2017–18 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting

2017–18 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting

1 Introduction

This document provides summary information on the measures taken by the Office of the Auditor General of Canada to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results, and related action plans.

Detailed information on the Office’s authority, mandate, and program activities can be found in the 2017–18 Departmental Results Report and the 2018–19 Departmental Plan.

2 Departmental system of internal control over financial reporting

2.1 Internal control management

The Office has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental framework for internal control management is in place and includes

The Office’s Audit Committee meets quarterly and provides advice to the Auditor General on the adequacy and functioning of the Office’s risk management, control, and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The Office relies on other organizations for processing certain transactions that are recorded in its financial statements, as follows:

3 Departmental assessment results during the 2017–18 fiscal year

3.1 Previous fiscal year’s areas for improvement

As part of our 2017–18 assessment, we followed up on areas for improvement identified in past assessments. We found that remedial actions had been taken in many of the areas identified. Remedial actions are also under way to address outstanding observations, which primarily relate to information technology (IT) general controls.

3.2 Assessment results

The work performed, key findings, and areas for improvement identified as part of the 2017–18 assessment of ICFR are as follows.

New or significantly amended key controls. In the 2017–18 fiscal year, there were no new or significantly amended key controls in existing processes requiring reassessment.

Ongoing monitoring program. The Office conducted ongoing monitoring according to its rotational plan. As part of this work, the Office evaluated entity-level controls. We tested the operating effectiveness of controls for processing payroll and revenues, and the design and implementation of controls for other business processes.

Area for improvement. The Office identified the following area for improvement in the 2017–18 fiscal year:

Despite the area for improvement noted above, the Office did maintain an effective system of ICFR in the 2017–18 fiscal year, as effective mitigating controls were in place to reduce the risk of material misstatement in financial reporting to an appropriately low level.

4 Action plan for the next three fiscal years

The following table shows the Office’s rotational ongoing monitoring plan over the next three fiscal years. This plan will be revisited annually based on the validation of high-risk processes and controls.

Rotational ongoing monitoring plan

Key control areas 2018–19 2019–20 2020–21
Entity-level controls checkmark  checkmark  checkmark 
IT general controls checkmark  checkmark  checkmark 
Payroll checkmark  checkmark  checkmark 
Operating expenses checkmark 
Revenues checkmark 
Year-end reporting checkmark