Human Resources and Skills Development Canada
Symbol of the Government of Canada

Human Resources and Skills Development Canada

www.hrsdc.gc.ca

Human Resources and Skill Development Canada
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year ended March 31, 2011
August 31, 2011

Note to the reader

With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments are required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

  • Transactions are appropriately authorized;
  • Financial records are properly maintained;
  • Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
  • Applicable laws, regulations and policies are followed.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess effectiveness of associated key controls, and adjust as required, as well as to monitor the system in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.

uparrow Top of page
Top of page

1. Introduction

This document is the second annual annex produced by this department. It is appended to Human Resources and Skills Development’s (HRSDC) Statement of Management Responsibility Including Internal Control over Financial Reporting for the fiscal year ended March 31, 2011. As required by the Treasury Board Policy on Internal Control, this document provides summary information on the measures taken by management to maintain an effective system of internal control over financial reporting (ICFR). In particular, it provides summary information on the assessments conducted by HRSDC as at March 31, 2011, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Department.

1.1 Authority, Mandate and Program Activities

Detailed information on HRSDC’s authority, mandate and program activities can be found in Departmental Performance Report 2010-2011 Departmental Performance Report Report on Plans and Priorities 2011-2012 Report on Plans and Priorities.

1.2 Financial highlights

Below is key financial information for the fiscal year ended March 31, 2011. More information can be found in HRSDC’s Financial statements (unaudited) and Notes to the financial statements of HRSDC for fiscal-year 2010-2011 Financial Statements. Information can also be found in the Public Accounts of Canada Public Works and Government Services Canada Web site.

  • Total expenses were $65.9 billion. Benefits and transfer payments to individuals ($40.0 billion), which are mostly composed of Old Age Security payments ($35.6 billion), comprise the majority followed by Employment Insurance benefits and support measures payments ($19.8 billion) and salaries and benefits ($2.0 billion).
  • Canada Student Loans ($10.8 billion) and accounts receivable and advances ($3.3 billion) comprise over 98% of total assets ($14.4 billion).
  • Accounts payable and accrued liabilities ($1.4 billion) represent nearly 56% of total liabilities ($2.5 billion).
  • HRSDC has a strong regional presence. There is an accounting function in each of the regional offices that initiate, approve, process and/or record a portion of HRSDC’s expenses.
  • HRSDC has a significant number of information systems that are critical to its operations and financial reporting.

1.3 Service arrangements relevant to financial statements

HRSDC relies on other organizations for the processing of certain transactions that are recorded in its financial statements:

Common Arrangements:

  • Public Works and Government Services Canada centrally administers the payments of salaries and the procurement of goods and services;
  • Treasury Board Secretariat provides the Department with information used to calculate various accruals and allowances, such as the accrued severance liability; and
  • The Department of Justice provides legal services to HRSDC.

Specific Arrangements:

  • HRSDC, through the Service Canada (SC) initiative, acts as a focal point for government access to Canadians. As a result, HRSDC has entered into several agreements with many federal government departments designed to provide Canadians with better access to programs and services;
  • A private service provider, pursuant to a contract with the Canada Student Loans Program, administers the delivery of the Direct loans issued under the Canada Student Loans Program. As a result, reliance is placed on the control procedures of the external service provider and the annual audit on financial information performed by an external audit firm; and
  • The Canada Revenue Agency (CRA) provides full collection services to HRSDC for the recovery of its Accounts Receivable. Although CRA uses HRSDC’s departmental accounts receivable systems (DARS), reliance is placed on the control procedures at CRA for the collection services and CRA’s reporting capacity.

1.4 Material changes in fiscal year 2010-2011

Ian Shugart was appointed as the Deputy Minister of HRSDC on July 26th, 2010. The new Chief Financial Officer (CFO), Alfred Tsang, was appointed on April 19, 2010.

uparrow Top of page
Top of page

2. HRSDC’s control environment relevant to ICFR

HRSDC recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective systems of ICFR and is well equipped to exercise these responsibilities effectively. The Department’s focus is to ensure risks are managed well through a responsive and risk-based control environment that enables continuous improvement and innovation.

2.1 Key positions, roles and responsibilities

Below are HRSDC’s key positions and committees with responsibilities for maintaining and overseeing the effectiveness of its system of ICFR.

Deputy Minister – HRSDC’s Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Portfolio Management Board.

Chief Financial Officer (CFO) – HRSDC’s CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Departmental Managers – HRSDC’s senior departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their mandate.

Chief Audit Executive (CAE) – HRSDC’s CAE reports directly to the Deputy Minister and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.

Chief Information Officer (CIO) – The CIO is the departmental lead for IT infrastructure and system applications (incl. a key source of expertise) and contributes to the assessments of IT systems and application controls.

Departmental Audit Committee (DAC) - The DAC is an advisory committee chaired by the Deputy Minister that provides objective views on the Department’s risk management, control and governance frameworks. It is comprised of three external members and was established in 2008. As such, it reviews HRSDC’s Corporate Risk Profile and its system of internal control, including the assessment and action plans relating to the system of ICFR.

Portfolio Management Board (PMB) - As the main decision-making body of the portfolio, the Portfolio Management Board determines strategic directions and priorities; approves portfolio-wide plans and strategies; and makes decisions on strategic issues that affect the portfolio as a whole. The Portfolio Management Board also acts as the key portfolio vehicle for information sharing, consultation and collaboration at the Deputy Minister and Assistant Deputy Minister level.

Corporate Management Committee (CMC) – Oversees the management agenda of the portfolio in order to support the achievement of the outcomes and objectives set out in the Integrated Business Plan and the Management Accountability Framework, and to meet the requirements of the corporate fiscal and planning processes. Charged with oversight of corporate management strategies, processes, and operations in the following areas: Human Resources; Finance/Corporate Overhead; Information Technology/Information Management; Audit and Accountability; Planning, Risk Management and Reporting (including resource allocation and program delivery); and Other administration and general oversight.

2.2 Key measures taken by HRSDC

HRSDC’s control environment also includes a series of measures to equip its staff to manage risks well through raising awareness, providing appropriate knowledge and tools as well as developing skills. Key measures include:

  • An Office of Values and Ethics;
  • Guidelines of conduct for Service Canada;
  • Guidelines of Professional conduct for the Labour Program;
  • A dedicated directorate under the CFO on internal control;
  • Documentation of main business processes and related key risk and control points to support the management and oversight of its system of ICFR is under way;
  • Annual performance agreements with clearly identified financial management responsibilities;
  • Ongoing communications in core areas of financial management;
  • Departmental policies tailored to HRSDC’s control environment;
  • Periodically updated delegated authorities matrix;
  • Financial Management Framework;
  • Risk based Audit Framework; and
  • Integrated Business Plan

uparrow Top of page
Top of page

3. Assessment of HRSDC’s system of ICFR

3.1 Assessment Approach

To satisfy the requirements of the Policy on Internal Control, the Department must be able to maintain an effective system of ICFR with the objectives to provide reasonable assurances that:

  • Transactions are appropriately authorized;
  • Financial records are properly maintained;
  • Assets are safeguarded; and
  • Applicable laws, regulations and policies are followed.

Over time, this includes assessment of the design and operating effectiveness of the system of ICFR leading to ensuring an on-going monitoring and continuous improvement of the departmental system of ICFR.

Design effectiveness means to ensure that key control points are identified, documented, in place and that they are aligned with the risks they aim to mitigate and that any remediation is addressed. This includes the mapping of key processes and IT systems to the main accounts by location as applicable.

Operating effectiveness means that key controls have been tested over a defined period and that any remediation is addressed. Such testing covers all departmental control levels which include corporate or entity, general computer and business process controls.

On-going monitoring means that key controls are monitored on a regular basis to provide reasonable assurance that they continue to function effectively over time.

3.2 Scope of HRSDC’s assessment for fiscal year 2010-2011

In proceeding with its implementation of the Policy on Internal Control, HRSDC has taken measures to assess its system of ICFR starting from its financial statements with a focus on the main processes (listed below).

Over a period of four years that will end on March 31, 2013, and for each of its main processes, HRSDC will have mapped out processes, prepared financial control matrices, and tested the design effectiveness as well as the operating effectiveness of the key controls. HRSDC will also have identified any control weaknesses and taken the appropriate corrective measures.

As at March 31, 2011, HRSDC has completed two of its four year assessment plan as follows:

Entity Level Controls

HRSDC has documented and tested the design effectiveness of its Entity Level Controls. Remediations addressing any key control weaknesses identified during the design effectiveness are well advanced and planning for the operating effectiveness testing should start next fiscal year.

General Computer Controls

HRSDC has documented and tested the design effectiveness of its General Computer Controls. Remediations addressing any key control weaknesses identified during the design effectiveness are well advanced and planning for the operating effectiveness testing should start next fiscal year.

Business Processes

HRSDC had completed the documentation and assessment for the design effectiveness of key controls for all the business processes listed below, including the System Application Controls.

  • Old Age Security (OAS)
  • Receipt & Deposit of Public Funds
  • Hire-to-Pay (payroll)
  • Grants & Contributions
  • Accounts Receivable
  • Contracting & Procurement
  • Treatment of Payments (Accounts Payable)
  • Interdepartmental Settlements
  • Canada Education Savings Program
  • Financial Statements Process
  • Operating & Maintenance (budget, travel, relocation, capital assets, hospitality)
  • System Application Controls (related to all above processes)

HRSDC had also started drafting action plans addressing the remediations identified during the design effectiveness assessments of the key controls for all the business processes. Certain action plans were finalized and more than 50% of the remediations were completed for the following business processes: Grants & Contributions, Financial Statements and CESP.

HRSDC intends to commence documentation and assessment of the design effectiveness of the key controls for the following 3 processes, for which external annual financial audits are currently completed:

  • Employment Insurance (EI)
  • Canada Pension Plan (CPP)
  • Canada Student Loans (CSLP)

uparrow Top of page
Top of page

4. HRSDC’s assessment results

As a result of the assessment approach described above, HRSDC has developed a baseline’s architecture of all key control points by processes and main IT systems.

In assessing its key controls, HRSDC has focused on design effectiveness which is the prerequisite to testing operating effectiveness.

4.1 Design effectiveness of key controls

When completing design effectiveness testing, HRSDC is identifying, documenting and assessing all key controls (including its validation by process owners) and is verifying whether the process and IT system documentation are in place and correspond to actual practices. Design effectiveness also includes ensuring appropriate alignment of each key control with risks. Action plans are developed and implemented to address key control deficiencies identified as a result of this exercise.

As of March 31, 2011, HRSDC has finalized the documentation and assessment related to the design effectiveness of all the main processes listed in section 3.2. As a result of the design effectiveness testing, HRSDC has identified remediation requirements and developed action plans to remediate key controls in the following areas:

Documentation:

  • Greater consistency in the quality, reliability and availability of documentation of controls and procedures

Data reconciliation and integrity:

  • Greater consistency of reconciliations and source data.

IT general system management:

  • Strengthen controls related to the following IT management processes: access, profile, configuration and change management

Segregation of duties and approval process:

  • Strengthen the segregation of duties related to program activities; and
  • Strengthen the approval process of financial transactions

Monitoring and Quality assurance:

  • Greater clarity of roles and responsibilities as well as improved accountability over the amounts and disclosures in the financial statements; and
  • Improved Quality Assurance Methodology related to financial transactions

4.2 Operating effectiveness of key controls

As at March 31, 2011, HRSDC has not yet performed the operating effectiveness testing of key controls. As progress is made in addressing the design effectiveness remediation of key controls, HRSDC will launch operating effectiveness testing. In the coming fiscal year, HRSDC will develop risk-based operating effectiveness test plan for each process listed in section 3.2. The test plans will identify key controls to be tested over a defined period of time, including the selection of locations, the test-period as well as the method and frequency of testing. HRSDC will also perform testing that will provide assurance that key controls are functioning as designed over a period of time.

uparrow Top of page
Top of page

5. HRSDC's action plan

5.1 Progress during fiscal year 2010-2011

During 2010-2011 HRSDC has continued to make progress in assessing and improving its key controls. Below is a summary of the main progress made by HRSDC.

HRSDC has now completed the documentation and assessment related to the design effectiveness for all the main processes listed in section 3.2 by:

  • Completing the documentation and assessment of its key controls for the design effectiveness for the remaining business processes: Hire to Pay, Grants and Contributions, Contracting and Procurement, Interdepartmental Settlements, and Other O&M such as Budget, Travel, Relocation, Capital Assets and Hospitality;
  • Completing the documentation and assessment related to the design effectiveness of the System Application Controls that are embedded in all the business processes listed in section 3.2.

HRSDC has substantially advanced work addressing the remediation of its weak key controls identified during the design effectiveness assessment by:

  • Completing the action plans addressing the remediation of critical key controls identified during the design effectiveness assessment for the Entity Level Controls and General Computer Controls;
  • Completing more than 60% of the remediation addressing critical key controls identified during the design effectiveness assessment for Entity Level Controls (performance review, training & accountability, etc) and General Computer Controls (Change Management process, user acceptance sign-off; restricted acces to production environment, etc);
  • Finalizing the action plans addressing critical key controls and System Application Controls identified during the design effectiveness assessment for the following business processes: Grants and Contributions, Accounts Receivable, Canada Education Savings Program and Financial Statements Process.
  • Completing more than 50 % of the remediation addressing critical key controls and System Application Controls identified during the design effectiveness assessment for the following business processes: Grants and Contributions (systemic validation evidence, Approval process), Canada Education Savings Program (eligibility criteria validation, Delegation of Authority chart) and Financial Statements Process (roles & responsibilities).

HRSDC has commenced work addressing the remediation of its weak key controls identified during the design effectiveness assessment by:

  • Drafting action plans addressing the remediation of critical key controls and System Application Controls identified during the design effectiveness assessment for the following business processes: Old Age Security, Receipt & Deposit, Contracting & Procurement, Treament of Payments, Interdepartmental Settlements and Other O&M such as Budget, Capital Assets and Hospitality;
  • Initiating the remediation addressing critical key controls identified during the design effectiveness assessment for Old Age Security and Accounts Receivable (write-off reconciliation, provision for bad debt calculation review).

HRSDC has also initiated the development of a Departmental Operating effectiveness test plan.

5.2 Action plan for the next fiscal year and subsequent years

Whether it is to support control-based audits or meet the requirements of the Policy on Internal Control, in both cases, departments need to maintain an effective system of ICFR with the objectives to provide reasonable assurance that a) transactions are appropriately authorized, b) financial records are properly maintained, c) assets are safeguarded and d) applicable laws, regulations and policies are followed.

Building on progress to date, HRSDC is positioned to start the assessment of the operating effectiveness for its system of ICFR in 2011-2012.

For 2011-2012, HRSDC plans to:

  • Complete all the action plans and initiate remediation activities addressing the critical key controls identified during the design effectiveness assessment for all the business processes;
  • Initiate the design effectiveness assessment for the Canada Student Loans Program;
  • Develop operating effectiveness test plans for its departmental system of ICFR;
  • Perform operating effectiveness testing for all the completed remediation.

For 2012-2013 and following years, HRSDC plans to:

  • Complete the remediation of all critical key controls identified during the design effectiveness assessment for the Entity Level Controls and General Computer Controls;
  • Complete the remediation addressing the critical key controls identified during the design effectiveness assessments for all the business processes;
  • Finalize operating effectiveness testing for all remediation of the departmental system of ICFR;
  • Develop and implement an on-going monitoring plan for all the processes.

uparrow Top of page
Top of page

Footer

Date Modified:
2011-11-24