Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting Treasury Board of Canada Secretariat Fiscal Year 2021–22
On this page
- 1. Introduction
- 2. Departmental system of internal control over financial reporting
- 3. Departmental assessment results during fiscal year 2021–22
- 4. Departmental action plan for the next fiscal year and subsequent fiscal years
- 5. Common service providers’ annual assessment results for fiscal year 2021–22
- 6. Common service providers’ action plan for the next fiscal year and subsequent fiscal years
1. Introduction
This document provides a summary of the measures taken by the Treasury Board of Canada Secretariat (the Secretariat) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results and related action plans.
Detailed information on the Secretariat’s authority, mandate and programs can be found in its most recent Departmental Plan and Departmental Results Report.
2. Departmental system of internal control over financial reporting
2.1 Internal control management
The Secretariat has a well‑established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. This structure is formalized in the Secretariat’s Framework for Internal Controls Over Financial Management, approved by the Secretary, and includes the following:
- organizational accountability structures as they relate to internal control management to support sound financial management, including the roles and responsibilities of senior managers in their areas of responsibility for internal control management
- a Values and Ethics Office, which provides educational and awareness programs and has developed a departmental code of conduct
- ongoing communication and training on statutory requirements, policies, and procedures for sound financial management and control
- monitoring of, and regular updates on, internal control management, as well as the provision of related assessment results and action plans to departmental senior management and the Secretariat’s Audit Committee
The Audit Committee is an independent and objective advisory committee to the Secretary. It is responsible for providing advice to the Secretary on the adequacy and functioning of the Secretariat’s risk management, control and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The Secretariat relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.
Common service arrangements
- Public Services and Procurement Canada (PSPC) centrally administers the payment of salaries and the procurement of goods and services in accordance with the Secretariat’s Delegation of Authority and provides real property services.
- The Department of Justice Canada provides legal services to the Secretariat.
- Shared Services Canada provides information technology (IT) infrastructure services to the Secretariat, such as data centres and network services.
- The Secretariat, a central agency, provides services related to insurance plans for federal public service employees and centrally administers payment of the employer’s share of contributions to statutory employee benefit plans (the Public Service Pension Plan, Employment Insurance (EI) Plan, Canada Pension Plan or Québec Pension Plan (CPP/QPP), and the Supplementary Death Benefit Plan) on behalf of other departments and agencies.
Readers of this Annex may refer to the annexes of the above-noted organizations for a greater understanding of the systems of ICFR related to these services.
The Secretariat relies on other external service providers and departments for the processing of certain transactions or information that are recorded in its financial statements as follows.
Specific arrangements
- The Office of the Chief Actuary within the Office of the Superintendent of Financial Institutions Canada prepares a triennial actuarial valuation of the Public Service Pension Plan.
- PSPC performs the day‑to‑day administration of the Public Service Pension Plan.
- PSPC performs the day‑to‑day administration of some centrally funded expenses, such as the employer’s share of CPP/QPP contributions, EI premiums and provincial payroll taxes. These types of expenses are recorded on the Secretariat’s financial statements and reflect the Treasury Board’s role as the employer of the public service.
- The Secretariat relies on the internal controls of a number of insurance companies (at present, Sun Life, and Canada Life Assurance Company (commonly known as Canada Life), Industrial Alliance and Manulife), which provide services such as health care plan administration, dental plan administration and insurance services. As external service providers, pursuant to contracts with the Government of Canada, these insurance companies have the authority and responsibility to ensure that these services are managed in accordance with the terms and conditions set out by the Secretariat’s Pensions and Benefits Sector.
The Secretariat provides certain optional corporate services (for example, accounting services and financial systems) to several departments on a cost-recovery basis. These services are governed by memoranda of understanding between the Secretariat and other government departments.
3. Departmental assessment results during fiscal year 2021–22
| Previous year’s rotational ongoing monitoring plan for current year | Status |
|---|---|
| Entity Level Controls (ELCs) | Fiscal year 2021–22 activities completed as planned, remedial actions started. |
| IT Assets Tracking | Fiscal year 2021–22 activities completed as planned:
|
| TBS Vote 20 - Program Administration Costs | Fiscal year 2021–22 activities completed as planned, remedial actions started. |
| Public Service Health Care Plan (PSHCP), Public Service Dental Care Plan (PSDCP) | Fiscal year 2021–22 activities completed as planned, remedial actions started. |
| Pensioners’ Dental Services Plan (PDSP) | Fiscal year 2021–22 activities completed as planned, remedial actions started. |
| IT General Controls (ITGC) | Fiscal year 2021–22 activities completed as planned, remedial actions started. |
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
3.1 New or significantly amended key controls
Currently, TBS is transitioning to a hybrid work model as the employees continue to work remotely. The transition to hybrid requires TBS to strengthen its control framework related the stewardship of IT asset management. The design and operational effectiveness testing of this process are expected to be completed in the late fall 2022. Furthermore, the hybrid work model will likely to have an impact on other business processes such as operating expenses and accounts payable. The internal control unit is planning to undertake a detailed risk assessment to determine the impact of the hybrid model on other TBS business processes in the fall 2022.
3.2 Ongoing monitoring program
As part of its rotational ongoing monitoring plan, the Secretariat completed its reassessment of the financial controls related to the departmental Entity Level Controls, IT General Controls, the Public Service Health Care Plan, the Public Service Dental Care Plan, the Pensioners’ Dental Services Plan, and TBS Vote 20 - Program Administration Costs. For the most part, the key controls that were tested performed as intended, with remediation (where required) as follows:
ELCs
- Ensure that TBS Code of Conduct reflects the future of work environment (e.g., hybrid work model).
IT Assets Tracking
- The initial phase of the assessment indicates the existing IT assets tracking process requires an overhaul and an automated tool to manage the IT assets and office furniture effectively; the assessment is expected to be completed in the fall 2022.
Departmental ITGC
- A process be formalized and monitored to provide assurance that accesses to Cognos BI will be removed in a timely manner following the employee’s departure.
- A process be formalized and documented to periodically review user access (e.g., annually, at minimum) to determine whether current access, and access privileges are appropriate.
- Management performs a review of existing system roles to ensure that privileged access granted to only authorized users.
TBS Vote 20 – Program Administration Costs
- The process for the salary calculation and performance pay associated with Vote 20 should be documented.
- The breakdown for FTEs chargeability to Vote 20 should be revised once there are changes to salaries.
- Update the Charging guidelines to reflect the current practice of establishing the materiality.
Public Service Health and Dental Care Plans
- No remedial action needed - key controls were found to be operating effectively during the period examined.
Pensioners’ Dental Services Plan
- Develop a tracking sheet to monitor expected adjustments from the other government departments (OGDs) to ensure that all revenues owed to TBS by OGDs are received.
- An action plan addressing the remediation described above is underway.
- The Secretariat also completed a risk assessment in fiscal year 2021–22 using an environmental scan. The results of the risk assessment were used to update the Secretariat’s risk-based ongoing monitoring plan (see sections 4 and 6).
4. Departmental action plan for the next fiscal year and subsequent fiscal years
The Secretariat’s rotational ongoing monitoring plan for the next three years, presented in Table 2, is based on its annual risk assessment.
| Key control areas | Fiscal year 2022–23 | Fiscal year 2023–24 | Fiscal year 2024–25 |
|---|---|---|---|
| Entity-level controls | No | No | No |
| IT general controls (ITGCs)Footnote 1 under departmental management | No | No | Yes |
| Financial reporting and closing cycle | No | No | No |
| Budgeting and forecasting | No | Yes | No |
| CFO Attestations and Costing | Yes | No | No |
| Investment Planning | Yes | No | No |
| Payroll and benefits | No | No | Yes |
| Operating expenses and accounts payable | No | No | No |
| Revenues and account receivables | No | No | Yes |
| Capital assets | No | Yes | No |
| IT Asset Tracking (Tablets) | Yes | No | Yes |
5. Common service providers’ annual assessment results for fiscal year 2021–22
The Secretariat provides common services related to the administration of public service insurance plans (TBS Vote 20) and the cost-recovery process for statutory employee benefit plans. Because the Secretariat manages government‑wide funds and public service employer payments, other government departments and agencies rely on the Secretariat to process transactions that impact their financial statements with respect to the insurance, employee benefits and statutory pay‑related transactions outlined in Table 3.
In delivering these common services, the Secretariat uses data produced by federal pay systems, including Phoenix, which is centrally administered by PSPC. Significant interdependencies exist between PSPC’s and the Secretariat’s pay administration processes because many of the key controls related to the processing of insurance premiums, employee benefits and other pay‑related transactions are automated in the pay system. Although the Secretariat carries out ongoing monitoring activities for controls that are under its responsibility, it must rely on the PSPC control environment for assurance as to the integrity of the data it uses in delivering common services.
In fiscal year 2021–22, the Secretariat, as a common service provider, completed a risk‑based assessment of internal controls related to common services. Specifically, it reassessed, with the assistance of Samson & Associates, the operational effectiveness of financial controls for the Public Service Health Care Plan (PSHCP), Public Service Dental Care Plan (PSDCP) and Pensioner’s Dental Service Plan (PDSP). During the period examined, all of the tested key controls related to PSHCP and PSDCP were found to be operating effectively operating and only one deficiency was found for PDSP. These positive results are due, in large part, to the formalization and documentation of key control activities. The Internal Control unit will continue to work with ERTC sector to strengthen the internal controls associated with these business processes.
6. Common service providers’ action plan for the next fiscal year and subsequent fiscal years
The Secretariat, as a common service provider of public service insurance and statutory employee benefit plans, has completed its annual risk-based assessment of the internal controls for these services, via an environmental scan. The results of this assessment are reflected in the rotational ongoing monitoring plan in Table 3.
| Key control areas | Fiscal year 2022–23 | Fiscal year 2023–24 | Fiscal year 2024–25 | Fiscal year 2025–26 | Fiscal year 2026–27 |
|---|---|---|---|---|---|
| Public Service Health Care Plan | No | No | No | No | Yes |
| Public Service Dental Care Plan | No | No | No | No | Yes |
| Pensioners’ Dental Care Plan | No | No | No | No | Yes |
| Disability Insurance Plan | Yes | No | No | No | No |
| Public Service Management Insurance Plan | Yes | No | No | No | No |
| Provincial payroll taxes | Yes | No | No | No | No |
| Provincial health insurance plan premiumsFootnote a | No | No | Yes | N/A | N/A |
| Québec Parental Insurance Plan | No | No | No | Yes | No |
| Public Service Pension Plan | No | Yes | No | No | No |
| Supplementary Death Benefit | No | Yes | No | No | No |
| Canada Pension Plan or Québec Pension Plan (CPP/QPP) | No | No | No | Yes | No |
| Employment Insurance (EI) premiums | No | No | No | Yes | No |
| Program Administration costs (as it relates to TBS Vote 20 program) | No | No | No | No | Yes |
Page details
- Date modified: