Annex - Assessment of Internal Control Over Financial Reporting
For the year ended March 31
Note to the Reader
With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).
As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statement of Management Responsibility, a summary of their assessment results and action plans.
Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:
- Transactions are appropriately authorized;
- Financial records are properly maintained;
- Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
- Applicable laws, regulations and policies are followed.
It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.
The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess the effectiveness of associated key controls and adjust as required, as well as to monitor the system in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.
This document is an annex to the Department of Justice’s Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2010-11. As required by the Treasury Board Policy on Internal Control, effective April 1, 2009, this document provides summary information on the measures taken by the Department of Justice (Department) to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the assessments conducted by the Department as at March 31, 2011, including progress, results and related action plans, along with some financial highlights pertinent to understanding the control environment of the Department. This is the second annex produced by the Department.
1.1 Authority, mandate and program activities
Detailed information on the Department of Justice’s authority, mandate and program activities can be found in the Departmental Performance Report and in Section I of the Report on Plans and Priorities.
1.2 Financial highlights
Key financial highlights from the 2010-11 financial statements are:
- Total expenses are $1,127M. Salaries comprise the majority at $587M (52%) for over 5,000 employees, followed by transfer payments at $379M (34%).
- Total revenues are $338M, largely from the delivery of legal services ($329M) to federal departments and agencies.
- Amounts due from the Consolidated Revenue Fund to satisfy future cash requirements represent $424M (86%) of total assets ($493M), and tangible capital assets represent $44M (9%).
- Transfer payments payable comprise $392M (69%) of total liabilities ($572M). Accounts payable and accrued liabilities comprise $64M (11%), and future severance benefit obligations are $92M (16%).
- The Family Law account received $165M in garnishments and remitted $167M to provinces and territories for payment to beneficiaries entitled to family support.
- There is a decentralized finance and accounting function in each of the Department’s six regional offices that initiate, approve, process and record a significant portion of operating expenses.
- The Department uses the Integrated Financial and Materiel System (IFMS), SAP-based software, as its primary financial system, as well as several feeder systems that are critical to its operations and financial reporting.
Additional departmental financial information for fiscal year 2010-11 can be found under Section III – Supplementary Information of the Departmental Performance Report and in the Public Accounts of Canada.
1.3 Service arrangements relevant to financial statements
The Department relies on other organizations for the processing of certain transactions or the provision of information, which impacts its financial statements:
- Public Works and Government Services Canada centrally administers the payments of salaries and benefits, the procurement of some goods and services, and the provision of accommodations, on behalf of the Department.
- Treasury Board Secretariat (TBS) provides the Department with an annual dollar figure for the centrally funded health and dental insurance plans, and with information used to calculate various accruals and allowances, such as the employee severance benefit.
- Public Prosecution Service of Canada provides certain corporate (internal) services for the Department’s Northern Region.
Other organizations also rely on the Department of Justice as follows:
- The Department is the common service provider of legal services to federal departments and agencies, and as such, the Department charges these organizations with the cost of providing legal services pursuant to legal services agreements, and provides an annual dollar figure for those legal services it provides without charge.
- The Department provides information on pending litigation cases in order to assist in the reporting of contingencies, to federal departments and agencies.
- The Department provides certain corporate (internal) services to the Public Prosecution Service of Canada.
- The Department assists provinces and territories in the enforcement of family support orders and agreements by providing garnishment assistance through the interception of designated federal moneys payable to individuals owing family financial support.
Further information on service arrangements is available in the financial statements under Note 7 – Family Law account and Note 11 – Related party transactions.
1.4 Material changes in fiscal year 2010-11
On April 6, 2010, Myles J. Kirvan was appointed Deputy Minister.
Effective September 22, 2010, the Executive Committee replaced the Senior Management Board and Governing Council.
The first collective agreement for legal counsel, affecting approximately 50% of the Department’s workforce, was implemented during 2010-11, and represents a significant change to the level of compensation and the management culture of the Department.
2. Control environment of the Department of Justice relative to ICFR
The Department recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities effectively. The Department’s objective is to continually enhance its internal control environment to ensure risks are managed well through a responsive and risk-based approach that enables continuous improvement and innovation.
2.1 Key positions, roles and responsibilities
Below are the Department’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.
- Deputy Minister
The Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Departmental Audit Committee (the role of chair was assumed by an external member in May 2011), the Audit Management Response and Evaluation Committee, and the Executive Committee.
- Chief Financial Officer (CFO)
The CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.
- Senior Departmental Managers
Senior Departmental Managers in charge of services and program delivery are responsible for maintaining and reviewing the effectiveness of their system of ICFR falling within their mandate.
- Chief Audit Executive (CAE)
The CAE reports directly to the Deputy Minister and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.
- Departmental Audit Committee (DAC)
The DAC is an advisory committee that provides objective views on the Department’s risk management, control and governance frameworks. It is comprised of three external members, the Deputy Minister and the Associate Deputy Minister (appointed in September 2010), and was established in 2009. The DAC reviews the corporate risk profile and the system of internal control, including the assessment and action plans relating to the system of ICFR.
- Executive Committee (EC)
As the central decision-making body, the EC reviews, approves and monitors the corporate risk profile and the departmental system of internal control, including the assessment and action plans relating to the system of ICFR. In September 2010, the EC replaced the former Senior Management Board and Governing Council.
- Audit Management Response and Evaluation Committee (AMREC)
This internally-based advisory committee assists the Deputy Minister in discharging his responsibilities with respect to internal audit and evaluation. AMREC was re-established in February 2011.
2.2 Key measures taken by the Department
The Department’s control environment includes a series of measures to equip its staff to manage risks well through raising awareness, providing appropriate knowledge and tools, as well as developing skills. Key measures include:
- An established governance structure and provision of strategic direction through the Executive Committee and standing committees to the EC;
- A departmental Office for Integrity and Conflict Management in the Workplace responsible for values and ethics, the code of conduct, informal conflict management, and disclosure protection;
- A Strategic Planning, Risks and Scans division that coordinates and supports department-wide planning, including integrated business planning, risk management, environmental scanning, and preparation of the corporate risk profile approved by the Executive Committee;
- Regular reporting of financial performance and annual performance agreements with clearly set out financial management responsibilities;
- Human resources management plan and policies that support learning and succession planning;
- Regularly updated delegation of financial authorities instruments;
- Policies and procedures tailored to the Department’s control environment;
- Training and communications in areas of financial management;
- Information technology (IT) processing systems to achieve greater security, integrity, efficiency and effectiveness;
- Documentation of main business processes and related risk and control points to support the management and oversight of the system of ICFR;
- A dedicated internal control unit within the CFO Branch; and
- A risk-based internal audit plan.
3. Assessment of the Department of Justice's system of ICFR
3.1 Assessment approach
In support of the Policy on Internal Control, the Department is maintaining an effective system of ICFR with the objectives to provide reasonable assurance that:
- Transactions are appropriately authorized;
- Financial records are properly maintained;
- Assets are safeguarded; and
- Applicable laws, regulations and policies are followed.
The Department, through a dedicated unit within the CFO Branch, assesses the design and operating effectiveness of new processes that result in changes to its system of ICFR, conducts on-going monitoring and ensures continuous improvement to its departmental system of ICFR.
- Design effectiveness
means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate), and that any remediation is addressed. This includes the mapping of key processes and IT systems to the main accounts by location as applicable.
- Operating effectiveness
means that the application of key controls has been tested over a defined period and that any required remediation is addressed. Such testing covers all departmental control levels which include corporate or entity, general computer and business process controls.
- On-going monitoring
means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.
3.2 Scope of departmental assessment during fiscal year 2010-11
The Assessment of ICFR for the fiscal year ending March 31, 2010 described the three-stage process undertaken to prepare for the control-based audit of the Department’s 2008-09 financial statements, and to implement on-going monitoring and continuous improvement of ICFR going forward.
For 2010-11, the Department focused on the development of a formalized risk monitoring framework for the ICFR, in support of its on-going monitoring program. This framework would identify key controls to be tested on a cyclical basis including the selection of geographic locations, the test period, as well as the method and frequency of testing. Tests of transactions were performed for grants and contributions expenditures, accountable advances and interdepartmental expenditures. Remedial actions taken in response to the findings of prior year audits were monitored, and the results of the following internal audits were considered:
- Budgetary Allocation and Forecasting
- Cost Recovery Framework
- Salary Management System
4. Department of Justice’s assessment results
The more significant findings from the assessments described above of the effectiveness of the system of internal control over financial reporting are summarized below.
4.1 Design and operating effectiveness of key controls
The assessments of the design and operating effectiveness of key controls were completed during the process of preparing for the control-based audit of the 2008-09 financial statements. The assessment results on the design and operating effectiveness of key controls were reported in the 2009-10 Assessment of ICFR.
4.2 On-going monitoring program
The results from the various monitoring assessments, financial management planning processes and internal audits completed in 2010-11 identified the need for the following:
- A framework for the management of financial resources that would outline the roles and responsibilities of departmental managers, as well as the Department’s processes and expectations.
- A more robust management framework for the cost recovery of legal services provided to federal departments and agencies, including reengineering of billing practices, systems integration, procedures, training, and monitoring.
- A strengthened framework for salary management, including definition of roles and responsibilities, enhanced performance for the systems application, documentation, procedures, training, and monitoring.
- An enhanced financial management advisory function under the CFO in order to provide independent financial management and oversight to portfolio and sector management.
5. Department of Justice's action plan
5.1 Progress during fiscal year 2010-11
The Department’s progress in assessing and improving key controls within the system of ICFR is indicated by its ability to have achieved a controlbased audit of its 2008-09 financial statements, and to continue to maintain auditable financial statements in 2009-10 and 2010-11.
Below is a summary of the progress made by the Department in 2010-11. Remediation action taken to date has been aligned in terms of priorities following an assessment of risk. Progress status is indicated in (brackets).
The Department of Justice has conducted the following work to address the adjustments identified during the 2010-11 assessment.
