Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting - 2013–14 Departmental Performance Report - Treasury Board of Canada Secretariat

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting

Table of Contents

  1. Introduction
  2. Departmental System of Internal Control Over Financial Reporting
  3. Assessment Results in Fiscal Year 2013–14
  4. Departmental Action Plan

1. Introduction

This document provides a summary of the measures taken by the Treasury Board of Canada Secretariat (the Secretariat) to maintain an effective system of internal control over financial reporting (ICFR), which includes information on internal control management, assessment results and related action plans.

Detailed information on the Secretariat’s authority, mandate and programs can be found in its Report on Plans and Priorities and Departmental Performance Report.

2. Departmental System of Internal Control Over Financial Reporting

2.1 Internal Control Management

The Secretariat has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. This structure is formalized in the department’s Financial Management and Internal Control Framework, approved by the Secretary, and includes the following:

  • Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
  • A Values and Ethics Office which provides educational and awareness programs and which has developed a departmental code of conduct;
  • Ongoing communication and training on the legislative and policy requirements for sound financial management and control;
  • A group dedicated to ICFR under the direction of the Chief Financial Officer, with a primary focus on maintaining internal control documentation and conducting assessments to support management and oversight of the system of ICFR; and
  • Monitoring of, and regular updates on, internal control management, as well as provision of related assessment results and action plans to the Secretary, departmental senior management and the Secretariat’s Government of Canada Audit Committee (GCAC).

The GCAC is an independent and objective advisory committee to the Secretary. Its responsibilities include providing advice to the Secretary on the Secretariat’s systems of internal control, financial reporting and financial disclosures. It also provides advice, as applicable, on risk-based assessment plans and associated results regarding the effectiveness of the departmental system of ICFR.

The GCAC comprises the Secretary and three members who are external to the federal public administration. The external members are appointed by the Treasury Board.  An external member chairs the committee. The Secretariat’s Chief Financial Officer and the Chief Audit Executive attend all meetings of the GCAC. The GCAC meets at least four times a year, and may convene for additional meetings as required.

2.2 Service Arrangements Relevant to Financial Statements

2.2.1 Secretariat reliance on other federal government organizations

As a department, the Secretariat relies on other organizations to process certain transactions that are recorded in its financial statements. There are two types of service arrangements as detailed below: common arrangements used by most departments and specific arrangements used by the Secretariat.

Common arrangements:

  • Public Works and Government Services Canada (PWGSC) centrally administers the payment of salaries and the procurement of goods and services, as per its delegation of authority, and also provides accommodation services;
  • The Secretariat, as a government central agency, provides information that is used to calculate various accruals and allowances, such as the accrued severance liability;
  • The Department of Justice Canada provides legal services; and
  • Shared Services Canada provides information technology (IT) infrastructure services to the Secretariat in the areas of data centre and network services.

Specific arrangements:

  • PWGSC performs the day-to-day administration of the Public Service Pension Plan (PSPP);
  • The Office of the Chief Actuary within the Office of the Superintendent of Financial Institutions Canada prepares a triennial actuarial valuation of the PSPP;
  • PWGSC performs the day-to-day administration of some centrally funded expenses, such as the employer’s share of Canada and Québec Pension Plan (CPP/QPP) contributions, employment insurance premiums and provincial payroll taxes. These types of expenses are recorded on the Secretariat’s financial statements as government-wide funds and reflect the Treasury Board’s role as the employer of the public service.
2.2.2 Secretariat reliance on non-governmental service providers

The Secretariat relies on the internal controls of a number of insurance companies that provide specific services such as health care plan administration, dental plan administration and insurance services.

2.2.3 Secretariat services upon which other departments rely

Other government departments rely on the Secretariat to process certain transactions and to provide information that impacts their financial statements.

Common arrangements:

  • The Secretariat provides all departments with percentage ratios, derived from the actuarially determined liability for severance benefits for the entire public service population. Departments use these ratios when calculating their severance pay liability for the purposes of their departmental financial statements;
  • The Secretariat provides all departments with a percentage amount that allows them to calculate an annual dollar figure for the services they receive without charge for the public service insurance benefit plans funded centrally; and
  • The Secretariat provides all departments with details regarding the calculation required to determine the employer’s share of employee benefit plans. These plans include costs to the government for the employer’s contributions and payments to the public service superannuation, the CPP/QPP, the death benefit and employment insurance accounts.

Specific arrangements:

  • The Secretariat provides certain corporate services to several departments, including the Department of Finance Canada, the Privy Council Office, the Canada School of Public Service, the Canadian Transportation Agency and the Immigration and Refugee Board of Canada.

3. Assessment Results in Fiscal Year 2013–14

Business cycle controls at the Secretariat are grouped into two categories: business processes that concern the Secretariat in its role as manager of government-wide funds and public service employer payments; and business processes that concern the Secretariat as a department.

In 2013–14 the Internal Control Unit, with the assistance of Ernst & Young, completed design effectiveness testing of the remaining benefits plans, as per the action plan presented in the 2012–13 Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting. In addition, the Secretariat focused on completing operating effectiveness testing of entity level controls, IT general controls and the majority of business processes that support the Secretariat in both of its roles.

3.1 Design Effectiveness Testing of Key Controls

In its role as manager of government-wide funds and public service employer payments, the Secretariat completed design effectiveness testing of all remaining key control areas, as planned. Specifically, design effectiveness testing was completed for the following business processes:

  • Pensioners’ Dental Services Plan (PDSP);
  • Public Service Management Insurance Plan (PSMIP); and
  • Service Income Security Insurance Plan (SISIP).

In so doing, the Secretariat identified the following remediation requirements:

  • Enhance internal reviews and approvals and formalize process documentation; and
  • Enhance financial verification controls related to amounts charged through interdepartmental settlements.

A management action plan is under development to address observations identified during design effectiveness testing.

3.2 Operating Effectiveness Testing of Key Controls

3.2.1 Entity Level Controls

The Internal Control Unit completed operating effectiveness testing for entity level controls. The key controls tested related to the Secretariat’s control environment, risk assessment, information and communication, and monitoring controls. No deficiencies were found.

The Internal Audit and Evaluation Bureau (IAEB) assesses the effectiveness and efficiency of the Secretariat’s internal control system through the conduct of periodic audits and reviews of different areas of the Secretariat’s operations. Some IAEB and Internal Control Unit activities are complementary. In these cases, both groups work together to ensure alignment of complementary activities to maximize results.

In 2013­–14, IAEB completed the Audit of Human Resources Planning for Recruitment and Staffing. This audit had a direct link with controls performed at the entity level and assessed the adequacy of the management of human resources planning in the Secretariat. The audit concluded that there were no major deficiencies.

3.2.2 Information Technology General Controls

The Secretariat completed operating effectiveness testing of the IT general controls for the SAP financial system that impacts its financial statements. Areas of testing included information system operations, information security, back-up recovery and change management for system updates. Most of the key controls tested, performed as intended. However, the Secretariat identified a need to further enhance controls in the area of information security. Remediation actions were substantially completed during 2013–14.

3.2.3 Business Process Controls

As manager of government-wide funds and public service employer payments, the Secretariat largely completed assessment of operating effectiveness testing of the key control areas of its pension and benefits plans, with the assistance of Ernst & Young. These plans represented $6.4 billion of the $6.6 billion total gross expenses reported in 2013–14 (approximately 97 per cent).

These plans included:

  • Public Service Pension Plan (PSPP);
  • Disability Insurance Plan (DI);
  • Public Service Health Care Plan (PSHCP);
  • Public Service Dental Care Plan (PSDCP);
  • Pensioners’ Dental Services Plan (PDSP); and
  • Public Service Management Insurance Plan (PSMIP).

The following remediation activities were identified, for which a management action plan is under development:

  • Enhance the consistency of evidence of financial verification controls; and
  • Review the approval process and the frequency of the reversal of payables at year-end.

In its role as a department, the Secretariat completed operating effectiveness testing for the majority of its business processes, including hospitality expenses, revenues and accounts receivable, and financial reporting and closing cycle processes. There were no deficiencies found for hospitality expenses and financial reporting and closing cycle processes. However, the Secretariat identified a need to strengthen the financial verification process for the revenues and accounts receivable process.

In 2013–14, IAEB completed the Audit of the Secretariat’s Work Force Adjustment Processes stemming from Budget 2012. This audit had a direct link with operating effectiveness testing for operating expenses and assessed the adequacy and effectiveness of the management of workforce adjustment processes and assessed compliance with applicable legislation, policies, directives and collective agreements. The audit concluded that the Secretariat’s management control framework over Budget 2012 workforce adjustment processes was adequate and effective and that the Secretariat’s internal processes complied with applicable authorities.

