Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Canada Revenue Agency - Report


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Section III: Supplementary Information

Statement of Management Responsibility Including Internal Control Over Financial Reporting

We have prepared the accompanying financial statements of the Canada Revenue Agency according to accounting principles consistent with those applied in preparing the financial statements of the Government of Canada. Significant accounting policies are set out in note 2 to the financial statements. Some of the information included in the financial statements, such as accruals and the allowance for doubtful accounts, is based on management's best estimates and judgment, with due consideration to materiality. The Agency’s management is responsible for the integrity and objectivity of data in these financial statements. Financial information submitted to the Public Accounts of Canada and included in the Agency’s Annual Report, is consistent with these financial statements.

To fulfill its accounting and reporting responsibilities, management maintains sets of accounts which provide records of the Agency’s financial transactions. Management also maintains financial management and an effective system of internal control over financial reporting (ICFR) that take into account costs, benefits, and risks. They are designed to provide reasonable assurance that transactions are within the authorities provided by Parliament, and by others such as provinces and territories, are executed in accordance with prescribed regulations and the Financial Administration Act, and are properly recorded to maintain the accountability of funds and safeguarding of assets.

Financial management and internal control systems are reinforced by the maintenance of internal audit programs. The Agency also seeks to assure the objectivity and integrity of data in its financial statements by the careful selection, training, and development of qualified staff, by organizational arrangements that provide appropriate divisions of responsibility, by communication programs aimed at ensuring that its regulations, policies, standards, and managerial authorities are understood throughout the organization, and by conducting an annual assessment of the effectiveness of its system of ICFR. An assessment for the year ended March 31, 2011 was completed in accordance with the Policy on Internal Control and the results and action plans are summarized in the annex.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess effectiveness of associated key controls, and to make any necessary adjustments. The effectiveness and adequacy of the Agency’s financial management and its system of internal control are reviewed by the work of internal audit staff, who conduct periodic audits of different areas of the Agency’s operations and by the Board of Management which is responsible for ensuring that management fulfills its responsibilities for financial reporting and internal control and exercises this responsibility through the Audit Committee of the Board of Management. To assure objectivity and freedom from bias, these financial statements have been reviewed by the Audit Committee and approved by the Board of Management. The Audit Committee is independent of management and meets with management, the internal auditors, and the Auditor General of Canada on a regular basis. The auditors have full and free access to the Audit Committee.

The Auditor General of Canada conducts independent audits and expresses separate opinions on the accompanying financial statements which do not include an audit opinion on the annual assessment of the effectiveness of the Agency's internal controls over financial reporting.

Approved by:

Linda Lizotte-MacPherson
Commissioner and
Chief Executive Officer

Filipe Dinis
Chief Financial Officer and Assistant Commissioner, Finance and Administration

Ottawa, Ontario
August 30, 2011

Financial performance information – Parliamentary appropriations

Introduction

This section of the CRA Annual Report to Parliament 2010-2011 provides the details of the Agency’s resource management performance for the purpose of reporting to Parliament on the use of appropriations in 2010-2011. This complements the information provided in the spending profile sections under each Program Activity and satisfies the reporting requirements set for departmental performance reports.

Financial reporting methodologies

The CRA’s funding is provided by Parliament through annual appropriations (modified cash accounting basis) and, in this section, the CRA reports its expenditures and performance to Parliament, together with details on the management of Parliamentary appropriations on the same basis. In addition to the above reporting requirements, the CRA is also required to prepare its annual financial statements in accordance with the accounting principles applied in preparing the financial statements of the Government of Canada (full accrual accounting basis). Accordingly, the audited Statement of Operations - Agency Activities in our 2010-2011 Annual Report to Parliament includes certain items such as services received without charge from other government departments and federal agencies. A reconciliation can be found in note 3 in the same report.

The CRA is participating in a Treasury Board Secretariat (TBS) pilot project to extend accrual accounting to the budgeting and appropriations process. As required by the pilot project, CRA prepared and included future-oriented financial statements (FOFS) in the 2010-2011 Report on Plans and Priorities (RPP). This future-oriented financial information was prepared on an accrual basis to strengthen accountability and improve transparency and financial management. As part of the analysis of net cost of operations, this DPR compares actual results to the initial future-oriented financial statements contained in the 2010-2011 RPP.

CRA financial information

Activities of the Agency

Canada Revenue Agency
20102011
(in thousands of dollars)
Main Estimates Table note 24
4,476,430
Planned Spending Table note 25
4,523,527
Total Authorities Table note 26
4,596,714
Actual Spending
4,418,566
Table note 24
Spending authorized by Parliament at the beginning of the fiscal year. Return to Table note 24 source text
Table note 25
Main Estimates authorities plus other amounts anticipated to be authorized during the fiscal year. Return to Table note 25 source text
Table note 26
Total spending authorized by Parliament during the fiscal year. Return to Table note 26 source text

The Financial Statements - Agency Activities reports $3,975.4 million as total Parliamentary appropriations used (note 3 in our 2010-2011 Annual Report to Parliament shows the reconciliation to the net cost of operations). The difference from the $4,418.5 million reported in this section is explained by two items reported in the Financial Statements - Administered Activities: the statutory disbursements to provinces under the Softwood Lumber Products Export Charge Act, 2006, $220.7 million; and the Children’s Special Allowance payments, $222.4 million.

Overview

For 2010-2011, Parliament approved $4,476.4 million through the Main Estimates, as shown in the CRA’s 2010-2011 Report on Plans and Priorities.

The 2010-2011 Main Estimates were adjusted to include:

  • $150.3 million for the carryforward from 2009-2010;
  • $82.5 million for maternity and severance payments;
  • $57.8 million for the implementation of Harmonized Sales Tax for Ontario and British Columbia and the Affordable Living Tax Credit for Nova Scotia;
  • $49.3 million for additional employee benefits plan costs;
  • $32.4 million for various collective agreements increases;
  • $18.2 million for increased Respendable Revenue mainly to provide services to the Canada Border Services Agency;
  • $15.0 million for the implementation of various tax measures announced in the 2010 Federal Budget;
  • $8.2 million for the Government advertising campaigns;
  • $4.0 million for Court Awards and Crown Assets Disposal; and
  • $2.3 million for the Financial Interoperability and Stewardship Initiative in support of the Corporate Administrative Systems.

These increases were offset by the following reductions:

  • $258.3 million due to a modification to the original estimate of disbursements to provinces under the Softwood Lumber Products Export Charge Act;
  • $24.3 million due to delays in proposed amendments to the Income Tax Act related to foreign investment entities and non-resident trusts;
  • $14.1 million transferred to Public Works and Government Services Canada (PWGSC) to adjust charges related to accommodation and real property services;
  • $2.5 million for statutory Children’s Special Allowance payments;
  • $0.3 million due to a reduction in the budget for the Office of the Minister; and
  • $0.2 million transferred to the Treasury Board Secretariat to support the National Managers’ Community.

This resulted in total approved authorities of $4,596.7 million for 2010-2011, representing an in-year increase of 2.7% over the Main Estimates.

Of the $4,596.7 million total authority, CRA’s actual spending totalled $4,418.5 million resulting in $178.2 million remaining unexpended at year-end. After deducting unused resources related to Government advertising campaigns, the remaining $178.0 million is available for use by the Agency in 2011-2012 under its statutory two-year spending authority. This amount represents 3.9% of the total authority.

The Agency’s two-year spending authority enables the CRA to be more strategic in its use of public funds by taking a multi-year view of plans and budgets. The financial flexibility in 2010-2011 was somewhat higher than usual due to restraint measures introduced by the CRA during the latter half of the fiscal year in response to the Operating Budget freeze implemented by the Government in Budget 2010. This increased carryforward was part of the Agency’s strategy to address unfunded operating pressures in 2011-2012, including previously approved salary increases for employees.

Revenues administered by the Agency

Total revenues administered by the CRA amount to some $311 billion in 2010-2011, an increase of 11.5% from the $279.0 billion administered in 2009-2010.

All dollar amounts in the following table are in thousands of dollars
2009-2010
2010‑2011
Federal Government
180,455,735
191,023,845
Provincial, Territorial Governments and First Nations
62,154,726
83,085,151
Canada Pension Plan
36,365,844
37,177,356
Total
278,976,305
311,286,352

Financial highlights


Condensed Statement of Financial Position
As at March 31, 2011 (in thousands of dollars)
 
% Change
2010-2011
2009-2010
Total assets
2.6%
792,617
772,203
Total liabilities
9.0%
1,068,003
979,651
Equity of Canada
32.7%
(275,386)
(207,448)
Total
2.6%
792,617
772,203

Condensed Statement of Operations
For the year ended March 31, 2011 (in thousands of dollars)
 
% Change
2010-2011
2009-2010
Future-oriented 2011
Total expenses
3.7%
4,605,580
4,441,321
4,404,675
Total revenues
7.2%
610,277
569,421
572,145
Net cost of operations
3.2%
3,995,303
3,871,900
3,832,530

There are three significant program administration changes which have influenced the results in the Financial Statements.

1. Provincial Sales Tax Administration Reform

On July 1, 2010, the CRA successfully implemented the Harmonized Sales Tax (HST) in the provinces of Ontario and British Columbia. However, on August 26, 2011 the Province of British Columbia announced that it will return to the provincial sales tax. The transition period is expected to take a minimum of 18 months. During this period, the Agency will continue to administer the HST in British Columbia.

The CRA has received funding for 2010-2011 and subsequent years of $710 million (including employee benefit plan contributions and accommodation charges) and authority to spend $21.7 million of internal CRA funds for the continuing implementation and administration of the HST in Ontario and British Columbia. Of this amount, $91.7 million was received to cover costs in 2010-2011. Funding was used to enhance service to taxpayers, further develop capacity to identify and address the risk of HST non-compliance, transition affected provincial employees to the Agency, implement remaining IT system modifications, and administer new province-specific HST flexibilities in Ontario and British Columbia.

Program enhancements to address the increased risk of HST non-compliance and completing the necessary system changes will continue to be a priority for the Agency in 2011-2012.

2. New Authorities for Capital Assets

The CRA established a separate Capital Expenditures Vote as of April 1, 2010, meaning the Agency’s Capital asset expenditures, with the exception of certain year-end adjustments, were funded by a distinct capital budget authority. Previously, capital amounts were included in, and funded out of, the Operating Vote Authority.

In fiscal year 201l, the Agency’s capital expenditures totalled $110.4 million. The Agency carried forward an amount of $52 million, which was a result of an overestimated capital budget requirement at the time Main Estimates were prepared due to changes in assumptions regarding the terms and conditions of procurement agreements. The unused balance of capital funding will be used to finance capital purchases in fiscal year 2012.

As outlined in the table below, the CRA continued to invest in information technology (IT) systems in order to ensure modern and efficient program delivery. The Agency had several large-scale projects that required substantial investments in the development of IT systems. Combined with the acquisition of IT hardware, the Agency invested $106 million in IT related capital assets this fiscal year. The value of these new capital assets has been offset by amortization expenses of $93.4 million in 2010-11.

Figure 2 Information Technology Investment in Capital Assets

Figure 2 (financial)
3. Impact of 2010 Federal Budget - Collective Bargaining

As part of the 2010 Federal Budget, and to support its priority of restoring fiscal balance, the Government announced a freeze on the operating budgets of departments and agencies until 2012-2013. As a result, no incremental funding was provided to organizations for the costs of wage increases.

In fiscal year 2010-2011, the Agency managed these operating pressures in a decentralised manner by requiring individual budget managers to absorb them within existing budgets. The funding shortfall of approximately $13 million was primarily comprised of the economic increases associated with the Public Service Alliance of Canada (PSAC) and the Professional Institute of the Public Service of Canada (PIPSC) collective agreements, as well as salary increases for the Human Resource (HR) and Executive/ Cadre (EC) groups.

Given the magnitude of the pressures associated with non compensated wage and salary cost increases in future years, the Agency has undertaken a targeted program spending realignment review to identify potential sources of funding. The reduction in spending will primarily be achieved through general administrative and program efficiencies.

Analysis of Net Cost of Operations

The Agency’s 2010-2011 net cost of operations increased by $123 million from 2009-2010. Agency expenses totaled $4,606 million in 2010-2011 (2009-2010 - $4,441 million) (see Note 9 of the Financial Statements - Agency Activities for the breakdown of expenses by category). When adjusting for non-tax revenue of $610 million (2009-2010 - $569 million), the net cost of operations amounts to $3,995 million, as illustrated below:

All dollar amounts in the following table are in thousands of dollars
Expenses
2011
2010
Personnel
3,409,331
3,230,297
Accommodation
327,413
331,587
IT equipment and services
282,143
256,778
Transportation and communications
194,861
197,804
Professional and business services excluding IT
160,251
162,506
Federal sales tax administration costs – Province of Québec
142,179
148,437
Other
89,402
113,912
Total expenses
4,605,580
4,441,321
Less: Non-tax revenue
610,277
569,421
Net cost of operations
3,995,303
3,871,900

The Agency’s expenses are composed of 74% in personnel expenses (salaries, other allowances and benefits) and 26% in non-personnel expenses, as illustrated in the figure below.

Figure 3 Total Expenses by Type

Figure 3 Total Expenses by Type
Figure 3.1 Total Expenses by Type

Personnel expenses are the primary drivers for the Agency. A number of factors contributed to the net increase of $179 million for this type of expenses in 2010-2011, the most significant being the increase in the rate used to calculate severance benefits. Additional costs were also incurred for salary revisions pursuant to collective agreements provisions.

Significant elements of non-personnel expenses are composed of accommodation, IT equipment and services, transportation and communication expenses. In total, non-personnel expenses decreased by $15 million, which is mainly attributable to the reduction in expenses relating to accommodations, travel and telecommunication, advertising and materials and supplies, offset by an increase in IT equipment and services.

Comparison of Future-oriented Financial Information and Actual Results

The Agency’s final net cost of operations for 2010-2011 was $163 million more than was anticipated in the future-oriented financial statements included in the 2010-2011 RPP ($3,995 million - $3,832 million). This represents a 4.2% variance and is explained as follows:

  • The future-oriented financial statements were prepared based on Parliamentary appropriations received as of the 2010-2011 Main Estimates and did not consider expenditures as a result of resources received for the remainder of the year for such items as:
    • Carryforward amounts from 2009-2010;
    • Funding related to measures arising from the 2010 Federal Budget; and
    • Implementation of the Harmonized Sales Tax (HST) in Ontario and British Columbia, the Harmonized Sales Tax Credit (HSTC) for these provinces, and the Nova Scotia Affordable Living Tax Credit (NSALTC).
  • Other explanations for the variance relate to the Agency’s unused appropriations for 2010-2011 and variations in accrual adjustments mainly for asset acquisitions and the related amortization, and personnel related costs such as severance benefits.

Financial Statements

For supplementary information on the CRA’s audited financial statements and unaudited supplementary financial information, please visit:
http://www.cra-arc.gc.ca/gncy/nnnl/menu-eng.html.

List of Supplementary Information Tables

All electronic supplementary information tables found in the 2010-11 Departmental Performance Report can be found on the Treasury Board of Canada Secretariat’s website at: http://www.tbs-sct.gc.ca/dpr-rmr/2010-2011/index-eng.asp.

  • Sources of Respendable and Non-Respendable Non-Tax Revenue
  • User Fees Reporting
  • Status Report on Projects operating with specific Treasury Board Approval
  • Details on Transfer Payment Programs
  • Green Procurement
  • Response to Parliamentary Committees and External Audits
  • Internal Audits and Evaluations

Section IV: Other Items of Interest

Board membership

The Board of Management of the CRA is made up of 15 members appointed by the Governor in Council. They include the Chair, the Commissioner and Chief Executive Officer, a director nominated by each province, one director nominated by the territories, and two directors nominated by the federal government. Members of the Board bring an external and diverse business perspective from the private, public, and not-for-profit sectors to the work of the CRA.

The following are the Board members, as of March 31, 2011. Footnote 4

Susan J. McArthur,B.A.,ICD.D
Chair, Board of Management
Managing Director
Jacob Securities Inc.
Toronto, Ontario

Camille Belliveau, CFP, FCGA
Executive Director
Groupe EPR Canada Group Inc.
Shediac, New Brunswick

Myles Bourke, B.Comm., FCA
Corporate Director
Chartered Accountant
Lethbridge, Alberta

Richard J. Daw, CFP, CMC, FCA
Executive in Residence
Faculty of Business Administration of Memorial University
St. John’s, Newfoundland and Labrador

Raymond Desrochers, B.Comm., CA, CFE
Partner
BDO Dunwoody LLP Chartered Accountants
Winnipeg, Manitoba

John V. Firth, BFA, EPC
Financial Advisor
Whitehorse, Yukon Territory

Gerard J. Fitzpatrick, FCA, TEP
Partner
Fitzpatrick and Company
Chartered Accountants
Charlottetown, Prince Edward Island

Gordon Gillis, B.A., LL.B.
Corporate Director
Dartmouth, Nova Scotia

Norman G. Halldorson, B.Comm., CA, FCA
Corporate Director
Clavet, Saskatchewan

James J. Hewitt, FCMA
Corporate Director
Penticton, British Columbia

Fauzia Lalani, P.Eng.
Field Logistics
Director - Services
Suncor Energy Services Inc.
Calgary, Alberta

James R. Nininger, B.Comm., M.B.A., Ph.D
Corporate Director
Ottawa, Ontario

Sylvie Tessier, M.B.A., P.Eng., ICD.D
Director of Professional Services
Hewlett Packard
Toronto, Ontario

Linda Lizotte-MacPherson, B.Comm.
Commissioner and Chief Executive Officer
Canada Revenue Agency
Ottawa, Ontario

Organizational Structure

Organizational Structure graph

Rating our data quality

In conjunction with the performance results ratings, we also assign each indicator a data quality rating.

For each indicator, we use consistent approaches in evaluating the information derived from our data collections systems and all other sources. We rely upon CRA managers to vouch for the completeness of the records for data integrity purposes (i.e., data belongs to the same category, is collected for the same period, and by the same method). We examine data for relevance, formulas for accuracy, and other factors that must be considered. We also use comparable information from prior years for the purpose of historical comparison, which often appears in the Canada Revenue Agency Departmental Performance Report. To ensure consistency, we perform the following tasks to verify that the information reported in our numerous reports is valid, reliable, and is accompanied by appropriate evidence:

  • Validation: This is a process of verification to ensure that the data meets the requirements for its intended purposes. We review and evaluate data for completeness and plausibility (accuracy, timeliness, interpretability, coherence). We also identify contact information, check calculations, confirm system reliability (verifying the source of information), and note and correct any errors.
  • Data quality assessment: We apply a data quality checklist and review prior years’ data to assess the quality of data for each indicator.
  • Electronic filing system: We store data in a database for easy reference and further analysis for other purposes.
  • Physical filing system: We maintain physical files of the evidence collected from all sources to provide validation and assurance that our data quality ratings are accurate and supported.

We always endeavour to use the most appropriate and reliable data when evaluating our results. There are two main data sources for the Canada Revenue Agency Departmental Performance Report: administrative data (normally communicated in aggregate or after some simple calculations are performed on them) and survey data. All data sources are validated for accuracy and a data quality rating of good, reasonable, or weak, as categorized below, is applied to each indicator.

We believe that these three levels of data quality ratings provide a reasonable assessment of the reliability of the data. Generally, our data sources provide reliable information. In situations where the supporting data is too imprecise to draw firm conclusions, it is reflected in the data quality rating.

Data Quality Ratings
Good
Results rating based on management judgment supported by an appropriate level of accurate information (including management estimates) obtained from reliable sources or methods.
Reasonable
Results rating based on management judgment supported, in most cases, by an appropriate level of accurate information (including management estimates) obtained from reliable sources or methods.
Weak
Significant gaps in robustness of results information; results rating based on management judgment supported by entirely or predominantly qualitative information from informal sources or methods.

Service standards in the CRA

Maintaining the confidence of Canadians in the integrity of the tax system is essential to the success of the CRA. Service standards that are reasonable and consistently met contribute to increasing the level of confidence that Canadians place in government. Our service standards publicly state the level of performance that citizens can reasonably expect to encounter from the CRA under normal circumstances. We set targets that state the percentage of time or level of accuracy that we expect to attain for the established standard. Targets represent the percentage or

degree of improvement we expect to attain, based on operational realities such as resource availability, infrastructure, historical performance, the public's expectations, and the complexity of the work. Our standards and targets are reviewed annually and updated, as necessary.

For more information on CRA’s service standards, please visit: http://www.cra-arc.gc.ca/gncy/stndrds/menu-eng.html

Sustainable development

This past year was a transition year for the CRA in implementing our Sustainable Development (SD) National Action Plan. While we continued to focus on maintaining SD momentum, we began preparing the CRA to support Canada’s first Federal SD Strategy. During 2010-2011, we implemented numerous activities under the SD National Action Plan including increasing SD awareness, the sustainable business travel course, green procurement, energy conservation, battery recycling program implementation, SD performance reporting and the paper use reduction. The following reflects the results of these efforts:

  • 97% of employees are familiar with SD as it relates to the CRA (up 8% from 2007 and exceeding the 2010 target of 95%);
  • A total of 1,400 employees completed the Sustainable Business Travel course;
  • Over 49% of goods purchased in Synergy were “green”;
  • Energy waste was reduced by 25% in six pilot facilities;
  • Battery recycling programs were expanded; and
  • An updated SD Performance Reporting Tool, SD Criteria Tool, and new SD wiki space were launched.

As encouraging as these results are, average office paper use per employee increased by 4%, highlighting the need for continued efforts to meet our paper reduction commitments.

The CRA Sustainable Development Strategy 2011-2014 was developed to specify direction for future CRA SD activities.

For more information on our sustainable development performance, please visit www.cra.gc.ca/sds.

Summary of the assessment of effectiveness of the systems of internal control over financial reporting and the action plan of the Canada Revenue Agency

Fiscal year 2010-2011

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting.

Note to the reader

With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments and agencies are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

  • Transactions are appropriately authorized;
  • Financial records are properly maintained;
  • Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
  • Applicable laws, regulations and policies are followed.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The maintenance of an effective system of ICFR is an ongoing process which involves identifying key risks, assessing the effectiveness of associated key controls and adjusting them as required, as well as monitoring the system in support of continuous improvement. As a result, the scope, pace and status of departmental assessments of the effectiveness of their systems of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.

The annual assessment of ICFR contemplated in the Treasury Board (TB) Policy on Internal Control is intended to be a management self-assessment led and administered by the Chief Financial Officer and supported by senior management. However, key external audit findings and results can inform this self-assessment. In the case of the CRA, changes to Federal-Provincial Tax Collection Agreements (TCAs) that took effect starting with the 2004 tax year introduced a new audit provision requiring the Auditor General to periodically perform a review of the adequacy of CRA’s internal controls relevant to the annual financial statements provided under the TCAs, the results of which are reported to provincial and territorial finance Ministers. In fulfilment of these requirements, the Office of the Auditor General (OAG) audits, periodically, those aspects of the CRA’s self-assessment of ICFR that are relevant to the TCAs. The portion of CRA’s ICFR that is subject to audit under the TCAs and the results of the controls audits performed to date by the OAG are explained and described in Sections 3 and 4 of the Annex.

1. Introduction

This document is attached to the CRA’s Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2010-2011. As required by the TB Policy on Internal Control, effective April 1, 2009, this document provides summary information on the measures taken by the CRA to maintain an effective system of ICFR. In particular, it provides summary information on the assessments conducted by the CRA as of March 31, 2011, including progress, results and related action plans along with some financial highlights pertinent to understanding the CRA’s unique control environment.

1.1 Authority, Mandate and Program Activities

The CRA’s mandate is based upon a framework of complex laws enacted by Parliament and by provincial and territorial legislatures. To fulfil its mandate the CRA administers a range of tax, benefits and related programs aimed at ensuring that taxpayers meet their obligations and receive their entitlements and at protecting Canada’s tax base. For more detailed information on the CRA’s authority, mandate and program activities, please refer to the Agency overview section of the Departmental Performance Report on page 60 or the CRA’s Report on Plans and Priorities http://www.tbs-sct.gc.ca/rpp/2011-2012/inst/nar/nar00-eng.asp. Information on the expenses and revenues related to the CRA’s operations and activities can also be found in the Public Accounts of Canada http://www.tpsgc-pwgsc.gc.ca/recgen/txt/72-eng.html.

1.2 Financial highlights

The CRA’s key results for fiscal-year 2010-2011 are as follows:

Agency Activities

  • Total expenses of $4,606 million, 74% of which is personnel expenses.
  • Total assets and liabilities of $793 million and $1,068 million respectively. Capital assets comprise 68% of the Agency’s total assets. Employee severance benefits comprise about 59% of total liabilities and accounts payable and accrued liabilities comprise about 16%.

Administered Activities

  • Total administered revenues of about $311 billion, comprised of $191 billion in revenue administered under tax and other related federal legislation on behalf of the Government of Canada, $83 billion in revenue administered on behalf of provincial, territorial and First Nations governments under various Memoranda of Understanding and similar arrangements, and $37.2 billion in revenue administered on behalf of the Canada Pension Plan.
  • Total payments of about $20.5 billion in benefits and credits administered under benefit programs and services on behalf of the Government of Canada and provincial and territorial governments.

Responsibility for delivering CRA’s mandate is shared by program branches and corporate functions located at headquarters and within regional operations across Canada including at 48 Tax Services Offices and 7 Tax Centres. The CRA’s Information Technology (IT) capacity is critical to its ability to deliver services to Canadians and involves the support of two data centres that process up to 4.5 million transactions per hour, five mainframe computers, about 1,400 servers and maintenance of over 450 national business applications across a distributed computing environment covering more than 400 locations.

The Agency’s Finance and Administration (F&A) Branch supports the delivery of CRA programs and services by providing sound advice, products, and services related to a number of key functions including financial administration, resource management, security, internal affairs, and administration. It also helps ensure compliance and accountability with related legislation, policies, and directives. F&A activities are performed by a team of almost 3,000 employees, about 30% of whom are located in headquarters and 70% of whom are located in the regions. This team is integral to the effectiveness of CRA’s system of control over financial reporting, which encompasses two sets of financial statements - one for Agency Activities and one for Administered Activities. Also of importance to financial reporting, in particular in relation to Administered Activities, are many of the procedures carried out as part of regional or headquarters operations, such as collection, data entry and processing of income tax returns, as well as a majority of the system applications in use at the CRA. This makes CRA’s task of scoping, documenting and assessing the related controls uniquely challenging.

1.3 Audited financial statements

As noted above, for financial reporting purposes, the activities of the Agency have been divided into two sets of financial statements: Agency Activities and Administered Activities. The Agency Activities financial statements include those operational revenues and expenses which are managed by the Agency and utilized in running the organization. The Administered Activities financial statements include those revenues and expenses that are administered for someone other than the Agency, such as the federal government, a province or territory, or another group or organization.

The CRA has issued annual audited financial statements since 1999-2000 and has consistently received a clean audit opinion from the Auditor General of Canada.

1.4 Service arrangements relevant to financial statements
1.4.1 CRA reliance on other government service providers:

The CRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements.

Common Arrangements

  • Public Works and Government Services Canada (PWGSC) centrally administers salary payments and looks after such items as calculation of general pay, payroll deductions, security over pay information, and automatic retroactive adjustments through the Regional Pay System (RPS),
  • Treasury Board Secretariat (TBS) provides the CRA with information used to calculate various accruals and allowances such as the accrued severance liability,
  • the Department of Justice provides legal advisory, litigation and legislative services to the CRA, and
  • the Office of the Auditor General of Canada (OAG) provides auditing services to the CRA.

Specific Arrangements

  • The Ministère du Revenu du Québec is responsible for the joint administration of the goods and services tax (GST) and Québec Sales Tax for businesses in the Province of Quebec.
1.4.2 CRA services upon which other departments and agencies rely:

Specific Arrangements

  • The CRA provides IT services in relation to the Canada Border Services Agency’s operational financial system.
1.5 Significant changes in fiscal-year 2010-2011
  • Starting for fiscal year 2010-2011 the CRA implemented a separate Capital Vote in order to segregate its capital budget and expenditures from its operating budget and expenditures when seeking spending authority from, and reporting to, Parliament. This involved changes to systems and procedures to project, fund, code and monitor capital costs separately.
  • In December 2009, the CRA decided to move the Chief Risk Officer responsibilities from the CFO and Assistant Commissioner, F&A and to create a new, independent Chief Risk Officer position reporting directly to the Commissioner. Following that decision, in June 2010, Mr. Brian Philbin was appointed to the new position and a separate branch was created to deliver the re-defined Enterprise Risk Management (ERM) function.
  • Effective July 1, 2010 the Ontario and the British Columbia provincial sales tax (PST) and the federal GST were replaced by a single harmonized sales tax (HST) which is administered by the CRA. Preparing to meet the new HST business requirements involved modifying and in some cases expanding CRA business processes and IT infrastructure. On August 26, 2011 the Province of British Columbia announced that it will return to the PST provincial sales tax. The transition period is expected to take a minimum of 18 months. During this period, the Agency will continue to administer the HST in British Columbia.
  • In December 2010 the CRA Board of Management approved the five new CRA policies listed below which support the CRA Policy Framework for Financial Management and Corporate Finance. Four of the five new policies flow from the TB financial management policy suite, while the Policy on Financial Administration, established further to the authority over general administrative policy granted to the CRA under the Canada Revenue Agency Act, covers financial entitlements to compensate individuals for expenses incurred while conducting CRA business (e.g., travel and hospitality).
    • Policy on Financial Management Governance
    • Policy on Internal Financial Control
    • Policy on Stewardship of Financial Management Systems
    • Policy on Financial Resource Management, Information and Reporting
    • Policy on Financial Administration
  • On December 3, 2010 Mr. Filipe Dinis, Deputy Assistant Commissioner, F&A, assumed the duties of CFO and Assistant Commissioner on an acting basis. Mr. Dinis was permanently appointed to this position on January 27, 2011.

2. CRA’s control environment relevant to ICFR

The CRA recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining an effective system of ICFR and are well equipped to exercise these responsibilities effectively. The CRA’s focus is to ensure risks are managed well through a responsive and risk-based control environment that enables continuous improvement and innovation.

2.1 Key positions, roles and responsibilities

Below are the CRA’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Commissioner – The Commissioner and Chief Executive Officer (CEO) of the CRA, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Commissioner chairs the Agency Management Committee, sits on the CRA Board of Management, and attends meetings of the Audit Committee.

Chief Financial Officer (CFO) – The Chief Financial Officer (CFO) reports directly to the Commissioner and provides leadership for the coordination, coherence and focus of efforts to design and maintain an effective and integrated system of ICFR, including its annual assessment. In this role the CFO chairs the CRA CEO/CFO Certification Steering Committee and attends meetings of the Audit Committee.

CEO/CFO Certification Steering Committee – The CEO/CFO Certification Steering Committee, which is chaired by the CFO and composed of Assistant Commissioners with significant responsibility for ICFR including the Chief Information Officer, the Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch and the Chief Risk Officer, is responsible for reviewing the progress and results of CRA’s ICFR assessment process and approving action plans to address significant control issues.

Audit Committee of the Board of Management – The Audit Committee assists the Board of Management (the Board) in fulfilling its oversight responsibilities by reviewing the Agency’s accounting framework, financial and performance information, internal controls and financial risks, and compliance with financial and environmental legislation. On the recommendation of the Audit Committee, the Board approves the Agency’s annual financial statements. The Commissioner, the CFO, and the Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch, as well as a representative of the Office of the Auditor General (OAG) each attend Audit Committee meetings. The Audit Committee was established in 1999 and is comprised of five external members all of whom are independent of the CRA.

Agency Management Committee – As the sole decision-making Committee in the Agency, the Agency Management Committee oversees program development and delivery, as well as the day-to-day business operations of the Agency and all associated risks. The Agency Management Committee reviews, approves and monitors the Corporate Risk Profile.

Chief Audit Executive – The Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch reports directly to the Commissioner and provides, through an effective internal audit function, independent and objective assurance on the CRA’s risk management, internal control and governance practices. In this role, the Chief Audit Executive is a member of the CEO/CFO Certification Steering Committee and attends meetings of the Audit Committee.

Chief Risk Officer – The Chief Risk Officer and Assistant Commissioner of the Enterprise Risk Management Branch reports directly to the Commissioner and oversees the Agency’s ERM function designed to provide sound risk information for use in decision-making at the corporate, operational, and project levels.

Internal Controls Division – The Internal Controls Division within the F&A function supports the CRA’s efforts to design and maintain an effective and integrated system of ICFR by, in collaboration with IT and business process control owners, documenting and testing the adequacy of ICFR and reporting results to the CEO/CFO Certification Steering Committee, the Commissioner and the Audit Committee of the Board including, if applicable, information on action plans to strengthen controls.

2.2 Key measures taken by the CRA

The CRA also helps to ensure the effectiveness of its control environment in mitigating financial reporting risks by promoting ethical conduct and through its commitment to competence, its governance and organization structure, its ERM function, and its systems and processes that help ensure relevant information is communicated to appropriate individuals accurately and on a timely basis. Key elements and activities are described below.

Control Environment

  • Building and maintaining awareness of the CRA Code of Ethics and Conduct.
  • Formalizing management’s commitment to values and ethics via the performance management system.
  • Providing mechanisms that help ensure appropriate action is taken in response to violations of the Code.
  • a competency-based human resources management system that develops and promotes employees based on competencies identified as crucial to organizational success, including in the area of financial management,
  • a formal Learning Policy that outlines specific roles and responsibilities of senior management, managers and employees in relation to employee development,
  • an annual Individual Learning Plan process through which employees work with their managers to identify training opportunities for the upcoming year, linked to job requirements and competency development,
  • a well established succession planning process for executive positions,
  • an organizational structure and accountability regime that clearly set out reporting relationships and the assignment of authority and responsibility including for the initiation and approval of transactions,
  • establishment of yearly performance agreements for executives, based on guidelines aligned with Corporate Business Plan (CBP) priorities and deliverables including in relation to financial management, and
  • an independent and knowledgeable audit committee that is actively involved in overseeing the Agency’s ICFR.

Risk Management

  • An integrated ERM function led by the Chief Risk Officer who reports directly to the Commissioner/CEO that provides the corporate view of risks to support effective decision-making and fosters a risk management culture within the Agency.
  • an annual strategic planning process that links strategic initiatives and priorities to the Corporate Risk Profile,
  • an annual corporate planning process which establishes, documents and communicates entity-level objectives and priorities and aligns the Agency’s activities and budget allocations with them, and
  • the Resource Investment Management Committee that oversees the management and progress of major project investments including the identification, monitoring and management of internally and externally driven risks.

Information Systems and Communication

  • monthly financial reports and analyses (for budget projections and for revenues and expenditures) that are reviewed and approved by senior management,
  • Quarterly financial reports and analysis reviewed by the Agency Management Committee and the Board.
  • a formal IT Strategy that guides IT development and maintenance, updated annually to help ensure continued support for the achievement of the strategies and priorities outlined in the CBP, including in relation to financial management,
  • an annual application sustainability assessment to identify and manage application sustainability risks by setting system-by-system priorities for modernization,
  • interaction between the CRA F&A Branch and TBS, Department of Finance and OAG officials to ensure that emerging accounting issues and developments are identified and suitably addressed, and
  • The Internal Disclosures Office within the Corporate Audit and Evaluation Branch which provides a confidential channel through which employees can disclose wrongdoing.

Monitoring

  • The Internal Controls Division within the F&A Branch tasked with providing those charged with governance with assurance that suitably designed ICFR are in place in the Agency and operating effectively
  • Monitoring units within the F&A function, both at headquarters and at regional offices, that are responsible for monitoring transactions, both for Agency Activities (e.g., payroll) and Administered Activities (e.g., Personal (T1) income tax returns), to help ensure that risks to accurate financial reporting are suitably mitigated.
  • an internal audit function that provides professional, independent and objective information, advice and assurance on the soundness of the Agency’s management framework and on the effectiveness, efficiency, and economy of the Agency’s strategies, systems, programs and practices,
  • presentation of internal audit recommendations and management action plans to the Management Audit and Evaluation Committee, chaired by the CRA Commissioner and to the Audit Committee, and
  • an annual follow-up process to monitor management's progress in implementing action plans responding to external and internal audit recommendations including in relation to financial reporting.

3. Assessment of CRA's system of ICFR

The CRA’s financial statements have been audited, as required under the Canada Revenue Agency Act, by the Office of the Auditor General (OAG), for eleven years. In parallel, the Audit Committee of the Board and CRA senior management have been providing increased oversight of the preparation and presentation of financial information including review of information regarding the design and adequacy of its system of ICFR with the objective of obtaining greater assurance that significant financial reporting risks are being properly mitigated.

In addition, revised federal-provincial Tax Collection Agreements (TCAs) that took effect starting with the 2004 tax year introduced new audit provisions requiring reports to be provided periodically to provincial and territorial finance Ministers on the results of Auditor General audits of the adequacy of CRA’s internal controls relevant to the annual financial statement provided under the TCAs. The OAG and CRA agreed that the new audit engagement would be according to the Canadian Institute of Chartered Accountants Handbook (CICA HB) Section 5970 standard (Auditor’s Report on Controls at a Service Organization), a new standard introduced in 2005 in recognition of the dramatic increase in outsourcing and use of service organizations including for the provision of varied and complex services.

These new reports are aimed at providing provincial and territorial governments and their auditors with independent, audit-level assurance that the controls at the CRA supporting the administration and reporting of provincial and territorial income tax revenue are properly designed to mitigate key risks and are operating effectively. The reports are intended for the specific use of provincial and territorial ministries with primary responsibility for income tax and their auditors; they are not public documents. To date CRA has issued two Section 5970 reports, both relating to the design and implementation of all key controls relating to the Corporation Income Tax Program (T2) as at a specific point in time. The third report covers the design and implementation of all key controls relating to the Personal Income Tax Program (T1) as at November 30, 2010.

The audits of ICFR that the OAG performs periodically in fulfilment of TCA requirements are a significant source of information on the state of CRA’s system of ICFR for its Administered Activities financial statements; however, they have a limited scope insofar as they only cover processes and systems involved in reporting on income tax assessed. They exclude certain of the CRA’s Administered Activities related to other revenue streams (e.g., GST, Excise Taxes and Duties) and certain significant accounts that, while not relevant to amounts payable under TCAs, are important aspects of the CRA’s financial information for Administered Activities (e.g., Accounts Receivable and the Allowance for Doubtful Accounts). As explained in subsection 3.2 below, the CRA’s approach to assessing its ICFR for Administered Activities, for purposes of the Policy on Internal Control, will encompass key control aspects falling outside TCA-related assessment and audit requirements.

3.1 Assessment baseline

The CRA’s assessment of ICFR involves first the assessment of design effectiveness to help ensure that all key controls relevant to its financial information have been properly identified, documented, and implemented and that they are aligned with the risks they aim to mitigate. Management will take action to address any areas of concern appropriately and in a timely manner. Once the CRA has verified the design effectiveness of its controls, it will assess operating effectiveness by testing the operation of controls over a defined period of time to determine whether they are working as intended. Management will take action to strengthen controls if needed. Testing of design and operating effectiveness will lead eventually to ongoing monitoring according to which the CRA’s repository of controls will be re-assessed on a multi-year, rotational basis according to risk, including consideration of any new financial reporting risks that have emerged since the last assessment.

CRA’s assessment covers the following three major categories of controls:

  • Entity Level Controls: the controls and management practices across an entity that, when taken together, comprise the core organizational management control framework. Among these controls are the “tone from the top” including the organization’s culture, values and ethics, governance, transparency and accountability mechanisms as well as the activities and tools put in place across the organization to raise staff awareness, ensure clear understanding of roles and responsibilities and solid capacities and abilities in managing risks well. These controls constitute a critical component of an organization's system of internal control as they have a pervasive effect on the organization and can have significant consequences for the overall assessment of the effectiveness of ICFR.
  • IT General Controls: the umbrella controls over the computer environments that support relevant business processes and related applications. Given how data moves between multiple business groups and IT systems on its way from initial transactions to the financial reports it is important that management obtains assurance regarding the processes and controls over the IT systems and databases that house, move, and transform this data. Key controls in specific IT applications that support financial data and transactions are typically addressed at the business process level.
  • Business Process Controls: the controls that help mitigate the financial reporting risks associated with relevant procedures that take place in the organization's business units. Management must identify the business units and business processes (manual and automated) that handle transactions that impact significant accounts and related assertions, identify the risks that could reasonably result in a material misstatement and evaluate the adequacy of the controls, policies, procedures and validities that are in place to mitigate each of the identified risks.
3.2 Scope of CRA assessment as of March 31, 2011

Scope

In order to define the scope of its ICFR assessment, the CRA examined the main accounts and line items used in the preparation of its two sets of financial statements to determine where there are risks that, individually or in combination with others, could reasonably result in a material misstatement (financial reporting risks). Items at a higher risk were then mapped to the related business processes which were in turn risk rated and used to determine the key applications and systems to be included in the scope of the assessment.

Based on this analysis, the CRA determined the scope of its assessment to include controls related to financial reporting within the following business processes:

Agency Activities Financial Statements:

Business Process
Risk Rating
Financial Close and Reporting
High
Fixed Assets
High
Payroll
Medium
Operating Expenditures (Procurement to Pay)
Medium
Budgeting and Projections
Low

Administered Activities Financial Statements Footnote 5:

Business Process
Risk Rating
T1 Personal Income Tax
High
T2 Corporation Income Tax
High
T3 Trust Income Tax
High
Non-resident Income Tax
High
Goods and Services Tax (GST) / Harmonized Sales Tax (HST)
Medium
Source Deductions
Medium
Excise Taxes and Duties
Medium

Control Frameworks

The CRA uses the Committee of Sponsoring Organizations (COSO) framework to assess the design effectiveness of its system of internal controls, since it is the most widely used and recognized model of control for purposes of assessing ICFR. The COSO framework is based upon five interrelated components of control, each of which contains a number of principles and attributes against which an organization’s ICFR may be assessed: Control Environment, Risk Assessment, Control Activities, Information Systems and Communication, and Monitoring.

Because COSO only provides limited guidance to assist organizations in establishing and evaluating IT controls, the CRA uses the COBIT (Control Objectives for Information and related Technology) for SOX (Sarbanes-Oxley Act of 2002) Footnote 6 framework to document and assess the design of its IT controls of relevance to financial reporting. COBIT for SOX identifies three control areas for review when assessing the adequacy of controls over the key applications and systems involved in the organization's financial reporting:

COBiT for SOX Control Areas
Complexity Rating
Access to Programs and Data
  • Logical Security
  • Physical Security
High
Systems Implementation and Maintenance
  • Application and Database Changes
  • Systems Software
  • Network Support
High
Computer Operations
  • Interface / job monitoring
  • Back-ups and recovery
Medium

4. Progress and Assessment Results as of March 31, 2011

This section summarizes the CRA’s key assessment results from the design and operating effectiveness testing completed to date.

4.1 Design effectiveness of key controls

Agency Activities Financial Reporting

In 2010-2011, the CRA completed an assessment of the design effectiveness of its key controls related to financial reporting on Agency Activities. This review included key controls over the five business processes in scope (Payroll, Fixed Assets, Operating Expenditures, Budgeting and Projections, and Financial Close and Reporting) as well as relevant application controls and IT general controls, including for:

  • The Corporate Administrative System (CAS), the CRA’s SAP-based Enterprise Resource Planning system which is the financial system of record at the CRA.
  • Synergy (Ariba), the Agency’s e-procurement tool used to manage the purchasing life cycle.
  • The Budget Tracking System designed to manage the Agency’s financial resources from an internal (budgeting) and central agency (Estimates) perspective.

Based on this review CRA management determined that a number of its controls related to access management, segregation of duties and certain review and monitoring activities could be improved and established action plans to make the necessary adjustments. As a lessons learned exercise, the CRA also performed selected operating effectiveness testing of controls over Agency Activities financial reporting. The CRA is using the results of this work to plan and perform more comprehensive testing in order to evaluate the operating effectiveness of these controls for the 2011-2012 period.

Administered Activities Financial Reporting

In 2010-2011, the CRA self-assessed the design effectiveness of certain of its business process controls over financial reporting on the Personal Income Tax Program (T1 Program) and of the application controls and IT general controls related to the key information systems involved in processing T1 transactions. Close to 60 information systems were reviewed in total. The Agency used the results to prepare a description of the design of these controls as at November 30, 2010 which was then submitted to the OAG for audit as per TCA requirements.

Based on the T1 self-assessment and OAG audit, CRA management determined that improvements are needed to the design of certain of its controls involved in the processing of non-routine assessments and reassessments, the management of systems changes and in relation to management of user access and proper segregation of duties.

In 2008, the CRA self-assessed the design effectiveness of certain of its business process controls over the Corporation Income Tax Program (T2 Program) and of the application controls and IT general controls related to the key information systems involved in processing T2 transactions. The Agency used the results to prepare a description of the design of these controls as at November 30, 2008 which the OAG audited in 2009, as per TCA requirements. In response to the findings of the self-assessment and OAG audit, CRA management took steps to improve controls over management of legislative and systems changes and over management of privileged user access as well as to strengthen procedures for managers' semi-annual review of employee access privileges and for facilitating proper segregation of duties.

In 2011-2012, the CRA plans to self-assess the operating effectiveness of these T2 controls, document the results, and, further to the TCA audit provisions, engage the OAG to perform an audit in order to provide an independent opinion on the operating effectiveness of these controls over a six-month period.

4.2 Operating effectiveness of key controls

From February to September 2009 F&A led an exercise to assess the operating effectiveness of the CRA’s entity level controls (ELCs) relevant to both the Agency Activities financial statements and the Administered Activities financial statements. Key activities included:

  • interviews with CRA senior officials to understand and identify and corroborate the key ELC;
  • documentation of key ELCs using the COSO control framework as a starting reference and customizing the framework as needed to reflect the Agency’s environment; and,
  • review of supporting documentation and a sample of processes to substantiate and demonstrate the design effectiveness and, where applicable, the operating effectiveness of the controls.

This initial assessment indicated that the CRA has a strong system of controls at the entity level, that most of these controls are operating effectively and that all relevant control objectives within the COSO framework are being achieved. While several potential opportunities for improvement were observed and were discussed by management there were no significant gaps identified.

In 2010-2011 F&A conducted a risk-based assessment of the operating effectiveness of these controls both for purposes of the OAG’s audit of the design of CRA’s controls over financial reporting on the T1 program under the TCAs and for purposes of the Statement of Management Responsibility including ICFR for the 2010-2011 financial statements. This assessment revealed that the CRA continues to have a strong system of ELCs.

5. CRA’s Action Plan

This section summarizes how CRA is addressing the results of 2010-2011 control assessment activities and its plans for completing the assessment of the design and operating effectiveness of its system of internal control.

5.1 Progress as of March 31, 2011

Agency Activities Financial Reporting

In 2010-2011, in response to the results of the design effectiveness and the selected operating effectiveness testing performed, CRA management identified and partially completed a number of corrective measures to strengthen controls over Agency Activities financial reporting. These measures include greater restriction or segregation of access to perform certain transactions, introduction of new directives to clarify and reinforce responsibilities and accountability for role definition and management, and improved documentation of review and monitoring activities for audit trail purposes.

Administered Activities Financial Reporting

In 2010-2011 the CRA mostly completed its plans to strengthen controls over management of legislative and systems changes and over access management in response to the findings of the OAG’s 2009 audit of the design of T2 controls relevant to TCAs. In addition, the CRA made substantial progress in developing action plans in response to preliminary findings from the 2011 OAG audit of the design of T1 controls relevant to TCAs. These preliminary findings indicated the need to strengthen certain of the controls involved in the processing of non-routine assessments and reassessments, the management of systems changes and access management.

5.2 Action plan for the next fiscal year and subsequent years

Entity Level Controls

The CRA’s assessment efforts to date have revealed that the CRA has a strong and effective system of ELCs that constitutes an important component of the Agency’s ICFR for both Agency Activities and Administered Activities. Because maintaining public trust is crucial to the fulfilment of its mandate, in 2011-2012 the CRA will continue with the implementation of its new Integrity Framework, comprised of policy instruments, programs, and processes designed to reinforce a culture of integrity by more systematically engaging management and staff in preventing, monitoring, detecting and managing breaches that put employees, assets, information and revenues at risk. Given the significance of ELCs for the overall assessment of the effectiveness of ICFR, the CRA will continue to monitor them annually based on risk to obtain assurance regarding their continued effectiveness.

Agency Activities Financial Reporting

The CRA’s plan for 2011-2012 is to substantially complete action plans to strengthen the design of controls where required and to complete the assessment of the operating effectiveness of all key ICFR for Agency Activities. Once it is confirmed that these ICFR are operating effectively, the CRA plans to move to an annual monitoring program to track and test changes to these controls and to perform other testing on a selective basis according to risk. This approach will allow the CRA to focus efforts on areas requiring re-testing based on feedback from business and IT control owners regarding changes that have occurred during the period and on higher risk areas.

Administered Activities Financial Reporting

In 2011-2012 the CRA plans to substantially complete action plans developed to address issues from the 2009 OAG audit related to design effectiveness of controls over the T2 program and the 2011 audit related to the design effectiveness of controls over the T1 program.

The CRA plans to build on the progress achieved in documenting and assessing the design effectiveness of its controls over both T1 and T2 financial reporting in support of TCA audit requirements, by completing assessments of the operating effectiveness of these controls starting with the T2 program in 2011-2012. As noted above, the CRA plans to engage the OAG to conduct an audit of the operating effectiveness of T2 controls over a six-month period. The OAG’s report will be in accordance with the new Canadian Standard on Assurance Engagements (CSAE) 3416, which has replaced the CICA HB Section 5970 standard and is effective starting with reporting periods ending in 2011.

The approach and timing for assessing the operating effectiveness of controls over the T1 Program as well as for assessing both the design and operating effectiveness of the ICFR for the remainder of the CRA’s Administered Activities including IT general controls and application level IT controls will depend on a number of factors including:

  • plans currently under development to re-design the business processes and systems related to the T1 Program,
  • significant shifts in the Agency’s program delivery agenda (e.g., if the CRA assumes responsibility for the implementation and administration of new federal, provincial, territorial or First Nations tax, benefit or credit programs),
  • reductions to the Agency’s approved program spending levels due to Strategic and Operating Review or other government-wide restraint measures, or
  • other developments that exert significant pressure on program and IT staff’s time and capacity.

In 2011-2012 CRA management will evaluate the level of effort involved in completing the assessment of the operating effectiveness of its system of internal control and will establish a suitable timeline. This timeline will be examined at a minimum annually in order to confirm the feasibility of the key deliverables and to take into account new information on financial reporting risks.

The table below provides an overview of CRA’s plans for completing its assessment and moving to a program of ongoing monitoring.

Processes in Scope
Document
Assess Design Effectiveness
Assess Operating Effectiveness
On-going Monitoring
Agency Activities
Completed 2009-2010
Completed 2010-2011
To be completed 2011-2012
Planned 2013-2014 Table note 27
Administered Activities:
T1 Personal Income Tax ICFR relevant to TCAs Table note 28
Completed 2009-2010
Completed 2010-2011
As per 2011-2012 analysis Table note 29
As per 2011-2012 analysis Table note 29
T2 Corporation Income Tax ICFR relevant to TCAs Table note 28
Completed 2007-2008
Completed 2009-2010
To be completed 2011-2012
As per 2011-2012 analysis Table note 29
Remaining T1 and T2 ICFR
As per 2011-2012 analysis Table note 29
T3 Trust Income Tax Table note 28
Non-Resident Income Tax
Goods and Services Tax / Harmonized Sales Tax
Excise Taxes and Duties
Source Deductions
Table note 27
Timing for the on-going monitoring of ICFR for Agency Activities depends on the results of the 2011-2012 operating effectiveness assessment and any action plans established in response to these results. Return to Table note 27 source text
Table note 28
ICFR related to tax assessed are audited by the Office of the Auditor General in fulfilment of audit requirements in federal-provincial Tax Collection Agreements (TCAs); ICFR related to tax accruals and cash receipts are not subject to OAG audit. Return to Table note 28 source text
Table note 29
In 2011-2012 F&A, in consultation with management responsible for relevant business processes and with management in the Information Technology Branch as well as with input from external stakeholders such as provincial and territorial revenue ministry officials and the Office of the Auditor General, will analyse and prioritize the work required to complete the assessment of the operating effectiveness of all key ICFR for the CRA’s Administered Activities and will establish a plan for 2012-2013 and beyond to complete this work. Certain variables, including the factors listed and described above, may impact the CRA's ability to complete this work as planned and necessitate adjustments to timelines. Return to Table note 29 source text
The contents of this performance report are taken from the Canada Revenue Agency’s Annual Report to Parliament -20102011. The Minister of National Revenue tables the CRA’s Annual Report in Parliament pursuant to the requirements of the Canada Revenue Agency Act. The Performance Report and the CRA’s Annual Report contain comprehensive performance information and the opinion of the Auditor General of Canada on the CRA’s financial statements. For more information on the CRA’s Annual Report, please visit www.cra.gc.ca/annualreport, or write to: Director, Planning and Annual Reporting Division, Corporate Planning, Governance and Measurement Directorate, Strategy and Integration Branch, Canada Revenue Agency, Connaught Building, 555 MacKenzie Avenue, Ottawa ON  K1A 0L5, Canada.


Footnote 1
On August 26, 2011 the province of British Columbia announced that it will return to the provincial sales tax. The transition period is expected to take a minimum of 18 months. During this period, the CRA will continue to administer the HST in British Columbia. Return to Footnote 1 source text
Footnote 2
On August 26, 2011 the province of British Columbia announced that it will return to the provincial sales tax. The transition period is expected to take a minimum of 18 months. During this process, the CRA will continue to administer the HST in British Columbia. Return to Footnote 2 source text
Footnote 3
On August 26, 2011 the Province of British Columbia announced that it will return to the provincial sales tax. The transition period is expected to take a minimum of 18 months. During this period, the CRA will continue to administer the HST in British Columbia. Return to Footnote 3 source text
Footnote 4
As of March 31, 2011, one position on the Board was vacant. Return to Footnote 4 source text
Footnote 5
For purposes of assessing controls over the Administered Activities Financial Statements the CRA is only covering those processes associated with generating high and medium risk rated financial balances. Return to Footnote 5 source text
Footnote 6
Because most financial reporting processes are now driven by IT systems, ISACA (Information Systems Audit and Control Association) and its research affiliate, the IT Governance Institute (ITGI), developed COBIT for SOX to provide guidance on the design and evaluation of IT controls for the purposes of financial reporting objectives and ICFR. Return to Footnote 6 source text