Annex – Assessment of Internal Control over Financial Reporting for the fiscal year ending March 31, 2018 (Unaudited)
This document provides a summary of the measures taken by the Office of the Public Sector Integrity Commissioner (the Office) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.
Detailed information on the Office’s authority, mandate and program activities can be found in the corporate plans and reports.
2. System of internal control over financial reporting
2.1 Internal control management
The Office has a well-established governance and accountability structure to support its assessment and oversight of its system of internal control. An Internal Control Framework, approved by the Commissioner, is in place and includes:
- Organizational accountability structures related to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for internal control management;
- A code of values and ethics;
- Ongoing communication and training on statutory requirements, as well as policies and procedures for sound financial management and control; and
- Regular monitoring of internal control management, as well as the provision of related assessment results and action plans to the Commissioner and senior management and, as applicable, the Audit and Evaluation Committee.
The Audit and Evaluation Committee provides advice to the Commissioner on the adequacy and functioning of the Office's risk management, control and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The Office relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
- Public Services and Procurement Canada centrally administers the payments of salaries and the procurement of goods and services in accordance with the Office’s Delegation of Authority, and provides accommodation services;
- The Treasury Board of Canada Secretariat provides the Office with information used to calculate various accruals and allowances.
- The Canadian Human Rights Commission (CHRC) provides information technology infrastructure services and a financial system platform to capture, process and report all financial transactions. The scope and responsibilities are addressed in the interdepartmental arrangement between CHRC and the Office, as well as in the attestation and summary of results prepared by CHRC on its internal control over financial reporting (ICFR) in regards to the impact it has on its clients. The Office relies on CHRC’s internal controls over financial reporting and the financial management system to process the financial data that has been approved, authorized and transmitted by the Office. The Office is responsible to ensure that the financial reports are accurate and fairly present the financial results and position.
3. Office of the Public Sector Integrity Commissioner assessment results during fiscal year 2017–18
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
New or significantly amended key controls: In the current year, there were no significantly amended key controls in existing processes which required a reassessment. Design and operating effectiveness testing was conducted by CHRC on the key controls for a new payroll subsystem. Significant adjustments were not required for the new key controls.
Ongoing monitoring program: As part of its rotational ongoing monitoring plan, the Office completed its reassessment of controls. For the most part, the key controls that were tested performed as intended, with remediation required as follows:
- Lack in written documentation were found in all control sectors. An action plan addressing recommendations is in development.
4. Office action plan
4.1 Progress during fiscal year 2017–18
The Office conducted an assessment of its controls, updated the Internal Control Framework, including adjustments to the ongoing monitoring program.
Progress during Fiscal Year 2017–18
|Ongoing Monitoring plan for current year||Status|
|Entity-level controls||Completed as planned; no remedial actions required.|
|IT general controls||Completed as planned; remedial actions started for written documentation.|
|Operating expenditures||Completed as planned; remedial action started for written documentation.|
|Capital Expenditures||Completed as planned; remedial action started for written documentation.|
|Payroll||Completed; no remedial actions required.|
4.2 Action plan for the next fiscal year and subsequent years
The Office's rotational ongoing monitoring plan over the next three years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.
Rotational Ongoing Monitoring Plan
|Key control areas||Fiscal year
|IT general controls||Yes||Yes||Yes|
|Master data on vendors||Yes||No||Yes|