The Secretariat deferred operating effectiveness testing for payroll and benefits to 2015–16 due to the centralization of the pay services at PWGSC. The Secretariat is scheduled to complete the transfer of its pay administration and payroll files by March 2015. Certain limited responsibilities for pay administration services will remain within the Secretariat following the completion of the transfer of pay accounts to PWGSC.

In addition, the Secretariat postponed operating effectiveness testing for travel expenses to 2015–16 due to the implementation of the Shared Travel Services system, launched in April 2014.

3.3 Ongoing Monitoring of Key Controls

Ongoing monitoring of the SAP financial system’s security information, specifically user access control and segregation of duties, has been in effect since 2010­–11. Remediation actions initiated last year were completed in 2013–14.

In addition, the Integrated Financial and Materiel System (IFMS) Program Office conducted an external review in 2012–13 of security and authorizations in the SAP production environment. This review included security and authorization of the SAP financial system, as well as authentication, security administration and control protocols.

The review concluded that the controls assessed were adequate. Opportunities for enhancement of segregation of duties associated with the procure-to-pay cycle and user access to functional configuration and tables were identified. Remediation actions initiated last year were substantially completed. Going forward, the Secretariat plans to request an external review by the IFMS Program Office on a triennial basis.

4. Departmental Action Plan

4.1 Progress in Fiscal Year 2013–14

The Secretariat made significant progress in completing its assessments as per the approved plans. Table 1 provides a summary of the progress.

Table 1. Progress Summary 2013–14
Element in Previous Year’s Action Plan Status
(1) Discussions are underway to transfer the SISIP program to National Defence by fiscal year 2015–16.
Secretariat as a department
Entity level controls – Operating effectiveness testing and remediation Completed. No remediation actions required.
IT general controls – Operating effectiveness testing  and remediation; follow-up on action plan as a result of specific ongoing monitoring activities Completed for SAP financial system. Remediation actions substantially completed. In addition, remediation actions following specific ongoing monitoring activities were substantially completed (see subsection 3.3 of this document).
Payroll and benefits – Operating effectiveness testing  and remediation Deferred to 2015–16 due to the centralization of the pay services at PWGSC.
Operating expenses and accounts payable – Operating effectiveness testing and remediation Completed for the operating expenses and accounts payable process. Hospitality and travel expenses were identified as sub-processes to be assessed separately in 2013–14. Operating effectiveness testing for hospitality expenses was completed. No remediation actions required. Operating effectiveness testing for travel expenses deferred to 2015–16 due to the implementation of the new Shared Travel Services system.
Financial reporting and closing cycle – Operating effectiveness testing and remediation Completed. No remediation actions required.
Revenues and accounts receivable – Operating effectiveness testing and remediation Testing completed. Remediation actions in progress.
Secretariat as manager of government-wide funds and public service employer payments
Public Service Pension Plan (PSPP) – Operating effectiveness testing and remediation Testing completed. A management action plan is under development.
Disability Insurance Plan (DI) – Operating effectiveness testing and remediation Testing completed. A management action plan is under development.
Public Service Health Care Plan (PSHCP) – Operating effectiveness testing and remediation

Testing completed. A management action plan is under development.

Remaining design gaps identified in 2012–13 are being remediated.

Public Service Dental Care Plan (PSDCP) – Operating effectiveness testing and remediation

Testing completed. A management action plan is under development.

Remaining design gaps identified in 2012–13 are being addressed.

Provincial payroll taxes – Remediation resulting from prior year’s assessment Remediation actions resulting from the previous year’s internal audit on interdepartmental settlements were advanced.  
Employment Insurance (EI) premiums – Remediation resulting from prior year’s assessment Remediation actions resulting from previous year’s internal audit on interdepartmental settlements were in progress.
Canada/Québec Pension Plan (CPP/QPP) contributions – Remediation resulting from prior year’s assessment Remediation actions resulting from previous year’s internal audit on interdepartmental settlements were in progress.
Pensioners’ Dental Services Plan (PDSP) – Design and operating effectiveness testing and remediation Testing completed. A management action plan is under development.
Public Service Management Insurance Plan (PSMIP) – Design and operating effectiveness testing and remediation Testing completed. A management action plan is under development.
Service Income Security Insurance Plan (SISIP)(1) – Design effectiveness testing and remediation Testing completed. A management action plan is under development.
Provincial Health Insurance Plan premiums – Remediation resulting from prior year’s assessment Remediation actions resulting from previous year’s internal audit on interdepartmental settlements were in progress.
Québec Parental Insurance Plan – Remediation resulting from prior year’s assessment Remediation actions resulting from previous year’s internal audit on interdepartmental settlements were in progress.
Supplementary Death Benefit Plan – Remediation resulting from prior year’s assessment Remediation actions resulting from previous year’s internal audit on interdepartmental settlements were in progress.

4.2 Status and Action Plan for the Next Fiscal Year and Subsequent Years

The Secretariat has made significant efforts in meeting its target for completing design and operating effectiveness testing across all control areas including entity level controls, IT general controls and process-level controls.

Building on progress to date, the Secretariat is positioned to substantially complete the design and operating effectiveness of its system of ICFR in 2014–15. Following that time, the Secretariat will apply its rotational ongoing monitoring plan to reassess control performance on a risk basis across all areas. The status and action plan for the completion of the identified control areas for the next fiscal year and subsequent years is outlined in Table 2.

Table 2. Status and Action Plan Going Forward
Key Control Areas Assessment Elements
Design Effectiveness Stage (1) Operating Effectiveness Stage Ongoing Monitoring Rotation
Testing (1) Remediation (2)

(1) “Completed” implies that the process and controls have gone through a full assessment for design and/or operating effectiveness.

(2) Remediation actions have been identified as a result of the assessment phase.

(3) Remediation actions for a few of the remaining observations are to be completed in 2014–15.

(4) Discussions are underway to transfer the SISIP program to National Defence by fiscal year 2015–16. If the transfer occurs, SISIP will be scoped out.

(5) The specific year for ongoing monitoring will be determined based on factors such as results of operating effectiveness testing, separate evaluations and audits, as well as risk ranking and capacity. The rotational ongoing monitoring plan will be applied using a five-year cycle with more frequent testing in higher-risk areas.

(6) Ongoing monitoring of the SAP financial system’s security information, specifically user access control and segregation of duties, has been in effect since 2010–11.

Secretariat as a department
Entity level controls Completed Completed N/A Future years (5)
IT general controls under departmental management Completed Completed 2014–15 2016–17 (6)
Payroll and benefits Completed 2015–16 Dependent on testing results Future years (5)
Operating expenses and accounts payable Completed Testing is completed for the operating expenses process. The travel expense sub-process will be completed in 2015–16. Dependent on testing results for the travel expense sub-process. 2016–17
Financial reporting and closing cycle Completed Completed N/A 2017–18
Revenues and accounts receivable Completed Completed 2014-15 2016–17
Budgeting and forecasting Completed 2014–15 Dependent on testing results Future years (5)
Capital assets (scoped in as a new assessment element in 2013–14; see  previous year’s annex, Table 2) 2014–15 2015–16 Dependent on testing results Future years (5)
Secretariat as manager of government-wide funds and public service employer payments
Public Service Pension Plan (PSPP) Completed 3) Completed 2014–15 2015–16
Disability Insurance Plan (DI)   Completed (3) Completed 2014–15 2015–16
Public Service Health Care Plan (PSHCP) Completed (3) Completed 2014–15 2016–17
Public Service Dental Care Plan (PSDCP) Completed (3) Completed 2014–15 2016–17
Provincial payroll taxes Completed (3) Completed 2014–15 2016–17
Employment Insurance (EI) premiums Completed (3) Completed 2014–15 2017–18
Canada/Québec Pension Plan (CPP/QPP) contributions Completed (3) Completed 2014–15 2017–18
Pensioners’ Dental Services Plan (PDSP) Completed (3) Completed 2014–15 2016–17
Public Service Management Insurance Plan (PSMIP) Completed (3) Completed 2014–15 Future years (5)
Service Income Security Insurance Plan (SISIP) Completed (3) See note (4) See note (4) See note (4)
Provincial Health Insurance Plan premiums Completed (3) Completed 2014–15 Future years (5)
Québec Parental Insurance Plan Completed (3) Completed 2014–15 Future years (5)
Supplementary Death Benefit Plan Completed (3) Completed 2014–15 Future years (5)

Page details

Date modified: