2018–19 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting

2018–19 Annex to the Statement of Management Responsibility, Including Internal Control over Financial Reporting

1 Introduction

This document provides summary information on the measures taken by the Office of the Auditor General of Canada to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results, and related action plans.

Detailed information on the Office’s authority, mandate, and program activities can be found in the 2018–19 Departmental Results Report and the 2019–20 Departmental Plan.

2 Departmental system of internal control over financial reporting

2.1 Internal control management

The Office has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental framework for internal control management is in place and includes

The Office’s Audit Committee meets quarterly and provides advice to the Auditor General on the adequacy and functioning of the Office’s risk management, control, and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The Office relies on other organizations for processing certain transactions that are recorded in its financial statements, as follows:

3 Departmental assessment results during the 2018–19 fiscal year

3.1 Previous fiscal year’s areas for improvement

As part of our 2018–19 assessment, we followed up on areas for improvement identified in past assessments. We found that remedial actions had been taken in many of the areas identified. Remedial actions are also under way to address outstanding observations, which relate primarily to information technology (IT) general controls.

3.2 Assessment results

The work performed, key findings, and areas for improvement identified as part of the 2018–19 assessment of ICFR are as follows.

New or significantly amended key controls. In the 2018–19 fiscal year, no new or significantly amended key controls in existing processes required reassessment.

Ongoing monitoring program. The Office conducted ongoing monitoring according to its rotational plan. As part of this work, the Office evaluated entity-level controls. We tested the operating effectiveness of controls for processing payroll. We also tested the design and implementation of controls for other business processes.

Area for improvement. The Office identified the following area for improvement in the 2018–19 fiscal year:

Despite the identification of this area for improvement, the Office did maintain an effective system of ICFR in the 2018–19 fiscal year, as mitigating controls were in place to reduce the risk of material misstatement in financial reporting to an appropriately low level.

4 Action plan for the next three fiscal years

The following table shows the Office’s rotational ongoing monitoring plan over the next three fiscal years. This plan will be revisited annually on the basis of the validation of high-risk processes and controls.

Rotational ongoing monitoring plan

Rotational ongoing monitoring plan
Key control areas 2019–20 2020–21 2021–22
Entity-level controls checkmark  checkmark  checkmark 
IT general controls checkmark  checkmark  checkmark 
Payroll checkmark  checkmark  checkmark 
Operating expenses checkmark 
Revenues checkmark 
Year-end reporting checkmark