- The budget management framework was approved by the EC in March 2011, and re-enforces the responsibilities of senior management by outlining an effective means of managing the Department’s financial resources and ensuring the availability of timely and reliable financial information for senior management decision-making. (Completed.)
- A project is underway to re-engineer the end-to-end processes relating to the revenues derived from legal services. The cost recovery process improvement project has completed an integrated plan, enhanced monitoring of legal services revenues, and increased frequency of billings. (Commenced.)
- The Salary Forecasting Tool module with IFMS has been implemented. Technical performance and systems integration has been improved. The framework for salary management has been strengthened, including the definition of roles and responsibilities, procedures, documentation, training and monitoring. (Completed.)
- A framework which outlines how the Department supports a consistent and risk-based approach to the development, approval, implementation and monitoring of financial policy instruments was approved by EC in January 2011. (Completed.)
- A gap analysis to confirm the continuing compliance of the Department’s financial activities with the requirements of the new TBS directives associated to the Policy on Internal Control is being conducted. (Partially completed.)
- The CFO’s financial management advisory function continues to gain support from management and is being strengthened throughout the Department. Staffing plans continue and additional permanent funding from within the Department is being sought to support this function. (Partially completed.)
The Department of Justice has conducted the following work to address the adjustments identified from the prior year assessments, or has deferred the work to subsequent years as indicated.
- Implementation of the Solution Manager tool for the enhanced tracking of system changes within IFMS has been initiated. (Partially completed in response to 2009-10 assessment.)
- Systems backup procedures have been documented and testing of restoration of backups is performed when new IT environments are created. (Completed as planned.)
- Processes for alternatives to the use of departmental bank accounts, which are to be discontinued April 1, 2012, have been evaluated. (Substantially advanced in response to 2009-10 assessment.)
- Procedures to create and review master vendor records have been documented and implemented. (Completed as planned.)
- Roles and responsibilities of departmental staff with respect to financial management are being clarified, a matrix is being drafted, stakeholders are being consulted, and communications are forthcoming. (Work deferred to 2011-12.)
- Policies and procedures to support the maintenance of the delegation of financial authority instruments have been finalized. (Completed as planned.)
- Entity level controls are being evaluated. (Work deferred to 2011-12.)
- Review of the departmental chart of accounts and financial coding structure for responsibility centres and fund (budgetary authority) allocations has been conducted, resulting in a new coding structure effective April 1, 2011. (Completed as planned.)
- A verification standards working group to address improvements over internal controls and documentation related to pay actions is being created. (Work deferred to 2011-12.)
- Family Law program’s IT system is being replaced. (Partially completed in response to 2009-10 assessment.)
- Substantiation of the existence of some capital assets is to be conducted. (Work deferred to subsequent years.)
- Plan and the definition of deliverables for the development of consistent practices and efficiencies for the verification of payments in support of Section 33 of the Financial Administration Act (FAA) have been established. (Completed as planned.)
- Strategic performance indicators and measures that will form a balanced scorecard for the finance function are to be developed. (Worked deferred to 2011-12.)
- Participation in an interdepartmental working committee to support implementation of the Policy on Internal Control has been established. (Completed as planned.)
- A formalized risk assessment framework for ICFR has been created in support of the on-going monitoring program, and the measurement of risks has been substantially drafted. (Substantially advanced in response to 2009-10 assessment.)
- Tests are being designed for assessing operating effectiveness, method and frequency of testing are being established, and testing of key controls is continuing. (Partially completed in response to 2009-10 assessment.)
5.2 Action plan for the next fiscal year and subsequent years
During 2011-12, the Department of Justice plans to complete the work that was substantially advanced during 2010-11 and that was deferred to 2011-12 (refer to section 5.1). The Department also plans to continue remediation of adjustments identified during its assessments, as well as to maintain an effective system of ICFR, by the following actions.
- Assess and implement the results from the cost recovery process improvement project by April 1, 2012.
- Conduct the gap analysis against the requirements of the new TBS directives associated to the Policy on Internal Control.
- Complete the replacement of the Family Law program’s IT system, which provides opportunity for strengthening IT controls.
- Commence the work for the development of consistent practices and efficiencies for the verification of payments in support of Section 33 of the FAA.
- Finalize the measurement of risks for the accounts and key controls identified in the ICFR risk assessment framework, which supports the on-going monitoring program.
- Implement the testing plan and program for on-going monitoring.
- Complete the review of the alignment of the Department’s pay administration processes with the requirements of the TBS common business model.
In 2012-13 and future years, the Department of Justice plans to:
- Encourage the continuing support of the CFO’s financial management advisory function.
- Assess and implement the functionalities of the Solution Manager tool, in conjunction with future IFMS system enhancements.
- Substantiate the existence of its capital assets.
- Initiate a fraud risk assessment, including the identification of key controls addressing fraud risks.
- Continue to provide the necessary training and communication to enhance the awareness and knowledge of internal controls over financial reporting and associated responsibilities for senior management.
- Maintain its on-going monitoring program for the assessment of the effectiveness of the departmental system of ICFR.
- Date modified: