has no specific arrangement in place at this time.
3. Departmental Assessment Results During Fiscal Year 2014-2015
During 2014-2015, EC undertook a major business process transformation initiative, the DFMS Renewal transition to SAP. Although priorities for ICM were re-evaluated in 2014-2015 due to this initiative, EC completed all of its planned and expected design effectiveness testing and completed advanced design effectiveness testing of several additional control areas by completing documentation based on the OCG Common Financial Management Business Processes (CFM-BPs), and by updating documentation to reflect the new operational requirements due to the DFMS renewal - SAP implementation. EC also advanced its operating effectiveness by completing documentation of several key business processes, while ongoing monitoring continued to be implemented as planned.
For purposes of interpretation, the business processes which were assessed by EC as high risk and are now subject to ongoing monitoring are: Entity Level Controls, Information Technology General Controls, Manage Procure to Pay, Manage Financial Close.
Work Completed as Expected and Planned:
EC completed the design effectiveness testing of the following key CFM-BPs:
- Manage Vendor Master Data; and
- Manage Administration of Acquisition and Fleet Cards (Fleet Focus).
EC completed the documentation update (Control Matrix & Business Process Map) and substantially advanced design effectiveness testing as planned, customizing specific business process owner’s system requirements for the DFMS Renewal - SAP implementation for the following key CFM-BPs and Sub-Processes:
- Manage Revenues and Receivables;
- Manage Collection of Overdue Receivables;
- Manage Customer Master Data File;
- Manage Planning and Budgeting;
- Manage Forecasting and Budget Review; and
- Manage Departmental Chart of Accounts.
Additional Work Completed:
In addition to the work completed as expected and planned, EC also substantially advanced the design effectiveness testing requirements on the new DFMS module - Enterprise Asset Management (EAM). This module integrates Manage Other Capital Assets, Manage Real Property and Manage Inventory CFM-BPs. The EC work was completed as part of the DFMS Renewal transformation which included the system blueprint, the system configuration and the internal controls documentation.
Remediation Actions:
In addition this fiscal year, EC identified and is undertaking the following key design effectiveness remediation actions:
- Ensure supporting documentation of key controls within processes exist with corresponding documentation and roles and responsibilities;
- Ensure key policy updates and underpinning roles and responsibilities are captured and rolled out by the policy holders on a timely basis;
- Collaborate with multiple EC branches to design new work procedures and strengthen key controls;
- Review and clarify procedural steps pertaining to key controls, and the associated roles and responsibilities relating to environmental liabilities; and
- Ensure appropriate mitigations exist with corresponding roles and responsibilities for manage financial close (suspense accounts and petty cash).
Work Completed as Expected and Planned:
Since the focus was on the update of the business process documentation due to the DFMS Renewal, EC substantially advanced operating effectiveness testing with the integration of outstanding remediation actions from design effectiveness and by formally updating the documentation for the following key CFM-BPs and Sub-Processes:
- Manage Other Capital Assets;
- Manage Inventory;
- Pay Administration - HR and Systems;
- Manage Travel;
- Manage Grants and Contributions;
- Manage Administration of Acquisition and Fleet Cards;
- Manage Vendor Master Data File; and
- Manage Real Property.
Additional Work Completed:
In addition to the work completed as expected and planned, EC finalized the operating effectiveness testing of the following key CFM-BPs and Sub-Processes:
- Manage Financial Close; and
- Manage Delegation of Financial and Spending Authorities.
Remediation Actions:
In this fiscal year, EC implemented the following required key remediation actions:
- reviewed and clarified procedural steps pertaining to key controls, and the associated roles and responsibilities relating to P2P, Manage Financial Close (Petty Cash and Suspense Accounts focus) and Manage Delegation of Financial and Spending Authorities.
Work Completed as Expected and Planned:
EC completed planned ongoing monitoring of the following key control areas:
- Entity Level Controls (ELC);
- Information Technology General Controls (ITGCs);
- Manage Financial Close - (Petty Cash focus); and
- Manage Procure to Payment
Remediation Actions:
As a result of ongoing monitoring, EC identified the following key remediation action:
- for ITGCs, EC is to ensure proper training for the management of system user identity and logical access and the implementation of appropriate oversight procedures.
In addition, this fiscal year EC implemented the following required key remediation actions:
- introduction of a mandatory course on values and ethics for all EC’s employees; and
- developed a Fraud Awareness Guide for Financial Officers at Environment Canada to support the Values an Ethics Code for the Public Service and support the departmental Fraud Risk Assessment underway.
EC has continued to improve the application of ongoing monitoring of key ICM controls by implementing the approach and methodology set forth in the EC Monitoring Strategy for ICM and the associated Annual Monitoring Plan. Building on the foundation set in 2012-2013, EC continued to focus on communication and stakeholder engagement, fostering a goal-oriented monitoring environment based on open dialogue and collaboration. To facilitate stakeholder communication, EC also produced two guides, directed to both staff and stakeholders, that promote awareness, clarify and formalize the roles and responsibilities as well as detail the steps required for their involvement in an assessment of the effectiveness of the Department’s ICM.
Furthermore, in 2014-2015 EC implemented its monitoring and reporting on remediation actions, a key component of the EC Monitoring Strategy for ICM. In light of EC’s DFMS Renewal, with implementation as of April 1st, 2015, and the required period of stabilization at least for the next fiscal year, monitoring is now done on a semi-annual basis. This monitoring provides the CFO and stakeholders with updates on the Department’s outstanding ICM remediation actions and ensures that the progress in the control assessment plan is aligned with management expectations. In 2014-2015, all outstanding remediation actions were integrated into the scope of any planned ICM work, including updates of business processes impacted by the DFMS Renewal planned transition to SAP.
4. Environment Canada’s ICM Action Plan
4.1 Progress During Fiscal Year 2014-2015
During 2014-2015, EC continued to make significant progress in completing the assessment of its key controls and met all of the expectations that were set in its action plan for the year in the 2013-2014 annex. Table 1 provides a summary of the progress made by EC based on the plans identified in the 2013-2014 annex.
| Table 1 - Work Completed in 2014-2015 Based on Action Plan in 2013-2014 Annex | |
|---|---|
| Element in previous year’s (2013-2014) action plan | Updated Status at March 31, 2015 |
| Documentation phase of CFM BP's for SAP implementation. | Documentation phase completed; also substantially advanced design effectiveness for Manage Revenues and Receivables, Manage Collection of Overdue Receivables, Manage Customer Master Data File, Manage Planning and Budgeting, Manage Forecasting and Budget Review. |
| Design effectiveness testing - Manage Administration of Acquisition and Fleet Cards, Manage Vendor Master Data File, Manage Departmental Chart of Accounts. | Design effectiveness testing completed for Manage Administration of Acquisition and Fleet Cards (Fleet Focus) and Manage Vendor Master Data; Substantially advanced Manage Departmental Chart of Accounts. |
| Design effectiveness remediation. | Monitoring of remediation actions was conducted throughout 2014-2015. Progress was made on outstanding recommendations to review and clarify steps pertaining to key controls. Due to the opportunity presented by the EC’s DFMS Renewal, all outstanding remediation actions with the exceptions of those pertaining to Manage Vendor Master Data and Manage Administration of Acquisition and Fleet Cards (Fleet Focus) have been integrated into the scope of any planned ICFR work impacted by this initiative. |
| Operating effectiveness testing - Environmental Liabilities. | Operating effectiveness was substantially advanced for Manage Other Capital Assets, Manage Inventory, Pay Administration - HR and Systems, Manage Travel, Manage Grants and Contributions, Manage Administration of Acquisition and Fleet Cards, Manage Delegation of Financial and Spending Authorities, Manage Financial Close, Manage Vendor Master Data File and Manage Real Property. Due to priorities emerging from DFMS and the rate of progress on remediation, operating effectiveness for Environmental Liabilities is scheduled for 2015-2016. |
| Operating effectiveness remediation. | Monitoring of remediation actions was conducted throughout 2014-2015. Due to the opportunity presented by the EC’s DFMS Renewal, all outstanding remediation actions, with the exception of those pertaining to Manage Financial Close, have been integrated into the scope of any planned ICFR work impacted by this initiative. |
| Ongoing monitoring. | Ongoing monitoring was performed through 2014-2015. |
4.2 Status and Action plan for Fiscal Year 2015-2016 and Subsequent Years
Under the PIC, departments need to be able to maintain an effective system of ICM, including ICFR, with the objectives to provide reasonable assurance that transactions are appropriately authorized, financial records are properly maintained, assets are safeguarded and applicable laws, regulations and policies are followed.
As a result of the transition to SAP on April 1, 2015, all planned ICM activities for 2015-16 have been re-evaluated within the context of the DFMS Renewal and associated Business Transformation (BT) progress. The planned activities leverage the efforts of 2014-15 on standardizing, streamlining, and integrating business processes in support of this transition, a departmental transformation initiative that involves a hosted partnership.
Leveraging the progress made during the DFMS Renewal planned transition to SAP, (which advanced the preparation for design effectiveness and operational effectiveness testing of affected CFM-BPs and associated controls) EC has determined which financial accounts to assess based on a risk based approach. If the implementation of SAP on April 1, 2015 results in unforeseen and unplanned items, EC will use its risk-based approach to update priorities for ICM assessment activities. Prioritization will likely advance certain assessments and for others, cause a delay. Ongoing monitoring on Key Control Areas will begin thereafter, also using a risk-based approach.
The status and action plan for EC’s ICM Assessments for 2015-2016 and two subsequent yearsǂ is shown in Table 2.
|
Table 2
ICM Three Year Controls Assessment Plan for 2015-2016 to 2017-2018ǂ High Risk Key Control Areas* |
||||||
|---|---|---|---|---|---|---|
| Key Control Areas | Assessment elements | |||||
| Documentation | Design Effectiveness | Operating Effectiveness | Ongoing monitoring rotation | |||
| Testing | Remediation | Testing | Remediation | |||
| Entity Level Controls* | Complete | Complete | Complete | Complete | Complete | Since 2013-14 |
| Information Technology General Controls (ITGCs)* | Complete | Complete | Complete | Complete | Complete | Since 2013-14 |
| Manage Procure to Payment* | Complete | Complete | Complete | Complete | Complete | Since 2014-15 |
| Manage Financial Close* | Complete | Complete | Complete | Complete | Complete | Since 2014-15 |
| Manage Other Capital Assets | Complete | Complete | Complete | 2015-16 | 2016-17 | 2017-18 |
| Manage Real Property | Complete | Complete | Complete | 2015-16 | 2016-17 | 2017-18 |
| Manage Inventory | Complete | Complete | Complete | 2015-16 | 2016-17 | 2017-18 |
| Manage Travel | Complete | Complete | Complete | 2015-16 | ǂ | ǂ |
| Pay Administration | Complete | Complete | Complete | 2015-16 | 2015-16 | 2016-17 |
| Manage Grants and Contributions | Complete | Complete | Complete | 2015-16 | 2015-16 | 2016-17 |
| Manage Administration of Acquisition and Fleet Cards | Complete | Complete | Complete | 2015-16 | 2016-17 | 2017-18 |
| Manage Other Payments | 2015-16 | 2015-16 | 2016-17 | 2017-18 | ǂ | ǂ |
| Manage Vendor Master Data File | Complete | Complete | Complete | 2015-16 | 2015-16 | 2016-17 |
| Manage Customer Master Data File | Complete | 2015-16 | 2015-16 | 2015-16 | 2016-17 | 2016-17 |
| Manage Revenue,Receivables and Receipts | Complete | 2015-16 | 2016-17 | 2017-18 | ǂ | ǂ |
| Manage Interdepartmental Settlements | 2015-16 | 2015-16 | 2016-17 | 2017-18 | ǂ | ǂ |
| Manage Planning and Budgeting | Complete | 2016-17 | 2017-18 | ǂ | ǂ | ǂ |
| Manage Forecasting and Budget Review | Complete | 2016-17 | 2017-18 | ǂ | ǂ | ǂ |
| Manage Collection of Overdue Receivables | Complete | 2015-16 | 2015-16 | 2015-16 | 2016-17 | 2016-17 |
| Manage Departmental Chart of Accounts | Complete | 2015-16 | 2015-16 | 2015-16 | 2015-16 | 2016-17 |
| Manage Delegation of Financial and Spending Authorities | Complete | Complete | Complete | Complete | 2015-16 | 2016-17 |
| Manage Post Payment Verification | 2015-16 | 2016-17 | 2016-17 | 2017-18 | 2017-18 | 2017-18 |
| Environmental Liabilities | Complete | Complete | Complete | 2015-16 | 2016-17 | 2017-18 |
| Enterprise Asset Management Module | Complete | Complete | 2015-16 | 2015-16 | 2016-17 | 2017-18 |
ǂ
|
||||||
In completing the action plan as presented, EC will ensure a timely progression is made towards a mature system of ICM that provides the Government and Canadians with assurance regarding the reliability of its financial reporting contained within departmental financial statements and Public Accounts. This progression reflects EC’s commitment to continue advancement towards more robust and auditable financial statements.
Page details
- Date modified: