ARCHIVED - Treasury Board of Canada Secretariat - Supplementary Tables

• Previous Page
• Table of Contents
•  

This page has been archived.

Annex to Statement of Management Responsibility
including Internal Control over Financial Reporting
Treasury Board of Canada Secretariat
Fiscal year 2009-10

Note to the reader

With the new Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain effective systems of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

• Transactions are appropriately authorized;
• Financial records are properly maintained;
• Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement;
• Applicable laws, regulations and policies are complied with.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The maintenance of an effective system of ICFR is an ongoing process designed to identify, assess effectiveness and adjust as required key risks and associated key controls, as well as to monitor its performance in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to the other based on risks and taking into account their unique circumstances.

Table of Contents

1. Introduction 2. Treasury Board of Canada Secretariat's control environment relevant to ICFR 3. Assessment of system of ICFR 4. Assessment results 5. Action plan

1. Introduction

This document is an annex to the Treasury Board of Canada Secretariat's Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2009-2010. As required by the new Treasury Board Policy on Internal Control, effective April 1, 2009, this document provides summary information on the measures taken by the Treasury Board of Canada Secretariat to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the internal control assessments conducted by the Treasury Board of Canada Secretariat as at March 31, 2010, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Treasury Board of Canada Secretariat.

It is important to note that the system of ICFR is not designed to eliminate every possible risk, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate. The maintenance of an effective system of ICFR is an ongoing process designed to identify and prioritize risks and the controls to mitigate those risks, as well as to monitor its performance in support of continuous improvement.

1.1 Authority, Mandate and Program Activities

The Treasury Board of Canada Secretariat is the administrative arm of the Treasury Board. The Treasury Board is a Cabinet committee of ministers invested with a broad range of responsibilities for management excellence, policy development, and budget and human resources oversight. The Treasury Board of Canada Secretariat supports Treasury Board ministers and strengthens the way government is managed to better serve Canadians and ensure value-for-money in government spending. The Secretariat achieves these objectives by:

While both of these roles are important, the overwhelming majority of the expenditures, in these financial statements, relate to the central payments for pension and benefits.

Detailed information on the Treasury Board of Canada Secretariat's authority, mandate and program activities can be found in its Departmental Performance Report and in its Report on Plans and Priorities.

1.2 Financial highlights

Financial statements (unaudited) of the Treasury Board of Canada Secretariat for fiscal-year 2009-2010 can be found on the Treasury Board of Canada Secretariat website. Information can also be found in the Public Accounts of Canada website.

Financial Highlights of Treasury Board of Canada Secretariat:

• Government-wide funds and Public Service Employer Payments accounted for 87% or $2.067B of total expenses ($2.367B). Public Service Employer Payments relate to the Secretariat's role as employer of the core public administration. These funds are used for the public service pension, benefits, and insurance, including payment of the employer's share of health, income maintenance, and life insurance premiums as well as payments to, or in respect of, provincial health insurance and other related costs. The Pension and Benefits Sector within the Secretariat manages most of these expenditures.
• Parking fee revenue was $11.6M or 71% of total revenues ($16.4M). These fees are paid by public servants across government for renting parking spaces in government owned or leased facilities. The Secretariat fulfills a central accounting function by recording all fees deposited by other government departments. These fees are deposited directly to the Consolidated Revenue Fund and are not available for re-spending by the Treasury Board of Canada Secretariat.
• Accounts receivable related to other departments' shares of employee benefit costs account for 98% or $658M of total assets ($674M). Also, accounts payable which relate to adjustments for other departments' share of employee benefit costs comprise 51% or $291M of total liabilities ($613M). Of the remaining accounts payable, 39% or $220M are end-year payables set up for the Public Service Health Care Plans, Public Service Dental Care Plan and Pensioners Dental Services Plan. These significant payables and receivables result from the requirement for year end adjustments to ensure the appropriate distribution of employee benefit costs to government departments.
• Treasury Board of Canada Secretariat assets and liabilities were increased by $2.5M and $22.6M respectively, and operating budget resources increased by $56M as a result of a merger with the Public Service Human Resource Management Agency of Canada.

1.3 Service arrangements relevant to financial statements

1.3.1 Secretariat reliance on other government service providers:

The Secretariat relies on other organizations for the processing of certain transactions that are recorded in its financial statements. These arrangements include but are not limited to:

1.3.2 Secretariat reliance on non-governmental service providers:

• The Secretariat relies on the internal controls of a number of companies which provide specific services such as medical plan administration, dental plan administration, and insurance services.

1.3.3 Secretariat services upon which other departments rely:

Other government departments rely on the Treasury Board of Canada Secretariat for the processing of certain transactions or the provision of information which impact their financial statements:

1.4 Material changes in fiscal year 2009-2010

Effective March 2, 2009, the Public Service Human Resources Management Agency of Canada was amalgamated with the Treasury Board of Canada Secretariat. The financial impact of this amalgamation was not reflected in the fiscal year 2008-09 financial statements. The amalgamation with the Public Service Human Resources Management Agency of Canada resulted in additional budgetary resources being recorded in the Financial Statements of the Secretariat of $56M. In addition, effective February 1, 2009, a significant portion of the Corporate Services Branch in the Department of Finance was transferred to the Secretariat and as a result, TBS now provides corporate shared services to the Department of Finance. The expense for the Secretariat's share for most of these services had already been reflected in the Treasury Board of Canada Secretariat's Financial Statements.

2. The Treasury Board of Canada Secretariat's control environment relevant to ICFR

Treasury Board of Canada Secretariat recognizes the importance of senior management leadership in ensuring that staff at all levels understand their roles in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities. The Treasury Board of Canada Secretariat's objective is to continually improve its internal control environment using a risk-based approach and targeted resource investment so that the required level of effectiveness is achieved at a manageable cost.

2.1 Key positions, roles and responsibilities

Below are the Secretariat's key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Secretary – Treasury Board of Canada Secretariat's Deputy Head, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Secretary chairs the Treasury Board of Canada Secretariat Executive Committee and is a member of the Departmental Audit Committee.

Chief Financial Officer (CFO) – The Treasury Board of Canada Secretariat's CFO reports directly to the Secretary and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Assistant Secretaries and other Senior Departmental Managers - The Treasury Board of Canada Secretariat's senior departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their mandate.

Chief Audit Executive (CAE) – The Treasury Board of Canada Secretariat's CAE reports directly to the Secretary and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.

Government of Canada Audit Committee (GCAC) - The GCAC is an advisory committee that provides objective views on the Treasury Board of Canada Secretariat's financial statements, risk management, control and governance frameworks and it is comprised of three external members, a deputy minister external to the Secretariat, and the Secretary of the Treasury Board. As such, it reviews the Treasury Board of Canada Secretariat's Corporate Risk Profile, its internal audit reports, and its system of internal control, including the assessment and action plans relating to the system of ICFR.  

2.2 Key organization-wide controls in the Treasury Board of Canada Secretariat

The Secretariat's control environment includes measures and tools to help raise awareness and to develop employees' internal control knowledge and skill sets. These include:

• Values and Ethics Office which provides educational/awareness programs;
• A Secretariat Corporate Risk Profile that is updated annually;
• A requirement for accounting designations in key financial management positions as well as a section within the Financial Management Directorate focused on ICFR;
• Financial management policies as well as the documentation of its main business processes and related key risk and control points to support the management and oversight of its system of ICFR;
• A risk-based internal audit plan;
• Training programs and regular communication to employees on core areas of financial and contracting management;
• Regularly updated delegated authorities matrix; and
• Secure financial and contracting IT processing systems to achieve enhanced security, data integrity, and efficiency and effectiveness of transactions.

3. Assessment of system of ICFR

3.1 Assessment baseline

In 2004, the Government of Canada commenced an initiative to determine the ability of departments to sustain controls-based audits of their financial statements, thus placing reliance on well functioning internal controls. As a result, in 2007, the Treasury Board of Canada Secretariat received an audit readiness assessment that had been conducted by an independent external consulting firm. This assessment provided the baseline for the Treasury Board of Canada Secretariat to move forward in reviewing its internal controls and preparing for controls-based audited financial statements.

Whether it is to support controls-based audits or meet the requirements of the Policy on Internal Control, the Secretariat must be able to maintain an effective system of ICFR with the objectives to provide reasonable assurance that a) transactions are appropriately authorized, b) financial records are properly maintained, c) assets are safeguarded and d) applicable laws, regulations and policies are complied with.

Over time, this includes assessment of design and operating effectiveness of the departmental system of ICFR leading to ensuring the on-going monitoring and continuous improvement of its departmental system of ICFR.

Design effectiveness means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate) and that any remediation is addressed. This includes the mapping of key processes and IT systems to the main accounts.

Operating effectiveness means that the application of key controls has been tested over a defined period and that any required remediation is addressed. Such testing covers all departmental control levels which include corporate or entity, general computer and business process controls.

The Secretariat, as a department, has assessed the design of its system of ICFR and has a monitoring process in place to sustain and continually improve on this system.

3.2 Assessment methodology

In proceeding with the preparation for sustaining a controls-based audit, the Treasury Board of Canada Secretariat, with the assistance of an independent external consulting firm, reviewed its Financial Statements, identifying the significant business processes and key control points. Potential gaps in the internal control framework were then identified along with the level of associated risks. The review started with general entity-level controls and continued with business process controls which were separated into nine key processes. These business processes were grouped into two categories: 1) those that concerned the Treasury Board of Canada Secretariat as a Department and 2) those that concerned the Treasury Board of Canada Secretariat in its role of managing government-wide funds and Public Service Employer payments.

Business processes for the Treasury Board of Canada Secretariat as a department:

• Operating Expenses including contracting
• Payroll and Benefits
• General Computer Controls
• Financial Reporting and Closing Cycle
• Budgeting and Forecasting

Business processes for the Treasury Board of Canada Secretariat as the manager for government-wide funds and Public Service Employer Payments:

• Pension Payments
• Insurance Benefit Plans
• Employee Benefit Plan Recoveries
• Parking Revenue

For each business process for the Secretariat as a department, the following steps were substantially completed:

• confirmed the effectiveness of the organization-wide control environment as this is critical in supporting internal controls at the business process level;
• updated internal control documentation based on changes made to processes, and controls relevant to ICFR, including appropriate linkages to policies and procedures and confirmed that these changes mitigated the identified risks from a design perspective;
• mapped out key processes using flowcharts and various narrative approaches to identify key risk and control points; and
• conducted reviews of each business process to confirm that the controls were functioning as specified in the design documentation.

For each business process related to the Secretariat as the manager for government-wide funds and Public Service Employer Payments, the following steps were partially completed:

• documented some of the business processes for the insurance benefit plans;
• established a working group to review the internal controls for the employee benefit and employee insurance plans, and began meeting with program managers and support staff;
• initiated reviews of control activities;
• identified which processes had components where there was reliance on other government departments internal controls and documented the specific circumstances.

The Secretariat also took into account information from relevant audits and evaluations. The following internal audit reports were considered:

• Audit of Pay and Related Benefits
• Audit of Leave and Overtime
• Audit of Account Verification
• Office of the Comptroller General Horizontal Audit of High Risk Expenditure Controls in Large Departments and Agencies
• Office of the Comptroller General Horizontal Audit on Delegation of Financial Authorities in Large Departments and Agencies

4. Assessment results

In assessing its key controls, the Secretariat looked at both design effectiveness and operating effectiveness, and initiated confirmation of control implementation.

4.1 Design effectiveness of key controls

When completing design effectiveness testing, the Secretariat updated business process documentation and validated the key processes with management. It verified that the documented processes corresponded to actual practices and adjustments were made to documentation and/or the actual process, as required. As a result of these assessments, the Secretariat identified the need for remediation in the following areas:

Documentation of Controls and Evidence of Controls:

• consistency, accuracy and detail in the documentation of controls and procedures.
• adequacy of documentation for some business processes.
• consistency in the use of validation stamps, checklists, approval signatures and other tools and procedures to demonstrate evidence of control.

Accounting:

• consistency and frequency in the completion of reconciliations.
• frequency and thoroughness in the monitoring and review of financial information.

Computer system security and access control:

• adequacy of controls related to Systems Security including user access, segregation of duties and the monitoring of user roles.
• currency of documentation such as the IM/IT Strategic Plan and the Disaster Recovery Plan.
• consistency in the use of automated controls.

Review function

• consistency of the review function for accounting transactions.
• frequency in the review of all monitoring reports by management.

Monitoring and quality assurance of financial statement preparation:

• clarity of roles and responsibilities as well as increased challenge by Corporate Accounting regarding quality assurance over the trial balance or amounts and disclosures in the financial statements.
• adequacy of review of key changes to business processes and of new programs which may have an impact on internal controls over financial reporting.

Reliance on Other Government Departments

• existence and adequacy of documentation where the Secretariat relies on the internal control systems of, and financial information provided by, other government departments.

4.2 Operating effectiveness of key controls

In 2009-10, the Secretariat reconfirmed that almost all controls related to the Treasury Board of Canada Secretariat as a department were functioning. Those that were not functioning properly were identified and corrective actions initiated. Controls related to Secretariat as manager for government-wide funds and Public Service Employer Payments are being reassessed as processes have been updated since the audit readiness assessment. Operating effectiveness assessment of internal controls will be conducted, as required in 2010-11 and 2011-12.

4.3 On-going monitoring program

The Treasury Board of Canada Secretariat has created a dedicated unit responsible for a well integrated risk based approach for the ongoing assessment of the Secretariat's internal controls over financial reporting. The Secretariat's Internal Control section will monitor any required remediation actions to entity level, business processes and general computer controls based on lessons learned from the annual assessments and audits. This includes promoting awareness of ICFR and clarifying roles and responsibilities of employees within the Secretariat who are involved with ICFR.

5. Action Plan

5.1 Progress as at March 2010

During 2009-2010, the Secretariat continued to make significant progress in assessing and improving its controls. Below is a summary of the main progress made by the Secretariat:

The Secretariat, as a department, completed work to address the following necessary adjustments:

• Substantially completed the documentation of the existing entity level controls and confirmation that processes are in place.
• Completed the documentation of all departmental business processes and controls.
• Identified gaps in internal controls and the related documentation.
• Undertook action to address the identified gaps, for example:
  • identified high risk and low risk transactions for purposes of account verification which permits a targeted approach on higher risk transactions and use of statistical sampling methodologies on lower risk transactions.
  • reviewed user profiles to ensure segregation of duties and implemented monitoring of user access through regular review of access logs and reports.
  • developed a variety of checklists to ensure specific steps in the account verification process are followed.
  • restricted the number of users with access to maintain the employee and supplier tombstone data records and commenced daily monitoring by a financial officer to determine what changes have been made to the records.
• Reviewed the documented key processes and controls by conducting reviews of each process to confirm controls are functioning as specified in the supporting documentation.

The Secretariat as the manager for government-wide funds and Public Service Employer Payments has commenced work to address the following necessary adjustments:

• Documented the business processes for the insurance benefit plans and the pension plan.
• Identified gaps in internal control documentation and the approach to address those gaps.

5.2 Action plan – future years

By end of 2010-11:

By end of 2011-12:

• Previous Page
• Table of Contents
•