2021-22 Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting (unaudited)
For the year ended March 31, 2022
1. Introduction
This document provides summary information on the measures taken by the Office of the Information Commissioner of Canada (the Office) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results and related action plans.
Detailed information on the Office’s authority, mandate and program activities can be found in its 2021-2022 Departmental Plan and 2021-2022 Departmental Results Report.
2. The Office’s system of internal control over financial reporting
2.1 Internal control management
The Office has a well-established governance and accountability structure to support organizational assessment efforts and oversight of its system of internal control. It includes the following:
- Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas or responsibility for control management;
- Values and ethics that guide and support employees in their professional activities;
- Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
- Ongoing monitoring and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Commissioner and senior management and, as applicable, the Office’s Audit and Evaluation Committee.
The Office’s Audit and Evaluation Committee provides advice to the Commissioner of the adequacy and functioning of the Office’s risk management, control and governance frameworks and processes.
2.2 Service arrangements relevant to financial statements
The Office relies on other organizations for processing certain transactions that are recorded in its financial statements, as follows:
Common service arrangements
- Public Services and Procurement Canada (PSPC), which centrally administers the payment of salaries, the procurement of some goods and services, and provides accommodation services;
- Shared Services Canada (SCC), which provides information technology (IT) infrastructure services to the Office. The scope and responsibilities are addressed in the interdepartmental arrangements between SSC and the Office; and
- Treasury Board of Canada Secretariat (TBS) provides the Office with information used to calculate various accruals and allowances. They provide services related to public sector insurance for employees of the Office and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans.
Readers of this annex may refer to the annexes of the above-noted departments for a greater understanding of the systems of ICFR related to these specific services.
The Office relies on other departments as follows:
Specific arrangements
- Canadian Human Rights Commission (CHRC), which provides the Office with the following:
- a financial system platform to capture and report all financial transactions;
- procurement services for processing of all contracts and reporting;
- financial services for processing of all invoice payments and reimbursement requests.
- The Office of the Auditor General (OAG), which provides audit services to the Office.
3. The Office’s assessment results for the 2021-2022 fiscal year
In recent years, design and operational effectiveness testing of key controls demonstrated that the Office’s systems of internal controls over financial reporting (ICFR) were generally strong and effective.
The following table summarizes the organization’s progress based on the plans identified in the previous fiscal year’s annex.
|
Element in previous year’s action plan |
Status |
|---|---|
|
Payroll & Benefits (including Phoenix Pay System) |
A third party was hired in 2020-2021 to update the majority of the Office’s payroll business process narrative, with complementary visuals. This included identifying and assessing stated designed controls and conducting operational effectiveness testing of its key controls. Their report identified several areas where processes and documentation could be improved. In 2021-22, the Office implemented new internal control procedures to address the suggestions recommended in the report. In addition, payroll transactions were reconciled biweekly and at year-end to identify any over or under-payments in a timely manner. The Office made significant progress in analyzing over or under payments both from the current year and address a backlog from prior years. Monitoring is ongoing. The Office continued the analysis and review of any post-implementation issues with corrective measures as required related to the Phoenix pay system. |
In the current year, there were no significant amendments to key controls in existing processes that required a reassessment, notwithstanding of the global COVID-19 pandemic. The Office’s staff worked remotely and corporate functions continued as normal for the most part, facilitated by the prompt implementation of electronic delivery of documents and electronic signatures using MyKey for a secure authentication for approval processes.
Ongoing monitoring program
The Office has a comprehensive internal control framework for financial and HR management that is aligned with the federal government’s expenditure management process. The Office manages its funding through the budgeting and commitment control process in its integrated financial and salary budgeting systems. Appropriate segregation of duties is achieved in the context of common, systematized business processes. Expenditures are approved at the initiation, contracting, performance certification and payment approval stages. Payments are subject to a quality control process that tailors verification processes to risk. Controls over payments are tested for effectiveness on a monthly basis. Financial results are monitored through a monthly financial reporting process, and validated and approved by management.
Through the annual review of internal controls and the ongoing monitoring, the Office’s observations pertained mainly to the need to further improve procedures and related documentation.
4. The Office’s action plan for the next fiscal year and subsequent years
As an Agent of Parliament, the Commissioner is solely responsible for the Office’s compliance with the Treasury Board Financial Management Policy and related instruments and for responding to any instance of non-compliance.
Therefore, the Commissioner and senior managers are committed to sustaining and continuously improving its effective system of ICFR, including carrying out ongoing monitoring to ensure that the key controls meet the expectations of management and stakeholders, and appropriately mitigate associated risks.
The Office’s rotational ongoing monitoring plan over the next 3 fiscal years is shown in the following table. The ongoing monitoring plan is based on:
- an annual validation of high-risk processes and controls
- related adjustments to the ongoing monitoring plan as required.
|
Key control areas |
Risk |
2022 to 2023 |
2023 to 2024 |
2024 to 2025 |
|---|---|---|---|---|
|
Entity-level controls |
Low |
No |
Yes |
No |
|
Budgeting & forecasting |
Low |
No |
No |
Yes |
|
IT general controlsFootnote 1 |
Low |
Based on Service Provider’s ICFR Plan |
||
|
Asset management |
Low |
No |
No |
No |
|
Procure to pay |
Medium |
Yes |
No |
No |
|
Payroll and benefits |
High |
Yes |
Yes |
Yes |
|
Financial period end closing |
Low |
No |
No |
No |