Unaudited financial statements for the period ending March 31, 2023, Environment and Climate Change Canada, chapter 7
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2022-23
1. Introduction
This document provides summary information on the measures taken by Environment and Climate Change Canada (ECCC) to maintain an effective system of Internal Control over Financial Reporting (ICFR) assessment results and related action plans.
Detailed information on ECCC’s authority, mandate and program activities can be found in the last Departmental Results Report and the current Departmental Plan.
2. Environment and Climate Change Canada’s System of Internal Control Over Financial Reporting
2.1 Internal Control Management
ECCC has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister, is in place and includes:
- Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior departmental managers for control management in their areas of responsibility;
- A values and ethics code;
- Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control;
- An internal financial attestation process in support of certification by the Deputy Minister and the Chief Financial Officer, whereby senior departmental managers who report to the Deputy Minister attest that they have implemented and maintained a risk-based system of internal control over financial management in their areas of responsibility;
- A Fraud Risk Management program that is designed to protect the departments’ resources from fraud, waste and abuse through a prevention and detection framework; and
- Semi-annual monitoring of, and regular updates on, internal control management, as well as the provision of related assessment results and action plans to the Deputy Minister and senior departmental management and, as applicable, the Departmental Audit Committee.
The Departmental Audit Committee provides advice to the Deputy Minister on the adequacy and functioning of the department’s risk management, control and governance frameworks and processes.
2.2 Service Arrangements Relevant to Financial Statements
ECCC relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
Common Service Arrangements
- Public Services and Procurement Canada (PSPC) provides accommodation services and administers the procurement of goods and services, and the payments of salaries in accordance with ECCC’s delegation of authorities. PSPC also administers the Receiver General Central Systems used to issue cheques on behalf of the department. ECCC relies on the effectiveness of the PSPC Phoenix pay system and related activities and practices;
- Shared Services Canada (SSC) provides information technology (IT) infrastructure services to ECCC in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between SSC and ECCC;
- The Department of Justice provides legal services to ECCC;
- The Public Prosecution Service of Canada provides prosecution services to ECCC; and
- The Treasury Board of Canada Secretariat provides services related to public sector insurance for ECCC employees and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans on behalf of ECCC.
Specific Arrangements
- Agriculture and Agri-Food Canada (AAFC) provides ECCC with a System Applications Products (SAP) financial system platform to capture and report all financial transactions. Under this arrangement, ECCC relies on AAFC for the management of certain IT controls and procedures (e.g., security, configuration, change management, business continuity) and of various master data functions in SAP.
Readers of this Annex may refer to the Statement of Management Responsibility (SOMR) Annexes of the above-noted organizations for a greater understanding of the systems of ICFR related to these specific services.
3. Departmental Assessment Results During Fiscal Year 2022-23
The following table summarizes the status of the ongoing monitoring activities according to the previous fiscal year’s rotational plan.
| Previous year’s rotational ongoing monitoring plan for current year | Status |
|---|---|
| Entity Level Controls (ICFR) | In progress, on track |
| IT General Controls (ICFR) | In progress, on track |
| Inventory (ICFR) | Postponed to 2024-25 |
| Stewardship of Financial Management Systems (ICFR) | (NEW) In progress, on track |
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
3.1 New or significantly amended key controls
As the Department has established a hybrid work model (employees work location is shared between their home and Government work locations), strategies were revised around Financial Management with a focus on resuming normal activities while keeping a modernized and strengthened delivery model and effective financial services. Inherent risks were considered in the decision to continue to use some established methods after the pandemic.
As part of the risk mitigation strategy and as a best practice, risks and key controls continued to be assessed at ECCC by:
- Evaluating changes in governance, risk management and internal controls, including those related to resource allocation and financial management in times of budgetary uncertainty, to delegation of authority and to reporting structure;
- Reviewing the adequacy of oversight procedures established over the impacted areas for enhanced monitoring. As such, the ICFM Framework applied by ECCC including an update to the ICFR framework, in alignment with the Integrated Risk Management Framework at ECCC, the Treasury Board Policy on Financial Management and with other government departments practices;
- Remaining vigilant of the potential financial fraud vulnerabilities in the hybrid model, including relaxation of monetary limits, remote access to financial systems and potential threats for cyber vulnerabilities;
- Documenting and communicating the results of the assessment of processes and controls and supporting business process owners and senior management in addressing them.
- Updating ECCC Fraud Risk Assessment (FRA) and strengthening fraud detection controls based on the scenarios identified; and
- Providing close support to the financial systems team for a fit-gap assessment on the alignment with the Office of the Comptroller General of Canada (OCG) lead Digital Comptrollership Program to support the new Directive on the Stewardship of Financial Management Systems.
3.2 Ongoing Monitoring Program
In 2022-23, the rotational ongoing monitoring plan of ICFM (including ICFR) at ECCC was performed by assessing the following ICFR business processes: Entity Level Controls, IT General Controls and Stewardship of FMS.
Entity Level Controls (ELC)
The assessment of the Entity Level Controls (ELC) is underway and will be completed in 2023-24 as per the previous years’ rotational ongoing monitoring plan. The existing documentation was reviewed to identify whether changes to the process have occurred and if any control updates need to be made.
IT General Controls (ITGC)
An ongoing monitoring assessment of the ITGC process was completed by AAFC (host department) with the support of an external consulting firm. The results were communicated to each Department cluster member and no actions plans were created as part of the operating effectiveness testing.
Inventory
The assessment of Inventory process has been postponed to 2024-25 so that the Department could prioritize the Documentation of the new Stewardship of Financial Management Systems process.
Stewardship of Financial Management Systems
The documentation phase of the Stewardship of Financial Management Systems was completed with the support of an external consulting firm. The design effectiveness of this process is planned for 2023-24.
4. Departmental action plan for the next fiscal year and subsequent years
In 2016, ECCC business processes related to ICFR reached the ongoing monitoring status. Subsequently, a risk-based ongoing monitoring program was implemented, and an annual risk-based assessment is conducted to monitor the effectiveness of its ICFR.
Ongoing monitoring of internal controls begins after completion of initial control assessment. The control assessment involves:
- Using a risk-based approach;
- Documenting the controls;
- Testing for design effectiveness and operating effectiveness; and
- Developing a management action plan to correct gaps or weaknesses.
ECCC’s five-year risk-based ongoing monitoring plan is rotational and is based on the 2022-23 risk assessment results of ICFM processes (including ICFR processes), departmental priorities, available resources and workload, and other considerations, such as the COVID-19 pandemic context, that have an impact on the plan.
In summary, this fiscal year’s risk-based assessment resulted in continuing to consider components related to Inventory and Capital Assets as being at higher risk due to the interim measures and processes implemented during the COVID-19 pandemic. Since the Department operates in a hybrid work model, the Real Property and the Travel, Hospitality, Conferences and Events (THCE) processes are also considered higher risk due to the related workplace transformation and to the lifting of restrictions related to travel and gatherings. The Department will continue to prioritize and realign its ICFM (including ICFR) assessments to assist the organization in effectively navigating through the post-pandemic environment.
| Key control areas | 2023-24 | 2024-25 | 2025-26 | 2026-27 | 2027-28 |
|---|---|---|---|---|---|
| Entity Level Controls (ICFR) | Yes | No | No | No | No |
| IT General Controls (ICFR) | Yes | Yes | Yes | Yes | Yes |
| Stewardship of Financial Management Systems (ICFR) | Yes | Yes | No | No | Yes |
| Real Property (ICFR) | Yes | No | No | Yes | No |
| Inventory (ICFR) | No | Yes | No | No | Yes |
| Capital Assets (ICFR) | No | Yes | No | No | Yes |
| Grants and Contributions (Transfer Payments) (ICFR) | No | No | Yes | No | No |
| Public Money and Receivables (ICFR) | No | Yes | No | No | No |
| Financial Close and Reporting (ICFR) | No | Yes | No | No | No |
| Travel, Hospitality, Conferences and Events (ICFR) | Yes | No | No | No | Yes |
| Delegation of Financial Authorities (ICFR) | No | No | Yes | No | No |
| Purchasing, Payables and Payments (ICFR) | No | No | No | Yes | No |
Page details
- Date modified: