Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting - 2014-15 Departmental Performance Report - Treasury Board of Canada Secretariat

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting

Table of Contents

  1. Introduction
  2. Departmental System of Internal Control Over Financial Reporting
  3. Assessment Results in Fiscal Year 2014–15
  4. Departmental Action Plan

1. Introduction

This document provides a summary of the measures taken by the Treasury Board of Canada Secretariat (the Secretariat) to maintain an effective system of internal control over financial reporting (ICFR), which includes information on internal control management, assessment results and related action plans.

Detailed information on the Secretariat's authority, mandate and programs can be found in its Report on Plans and Priorities and Departmental Performance Report.

2. Departmental System of Internal Control Over Financial Reporting

2.1 Internal Control Management

The Secretariat has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. This structure is formalized in the department's Financial Management and Internal Control Framework, approved by the Secretary, and includes the following:

  • Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
  • A Values and Ethics Office, which provides educational and awareness programs and has developed a departmental code of conduct;
  • Ongoing communication and training on the legislative and policy requirements for sound financial management and control;
  • A group dedicated to ICFR under the direction of the Chief Financial Officer, with a primary focus on maintaining internal control documentation and conducting assessments to support management and oversight of the system of ICFR; and
  • Monitoring of, and regular updates on, internal control management, as well as provision of related assessment results and action plans to the Secretary, departmental senior management and the Secretariat's Government of Canada Audit Committee (GCAC).

The GCAC is an independent and objective advisory committee to the Secretary. Its responsibilities include providing advice to the Secretary on the Secretariat's systems of internal control, financial reporting and financial disclosures. It also provides advice, as applicable, on risk-based assessment plans and associated results regarding the effectiveness of the departmental system of ICFR.

The GCAC comprises the Secretary, the Associate Secretary and three members who are external to the federal public administration. An external member chairs the committee. Given the independent nature of the Committee, it plays an essential role in ensuring the integrity of corporate reporting as well as providing an objective and broader perspective on risks and controls. For example, the Committee reviewed and provided comments regarding the Secretariat's Departmental Performance Report and Corporate Risk Profile, as well as risk-based internal audit plans and engagement reports that provide assurance over the adequacy of controls. The Secretariat's Chief Financial Officer and the Chief Audit Executive, as well as the Comptroller General of Canada, attend all meetings of the GCAC. The GCAC meets at least four times a year and may convene for additional meetings as required.

2.2 Service Arrangements Relevant to Financial Statements

2.2.1 Secretariat reliance on other federal government organizations

As a department, the Secretariat relies on other organizations to process certain transactions that are recorded in its financial statements. There are two types of service arrangements, as detailed below: common arrangements used by most departments and specific arrangements used by the Secretariat.

Common arrangements
  • Public Works and Government Services Canada (PWGSC) centrally administers the payment of salaries and the procurement of goods and services, as per its delegation of authority, and provides accommodation services;
  • The Secretariat, as a government central agency, provides information that is used to calculate various accruals and allowances, such as the accrued severance liability;
  • The Department of Justice Canada provides legal services; and
  • Shared Services Canada provides information technology (IT) infrastructure services to the Secretariat in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the Secretariat.
Specific arrangements
  • PWGSC performs the day-to-day administration of the Public Service Pension Plan (PSPP);
  • The Office of the Chief Actuary within the Office of the Superintendent of Financial Institutions Canada prepares a triennial actuarial valuation of the PSPP; and
  • PWGSC performs the day-to-day administration of some centrally funded expenses, such as the employer's share of Canada and Québec Pension Plan (CPP/QPP) contributions, employment insurance premiums and provincial payroll taxes. These types of expenses are recorded on the Secretariat's financial statements as government-wide funds and reflect the Treasury Board's role as the employer of the public service.
2.2.2    Secretariat reliance on non-governmental service providers

The Secretariat relies on the internal controls of a number of insurance companies that provide specific services such as health care plan administration, dental plan administration and insurance services.

2.2.3    Secretariat services upon which other departments rely

Other government departments rely on the Secretariat to process certain transactions and to provide information that impacts their financial statements.

Common arrangements
  • The Secretariat provides all departments with percentage ratios, derived from the actuarially determined liability for severance benefits for the entire public service population. Departments use these ratios when calculating their severance pay liability for the purposes of their departmental financial statements;
  • The Secretariat provides all departments with a percentage amount that allows them to calculate an annual dollar figure for the services they receive without charge for the public service insurance benefit plans funded centrally; and
  • The Secretariat provides all departments with details regarding the calculation required to determine the employer's share of employee benefit plans. These plans include costs to the government for the employer's contributions and payments to the public service superannuation, the CPP/QPP, the death benefit and employment insurance accounts.
Specific arrangements

The Secretariat provides certain corporate services to several organizations, including the Department of Finance Canada, the Privy Council Office, the Canada School of Public Service, the Canadian Transportation Agency, the Immigration and Refugee Board of Canada, the Office of the Superintendent of Financial Institutions Canada, and the Administrative Tribunals Support Service of Canada.

3. Assessment Results in Fiscal Year 2014–15

Business cycle controls at the Secretariat are grouped into two categories: business processes that concern the Secretariat in its role as manager of government-wide funds and public service employer payments, and business processes that concern the Secretariat as a department.

As a manager of government-wide funds and public service employer payments, the Secretariat continued to advance in remediating issues resulting from prior years' assessments. This included enhancing internal reviews and approval processes, and progressively formalizing business process documentation of key benefits plans to reflect the current environment.

3.1 Design Effectiveness Testing of Key Controls

At the end of 2014–15, the Secretariat completed the remediation actions resulting from prior years' assessments of business processes controls for the pension and benefit plans, with the exception of one design gap relating to the employer's contribution paid with respect to employee's benefit plans and for which further work is required. The outstanding issue is in relation to the need for enhanced supporting documentation for those payments made through interdepartmental settlements and for which the Secretariat must rely on controls performed by other government departments. Additional consultation is required with internal and external stakeholders to define the supporting documentation requirements that will meet departmental needs of assurance over the approval of those types of payments, as well as financial management policy expectations.

Results of the design effectiveness testing of the capital assets process conducted in 2014–15 indicated that there was a need to review and update the Secretariat's policy on capital assets to better clarify which items are to be capitalized and which are to be expensed. In addition, the policy should be approved in accordance with the Secretariat's policy approval process.

3.2 Operating Effectiveness Testing of Key Controls

3.2.1 Entity Level Controls

The Secretariat has reached the ongoing monitoring stage for its entity level controls (including control environment, risk assessment, information and communication and monitoring activities), as design and operating effectiveness stages were completed in prior years. These activities are reported in section 3.3 of this document.

3.2.2 Information Technology General Controls

The Secretariat continued to advance in remediating issues that were outstanding from prior years' operating effectiveness testing of the IT general controls for the SAP financial system. By the end of 2014–15, the recommendations were implemented and the Secretariat has reached the ongoing monitoring stage.

3.2.3 Business Process Controls

As manager of government-wide funds and public service employer payments, the Secretariat completed most of the remediation actions identified in the 2013–14 operating effectiveness testing of the major pension and benefit plans that was conducted with the assistance of Ernst & Young (EY). The results of this testing identified a need to review the approval process and the frequency of the reversal of payables at year-end. Remediation included a review of the process and accounting requirements related to health and dental claims resulting in a change in reporting for these transactions in the Secretariat's financial statements.

In its role as a department, the Secretariat continued to advance in its operating effectiveness stage. In 2014–15, the Secretariat completed operating effectiveness testing for the budgeting and forecasting process. As a result of this assessment, no significant weaknesses were found.

In addition, the Secretariat completed the remediation activities identified in last year's assessment of the revenues and accounts receivable process. The results of this assessment had determined a need to strengthen the financial verification process.

The Secretariat is scheduled to complete operating effectiveness testing of internal control over financial reporting in 2015–16 for the following areas:

  • The payroll and benefits process that was planned to be assessed in 2013–14 was deferred due to the centralization of pay services at PWGSC. The transfer of pay administration and payroll files was completed at the end of fiscal year 2014–15. Limited responsibilities remain within the Secretariat following completion of the transfer of the TBS pay accounts to PWGSC. Given the significance of those changes, more time will be required to obtain a good understanding of the impact of those changes on the control environment, as well as to update our process description. This is planned to be completed in 2015–16.
  • The travel expenses sub-process was planned to be assessed in 2013–14 but was postponed to 2015–16 due to the implementation of the Shared Travel Services System, launched in April 2014. As was the case for the payroll and benefits process, there will be a need to gain an understanding of the changes and update our process description. This is planned to be completed in 2015–16.
  • Design effectiveness testing of the capital assets process was completed in 2014–15. Work on remediation actions resulting from the design effectiveness testing is proceeding, and operating effectiveness testing is planned to be completed in 2015–16.

Once these assessments are completed, the Secretariat's entire system of internal controls over financial reporting will have been tested.

3.3 Ongoing Monitoring of Key Controls

The Secretariat's Internal Audit and Evaluation Bureau (IAEB) assesses the effectiveness and efficiency of the Secretariat's internal control system through the conduct of periodic audits and reviews of different areas of the Secretariat's operations. Some IAEB and Internal Control Unit activities are complementary. In these cases, both groups work together to ensure alignment of complementary activities to maximize results.

In 2014­–15, IAEB completed the review of the Secretariat's internal governance framework and concluded that the governance structure is well articulated, mature and flexible. However, areas of improvement were identified to break down silos across the Secretariat and allow broader-based input to operational decision making. Implementation of recommendations is underway. This review is in relation to entity-level controls.

In 2014–15, the Secretariat's Internal Control Unit undertook ongoing monitoring activities that were focused mainly on following up on the few remaining remediation actions from previous years' assessments of IT general controls. This follow-up is in relation to actions outstanding from the review conducted by the Integrated Financial and Materiel System Program Office in 2012–13.

The Secretariat plans an external assessment of its IT general controls on a regular basis to provide the level of assurance required to meet interdepartmental service arrangements with the clients of the Secretariat's financial system cluster. The Secretariat has contracted EY to perform a first external assessment of the IT general controls beginning in 2015–16.

In addition, in the fourth quarter of fiscal year 2015–16, the Secretariat will conduct an external review of SAP financial system by the Integrated Financial and Material System Program Office. This review will also be planned to occur every three years.

4. Departmental Action Plan

4.1 Progress in Fiscal Year 2014–15

The Secretariat continued its progress in completing its assessments according to approved plans and in following up on remediation actions. Table 1 provides a summary of this progress.

Table 1. Progress Summary 2014–15
Element in Previous Year’s Action Plan Status
Secretariat as a department
IT general controls: Remediation resulting from operating effectiveness testing; follow-up on action plan as a result of the review of security and authorization in SAP conducted in 2012–13 by the Integrated Financial and Material System Program Office. Remediation actions are completed.
Payroll and benefits: Operating effectiveness testing and remediation. Deferred due to the centralization of pay services at PWGSC. Scheduled to be completed in 2015–16 as per plan.
Operating expenses and accounts payable: Operating effectiveness testing and remediation. Completed for the operating expenses and accounts payable process. Travel expenses are identified as a sub-process for which operating effectiveness testing and assessment was postponed to 2015–16 due to the implementation of the new Shared Travel Services system in 2014–15.
Revenues and accounts receivable: Remediation resulting from prior year’s assessment. Completed.
Budgeting and forecasting: Operating effectiveness testing and remediation. Completed.
Capital assets: Design effectiveness testing and remediation. Testing completed.
Secretariat as manager of government-wide funds and public service employer payments
Public Service Pension Plan (PSPP): Remediation resulting from prior year’s assessment. Remediation in progress.
Disability Insurance Plan (DI): Remediation resulting from prior year’s assessment. Remediation in progress.
Public Service Health Care Plan (PSHCP): Remediation resulting from prior year’s assessment. Completed.
Public Service Dental Care Plan (PSDCP): Remediation resulting from prior year’s assessment. Completed.
Provincial payroll taxes: Remediation resulting from prior year’s assessment. Remediation in progress.
Employment Insurance (EI) premiums: Remediation resulting from prior year’s assessment. Remediation in progress.
Canada/Québec Pension Plan (CPP/QPP) contributions: Remediation resulting from prior year’s assessment. Remediation in progress.
Pensioners’ Dental Services Plan (PDSP): Remediation resulting from prior year’s assessment. Completed.
Public Service Management Insurance Plan (PSMIP): Remediation resulting from prior year’s assessment. Remediation in progress.
Provincial Health Insurance Plan premiums: Remediation resulting from prior year’s assessment. Remediation in progress.
Québec Parental Insurance Plan: Remediation resulting from prior year’s assessment. Remediation in progress.
Supplementary Death Benefit Plan: Remediation resulting from prior year’s assessment. Remediation in progress.
Service Income Security Insurance Plan (SISIP): Remediation resulting from prior year’s assessment. Discussions are underway to transfer the SISIP program to National Defence by fiscal year 2016–17. As a result, SISIP has been scoped out.

4.2 Status and Action Plan for the Next Fiscal Year and Subsequent Years

The Secretariat has continued to make significant efforts to meet its target for completing design and operating effectiveness testing across all control areas, including entity level controls, IT general controls and process level controls.

At the end of 2014–15, design effectiveness testing was completed for all control areas, with a few remaining remediation actions to be completed. Building on progress to date, the Secretariat is positioned to complete operating effectiveness testing of the remaining processes and reach the ongoing monitoring stage by 2015–16 for the majority of its 21 processes that are subject to internal control assessment. At that time, the Secretariat will apply its rotational ongoing monitoring plan to reassess control performance on a risk basis across all areas. The status and action plan for the completion of the identified control areas for the next fiscal year and subsequent years is outlined in Table 2.

Table 2. Status and Action Plan Going Forward
Key Control Areas Assessment Elements
Design Effectiveness Stagetable note 1 Operating Effectiveness Stage Ongoing Monitoring Rotation
Testingtable note 1 Remediationtable note 2
Table 2 Notes
Table Note 1

“Completed” implies that the process and controls have gone through a full assessment for design and/or operating effectiveness.

Return to table note 1 referrer

Table Note 2

Remediation actions have been identified as a result of the assessment phase.

Return to table note 2 referrer

Table Note 3

Remediation actions for a few of the remaining observations are to be completed in 2016–17.

Return to table note 3 referrer

Table Note 4

Additional work is required to address the issue in relation to those payments made through Interdepartmental Settlements for which the Secretariat must rely on other government departments to exercise controls.

Return to table note 4 referrer

Table Note 5

Discussions are underway to transfer the SISIP program to National Defence by fiscal year 2016–17; therefore, this plan has been scoped out.

Return to table note 5 referrer

Table Note 6

The specific year for ongoing monitoring will be determined based on factors such as results of operating effectiveness testing, separate evaluations and audits, as well as risk ranking and capacity. The rotational ongoing monitoring plan will be applied using a five-year cycle, with more frequent testing in higher-risk areas.

Return to table note 6 referrer

Table Note 7

The Secretariat plans an external assessment of IT general controls on a periodic basis. The first assessment is planned for 2015–16.

Return to table note 7 referrer

Secretariat as a department
Entity level controls Completed Completed N/A Future yearstable note 6
IT general controls under departmental management Completed Completed Completed 2015–16table note 7
Payroll and benefits Completed 2015–16 Dependent on testing results Future yearstable note 6
Operating expenses and accounts payable Completed Testing is completed for the operating expenses process. The travel expense sub-process will be completed in 2015–16 Dependent on testing results for the travel expense sub-process 2016–17
Financial reporting and closing cycle Completed Completed N/A 2017–18
Revenues and accounts receivable Completed Completed Completed 2016–17
Budgeting and forecasting Completed Completed Completed Future yearstable note 6
Capital assets Completedtable note 3 2015–16 Dependent on testing results Future yearstable note 6
Secretariat as manager of government-wide funds and public service employer payments
Public Service Pension Plan (PSPP) Completedtable note 3 Completed Completed 2015–16
Disability Insurance Plan(DI) Completedtable note 3 Completed Completed 2015–16
Public Service Health Care Plan (PSHCP) Completed Completed Completed 2016–17
Public Service Dental Care Plan (PSDCP) Completed Completed Completed 2016–17
Provincial payroll taxes Completedtable note 3 Completed 2016–17table note 4 2017–18
Employment Insurance (EI) premiums Completedtable note 3 Completed 2016–17table note 4 2017–18
Canada/Québec Pension Plan (CPP/QPP) contributions Completedtable note 3 Completed 2016–17table note 4 2017–18
Pensioners’ Dental Services Plan (PDSP) Completed Completed Completed 2016–17
Public Service Management Insurance Plan (PSMIP) Completedtable note 3 Completed Completed Future yearstable note 6
Provincial Health Insurance Plan premiums Completedtable note 3 Completed 2016–17table note 4 Future yearstable note 6
Québec Parental Insurance Plan Completedtable note 3 Completed 2016–17table note 4 Future yearstable note 6
Supplementary Death Benefit Plan Completedtable note 3 Completed 2016–17table note 4 Future yearstable note 6
Service Income Security Insurance Plan (SISIP) See note5 See note5 See note5 See note5

Page details

Date modified: