Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting Treasury Board of Canada Secretariat Fiscal Year 2024–2025
1. Introduction
This document provides a summary of the measures taken by the Treasury Board of Canada Secretariat (TBS) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results and related action plans.
Detailed information on TBS’s authority, mandate and programs can be found in its most recent Departmental Plan and Departmental Results Report.
2. Departmental system of internal control over financial reporting
2.1 Internal control management
TBS has a well-established‑governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. This structure is formalized in TBS’s Framework for Internal Controls Over Financial Management, approved by the Secretary, and includes the following:
- organizational accountability structures as they relate to internal control management to support sound financial management, including the roles and responsibilities of senior managers in their areas of responsibility for internal control management
- a Values and Ethics Office, which provides educational and awareness programs and has developed a departmental code of conduct
- ongoing communication and training on statutory requirements, policies and procedures for sound financial management and control
- monitoring of, and regular updates on, internal control management, as well as the provision of related assessment results and action plans to departmental senior management and TBS’s Audit Committee
The Audit Committee is an independent and objective advisory committee to the Secretary. It is responsible for providing advice to the Secretary on the adequacy and functioning of TBS’s risk management, control, and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
TBS relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.
Common service arrangements
- Public Services and Procurement Canada (PSPC) centrally administers the payment of salaries and the procurement of goods and services in accordance with TBS’s Delegation of Authority and provides real property services
- The Department of Justice Canada provides legal services to TBS
- Shared Services Canada provides information technology (IT) infrastructure services to TBS, such as data centres and network services
- TBS, a central agency, provides services related to insurance plans for federal public service employees and centrally administers payment of the employer’s share of contributions to statutory employee benefit plans (the Public Service Pension Plan, Employment Insurance (EI) Plan, the Canada Pension Plan or Québec Pension Plan (CPP/QPP), and the Supplementary Death Benefit Plan) on behalf of other departments and agencies
Readers of this annex may refer to the annexes of the above-noted organizations for a greater understanding of the systems of ICFR related to these services.
TBS relies on other external service providers and departments for the processing of certain transactions or information that are recorded in its financial statements as follows.
Specific arrangements
- The Office of the Chief Actuary, within the Office of the Superintendent of Financial Institutions Canada, prepares a triennial actuarial valuation of the Public Service Pension Plan
- PSPC performs the day-to-day administration of the Public Service Pension Plan
- PSPC performs the day-to-day administration of some centrally funded expenses, such as the employer’s share of CPP/QPP contributions, EI premiums and provincial payroll taxes. These types of expenses are recorded on TBS’s financial statements and reflect the Treasury Board’s role as the employer of the public service
- TBS relies on the internal controls of a number of insurance companies (at present, Canada Life, Sun Life, Industrial Alliance and Manulife), which provide services such as health care plan administration, dental plan administration and insurance services. As external service providers, pursuant to contracts with the Government of Canada, these insurance companies have the authority and responsibility to ensure that these services are managed in accordance with the terms and conditions set out by TBS’s Employee Relations and Total Compensation sector
TBS provides certain optional corporate services (for example, accounting services and financial systems) to several departments on a cost-recovery basis. These services are governed by memoranda of understanding between TBS and other government departments.
3. Departmental assessment results during fiscal year 2024–25
| Previous year’s rotational ongoing monitoring plan for current year | Status |
|---|---|
| IT general controls | Activities completed as planned; remedial actions started |
| Budgeting and forecasting | Activities completed as planned; remedial actions started |
| Revenues and accounts receivable | Activities completed as planned; remedial actions started |
| Capital assets | Postponed until the 2025-26 fiscal period. |
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
3.1 New or significantly amended key controls
In fiscal year 2024–25, there were no significantly amended key controls in existing processes that required a reassessment.
3.2 Ongoing monitoring program
As part of its rotational ongoing monitoring plan, TBS completed its reassessment of the financial controls related to the IT general controls (ITGCs), budgeting and forecasting, and revenues and accounts receivable. For the most part, the key controls that were tested performed as intended, with remediation (where required) as follows.
IT general controls
- The process for revoking all system access should be communicated again.
- The importance of prompt communication by all parties should be emphasized to ensure timely notification and termination of access for all departures, transfers and role changes.
- The access privileges assigned to database and operating system users should be reviewed to make sure they align with users’ current duties.
- Access should be reduced or removed to reflect job requirements.
- Access to batch job management should be reduced or removed to reflect job requirements.
Budgeting and forecasting
- Ensure the process for formal records (for example, minutes, decision logs, approval emails) confirming review and approval by oversight bodies are appropriately retained.
- Ensure access to appropriate financial systems modules is limited to financial management advisors (FMAs).
- Conduct periodic access reviews to ensure that financial system roles align with current responsibilities.
- Keep evidence of transfer approval for audit trial.
- Strengthen procedures that require documented approvals and maintain records for all high‑value budget changes.
- Maintain consistency in issuing forecast guidance each quarter to ensure alignment and comparability.
Revenues and accounts receivable
- Ensure the appropriate parties are notified when an invoice is sent.
- Present quarterly results to appropriate delegated authorities.
Actions to address the remediation described above is underway.
TBS also completed a risk assessment in fiscal year 2024–25 using an environmental scan. The results of the risk assessment were used to update TBS’s risk-based ongoing monitoring plan (see sections 4 and 6).
4. Departmental action plan for the next fiscal year and subsequent fiscal years
TBS’s rotational ongoing monitoring plan for the next three years, presented in Table 2, is based on its annual risk assessment.
| Key control areas | Fiscal year 2025–26 |
Fiscal year 2026–27 |
Fiscal year 2027–28 |
|---|---|---|---|
| Entity-level controls | No | Yes | No |
| IT general controls (ITGCs)table 2 note 1 under departmental management | No | No | Yes |
| Financial reporting and closing cycle | No | Yes | No |
| Budgeting and forecastingtable 2 note 2 | No | No | No |
| Chief financial officer attestation and costingtable 2 note 2 | No | No | No |
| Investment planningtable 2 note 2 | No | No | No |
| Payroll and benefits | Yes | No | No |
| Operating expenses and accounts payable | |||
Travel |
No | No | Yes |
Contracting and procurement |
No | No | Yes |
Delegation of spending and financial authorities |
No | Yes | No |
Acquisition cards |
No | Yes | No |
| Revenues and accounts receivabletable 2 note 2 | No | No | No |
| Capital assets | Yes | No | No |
| IT asset tracking (tablets) | No | Yes | No |
Table 2 Notes
|
|||
5. Common service providers’ annual assessment results for fiscal year 2024–25
TBS provides common services related to the administration of public service insurance plans (TBS Vote 20) and the cost-recovery process for statutory employee benefit plans. Because TBS manages government-wide funds and public service employer payments, other government departments and agencies rely on TBS to process transactions that impact their financial statements with respect to the transactions related to insurance, employee benefits and statutory pay outlined in Table 3.
In delivering these common services, TBS uses data produced by federal pay systems, including Phoenix, which is centrally administered by PSPC. Significant interdependencies exist between PSPC’s and TBS’s pay administration processes because many of the key controls related to the processing of insurance premiums, employee benefits and other pay-related transactions are automated in the pay system. Although TBS carries out ongoing monitoring activities for controls that are under its responsibility, it must rely on the PSPC control environment for assurance as to the integrity of the data it uses in delivering common services.
In accordance with our ongoing monitoring plan, no risk-based assessment of internal controls related to common services linked to TBS as a service provider took place in 2024–25. However, the Internal Control Unit will continue to work with the Employee Relations and Total Compensation sector to strengthen the internal controls associated with these common services.
6. Common service providers’ action plan for the next fiscal year and subsequent fiscal years
TBS, as a common service provider of public service insurance and statutory employee benefit plans, has completed its annual risk-based assessment of the internal controls for these services, via an environmental scan. The results of this assessment are reflected in the rotational ongoing monitoring plan in Table 3.
| Key control areas | Fiscal year 2025–26 |
Fiscal year 2026–27 |
Fiscal year 2027–28 |
Fiscal year 2028–29 |
Fiscal year 2029–30 |
|---|---|---|---|---|---|
| Public Service Health Care Plan | No | No | Yes | No | No |
| Public Service Dental Care Plan | No | No | Yes | No | No |
| Pensioners’ Dental Care Plan | No | No | Yes | No | No |
| Disability Insurance Plan | No | No | No | Yes | No |
| Public Service Management Insurance Plan | No | No | No | Yes | No |
| Provincial payroll taxes | No | No | No | Yes | No |
| Provincial health insurance plan premiumstable 3 note 1 | Not applicable | Not applicable | Not applicable | Not applicable | Not applicable |
| Québec Parental Insurance Plan | Yes | No | No | No | No |
| Public Service Pension Plan | No | No | No | No | Yes |
| Supplementary Death Benefit | No | No | No | No | Yes |
| Canada Pension Plan or Québec Pension Plan (CPP/QPP) | Yes | No | No | No | No |
| Employment Insurance (EI) premiums | Yes | No | No | No | No |
| Program Administration costs (as it relates to TBS Vote 20 program) | No | Yes | No | No | No |
Table 3 Notes
|
|||||