Canada Revenue Agency Annual Report to Parliament 2013-2014
Summary of the assessment of effectiveness of the system of internal control over financial reporting and the action plan of the Canada Revenue Agency
Fiscal year 2013-2014
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting (unaudited)
1. Introduction
This document provides summary information on the measures taken by the Canada Revenue Agency (CRA) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results, and related action plans.
Detailed information on the CRA's authority, mandate, and program activities can be found in the 2013-2014 Departmental Performance Report at www.cra-arc.gc.ca/gncy/prfrmnc_rprts/menu-eng.html and the 2013-2014 Report on Plans and Priorities www.cra-arc.gc.ca/gncy/rprts/menu-eng.html.
2. CRA system of internal control over financial reporting
2.1 Internal control management
The CRA has a well-established governance and accountability structure to support the CRA's assessment efforts and oversight of its system of internal control. A CRA internal control management framework, approved by the Commissioner and the Board of Management, is in place and includes:
- Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
- Values and ethics;
- Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
- At least semi-annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Commissioner, senior management, and the Board of Management.
A CEO/CFO Certification Steering Committee comprised of Branch Assistant Commissioners with ownership of key controls provides support to the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) in relation to control activities. In addition, the Audit Committee of the Board of Management provides advice on the adequacy and functioning of the CRA's risk management, control and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The CRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
Common Arrangements:
- Public Works and Government Services Canada centrally administers the payments of salaries and the procurement of some goods and services in accordance with the CRA's Delegation of Authority and provides accommodation services.
- Treasury Board Secretariat provides the CRA with information used to calculate various accruals and allowances.
- The Department of Justice provides legal services to the CRA.
- Shared Services Canada provides information technology (IT) infrastructure services to the CRA in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the CRA.
Specific Arrangements:
- Revenu Québec is responsible for the joint administration of the goods and services tax and Quebec sales tax for businesses in the Province of Quebec.
- The Department of Finance provides the CRA with the federal and provincial shares of Goods and Services Tax/Harmonized Sales Tax (GST/HST) revenues that are used to determine provincial payments for the HST.
- The Canada Border Services Agency provides to CRA the relevant amount collected from GST/HST registrants.
- Department of Finance and Employment and Social Development Canada provide estimates of Canada Pension Plan and Employment Insurance revenues respectively for the months of January to March.
Other government departments rely on the CRA for the processing of certain transactions or information that affect financial statements as follows:
- Canada Border Services Agency for information technology services, including commensurate internal controls testing for general computer controls, as well as collection services on their behalf for duties, taxes, fees, penalties, or other amounts owing under the Customs Act, Customs Tariff, Excise Tax Act, Excise Act, 2001, and/or related regulations.
- Department of Finance for the determination of tax receivables and payables under tax collection agreements with provincial and territorial governments and First Nations.
- Employment and Social Development Canada for the collection of its accounts receivable and the administration of a number of activities related to the Canada Pension Plan and Employment Insurance Operating Account.
3. CRA assessment results during fiscal year 2013-2014
During 2013-2014, the CRA completed the design effectiveness testing of several programs. Ongoing monitoring was performed according to plan.
3.1 Design effectiveness testing of key controls
In 2013-2014, the CRA completed design effectiveness testing of the T1 Unapplied Tax program, which falls under the Tax Collection Agreements (TCAs) with the provinces and territories and was subsequently audited by the OAG as required by the TCAs. Additionally, the CRA completed design effectiveness testing of three GST/HST programs, namely Credits, Returns and Rebates.
As a result of design effectiveness testing, the CRA identified the following required remediation:
- though progress has been made, the need to continue to implement the action plans and to improve the process surrounding the granting and monitoring of access to prevent segregation of duty conflicts and to ensure minimum access;
- the need to improve the retention of documentation for audit trail purposes to show that monitoring of inventory levels and aging of workload items is being performed consistently for administered activities programs;
- the need to improve controls surrounding the processing of GST/HST elections filed by registrants (which affect their master data and filing requirements) such as procedures, review process and system validities; and
- the need to complete the threat and risk assessment for some systems or to keep evidence that they were reviewed on an annual basis.
3.2 Ongoing monitoring of key controls
In 2013-14, the CRA completed planned ongoing monitoring of the following processes:
- entity-level controls;
- general computer controls; and
- all business processes related to
- procurement and vendor master data, and
- financial close and reporting.
As a result of ongoing monitoring, the CRA identified the following required remediation:
- though progress has been made, the need to improve the process surrounding the granting and monitoring of access to prevent segregation of duty conflicts, ensuring minimum access, especially across different business lines.
4. CRA action plan
4.1 Progress during fiscal year 2013-2014
During 2013-2014, the CRA continued to make significant progress in assessing and improving its key controls. The following table summarizes the CRA's progress based on the plans identified in the previous fiscal year's annex.
Element in previous year's action plan | Status |
---|---|
Agency Activities ongoing monitoring | Ongoing monitoring testing completed for entity-level controls, general computer controls, procurement and vendor master data, and financial close and reporting. |
Goods and Services Tax/Harmonized Sales Tax (GST/HST) programs design effectiveness testing and remediation | Design effectiveness completed, remediation action plans identified. |
T1 unapplied taxes/source deduction programs design effectiveness testing and remediation | Design effectiveness completed, remediation action plans advanced. |
Finalize documenting the scope and control framework for the T3 Program | Documentation of the control framework has been finalized as planned. Design effectiveness testing plans are in place to conduct the assessment as planned in 2014-2015. |
Follow-up of activities requiring remediation from previous assessments | The CRA has followed up on all the action plans from the:
Overall results have been positive and the majority of the recommendations made have been implemented. |
4.2 Status and action plan for the next fiscal year and subsequent years
CRA has continued to make significant progress on assessing its internal controls over financial reporting throughout the numerous programs that CRA administers. It is recognized that implementation for all its processes requires multi-year initiatives and the following table reflects the fact that significant key control areas have been completed and that plans are in place to ensure substantial coverage is achieved over the next three years. At that time, the CRA will be applying its rotational ongoing monitoring plan to reassess control performance on a risk basis across all control areas, with the exception of those under the scope of TCA assessments as explained in footnote 3 below.
The status and action plan for the completion of the identified control areas for the next fiscal year and for subsequent years are shown in the following table.
Status and Action Plan for the Next Fiscal Year and Subsequent Years
Key control areas | Design effectiveness testing and remediation | Operational effectiveness testing and remediation | Ongoing monitoring rotation1 |
---|---|---|---|
T1 individual income tax (legacy system) | Complete | ||
T1 unapplied taxes/source deductions2 | Complete | ||
T1 individual income tax (T1 System Redesign)3 | 2016-2017 | Future years4 | Future years4 |
T2 corporation income tax | Complete | Complete | Future years4 |
T3 trust income tax | 2014-2015 | Future years4 | Future years4 |
Key control areas | Design effectiveness testing and remediation | Operational effectiveness testing and remediation | Ongoing monitoring rotation1 |
---|---|---|---|
Goods and services tax/Harmonized sales tax | Complete | 2016-2017 | Future years |
Non-resident income tax | 2015-2016 | Future years | Future years |
Excise tax | Future years | Future years | Future years |
Benefits | Future years | Future years | Future years |
Key control areas | Design effectiveness testing and remediation | Operational effectiveness testing and remediation | Ongoing monitoring rotation1 |
---|---|---|---|
Entity level controls5 | Complete | Complete | 2014-2015 |
IT general controls under CRA management5 | Complete | Complete | 2014-2015 |
Capital assets | Complete | Complete | 2014-2015 |
Procurement and vendor master data | Complete | Complete | 2015-2016 |
Payroll | Complete | Complete | 2014-2015 |
Budget and projections | Complete | Complete | 2014-2015 |
Financial close and reporting |
2015-2016 |
Footnote 1:The frequency of the ongoing monitoring of key control areas is risk-based and occurs over a three-year cycle.
Footnote 2: The design effectiveness testing was performed in 2013-14 as a partial scope of the T1 individual income tax program. In the future, it will be assessed as an integral component of the T1 program.
Footnote 3: The legacy T1 system is being upgraded through the T1 System Redesign initiative. This initiative is a multi-year project that will significantly modify systems and business processes related to the processing of T1 returns. Due to the magnitude of these changes, it was determined that design effectiveness testing of the new processes and systems would be appropriate as a next step.
Footnote 4: The CRA performs the readiness testing for engagements related to the TCA with the Provinces and Territories and submits the results along with a controls assessment report to the OAG who audits them in accordance with the Canadian Standard on Assurance Engagements 3416. TCA related control assessments do not go into a regular ongoing monitoring phase because complete re-assessment engagements are required to fully test all control activities to ensure that the selected income tax program is still designed and operating effectively. As such, the timing and frequency of these complete control assessment audits are determined in conjunction with the OAG and will continue to be conducted on a rotational annual basis as long as the tax collection agreements are in place.
Footnote 5: Entity Level Controls and IT general controls under CRA management are also evaluated through the Administered Activities projects.
Page details
- Date modified: