Canadian Polar Commission Annual Report 2010-2011 - Annex

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting

(Unaudited)

Summary of the assessment of effectiveness of the systems of internal control over financial reporting and the action plan of the Canadian Polar Commission for fiscal year 2010-2011

Introduction
Control Environment Relevant to Internal control Over Financial Reporting (ICFR)
Assessment of the Commission's System of ICFR
Assessment Results
Action Plan for the Next Fiscal Year and Future Years

Return to Table of Contents: Annual Report 2010-2011

Note to the Reader:

With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risks to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The maintenance of an effective system of ICFR is an ongoing process, designed to identify key risks and controls, assess their effectiveness and adjust as required, as well as to monitor performance in support of continuous improvement. As a result, the scope, pace and status of assessments of the effectiveness of systems of ICFR will vary from one organization to another, based on risks and taking into account the unique circumstances of the organization. This Annex is unaudited.

1. Introduction

This introduction summarizes the key information related to the authority, mandate and activities of the Canadian Polar Commission (Commission); financial highlights, service arrangements relevant to the financial statements; and material changes occurring in the fiscal year. In particular, it provides summary information about the internal control environment unique to the Commission.

1.1 Authority, Mandate and Program Activities

Detailed information on the Commission's authority, mandate and program activities can be found in the Commission's annual report.

1.2 Financial Highlights

Audited financial statements of the Commission are included in the Annual Report for 2010-2011 of the Canadian Polar Commission and can be found on the Commission's website.

The highlights for the 2010-11 fiscal year according to the financial statements are as follows:

Total financial appropriation provided the Commission were $1.054 million; total appropriation used were $1.017 million; and
Total expenses (accrual) during the year were $1.176 million; salaries accounted for approximately 50%.

1.3 Audited Financial Statements

The financial statements of the Commission are audited by the Office of the Auditor General (OAG). In the opinion of the OAG, the financial statements present fairly the financial position of the Commission as at March 31, 2011 and the results of its operations and cash flows for the year then ended. The financial statements of the CPC have been audited since the creation of the CPC in 1991.

1.4 Service Arrangements Relevant to the Financial Statements

The Commission relies on other organizations, both internal and external to the government for critical financial services relevant to the financial statements, pursuant to memoranda of understanding and contracts:

Public Works and Government Services (PWGSC) administers the procurement of goods and services where the Commission does not have the appropriate authorities;
PWGSC provides the financial management and financial reporting systems used by the Commission, (Common Departmental Financial System and Management Reporting Module);
Treasury Board Secretariat provides the Commission with information to calculate some accruals;
Aboriginal Affairs and Northern Development Canada (AANDC) provides pay and benefit services to the Commission without charge; and
The Commission relies on an external informatics service provider for all of its informatics services, with the exception of the financial management and reporting systems, including hardware, software and network management and maintenance.

1.5 Material Changes in Fiscal Year 2010-11

In November, 2010 a Board of Directors, including the Chairman and the Vice-chairman, was appointed. In March 2011, an internal audit committee was formed.

2. Control Environment Relevant to Internal Control Over Financial Reporting (ICFR)

The Commission recognizes the importance of establishing and maintaining an effective system of internal control. However, the system of internal control in place is to a large extent a reflection of the overall size of the organization, 5 personnel, the expertise available, and the extent to which controls can be divided among the personnel available.

2.1 Key Positions, Roles and Responsibilities

Below are the Commission's key positions with responsibilities related to the system of ICFR:

Chairman - The Chairman is ultimately responsible for the measures taken to maintain an effective system of internal control. However, since the position of Chairman is part-time, the ongoing functional responsibility for the effectiveness of the system of internal control resides with the Executive Director.

Executive Director/Chief Financial Officer - The Executive Director/Chief Financial Officer reports directly to the Chairman and is responsible for the design and implementation of an effective system of ICFR. Part of these responsibilities includes ensuring that the system is not compromised by the possible absences of the limited personnel available at any point in time (travel, sickness, vacation, etc.).

Senior Commission Managers - There are two Senior Commission Managers, (Senior Science Adviser and the Manager of Information) who are responsible to discharge their financial responsibilities while ensuring that internal controls are in place and working.

Deputy Chief Financial Officer - The Deputy Chief Financial Officer is responsible to maintain an effective system of internal control and administer the financial activities of the Office within the established internal control framework, including ICFR.

Internal Audit Committee (IAC) - The purpose of the Internal Audit Committee (IAC) is to assist the Board of Directors in fulfilling its' oversight responsibilities in the areas of:

Standards of integrity and behaviour;
Reporting of financial information; and
Internal control systems.

2.2 Key Measures Taken by the Commission

The Commission's control environment also includes a series of measures to manage risks well through raising awareness, providing appropriate information and tools as well as developing skills. Key measures include:

Commission financial management and reporting practices tailored to the Commission's control environment;
Updated financial delegation authorities matrix;
Outsourcing to obtain required level of financial expertise; and
Adjustment of financial management and reporting practices based on the results of the annual audits performed by the Office of the Auditor General.

3. Assessment of the Commission's System of ICFR

3.1 Assessment Baseline as of March 31, 2011

Financial statements of the Commission have been audited, as required by statute, by the Office of the Auditor General since the creation of the Commission in 1991. In parallel, senior management is providing increased emphasis on formalizing its approach to the management and on-going maintenance of its systems of ICFR with the objective to support continuous improvement.

On April 1, 2009, the Treasury Board implemented the Policy on Internal Control which states that an effective system of ICFR has the objectives to provide reasonable assurance that:

Transactions are appropriately authorized;
Financial records are properly maintained;
Assets are safeguarded; and
Applicable laws, regulations and policies are followed.

As a result, the Commission, in the context of a micro agency with 5 personnel, has commenced in 2010-11 to establish a more systematic risk based assessment of the design and operating effectiveness of its system of ICFR.

As identified in section 1.4, the Commission relies on certain aspects of its financial business process controls including financial system application and IT general controls that are managed by another department. Therefore, the Commission is only responsible to maintain effective internal controls over financial reporting that it directly manages.

On this basis, through design effectiveness testing, the Commission will ensure that key controls relevant to ICFR have been properly identified, documented, in place and that they are aligned with the risks they aim to mitigate and that any remediation is addressed appropriately and in a timely manner. This includes ensuring appropriate mapping of key processes and information technology systems to the main financial statement accounts or class of transactions.

Consistent with that approach, through operating effectiveness, the Commission will ensure that the application of key controls over financial reporting has been tested over a defined period, they are working as intended and that any required remediation is addressed appropriately and in a timely manner.

Such testing covers all departmental level controls which includes entity, general computer and business process controls as applicable to the Commission.

3.2 Scope and Approach for Assessing the Commission's ICFR

In fiscal year 2010-11, the Commission completed (informally and using the results of the audit by the Office of the Auditor General) a review of its most significant accounts and key financial processes taking into account risks and materiality relative to financial statement assertions. These significant accounts and processes include:

Capital assets;
Operating expenditures (primarily non-pay as the Commission relies to a large degree on AANDC systems of internal control over the pay process);
Financial close and reporting.

The Commission is in the process of identifying and assessing key risks and controls in order to establish a multi-year assessment action plan and implementation requirements.

4. Assessment Results

4.1 Design Effectiveness

The design for key controls within the Commission was appropriate as most controls were in place and aligned with risks. These controls relate primarily to non-pay transactions as the controls related to pay are primarily the responsibility of AANDC. There were, however, opportunities for improvement as set out below:

Documentation and evidence of controls - Although operating expenditures were processed properly and the controls over expenditures were in place and working, the documentation of procedures and controls needs to be undertaken. Delegated financial authorities need to be regularly updated.
System access controls - Continue to strengthen controls related to user access and delegated authorities within the financial system and the segregation of duties as it relates to the financial authorities (Section 34 and 33 of the FAA) exercised over financial transactions.
Appropriate or sufficient processes in place - Strengthen processes around contracting that is within the delegated authority of the Commission.

4.2 Operating Effectiveness of Key Controls

The majority of controls were in place and operating effectively. There were, however, opportunities for improvement as set out below:

Data integrity - Closing journal vouchers reviewed in the period they are created.

5. Action Plan for the Next Fiscal Year and Future Years

Beginning in 2011-12, the action plan below highlights the progress the Commission expects to be making in completing the assessment of the effectiveness of the Commission system of ICFR.

The action plan relates entirely to the key controls that the Commission has responsibility for. The action plan will be phased in over time but owing to the size of the organization, the assessment of the design and operational effectiveness of some of the key controls over financial reporting may be completed in the same fiscal year. The current action plan is for three years; however, should it be implemented and completed sooner, the plan would be revised to reflect the shorter time frame.

Elements in Action Plan	2011-2012	2012-2013	2013-2014
Assessment of design effectiveness of key controls
Document existing key business processes and controls	yes	yes	yes
Review user access and segregation of duties	yes	no	no
Document procurement compliance process/controls	yes	no	no
Review effectiveness of the IAC	no	yes	no
Implement corrective action, as required	no	yes	yes
Assessment of operating effectiveness of key controls
Testing of operating effectiveness of key controls	yes	yes	yes
Implement corrective action, as required	yes	yes	yes
Ongoing monitoring of effectiveness of Commission ICFR	yes	yes	yes

Return to Top of Page

Return to Financial Statements

Return to Table of Contents: Annual Report 2010-2011

Search

CONNECTIONS

Canadian Polar Information Network (CPIN)

Organizations

Networks

POLAR KNOWLEDGE

Funding Programs

International Polar Year Legacy

Antarctic

Polar Databases

COMMUNICATING

Publications