Unaudited Financial Statements for the period ending March 31, 2018: Environment and Climate Change Canada, chapter 7
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2017-2018
1. Introduction
This document provides summary information on the measures taken by Environment and Climate Change Canada (ECCC) to maintain an effective system of Internal Control over Financial Reporting (ICFR), including information on internal control management, assessment results and related action plans.
Detailed information on ECCC’s authority, mandate and program activities can be found in the last Departmental Results Report and the current Departmental Plan.
2. Environment and Climate Change Canada's System of Internal Control Over Financial Reporting
2.1 Internal Control Management
ECCC has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Head, is in place and includes:
- Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
- Values and ethics code;
- Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
- Semi-annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Chief Financial Officer and as applicable, departmental senior management.
The Departmental Audit Committee provides advice to the Deputy Head on the adequacy and functioning of the department’s risk management, control, governance and processes.
2.2 Service Arrangements Relevant to Financial Statements
ECCC relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
Common Service Arrangements
- Public Services and Procurement Canada (PSPC) centrally administers the payments of salaries, the procurement of goods and services in accordance with ECCC’s Delegation of Authority, and provides accommodation services;
- The Treasury Board of Canada Secretariat (TBS) provides services related to public sector insurance for ECCC employees and centrally administers payment of th employer’s share of contributions toward statutory employee benefit plans (i.e., the Public Service Pension Plan, Employment Insurance Plan, Canada Pension Plan, Quebec Pension Plan and Public Service Supplementary Death Benefit Plan) on behalf of ECCC;
- The Department of Justice provides legal services to ECCC;
- The Public Prosecution Service of Canada provides prosecution services to ECCC; and
- Shared Services Canada provides information technology (IT) infrastructure services to ECCC in the areas of data center and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and ECCC.
Readers of this Annex may refer to the Statement of Management Responsibility (SOMR) Annexes of the above-noted organizations for a greater understanding of the systems of ICFR related to these specific services.
Specific Arrangements
- Agriculture and Agri-Food Canada (AAFC) provides ECCC with a SAP financial system platform to capture and report all financial transactions. Under this arrangement, ECCC relies on AAFC for the management of certain IT controls and procedures (e.g. security, configuration, change management, business continuity) and also of various master data functions in SAP. As a result, reliance is placed on the control procedures of AAFC.
3. Departmental Assessment Results During Fiscal Year 2017-2018
The following table summarizes the status of the ongoing monitoring activities according to the previous fiscal year’s rotational plan.
Previous year’s rotational Ongoing monitoring plan for current year |
Status |
|---|---|
| Entity Level Controls | Completed as planned; remedial actions in progress |
| Information Technology General Controls | Completed as planned; remedial actions in progress |
| Payroll | Completed as planned; remedial actions started |
| Operating expenditures | Completed as planned; no remedial actions required |
| Capital expenditures | In progress |
| Revenue | In progress |
3.1 New or significantly amended key controls
In 2017-2018, ECCC reviewed its business processes in order to reassess and rationalize the list of key internal controls. This standardization will facilitate future assessments.
3.2 Ongoing Monitoring Program
In 2017-2018, ECCC followed its rotational ongoing monitoring plan of internal controls over financial management as per the Treasury Board Financial Management Policy Suite requirements. This plan is consistent with the SOMR and is reviewed based on emerging priorities.
As such, the department completed the reassessment of Entity level controls and Information technology general controls (ITGC), as well as the testing of Operating expenditures through post payment verification.
The Department continues to be proactive in addressing potential issues around the implementation of the Phoenix pay system. ECCC reviewed the Payroll process documentation, such as process maps and control matrix, and implemented additional controls, including periodic analysis, payment issues reporting and clarification of roles and responsibilities in order to provide additional assurance on the accuracy of salary expenditures. Furthermore, additional resources continue to analyze data from Phoenix and My Government of Canada Human Resources (My GCHR) to identify root causes and to mitigate against future issues.
The key controls that were tested performed as intended, with remediation required as follows:
- Implement the Business Continuity Plan for the essential financial functions (EFF), recently approved by the Chief Financial Officer. This plan is to be leveraged for disruptive events as well as for identification and documentation of required EFF survival procedures.
- Increase Departmental employee’s fraud awareness through development of a guide currently under approval and start implementing a data analytics function, including quarterly monitoring. These recommendations are part of the Entity level controls area.
- Obtain assurance from the Common Service Providers via their SOMR that their ITGC operate effectively (over system changes, online transaction processing, backup and recovery of data, and business continuity planning) for the services they provide to ECCC.
Capital expenditures and Revenues were part of ECCC’s 2016-2017 Ongoing monitoring plan and the reassessment is underway. Completion of these reassessments is expected by fall 2018 and current status is provided below:
Capital expenditures
As a result of the review of the key controls presented in section 3.1, the scope of the work planned for Capital expenditures was revised to include IT assets, equipment and inventory. Work is underway to better understand the context of:
- Capitalization of software development costs;
- Asset tracking monitoring and accountability; and
- Staff training on the management and maintenance of asset records.
Revenues
ECCC has completed the review of documentation pertaining to the revenue mechanism assessment tools form, the standardized financial arrangement templates and the training provided to employees involved in the process. The elements of authorities, decision-making and accountabilities were also documented through the Departmental Delegation of Spending and Financial Signing Authorities and the Departmental Revenue Policy. Work is underway to test the operational effectiveness of related key controls.
4. Departmental action plan for the next fiscal year and subsequent years
ECCC’s rotational ongoing monitoring plan has been revised to reflect changes in departmental priorities and results from the 2017-2018 Annual Risk-Based Assessment that identifies areas of high risk in the departmental system of ICFR.
In June 2018, the Office of the Comptroller General has indicated upcoming new Management Accountability Framework requirements. As such, the ECCC adjusted its current plan to include an assessment of internal controls specific to the following Financial Management processes:
- Budgeting and forecasting;
- Costing;
- Investment planning; and
- CFO attestation for Cabinet Submissions.
Therefore, ECCC Ongoing Monitoring plan has been extended over a period of five years in compliance with TBS Guide to Ongoing Monitoring of Internal Controls Over Financial Management. This will ensure a better balance between available resources and workload in addressing areas of high risks.
| Key control areas | 2018-2019 | 2019-2020 | 2020-2021 | 2021-2022 | 2022-2023 |
|---|---|---|---|---|---|
| Entity Level Controls | No | No | Yes | No | No |
| Information Technology General Controls | No | No | Yes | No | No |
| Payroll | Yes | Yes | Yes | Yes | Yes |
| Operating expenditures | Yes | Yes | Yes | Yes | Yes |
| Capital expenditures | Yes | No | No | No | No |
| Grants and contributions | No | Yes | Yes | No | No |
| Revenue | Yes | No | No | No | No |
| Financial close and reporting | No | Yes | Yes | No | No |
| Environmental liabilities | No | Yes | Yes | No | No |
| Budgeting and forecasting | Yes | Yes | No | No | No |
| Costing | No | Yes | Yes | No | No |
| Investment planning | No | Yes | Yes | No | No |
| CFO attestation for Cabinet Submissions | Yes | Yes | No | No | No |
In addition, ECCC plans to enhance its approach to monitoring of controls including the development of data analytics methodology for the following areas: anomaly detection, internal controls, compliance with policies, and sound financial management practices and decision- making.
Finally, ECCC will also strenghten its control of salary expenditures through post-payment verification of pay transactions, as recommended in the TBS Guideline on “Financial Management of Pay Administration”.
Page details
- Date modified: