PACP Committee Report

David Christopherson
Chair
Standing Committee on Public Accounts
House of Commons
Ottawa, Ontario
K1A 0A6

Dear Mr. Christopherson:

Pursuant to House of Commons Standing Order 109, on behalf of the Government of Canada, I am pleased to enclose the Government Response to the recommendations of the Fifth Report of the Standing Committee on Public Accounts: Chapter 1, Financial Management and Control and Risk Management, of the 2011 Status Report of the Auditor General of Canada.

Parliament and Canadians expect the federal government to be well managed through the prudent stewardship of public funds, the safeguarding of public assets, and the effective, efficient and economical use of public resources. They also expect reliable financial reporting that provides transparency and accountability for how government spends public funds to achieve results for Canadians.

Through the Treasury Board Policy on Internal Control the Government of Canada has demonstrated its commitment to meeting these expectations. The objective of this Policy is to manage risks relating to the stewardship of public resources through effective internal controls, including over financial reporting.  The Policy requires that the results of risk-based assessments of financial reporting controls, and an action plan to address any necessary adjustments, be published each year as an annex to departmental annual financial statements.

As requested by Recommendation 1 of the Standing Committee on Public Account’s (PAC) Report, attached are the reports on the risk-based assessments of the design and effectiveness of the financial reporting controls in the Department of Finance Canada and Veterans Affairs Canada. These two assessments demonstrate that both departments are maintaining an effective system of internal control over financial reporting, identifying risks and taking action to mitigate them.

Once available, the reports confirming the completion of the assessments from the Departments of Agriculture and Agri-Food Canada, Foreign Affairs and International Trade, Human Resources and Skills Development Canada, Aboriginal Affairs and Northern Development and Transport Canada will be provided to the Committee by the respective responsible Ministers.

In regards to the Committee Report’s Recommendations 2 and 3 concerning accrual based budgeting and appropriations, the Treasury Board Secretariat is following the plan presented by the President of the Treasury Board in early 2008 to the Chairs of PAC and the House of Commons Standing Committees on Government Operations and Estimates (OGGO).   

The nature of appropriations is separate from the issue of financial reporting.  Changing the accounting basis used in appropriations is not a mere accounting change but a fundamental change in the manner in which Parliament exercises expenditure control.  While there are many perspectives on what basis might be most appropriate for control purposes, there are no established best models or recommendations from recognized standards setting organizations. 

International experience is mixed on the issue.  Australia, long seen as the “front runner” of accrual-based appropriations, decided in 2009 to introduce appropriations on the basis of net cash requirements in part because accrual appropriations had led to problems with the way agencies managed and reported on appropriations, and perceptions that accrual appropriations had led to a loss of transparency.

Witnesses appearing before OGGO for its recent study in this Parliament on the Review of the Process for Considering the Estimates and Supply have also provided a range of perspectives on accrual appropriations. Several witnesses have supported accrual-based appropriations, most have not, with some recommending other changes to the nature of appropriations.

The Treasury Board Secretariat is using information from, among other sources, the OGGO Review of the Process for Considering the Estimates and Supply and an assessment of departmental accrual-based budgeting being conducted this fiscal year to develop a recommendation on accrual-based appropriations. This recommendation will be communicated to PAC.

I would like to take this opportunity to thank you and the members of the Standing Committee for your work.

Sincerely,

Hon. Tony Clement
President of the Treasury Board

Enclosures

DEPARTMENT OF FINANCE CANADA

STATEMENT OF MANAGEMENT RESPONSIBILITY INCLUDING INTERNAL CONTROL OVER FINANCIAL REPORTING

1. Introduction

This document forms an integral part of the Department of Finance Canada’s (‘the Department’) Statement of Management Responsibility Including Internal Control over Financial Reporting as well as the Departmental Financial Statements for the fiscal year 2010‑2011.

The Treasury Board Policy on Internal Control (‘the Policy’) became effective for the Department on April 1, 2009. This policy requires that measures are taken to maintain an effective system of internal control over financial reporting (ICFR) within the Department and that this system be assessed, on an annual basis, to determine its ongoing effectiveness. Among other things, an effective system of ICFR is a foundational element to the Department’s ability to produce relevant and reliable Departmental Financial Statements and to undergo a controls‑based external audit of those financial statements should a requirement to do so exist.

