Annex - Assessment of Internal Control Over Financial Reporting
For the year ended March 31
This document provides summary information on the measures taken by the Department of Justice to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.
Detailed information on the Department of Justice’s authority, mandate, and program activities can be found in the 2016-17 Departmental Results Report (formerly the Departmental Performance Report) and the 2016-17 Report on Plans and Priorities.
2. Departmental system of internal control over financial reporting
2.1 Internal control management
The Department of Justice has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister, is in place and includes:
- Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
- Values and ethics;
- Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
- At least semi-annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Deputy Minister, departmental senior management, and the Departmental Audit Committee.
The Departmental Audit Committee provides advice to the Deputy Minister on the adequacy and functioning of the Department's risk management, control and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The Department of Justice relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
Common Arrangements within the Government of Canada
- Public Services and Procurement Canada centrally administers the payments of salaries and the procurement of goods and services in accordance with the Department of Justice’s Delegation of Authority, and provides accommodation services;
- Treasury Board of Canada Secretariat provides the Department of Justice with information used to calculate various accruals and allowances, such as the accrued severance liability;
- Shared Services Canada provides information technology (IT) infrastructure services to the Department of Justice in the areas of data centre and network services.
Specific Arrangement for the Department of Justice
- The Department of Justice is the common service provider of legal services to federal departments and agencies, and as such, the Department charges these organizations with the cost of providing legal services pursuant to legal services agreements, and provides an annual dollar figure for those legal services it provides without charge.
- The Department of Justice provides information on pending litigation cases in order to assist federal departments and agencies in the reporting of contingencies.
- The Department of Justice provides certain corporate (internal) services to the Public Prosecution Service of Canada.
- The Department of Justice assists provinces and territories in the enforcement of family support orders and agreements by providing garnishment assistance through the interception of designated federal moneys payable to individuals owing family financial support.
3. Departmental assessment results during fiscal year 2016-17
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
3.1 New or significantly amended key controls
Building on the work performed in 2015-16, the Department of Justice implemented amended controls related to its salary and employee benefits processes in 2016-17 as a result of the Transformation of Pay Administration Initiative.
3.2 Ongoing monitoring program
In 2016-17, the Department of Justice completed and implemented a new risk-based, ongoing monitoring program of internal controls over financial reporting. As part of this revised rotational monitoring plan, covering the period of 2016-17 to 2018-19, the Department completed its 2016-17 assessment of the entity level controls, IT general controls, and of the key process level controls for salaries and employee benefits expense, and transfer payments financial statement accounts.
Entity level controls
Entity level controls have a pervasive effect on an organization and can have significant consequences on the overall assessment of the effectiveness of internal control over financial reporting. In 2016-17 the Department of Justice implemented a new approach to assessing entity level controls; the new methodology was established through the performance of benchmarking with other government departments and in consultation with the Office of the Comptroller General and Internal Audit Services. The new approach was approved by the Deputy Minister in April 2016. I n line with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, the Department identified and documented 83 control objectives, and developed corresponding control statements demonstrating how the organization addressed each control objective.
The results of the 2016-17 assessment indicate that overall the entity level controls of the Department of Justice are strong, and have been designed and implemented effectively. A department wide assessment of fraud risk was noted as an area for improvement. Senior management has agreed to perform a departmental fraud risk assessment, using industry best practices, by March 31, 2019.
Information technology general controls
Deloitte LLP was contracted to perform the 2016-17 assessment of the Department of Justice’s information technology general controls. The summary of results noted that the Department had effectively designed a number of key information technology general controls and that most system environments had established IT processes in place.
Significant findings identified during testing were related to change management, segregation of duties, and departmental reliance on Shared Services Canada controls for IT infrastructure services; management actions plans addressing the deficiencies identified were developed and are currently being implemented by the process owners.
Process level controls
In order to assess the Department of Justice’s key controls embedded within the business processes, a thorough review of salaries and employee benefits, and transfer payments financial statement accounts were performed during 2016-17 which entailed documenting the design of all sub-processes and testing.
As a result of the ongoing monitoring, the Department identified the following areas for improvement:
- To renew the Department’s Debt Write-Off Committee;
- To improve documentation to ensure the application of various key financial controls is evidenced;
- To enhance segregation of duty controls;
- To improve documentation of procedures and processes;
- To enforce formalized procedures and guidelines; and
- To enhance standardized approval and/or review processes.
Management action plans addressing the recommendations have been developed by the process owners and are actively monitored and reported to senior management.
4. Departmental action plan
4.1 Progress during fiscal year 2016-17
The Department of Justice continued to conduct its ongoing monitoring according to the rotational plan as shown in the following table:
|Rotational ongoing monitoring plan for current year||Status|
|IT general controls||Completed monitoring as planned; remedial actions started.|
|Entity level controls||
Completed update of the assessment methodology for entity level controls.
Completed monitoring as planned; remedial action started.
|Process level controls for the following financial statement accounts: Salaries and employee benefits, and Transfer payments||Completed monitoring as planned; remedial actions started|
4.2 Action plan for the next fiscal year and subsequent years
The Department of Justice’s three-year rotational ongoing monitoring plan, developed following an overall departmental risk assessment, is shown in the following table:
|Control Level||Overall Risk||2016-17||2017-18||2018-19|
|Entity level controls||Low||X|
|IT General controls||Moderate||X||X||X|
|Process Level Controls|
|Salaries and employee benefits (Expense)||High||X|
|Transfer payments (Expense and Payable)||High||X|
|Professional and special services (Expense)||High||X|
|Legal services revenue||High||X|
|Family Law account (Liability)||High||X|
|Family Law fees (Revenue)||Moderate||X|
|Travel and relocation (Expense)||Moderate||X|
|Tangible capital assets||Moderate||X|
|Accounts payable and accrued liabilities||Moderate||X|
An X signifies that the level of control, or the key controls for a financial statement account, will be monitored in the specified fiscal year.
For process level controls, the overall risk rating for each financial statement account determines the frequency of testing required which is summarized in the following table:
|Overall Risk Rating||Frequency of Testing|
|High||Every 2 to 3 years|
|Moderate||Every 3 to 4 years|
Please note that the Department of Justice is currently in the process of reviewing the rotational ongoing monitoring plan for internal control over financial reporting and the revised plan will be reflected in the 2017-18 Annex. The revised plan will cover internal controls over common services to address the requirements of the new Treasury Board Policy on Financial Management and will adjust the rotational schedule for information technology general controls.
- Date modified: