Financial Statements
Annex - Assessment of Internal Control Over Financial Reporting
For the year ended March 31, 2012
Note to the Reader
With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).
As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statement of Management Responsibility, a summary of their assessment results and action plans.
Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:
- Transactions are appropriately authorized;
- Financial records are properly maintained;
- Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
- Applicable laws, regulations and policies are followed.
It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.
The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess the effectiveness of associated key controls and adjust as required, as well as to monitor the system in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.
1. Introduction
This document is an annex to the Department of Justice’s Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2011-12. As required by the Treasury Board Policy on Internal Control, effective April 1, 2009, this document provides summary information on the measures taken by the Department of Justice (Department) to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the assessments conducted by the Department as at March 31, 2012, including progress, results and related action plans, along with some financial highlights pertinent to understanding the control environment unique to the Department. This is the third annex produced by the Department of Justice.
1.1 Authority, mandate and program activities
Detailed information on the Department of Justice’s authority, mandate and program activities can be found in the Departmental Performance Report and in Section I of the Report on Plans and Priorities.
1.2 Financial highlights
Key financial highlights from the 2011-12 financial statements are:
- Total expenses are $1,121M. Salaries comprise the majority at $617M (55%) for over 5,000 employees, followed by transfer payments at $371M (33%).
- Total revenues are $356M, largely from the delivery of legal services ($350M) to federal departments and agencies.
- Amounts due from the Consolidated Revenue Fund to satisfy future cash requirements represent $451M (95%) of total financial assets ($475M), and tangible capital assets comprise most of the total non-financial assets at $52M.
- Transfer payments payable comprise $430M (71%) of total liabilities ($602M). Accounts payable and accrued liabilities comprise $63M (10%), and employee future benefits obligations are $87M (14%).
- The Family Law account received $166M in garnishments and remitted $168M to provinces and territories for payment to beneficiaries entitled to family support.
- There is a decentralized finance and accounting function in each of the Department’s six regional offices that initiate, approve, process and record a significant portion of operating expenses.
- The Department uses the Integrated Financial and Materiel System (IFMS), SAP-based software, as its primary financial system, as well as several feeder systems that are critical to its operations and financial reporting.
Additional departmental financial information for fiscal year 2011-12 can be found in the Quarterly Financial Reports, under Section III – Supplementary Information of the Departmental Performance Report, and in the Public Accounts of Canada.
1.3 Service arrangements relevant to financial statements
The Department relies on other organizations for the processing of certain transactions or the provision of information, which impacts its financial statements:
Common Arrangements within the Government of Canada:
- Public Works and Government Services Canada centrally administers the payments of salaries and benefits, the procurement of some goods and services, and the provision of accommodations, on behalf of the Department.
- Treasury Board Secretariat (TBS) provides the Department with an annual dollar figure for the centrally funded health and dental insurance plans, and with information used to calculate various accruals and allowances, such as the employee severance benefit.
- Shared Services Canada (SSC) was created on August 4, 2011 to consolidate, streamline and improve the government’s information technology (IT) infrastructure services, specifically email, data centre and network services for 43 federal departments and agencies. Effective November 15, 2011, the responsibility for these services, including associated resources, was transferred from the Department to SSC. The administration and delivery of these services were shared during the 2011-12 transition period while SSC was being established.
Specific Arrangement for the Department of Justice:
- Public Prosecution Service of Canada provides certain corporate (internal) services for the Department’s Northern Region.
Other organizations also rely on the Department of Justice as follows:
- The Department is the common service provider of legal services to federal departments and agencies, and as such, the Department charges these organizations with the cost of providing legal services pursuant to legal services agreements, and provides an annual dollar figure for those legal services it provides without charge.
- The Department provides information on pending litigation cases in order to assist federal departments and agencies in the reporting of contingencies.
- The Department provides certain corporate (internal) services to the Public Prosecution Service of Canada.
- The Department assists provinces and territories in the enforcement of family support orders and agreements by providing garnishment assistance through the interception of designated federal moneys payable to individuals owing family financial support.
Further information on service arrangements is available in the financial statements under Note 5 – Family Law account and Note 11 – Related party transactions.
1.4 Material change in fiscal year 2011-12
To facilitate the transfer of specified IT services and related resources to Shared Services Canada, the Department modified its chart of accounts in order to account for SSC’s expenditures from November 15, 2011 to the end of the fiscal year. Further information is available in the financial statements under Note 12 – Transfers to other government departments.
2. Control environment of the Department of Justice relative to ICFR
The Department recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities effectively. The Department’s objective is to continually enhance its internal control environment to ensure risks are managed well through a responsive and risk-based approach that enables continuous improvement and innovation.
2.1 Key positions, roles and responsibilities
Below are the Department’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.
- Deputy Minister (DM)
The Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Executive Committee and the Audit Management Response and Evaluation Committee.
- Chief Financial Officer (CFO)
The CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.
- Senior Departmental Managers
Senior Departmental Managers in charge of services and program delivery are responsible for maintaining and reviewing the effectiveness of their system of ICFR falling within their mandate.
- Chief Audit Executive (CAE)
The CAE reports directly to the Deputy Minister and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.
- Departmental Audit Committee (DAC)
The DAC is an advisory committee that provides objective views on the Department’s risk management, control and governance frameworks. It is comprised of three external members, the Deputy Minister and the Associate Deputy Minister, and is chaired by an external member. The DAC reviews the corporate risk profile and the system of internal control, including the assessment and action plans relating to the system of ICFR.
- Executive Committee (EC)
As the central decision-making body, the EC reviews, approves and monitors the corporate risk profile and the departmental system of internal control, including the assessment and action plans relating to the system of IFMS.
- Audit Management Response and Evaluation Committee (AMREC)
This internally based advisory committee assists the Deputy Minister in discharging his responsibilities with respect to internal audit and evaluation.
2.2 Key measures taken by the Department
The Department’s control environment includes a series of measures to equip its staff to manage risks well through raising awareness, providing appropriate knowledge and tools, as well as developing skills. Key measures include:
- An established governance structure and provision of strategic direction through the Executive Committee and standing committees to the EC;
- A departmental Centre for Ethics, Conflict Management and Wellness responsible for values and ethics, the code of conduct, informal conflict management, and disclosure protection;
- A Strategic Planning, Risks and Scans division that coordinates and supports department-wide planning, including integrated business planning, risk management, environmental scanning, and preparation of the corporate risk profile approved by the Executive Committee;
- Regular reporting of financial performance;
- Annual performance agreements with clearly set out financial management responsibilities;
- Human resources management plan and policies that support learning and succession planning;
- Regularly updated delegation of financial authorities instruments;
- Policies and procedures tailored to the Department’s control environment;
- Training and communications in areas of financial management;
- Information technology (IT) processing systems to achieve greater security, integrity, efficiency and effectiveness;
- Documentation of main business processes and related risk and control points to support the management and oversight of the system of ICFR;
- An Internal Control division that reports directly to the CFO; and
- A risk-based internal audit plan.
3. Assessment of the Department of Justice's system of ICFR
3.1 Assessment approach
In support of the Policy on Internal Control, the Department is maintaining an effective system of ICFR with the objectives to provide reasonable assurance that:
- Transactions are appropriately authorized;
- Financial records are properly maintained;
- Assets are safeguarded; and
- Applicable laws, regulations and policies are followed.
The Department, through the Internal Control division within the CFO Branch, assesses the design and operating effectiveness of new processes that result in changes to its system of ICFR, conducts on-going monitoring and ensures continuous improvement to its departmental system of ICFR.
- Design effectiveness
means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate), and that any remediation is addressed. This includes the mapping of key processes and IT systems to the main accounts by location as applicable.
- Operating effectiveness
means that the application of key controls has been tested over a defined period and that any required remediation is addressed.
- On-going monitoring
means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.
3.2 Scope of departmental assessment during fiscal year 2011-12
In the current fiscal year, the Department completed the development of a formalized risk monitoring framework for the ICFR, in support of its on-going monitoring program. The framework includes a risk assessment tool and a multi-year on-going monitoring plan that identifies the departmental control levels and financial statement accounts to be tested over a three-year cycle. A summary of the multi-year plan is outlined in subsection 5.2 of this Annex.
During 2011-12, tests of transactions were performed for grants and contributions commitment control, vendor creation in IFMS, segregation of duties in IFMS, and interdepartmental expenditures. A gap analysis to confirm the continuing compliance of the Department’s financial activities with the requirements of the new Treasury Board directives associated to the Policy on Internal Control was conducted.
Remedial actions taken in response to the findings of prior year audits were monitored, and the results of the following audits were considered:
- Acquisition Cards (Internal Audit)
- Legal Agent Account Verification Process (Internal Audit)
- Regional Contracting (Internal Audit)
- Public Accounts Audit (Office of the Auditor General)
- Compliance with the Common Services Policy (Office of the Comptroller General Horizontal Internal Audit)
As reported in prior years’ Assessment of ICFR annexes, the Department has taken measures to assess its system of ICFR by documenting and testing the design and operating effectiveness of its key entity (corporate) level controls, general computer controls and business process controls with any remedial actions taken as required.
4. Department of Justice’s assessment results
The significant findings from the current year assessment are summarized below.
4.1 Design and operating effectiveness of new or significantly amended key controls
In the current year, there were no significantly new or amended key controls which required a reassessment.
4.2 On-going monitoring program
The results from the various monitoring assessments, financial management planning processes and audits completed in 2011-12 identified the need for the following:
- The responsibilities and procedures for exercising payment authority under Section 33 of the Financial Administration Act (FAA) should be strengthened for legal agent transactions.
- The overall accountability framework for contracting should be strengthened through revisions to current policies, procedures and guidelines, increased training and monitoring, and changes to system thresholds.
- Departmental practices and procedures for commitment control under Section 32 of the FAA should be strengthened.
5. Department of Justice's action plan
5.1 Progress during fiscal year 2011-12
Below is a summary of the progress made by the Department in 2011-12 in response to the assessment results. Remediation action taken to date has been aligned in terms of priorities following an assessment of risk. Progress status is indicated in (brackets).
The Department of Justice has conducted the following work to address the adjustments identified during the 2011-12 assessment.
- The FAA Section 33 responsibilities and procedures in the legal agent transactions payment process have been defined and implemented. (Completed.)
- The overall accountability framework for contracting has been strengthened through the substantial completion of revised and new policies, procedures and guidelines, and a monitoring program. Changes to system thresholds have been made, and training has been developed and provided to the regional offices. (Substantially advanced.)
- The FAA Section 32 practices have been reviewed and new procedures have been drafted. (Partially completed.)
The Department of Justice has conducted the following work to address the adjustments identified from the prior year assessments, or has deferred the work to subsequent years as indicated.
- The re-engineered end-to-end processes relating to the revenues derived from legal services have been developed, including billing practices, systems integration, and procedures. (Substantially advanced in response to 2010-11 assessment.)
- The CFO’s financial management advisory function continues to be strengthened throughout the Department. Permanent funding from within the Department has been provided. Staffing plans continue. (Substantially advanced in response to 2010-11 assessment.)
- The Solution Manager tool for the enhanced tracking of system changes has been included in the 2011-12 IFMS upgrade. Components of Solution Manager have been partially implemented in the IFMS production environment. (Partially completed in response to 2009-10 assessment.)
- The departmental bank accounts will be discontinued effective April 1, 2012. (Completed as planned.)
- Roles and responsibilities of departmental staff with respect to financial management have been clarified, and a matrix has been completed and widely communicated. (Completed as planned.)
- Entity level controls have been evaluated. (Completed as planned.)
- A verification standards policy to address internal controls and supporting documentation related to pay actions is being drafted. (Partially completed in response to 2009-10 assessment.)
- Family Law program's IT system has been replaced. Business process and procedural documents for using the system need to be completed. (Substantially advanced in response to 2009-10 assessment.)
- Strategic performance indicators and measures that will form a balanced scorecard for the finance function are to be developed. (Worked deferred to 2013-14.)
- The risk assessment of ICFR and an on-going monitoring plan of ICFR have been completed, reviewed by the DAC, and approved by the EC. Operating effectiveness control sheets and tests have been developed to support on-going monitoring. (Completed as planned.)
- A project is underway for the development of consistent practices and efficiencies for the verification of payments in support of Section 33 of the FAA. The high risk transaction analysis project has completed a risk assessment framework for salary and non-salary transactions. (Partially completed in response to 2009-10 assessment.)
- A review of the alignment of the Department’s pay administration processes with the requirements of the TBS common business model has been performed. (Completed as planned.)
5.2 Action plan for the next fiscal year and subsequent years
The Department plans to continue remediation of adjustments identified during its assessments, as well as to maintain an effective system of ICFR, by the following actions.
- Complete the revised and new contracting policies, procedures, guidelines, and monitoring program. (2012-13)
- Finalize the FAA Section 32 procedures. (2012-13)
- Implement the re-engineered end-to-end processes related to legal service revenues. (2012-13)
- Encourage the continuing support of the CFO’s financial management advisory function. (2012-13 and future years)
- Complete the implementation of Solution Manager in the IFMS production environment. (2012-13)
- Finalize the verification standards policy related to pay actions. (2012-13)
- Complete the business process and procedural documents for the Family Law program’s new IT system. (2013-14)
- Develop the balanced scorecard for the finance function. (2013-14)
- Finalize the national account verification framework to ensure that verification efforts will be focused on high-risk transactions and that statistical sampling methodology is used to analyze and determine the verification approach for lower/medium-risk transactions. (2012-13)
- Develop and implement a plan to address the gaps between the Department’s pay administration processes and the TBS common business model. (2012-13 and future years)
- Substantiate the existence of its capital assets. (2013-14 and future years)
The Department’s focus is also on-going monitoring, having gone through the full assessment cycle in previous years. Operating effectiveness testing will be conducted in those areas subject to reassessment unless significant amendments have been made to key controls in which case design effectiveness testing may be necessary.
The table below shows the Department’s rotational on-going monitoring plan over three years. An annual risk-assessment is conducted each year to validate the high risk controls and to adjust the on-going monitoring plan as required.
| Control level | 2012-13 | 2013-14 | 2014-15 |
|---|---|---|---|
| Entity level | X | X | X |
IT General control level
|
X | To be determined based on testing plan | To be determined based on testing plan |
Process level controls
|
|||
| Family Law account (Liability) | X | X | X |
| Salaries and employee benefits (Expense) | X | X | X |
| Professional and special services (Expense ) | X | X | X |
| Legal services revenue | X | X | X |
| Transfer payments | X | X | X |
| Travel and relocation (Expense) | X | ||
| Tangible capital assets | X | ||
| Accounts payable and accrued liabilities | X | ||
| Receivables and advances | X | ||
| Family Law fees (Revenue) | X | ||
An X signifies that the level of control, or the key controls for a financial statement account, will be monitored in the specified fiscal year.
- Date modified: