Audit of Internal Controls over Financial Reporting - Follow-up Report Status Update as of December 31, 2014

Notice

This website will change as a result of the dissolution of Indigenous and Northern Affairs Canada, and the creation of Indigenous Services Canada and the eventual creation of Crown-Indigenous Relations and Northern Affairs Canada. During this transformation, you may also wish to consult the updated Indigenous and Northern Affairs home page.

PDF Version (29 Kb, 6 Pages)

Action Plan Implementation Status Update Report to the Audit Committee - As of December 31, 2014

CFO

Audit of Internal Controls over Financial Reporting
Approval Date: 26/09/2014
Project Recommendations Action Plan Expected
Completion Date
Program Response
1. The Chief Financial Officer should formalize and communicate protocols for both reporting progress to stakeholders and the reporting of process and control changes to the Internal Controls Unit. A) To formalize and communicate reporting to stakeholders, including senior management, the CFO will request that internal controls be added as a standing item on the agendas of relevant committees, such as Financial Management Committee and Audit Committee, as appropriate. A) October 2014

PROGRAM RESPONSE :
Status: A) Completed – Request to Close
Update/Rationale:
As of December 31, 2014

Request to include Internal Control was confirmed by FMC as a standing item on the agenda (For important milestones)

AES: Completed

B) For the reporting of process and control changes to the Internal Control Unit, we will define Programs' roles and responsibilities including process requirements. This information will be added to our Internal Control Management Framework and will be communicated to all Programs. B) March 2015

PROGRAM RESPONSE :
Status: B) In progress and on target for March 2015
Update/Rationale:
As of December 31, 2014

Internal Control Management Framework is currently being reviewed to include Program's roles and responsibilities.

AES: Implementation Ongoing

2. The Chief Financial Officer should ensure that a complete assessment, including conclusions over the effectiveness of all identified key controls, is performed by March 31, 2015, in order to meet AANDC's commitments and to better inform a risk-based approach for the on-going monitoring phase.  Specifically, individual control effectiveness conclusions on key controls identified in the environmental liabilities process should be clearly documented and reviewed for completeness by the Internal Controls Unit. Additionally, leading practice for entity level control assessments would include the testing of all identified key controls at least once before taking a risk based approach to testing in future years. A) To ensure the completeness of assessments of all key controls, the Internal Control Unit will review its action plan to determine whether sufficient resources are in place and that contingencies are considered in order to ensure that the action plan is finalized by end of fiscal year. A) March 2015

PROGRAM RESPONSE :
Status: A) In Progress and on target for March 2015
Update/Rationale: 
As of December 31, 2014

Capital Assets operational testing & evaluation and the Internal Control Ongoing monitoring plan will be completed in February.

AES: Implementation Ongoing

B) Concerning the documentation and review of the individual control effectiveness conclusions identified in the environmental liabilities, we will review and validate the information contained in the working documents to be assured that the assessments were done according to best practices and that conclusions are accurate.  In the future, we will continue to ensure that such documents comply with our policy instruments. B) December 2014

PROGRAM RESPONSE :
Status: B) Completed – Request to Close
Update/Rationale:
As of December 31, 2014

The information contained in the working documents has been reviewed and validated assuring that the conclusions are accurate.

AES: Completed

C) For the testing of all identified key controls and as per Treasury Board's Policy on Internal Control, we will review and validate the assessments that were completed to be assured that all key controls have been tested.  Over the course of the next five years, during our ongoing monitoring, we will re-assess all appropriate key controls on a risk based approach. C) March 2015

PROGRAM RESPONSE :
Status: C) Completed – Request to Close
Update/Rationale:
As of December 31, 2014

All high risk controls are considered as key controls and they have been tested.

AES: Completed

3. The Chief Financial Officer should provide guidance on the management of performance and reporting by external consultants retained to support AANDC's Internal Controls over Financial Reporting framework, to ensure alignment with the Internals Control Unit's Operating Effectiveness Approach and Methodology. We will modify our Statement of Work template in order to ensure that the work performed by external consultants aligns with our policy instruments, framework, methodology and approach and that the roles and responsibilities of both parties (i.e., the ICU and the contractor) are clearly defined.  In the future, upon the signature of new contracts, these documents will be shared by the Internal Control Unit and reviewed in detail with the external consultants. December 2014

PROGRAM RESPONSE :
Status: Completed – Request to Close
Update/Rationale:
As of December 31, 2014

A Statement of Work template has been developed providing guidance on the management of performance and reporting by external consultants.

AES: Completed

4. The Chief Financial Officer should ensure that a process is developed and implemented to allow the Internal Controls Unit to identify and assess third party service providers' impact on departmental financial reporting (i.e. valuations performed by external third parties experts used to inform accounting judgments such as contaminated site liabilities). Additionally, while an informal process is in place to identify other government departments (OGDs) providing third party services, assurance on the effectiveness of internal controls being performed by OGDs should be obtained by AANDC through review of publically available statements of management responsibility and/or third party service auditor reports for private organizations. A) The ICU will review design documentation to identify programs that rely on third party service providers for financial estimate. Once identified, the ICU will validate that controls have been established to ensure estimates comply with Government of Canada and Public Sector Accounting Standards. As part of this exercise, the ICU will develop a process requiring programs to develop a list of all such third party service providers, which will allow the ICU to appropriately assess the reliance and related controls for sufficiency. A) March 2016  
B) Concerning assurance on the effectiveness of internal controls being performed by OGDs, we will formalize a process to review the statements of management responsibility of OGD's the Department relies on in order to assess the effectiveness of the controls that have been documented and tested, the resulting observations and recommendations and the controls to be tested in the future.  Our review and assessment will be documented and communicated to the CFO annually and incorporated as part of presentations to senior management where appropriate, in accordance with established schedule developed as part of our response to recommendation 1 (a). B) March 2016  
5. The Chief Financial Officer should prioritize its five-year on-going monitoring and oversight plan based on the approved framework to ensure its completion. This will allow the Department to meet its requirements under the Policy on Internal Controls and address concerns raised by the OAG in its Fall 2013 Follow-up Audit on Internal Controls over Financial Reporting. The ICU will document its timelines, including key milestone dates to ensure that the five-year on-going monitoring plan is prioritized and completed in accordance with the ongoing monitoring framework by the end of this fiscal year. As part of this exercise, target dates will be set for final approval by the CFO and its presentation to the Financial Management Committee / Operations Committee members (as required) well in advance of year-end to ensure sufficient time for their comments and feedback. March 2015  
6. The Chief Financial Officer should ensure that the new process/controls for the Chief Financial Officer Attestation for Cabinet and Treasury Board submissions are assessed for design and operational effectiveness. We will review CFO attestations completed to date for all Cabinet and Treasury Board submissions to ensure that expected effectively designed controls are in place and that they are operating effectively. March 2015  
 
 
Date modified: