With the new Treasury Board Policy on Internal Control, effective April 1, 2009, departments and agencies are now required to demonstrate the measures they are taking to maintain effective systems of internal control over financial reporting (ICFR).
As part of this policy, departments and agencies are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.
Effective systems of ICFR aim to achieve reliable financial statements and to provide assurance that:
It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.
The maintenance of an effective system of ICFR is an ongoing process designed to identify, assess and adjust as required, key risks and associated internal controls, as well as to monitor its performance in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to the other based on risks and taking into account their unique circumstances.