The Policy also requires that an annual report which summarizes the results of the ICFR assessment along with actions taken in response to significant issues which may have arisen as a result be attached to the Statement of Management Responsibility Including Internal Control over Financial Reporting, in the form of this Annex.

1.1 Authority, Mandate and Program Activities

The Department develops policies and provides advice to the Government with the goal of creating a healthy economy for all Canadians. For example, it:

• Plans and prepares the federal government’s budget;


• Analyzes and designs tax policies;


• Develops regulations for Canada’s banks and other financial institutions;


• Administers the transfer of federal funds to the provinces and territories;


• Develops policies on international finance and helps design our country’s tariff policies; and,


• Monitors economic and financial developments in Canada and provides policy advice on a wide range of economic issues.


• Detailed information on Finance’s authority, mandate and program activities can be found in the annual Report on Plans and Priorities (WEBLINK) and Departmental Performance Report (WEBLINK).

1.2 Financial Highlights

The Department’s unaudited financial statements are a component of the annual Departmental Performance Report. Highlights of the 2010‑2011 fiscal year are as follows (amounts expressed in $millions, unless otherwise stated):

Statement of operations

• Total expenses of the Department were $81,105 ($82,821 in 2010). The majority of expenses are comprised of transfer payments to provinces and territories of $52,322 ($55,344 in 2010) and public debt charges of $27,864 ($26,910 in 2010).


• Total revenues were $4,459 ($3,736 in 2010) and are mostly comprised of income arising from investments held in the Exchange Fund Account and the Crown borrowings‑interest. 

Statement of financial position

• At March 31, the Department holds a total of $159,938 in assets ($158,490 at March 31, 2010). Of total assets, the three most significant categories are advances made under the Crown Borrowing Framework with $96,579 ($96,468 at March 31, 2010), Foreign exchange accounts with $48,507 ($46,950 at March 31, 2010) and Due from the consolidated revenue fund with $6,938 ($7,155 at March 31, 2010).


• At March 31, the Department has incurred a total of $605,609 in liabilities ($576,684 at March 31, 2010). Of total liabilities, the most significant category is Unmatured debt with $587,058 ($555,138 at March 31, 2010) with Taxes payable under tax collection agreements of $6,622 ($6,382 at March 31, 2010) and related Interest payable at $6,538 ($6,778 at March 31, 2010).


• Note 1 to the Departmental Financial Statements and the Departmental Performance Report provide additional context on the nature of these transactions.

1.3 Service Arrangements Relevant to Financial Statements

The Department relies on other organizations for the financial reporting, or inputs into the financial reporting, of certain transactions. It also relies on other organizations to provide the infrastructure relating to transaction settlement and treasury management.

The following are key areas, relative to their overall importance to the financial statements, where reliance is placed on external service providers:

• The Bank of Canada, in its capacity as fiscal agent for the Government of Canada;


• Public Works and Government Services Canada (PWGSC), which centrally administers the government’s standard payment system (SPS);


• Canada Revenue Agency (CRA) provides information used by the Department to determine taxes receivable and payable under tax collection agreements with provincial, territorial and Aboriginal governments;


• The Office of the Comptroller General (OCG) co‑ordinates provisioning methodologies with respect to certain contingent liabilities and provides actuarial assumptions with respect to employee severance benefits;


• Treasury Board of Canada Secretariat (TBS) provides operational support to the Department in the form of accounting services for certain operational expenditures and the management of key informatics systems including its financial accounting system (hereinafter referred to as ‘shared corporate services’); and,


• The Department of Justice provides continuing advice on the nature of certain contingent liabilities that the Department is exposed to at the reporting date.

1.4 Material Changes in Fiscal Year 2010‑2011

Fiscal year 2010‑2011 has seen the following changes in key areas for the Department.

• The Department consolidated the positions of the Director, Values and Ethics and the Disclosure Protection Officer. The consolidation helps to ensure that employees are provided with one point of contact and service to receive guidance on values and ethics issues and make protected disclosures of wrongdoing in accordance with the Public Servants Disclosure Protection Act.


• Select shared corporate services delivered by TBS to the Department were transferred to or implemented by the Department. As a result, compensation and benefits, departmental specific security services, and certain administration services are now more aligned with the specific needs and requirements of the Department.


• The Department has implemented the new requirements of Treasury Board Accounting Standard 1.2 in the preparation of its 2010‑2011 Departmental Financial Statements. Comparative results have been restated to reflect the new standard and are disclosed as appropriate within the financial statements.

2. Control Environment of the Department

2.1 Key Positions, Roles and Responsibilities

Below are the Department’s key positions and committees with responsibilities for maintenance and oversight of the effectiveness of its system
of ICFR.

Deputy Minister – The Department’s Deputy Minister reports directly to the Minister and, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. The Deputy Minister serves as a member of the Departmental Audit and Evaluation Committee.

Chief Financial Officer (CFO) – The CFO supports the Deputy Minister by establishing and maintaining a system of internal control related to financial management, including financial reporting and departmental accounts and by acting as a key steward with respect to relevant legislation, regulations, policies, directives and standards.

Senior Departmental Managers – The Department’s senior departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their systems of ICFR falling within their mandate.

Internal Audit and Evaluation (Chief Audit Executive) (CAE) – The Internal Audit and Evaluation team provides internal audit and evaluation services to the Deputy Minister, departmental managers and the external Audit and Evaluation Committee.  It supports the Deputy Minister and senior management in attaining the strategic objectives of the Department by providing them with objective, independent, and evidence‑based information, assurance, and advice on the effectiveness, efficiency and economy of departmental activities.

Departmental Audit and Evaluation Committee (AEC) ‑ The AEC is an advisory committee, composed mainly of members who do not occupy a position within the federal public administration, which provides independent, objective advice and guidance to the Deputy Minister. The committee recommends for approval by the Deputy Minister the departmental audit and evaluation plans, oversees the performance of internal audit and evaluation function in the Department and reviews and recommends the Departmental Financial Statements for approval to the Deputy Minister. It also reviews the results of audits and evaluations as well as management responses and action plans developed to address audit recommendations. Additionally, it reviews the corporate risk profile and departmental internal control arrangements.

2.2 Key Measures Taken by the Organization

The Department’s control environment also includes a series of measures to equip its staff through raising awareness, providing appropriate knowledge and tools as well as developing skills. Key measures include:

• An Office of Values and Ethics to provide service and guidance on values and ethics issues, discuss ethical dilemmas in accordance with the Values and Ethics Code for the Public Sector and the Conflict of Interest Code for the Department of Finance to underline the need for employees to avoid, and if necessary, resolve conflicts of interest between their official duties and their personal interests. Mandatory annual reporting is an important feature of the code;


• Finance Disclosure Protection Officer to make protected disclosures of wrongdoing in accordance with the Public Servants Disclosure Protection Act;


• A dedicated group under the supervision of the CFO tasked with the oversight of ICFR


• A corporate‑risk profile;


• A risk‑based internal audit plan;


• Annual performance agreements that clearly set out financial management responsibilities;


• Training programs and communications in core areas of financial management;


• Regularly updated delegated financial authorities and IT access controls; and


• IT processing systems with objectives of security, integrity, efficiency and effectiveness.

3. Assessment of Finance Canada's System of ICFR

3.1 Assessment Approach

In support of the Policy on Internal Control, an effective system of ICFR has the objectives to provide reasonable assurance that:

• Transactions are appropriately authorized;


• Financial records are properly maintained;


• Assets are safeguarded; and,


• Applicable laws, regulations and policies are followed

To ensure these objectives are met over time, assessments of the design and operating effectiveness of the system of ICFR must take place at appropriate intervals and be supported by a process for continued monitoring through an on‑going monitoring program.

Design effectiveness provides the assurance that key control points are identified, documented, in place, aligned with the risks they aim to mitigate and that any required remediation is addressed.

Operating effectiveness ensures that controls, as designed and implemented at a point in time, continue to operate effectively over a prolonged and defined period and that any required remediation is addressed.

An effective on‑going monitoring program identifies areas for continued or periodic observance, update and testing on a defined rotational basis consistent with the level of risk associated with business processes.

The Department has formalized its strategy to meet these objectives. There are two key elements to its approach which are determined and re‑confirmed on an annual basis.

First, there is an assignation of an appropriate level of financial‑reporting risk to each significant business process in place within the Department. Risk‑levels are delineated between high, medium and low risk in accordance with criteria as follows:

• Materiality of the business process;


• The nature of the account, ranging from department‑specific to strategic to the Government as a whole;


• Volume of activity, complexity, and homogeneity of transactions within the business process;


• Susceptibility to loss due to the nature of the process; and,


• Any existing recommendations relating to internal or external audits.

Second, an on‑going monitoring framework is developed that determines how often and in what way a business process would be examined. Currently, this framework is as follows:

• For high‑risk business processes, both design and operational‑effectiveness testing is performed within the same assessment period.


• For medium‑risk business processes, design and operational‑effectiveness testing is performed within the same assessment period at least once every three fiscal years. If resources permit or circumstances require, more frequent testing can occur.


• For low‑risk business processes, design effectiveness is completed at least once every three years. If resources permit or circumstances require, more frequent documentation can occur.

Circumstances which might require a re‑assessment of risk or a re‑examination of a business process outside of this established frequency can include the introduction of common financial business process guidelines by the OCG, new initiatives undertaken by the Department or an internal or external audit issue brought to the attention of management.

Periodically, or in relation to material departmental changes, the effectiveness of general computer and entity level controls will also be revalidated.

Internal audits within the Department are conducted in accordance with an audit plan approved annually by Deputy Minister on the advice and recommendation of the AEC. If the nature, extent and scope of an internal audit are relevant to the objectives of the Policy, they are appropriately incorporated into the assessment for any given year regardless of the business process being audited. This approach provides for internal efficiencies.

3.2 Departmental Assessment Scope

The Department completed its annual risk assessment process in accordance with the steps and framework described at Section 3.1.

The results of this approach determined, in particular, the scope of work necessary for 2010‑2011. This work‑plan is described in the table below:

2010-2011 Work-Plan
Business process or area of control	Part of 2010‑2011 assessment scope	Approach to assessment
Transfer payments	Yes	Update to design effectiveness and planned internal audit
Domestic debt	Yes	Update to design effectiveness and planned internal audit
Crown borrowing	Yes	Design and operational effectiveness
International balances	Yes	Design and operational effectiveness
Financial close and reporting	Yes	Design and operational effectiveness
Foreign portfolio	No	Part of 2011‑2012 work plan
Operating expenses	No	Part of 2011‑2012 work plan
Circulating Coins	Yes	Planned internal audit
Payroll and benefits	No	Part of 2011‑2012 work plan
Budgeting and forecasting	Yes	Design and operational effectiveness
Entity level controls	Yes	Design effectiveness
General IT controls	No	Part of 2011‑2012 work plan

4. The Department's Assessment Results

The Department has completed the work established as part of its 2010‑2011 annual assessment scope. The significant results of these assessments are discussed at Sections 4.1 and 4.2 below.

4.1 Design Effectiveness of Key Controls

During the course of it work, management has noted four areas for improvement or further review. These are:

Confirmations: the Department confirms the contractual cash flows of its significant financial transactions prior to actual payment. In some cases, the confirmation process is designed to elicit a response from the counterparty only in situations where there is an initial disagreement over amounts or other details of these upcoming payments. A requirement for the counterparty to positively confirm their agreement with payment details could provide additional predictive value to the confirmation process.

Authorization: the Department has noted an opportunity to streamline its debt‑auction process through the elimination of redundant or repetitive controls.

Frequency of review: the Department would benefit from increasing the frequency of review of domestic coinage inventories against contractually agreed levels.

Frequency of review: the Department processes significant expenditures within the SPS which are date sensitive by contract or statute. After these payments have been processed using normal review and authorization procedures, a secondary review takes place confirming payment details. This secondary review would benefit from further confirmation of the payment date.

Where areas of improvement have been noted, it is important to consider that these areas have been assessed within the context of all the key controls identified within a business process. Accordingly, an area(s) for improvement is not an indication that controls within a business process, on an overall basis, are not designed effectively.

4.2 Operating Effectiveness of Key Controls

During the course of its work, management has noted one instance where key controls were not operating effectively. These are:

Financial coding of transactions: for a particular statutory transaction, it was noted that although proper authority to make a payment was properly documented and obtained, the subsequent coding of the transaction within the accounting system was to an unrelated fund centre.

Where an observation has been made with respect to the operating effectiveness of key controls, it is important to consider that these areas have been assessed within the context of the key controls identified within a business process. Accordingly, an area(s) for improvement is not an indication that controls within a business process, on an overall basis, are not operating effectively.

5. The Department's Action Plan

5.1 Progress As of March 31, 2011

During 2010‑2011, the Department continued to make significant progress in assessing and improving its key controls. Progress to date is summarized below:

The Department has completed:

• Its annual risk‑based assessment for the 2010‑2011 fiscal year as described at section 3.2;


• Addressing the areas of improvement for Authorization and Frequency of Review noted at section 4.1;


• With respect to items identified in the Department’s 2009‑2010 Action Plan relating to progress as at 2010‑2011:


• Developing and implementing an ongoing‑monitoring plan of periodic and risk‑based evaluations of significant business processes within the Department;


• Updated design and operational effectiveness testing for all business processes falling within the scope of its risk‑based approach;


• Completed its review of the delegated financial authorities matrix.

The Department has substantially completed:

• Finalizing its work‑plan with respect to 2011‑2012 with final confirmation upon completion of the 2010‑2011 Departmental Financial Statements

The Department has commenced or partially completed work to:

·         Undertake a review of the confirmation processes employed in the settlement of certain financial transactions, as discussed at section 4.1

5.2 Action Plan ‑ Future Years

By the end of 2011‑2012, the Department plans to:

• Have completed its 2011‑2012 assessment work‑plan which tentatively will include reviews of Transfer payments, Domestic debt, Crown borrowing, International Balances, Financial Close and Reporting, Foreign Portfolio, Payroll and Benefits and General Computer Controls;


• Have begun addressing any remediation elements identified in 2011‑12;


• Have reviewed the implementation of changes to the design and operation of business processes implemented in 2010‑2011; and,


• Continue monitoring on an ongoing and risk‑based basis that ICFR continue to operate effectively over time.

VETERANS AFFAIRS CANADA

Statement of Management Responsibility, Including Internal Control over Financial Reporting

Note to the reader

With the Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

• Transactions are appropriately authorized;


• Financial records are properly maintained;


• Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and


• Applicable laws, regulations and policies are followed.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess the effectiveness of associated key controls and adjust as required, as well as to monitor the system in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.

1.0 Introduction

This document is attached to the Department of Veterans Affairs’ Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal-year 2010-2011. As required by the Treasury Board Policy on Internal Control, effective April 1^st 2009, this document provides summary information on the measures taken by Veterans Affairs Canada (VAC) to maintain an effective system of internal controls over financial reporting (ICFR). In particular, it provides summary information on the assessments conducted by VAC as at March 31, 2011, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the department. This is the second annex produced by this department.

1.1 Authority, Mandate and Program Activities

Detailed information on VAC’s authority, mandate, priorities, strategic outcomes and program activities can be found in the Departmental Performance Report External link, Opens in a new window and Report on Plans and Priorities.

1.2 Financial Highlights

Financial statements (unaudited) of Veterans Affairs Canada for fiscal-year 2010-2011 can be found on the Veterans Affairs Canada Web site. Information can also be found in the Public Accounts of Canada site.

• Total expenses were $3.5B;


• Grants & Contributions payments comprise the majority (72% or $2.5B) of total expenses;


• Total revenues were $21M largely from the accommodation and meal fees collected by the Departmental Hospital ($19M);


• Tangible capital assets comprise 68% of departmental total assets ($209M); and


• Accounts payable and accrued liabilities comprise over 43% of total liabilities ($126M);


• The Department has a strong regional presence representing approximately 75% ($727M) of the total operating expenses. There is a decentralized finance management function in each of the four regional offices and in the departmental hospital that initiate, approve, process and/or record a significant portion of operating expenses.

1.3 Service Arrangements Relevant to Financial Statements

VAC relies on other organizations for the processing of certain transactions that are recorded in its financial statements.

Common Arrangements:

• Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and the procurement of goods and services, as per the Department’s Delegation of Authority.


• Treasury Board Secretariat provides the department with information used to calculate various accruals and allowances, such as the accrued severance liability.


• The Department of Justice provides legal services to VAC.

Specific Arrangements:

• An external service provider administers the Federal Health Claims Processing System on behalf of the Service Delivery Branch. The external service provider has the responsibility to ensure that payments are made in accordance with the conditions set out by the department. As a result, reliance is placed on the control procedures of the external service provider.


• Another external service provider administers portions of the Vocational Rehabilitation program to help disabled CF Veterans who need support to re-enter civilian life through the provision of medical, psycho/social, and vocational assistance/services.


• The Career Transition Services program is administered by an external provider. The program provides workshops, individual career counselling and job search assistance for qualified individuals.

1.4 Material Changes in Fiscal-year 2010-2011

A plan over the next five years was initiated in 2010-11 to transform the benefits and services offered to VAC’s clients as well as program business processes. An integral part of transformation was the addition of an Associate Deputy Minister to lead transformation throughout the Department.

During 2010-11, there has been improved governance through the third year of operation of the Departmental Audit Committee.

2.0 Control Environment of Veterans Affairs Canada relevant to ICFR

VAC recognizes the importance of setting the tone from the top to help ensure that staff at all levels understands their roles in maintaining an effective system of ICFR and is well equipped to exercise these responsibilities effectively. The focus is to ensure risks are managed well through a responsive and risk-based control environment that enables continuous improvement and innovation.

2.1 Key positions, roles and responsibilities

Below are VAC’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Deputy Minister – VAC’s Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Senior Management Committee.

Chief Financial Officer (CFO) – VAC’s CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment. Falling under the CFO responsibilities is also the management of the Department’s Corporate Risk Profile.

Senior Departmental Managers - VAC’s senior departmental managers (Assistant Deputy Ministers and Deputy Minister Direct Reports) in charge of program delivery and corporate services are responsible for maintaining and reviewing effectiveness of the system of ICFR falling within their mandate.

Chief Audit Executive (CAE) – VAC’s CAE reports directly to the Deputy Minister and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.

Departmental Audit Committee (DAC) - The DAC is an advisory committee that provides objective views on the department’s risk management, control and governance frameworks. It is comprised of the Deputy Minister and three external members. Established in 2008, the committee is responsible for reviewing VAC’s Corporate Risk Profile and its system of internal control, including the assessment and action plans relating to the system of ICFR.

Senior Management Committee (SMC) - As the VAC central decision-making body, SMC reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control, including the assessment and action plans relating to the system of ICFR.

Departmental Investment Board (DIB) - The Board, a sub-committee of SMC, reviews proposed projects to ensure they are fully researched and are within the Department’s capacity to be completed. To ensure effective and efficient management of VAC funds, DIB also monitors the Department’s performance against planned expenditures throughout the fiscal cycle. The Board is chaired by the ADM, Corporate Services with representatives from all DM direct report organizations.

2.2 Key measures taken by VAC

The Department's control environment also includes a series of measures to equip its staff to manage risks well through raising awareness, providing appropriate knowledge and tools as well as developing skills. Key measures include:

• An Office of Values and Ethics under the Deputy Head;


• The Department’s code of conduct and values and ethics code;


• A dedicated division under the CFO on internal control;


• Annual performance agreements with clearly set out responsibilities;


• Training program and communications in core areas of financial management;


• Departmental policies tailored to the Department’s control environment;


• Regularly updated delegated authorities matrix;


• Documentation of main business processes and related key risk and control points to support the management and oversight of its system of ICFR; and


• IT processing systems to achieve greater security, integrity, efficiency and effectiveness.

3.0 Assessment of VAC’s system of ICFR

3.1 Assessment Approach

To satisfy the requirements of the Policy on Internal Control, the department must be able to maintain an effective system of ICFR with the objective to provide reasonable assurance that:

• Transactions are appropriately authorized;


• Financial records are properly maintained;


• Assets are safeguarded; and


• Applicable laws, regulations and policies are followed.

Over time, this includes assessment of design and operating effectiveness of the system of ICFR leading to ensuring the on-going monitoring and continuous improvement of the departmental system of ICFR.

Design effectiveness means to ensure that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate) and that any remediation is addressed. This includes the mapping of key processes and IT systems to the main accounts by location as applicable.

Operating effectiveness means that the application of key controls has been tested over a defined period and that any required remediation is addressed.

Such testing covers all departmental control levels which include corporate or entity, general computer and business process controls.

On-going monitoring means that key controls are monitored on a regular basis to provide reasonable assurance that they continue to function effectively over time.

3.2 Scope of Departmental Assessment During Fiscal-Year 2010-2011

The department has taken measures to assess its system of ICFR starting from its financial statement with a focus on the following main accounts:

• Earnings Loss


• War Veterans Allowance


• Payroll


• Veterans Independence Program


• Treatment Benefits


• Long Term Care Program


• Operating and Maintenance Payables


• Disability Pensions


• Disability Awards


• Health Related Travel


• OSI Clinics


• Contract Administration


• Rehabilitation Program

For each significant account, the Department completed the following:

• The design effectiveness and the testing of the operating effectiveness of fourteen key business processes.


• A preliminary overall assessment of the Department’s readiness to sustain an efficient audit of its financial statement.


• As well, an assessment of the Department’s ITGCs covered the review of the access to programs and data, program changes, computer operations and program development. The assessment of operating effectiveness was based on the Control Objectives for Business related Information Technology (COBIT®) standards.

4.0 Departmental assessment results during fiscal-year 2010-2011

4.1 Operating Effectiveness

The operating effectiveness of key controls was tested during fiscal-year 2010-11. As a result of the testing, exceptions were noted in certain ITGC elements. The significant findings were around access management and change control. Corrective action commenced during fiscal-year 2010-11 to address these issues with the objective to complete these actions in early fiscal-year 2011-12.

4.2 Ongoing Monitoring Program

VAC is now following a rotational on-going monitoring schedule to ensure that all ICFR remain up-to-date and effective. A dedicated until called Controls Assessment has been created under the direction of the CFO. This unit is responsible for a well-integrated risk-based approach to on-going monitoring; to monitor the completion of remedial actions identified; and to put in place a program to raise awareness and understanding of VAC’s system of ICFR at all levels. Process documentation, including narratives and descriptions of all key controls, are updated and revalidated on a rotating basis by process owners.

5.0 Departmental Action Plan

5.1 Progress during fiscal-year 2010-2011

During 2010-2011, VAC continued to make significant progress in assessing and improving its controls. Below is a summary of the main progress made:

The Department’s substantially advanced work includes the following necessary adjustments:

• Addressed weaknesses in the Account Verification Process and incorporated salaries and wages in the Quality Assurance Framework of the Account Verification Process;


• Progressed on development of a risk-based internal control framework over all aspects of financial management;


• Implemented a management intervention process to address the risk of management override of controls;


• Resolved several authority issues identified through the management intervention process;


• Continued to improve controls around segregation of duties and system access;


• Commenced an assessment of the operating effectiveness of departmental internal controls over financial reporting.

The Department’s completed work includes the following necessary adjustments:

• Implemented training and educational programs for those employees involved with ICFR;


• Established a dedicated unit responsible for monitoring programs to ensure ICFR are maintained, strengthened where possible and that changes to business processes or new business processes are documented on a timely basis and the related internal controls are tested.

Summary of progress during fiscal year 2010-2011 in VAC Action Plan:

1. Testing of Operating Effectiveness of Key Controls:

• Planned for 2010-2011: Included in prior year's action plan for current year.


• Acutal for 2010-2011: Risk-based testing plan developed and carried out.

2. Remediation of operating effectiveness of key control deficiencies

• Planned for 2010-2011: Not included in prior year's action plan for current year.


• Acutal for 2010-2011: Significant adjustments identified to date have been partially remediated.

5.2 Action plan for the next fiscal-year and subsequent years

5.2.1 By end of 2011-12, VAC plans to:

• Assess the corrective action carried out in accordance with the results of the 2010-2011 assessment of the operating effectiveness of departmental ITGCs and IT application controls.


• Complete the final overall assessment of the operating effectiveness of the departmental system of internal controls over financial reporting.


• Update documentation based on the results of the operating effectiveness testing.


• Continue to address the weaknesses in the account verification process identified through the Quality Assurance Framework.


• Commence assessment of the impacts and address the changes to the system of ICFR as required as a result of Transformation throughout the Department.


• Assess the impacts of the potential transfer of Ste. Anne’s Hospital (representing 76% of the Department’s capital assets and 18% of operating expenditures) to the province of Quebec.

5.2.2 By end of 2012-13, VAC plans to:

• Continue to monitor and strengthen all internal controls in departmental business processes including identifying and prioritizing risks and the controls to mitigate these risks, complete resolution of identified authority issues, as well as to monitor its performance in support of continuous improvement.


• Continue to assess the impacts and address the changes to ICFR as required as a result of Transformation throughout the Department.