Audit of the Process of Preparing The Canadian Space Agency's Annual Financial Statements and Quarterly Financial Reports

Download the PDF version (789 KB)

Audit Report

Project No. 12/13 01-03

March 2013

1.0 Summary

1.1 Audit Objective

The audit objective is to determine if the design and operational effectiveness of internal controls over the process of preparing annual financial statements and quarterly financial reports are adequate.

This audit project is not intended to provide assurances as to the accuracy of the financial information presented in the financial statements and quarterly financial reports, but rather to determine if the design and operational effectiveness of internal controls over the preparation process are adequate.

To obtain reasonable assurance as to the accuracy of the financial information presented in the financial statements and quarterly financial reports, the Canadian Space Agency (CSA) must complete the setting up of its system of Internal Control over Financial Reporting (ICOFR) in accordance with the Treasury Board Policy on Internal Control. Consequently, it is necessary to validate the internal controls over all of the business procedures used to generate the financial information for the financial statements and quarterly financial reports, including, for example, controls over purchasing and accounts payable procedures, cash flow and entity level controls. Until such validation is completed, this audit project will focus solely on the key process for the preparation of financial statements and quarterly reports and to provide the Audit Committee an audit opinion on the design and operational effectiveness of the controls related to this process.

1.2 Audit Opinion

In our opinion, despite some deficiencies identified in some of the internal controls, the design and operational effectiveness of the internal controls associated with the process of preparing annual financial statements and quarterly financial reports are adequate. In fact, after reviewing the deficiencies with the manager of Accounting Operations and Financial Policies, we concluded that the types of deficiencies and their impact and likelihood of occurrence did not pose a major risk of a material error in the financial statements.

However, it is important to note that because of their inherent limitations, it is possible that the internal controls over the financial information may not facilitate the timely prevention or detection of inaccuracies.

1.3 Statement of Assurance

As the Chief Audit Executive, I am of the opinion that sufficient and appropriate audit procedures have been followed and that evidence has been gathered to support the findings set out in this report. The findings are based on a comparison of the conditions as they existed at the time of the audit, and the pre-established audit criteria that were agreed upon with management. The evidence was gathered in compliance with Treasury Board (TB) policy, directives and standards for internal audit. The procedures followed comply with the professional standards of the Institute of Internal Auditors (IIA). The gathered evidence is sufficient to convince senior management of the validity of the findings resulting from the internal audit.

1.4 Summary of Recommendations

In general, the practices associated with the CSA's internal controls are standard and consistent with practices found elsewhere. In addition, we want to emphasize that the quality assurance process followed for journal entries is a good practice that enhances the quality of the internal control of journal entries.

Based on the audit activities carried out with respect to the scope of the work stated in paragraph 2.2 of this report, 29 key controls were identified for the process of preparing annual financial statements and quarterly reports. All of the 29 key controls were assessed for the quality of their design. It was concluded from the assessment results that 9 key controls have design deficiencies. We were able to assess 21 key controls for their operational effectiveness. We were unable to conduct tests of the other 8 controls because of their design deficiencies. It was concluded from the assessment results that 2 key controls had a deficiency in terms of operational effectiveness.

The results are summarized in the following table:

Controls with no deficiency Controls with a design deficiency making it impossible to conduct tests of operational effectiveness (for lack of evidence) Control with a deficiency in both design and operational effectiveness Control with adequate design, but a deficiency in operational effectiveness
19 8 1 1

Based on the audit results, as shown in the preceding table, we drew up the following recommendations:

  1. Make the CSA employees concerned aware of and provide them with training in the internal control policy, particularly the importance of keeping the necessary supporting evidence for the key internal controls that they carry out. There was insufficient or no evidence for 8 out of a total of 29 controls;
  2. To ensure a complete review of all journal entries, check the list of reviewed entries against a list generated directly by the system;
  3. The supporting documents for journal entries should be appended systematically to make it easier for approvers to understand and properly review the entries. If the documents are kept in a place other than the designated place, this should be mentioned in the entry description to make it easier to track the information; and
  4. All journal entries reviewed for quality control purposes should be initialized to provide proof that they were reviewed.

Chief Audit Executive's signature

2.0 Audit Report

2.1 Background

The CSA's Audit Committee Charter, which came into effect in 2010 and is updated every year, outlines the Committee's duties and responsibilities, one of which is to review the CSA's principal financial management reports, including the quarterly financial reports and the annual financial statements, and to advise the deputy head accordingly.

To carry out their mandate, the Audit Committee members want to ensure that the design and operational effectiveness of internal controls over the process of preparing annual financial statements and quarterly financial reports are adequate.

2.2 Audit Objective, Scope and Approach

Objective

The audit objective is to determine if the design and operational effectiveness of internal controls over the process of preparing annual financial statements and quarterly financial reports are adequate.

This audit project is not intended to provide assurances as to the accuracy of the financial information presented in the financial statements and quarterly financial reports, but rather to determine if the design and operational effectiveness of internal controls over the preparation process are adequate.

To obtain reasonable assurance as to the accuracy of the financial information presented in the financial statements and quarterly financial reports, the Canadian Space Agency (CSA) must complete the setting up of its system of Internal Control over Financial Reporting (ICOFR) in accordance with the Treasury Board Policy on Internal Control. Consequently, it is necessary to validate the internal controls over all of the business procedures used to generate the financial information for the financial statements and quarterly financial reports, including, for example, controls over purchasing and accounts payable procedures, cash flow and entity level controls. Until such validation is completed, this audit project will focus solely on the key process for the preparation of financial statements and quarterly reports and to provide the Audit Committee an audit opinion on the design and operational effectiveness of the controls related to this process.

Scope

The audit project focused on the procedures for preparing the CSA's 2011 and 2012 annual financial statements and the quarterly financial reports for the quarters ending on June 30, 2012, and September 30, 2012.

Approach

The audit program and the selected audit criteria were discussed, and the CSA's Chief Audit Executive approved them beforehand.

The audit included various audit procedures, including interviews, reviews of documents, tests of controls and an assessment of control deficiencies.

The audit was carried out in accordance with the CSA's Internal Audit Policy and Procedures Manual, which are based on the Internal Auditing Standards for the Government of Canada, which has adopted the International Professional Practices Framework, published and maintained by the Institute of Internal Auditors (IIA).

2.3 Findings, Recommendations and Management's Response

To determine whether or not the design and operational effectiveness of internal controls over the process of preparing annual financial statements and quarterly financial reports are adequate, we expected to find evidence of the following:

  • Adequately designed internal controls over the process of preparing annual financial statements and quarterly financial reports;
  • Effective internal controls over the process of preparing annual financial statements and quarterly financial reports; and
  • Internal controls over the process of preparing annual financial statements and quarterly financial reports that contribute to prevent or detect errors or fraud.

It should be noted that the audit objective and audit criteria were discussed with management.

The findings for each of the three audit criteria are set out below. A table outlining all of the existing internal controls and the reported deficiencies is included in the Appendix.

Criterion 1

The design of internal controls over the process of preparing annual financial statements and quarterly financial reports is adequate.

Findings
Sub criteria
  1. Existing controls make it possible to cover the risks associated with the process of preparing quarterly financial reports and annual financial statements;
  2. Existing controls make it possible to cover assertions applicable to the preparation of quarterly financial reports and annual financial statements;
  3. The frequency of existing controls is adequate for covering reported risks;
  4. The combination of detection and prevention controls is adequate;
  5. The combination of manual and automated controls is adequate;
  6. The experience and competence of the persons carrying out the controls seem adequate;
  7. The relevance and quality of evidence and proof in support of the controls are adequate.
Condition

Seven control objectives were identified for the purpose of covering the main risks associated with the production of financial statements and quarterly financial reports. It should be noted that the key controls over the process for preparing financial statements together with the key controls over other CSA business processes will help to achieve the following desired control objectives:

  • Ensure that necessary changes to the accounting standards are identified, approved and implemented adequately and in a timely manner;
  • Ensure that necessary changes to the Chart of Accounts are identified, approved and implemented adequately and in a timely manner and that new line items are properly grouped together in the financial statements and financial reports;
  • Ensure that journal entries and transactions are recorded in the correct accounting period, that adjusting entries are accurate, complete and properly authorized, and that access to entries is properly controlled;
  • Ensure that the presentation of line items in the financial statements and quarterly reports is accurate and complete, that the analyses of accounts and reconciliations used to prepare financial statements and quarterly reports are complete and accurate, and that the financial statements and financial reports are approved before being disseminated;
  • Ensure that the notes to financial statements are accurate and complete and that their presentation and content comply with directives;
  • Ensure that the transmission of trial balance is accurate and complete; and
  • Ensure appropriate task segregation.

Based on the audit work undertaken, 29 existing key controls meet sub criteria (a) to (f) satisfactorily.

In the case of sub-criterion (g), 20 key controls were satisfactorily designed. However, the design of 9 other key controls (see complete descriptions in the Appendix) was deemed inadequate.

  • For 8 of these controls, evidences of review and supporting documents were missing or inadequate.
  • For 1 of these controls, which had to do with the review of journal entries, the accounting clerk is reviewing on the basis of paper copies. This do not provides assurance of the completeness of the journal entries because the list is not coming directly from the system.
Cause

The absence of evidence of review and of supporting documents appears to be caused by a lack of awareness of the importance of keeping proof of review that can be used to demonstrate that the internal controls were carried out as intended.

As for the review of journal entries, the accounting clerk did not seem to be aware of the fact that in order to ensure the completeness of his review, he had to obtain a list of journal entries directly from the system and not just paper copies.

Effect

Without evidence of review and supporting documents, it is not possible to ensure that the controls are operating properly or to assess the relevance and quality of the analyses and reviews carried out.

As for the review of journal entries, using only paper copies to review journal entries, and not a list generated by the system, will not ensure the completeness of the review of journal entries.

Recommendation

Recommendation No. 1: Make the CSA employees concerned aware of and provide them with training in the internal control policy, particularly the importance of keeping necessary supporting evidence for the key internal controls that they carry out.

Recommendation No. 2: To ensure a complete review of all journal entries, check the list of reviewed entries against a list generated directly by the system.

Identified Responsibility
Organization

Accounting Operations and Financial Policies

Position concerned

Manager, Accounting Operations and Financial Policies

Management's Response

Recommendation 1: We are carrying out the required controls and, despite the fact that written evidence is left on the documents after the controls are carried out. We have the following documents supporting the controls we carry out:

  • Control list to validate our trial balances;
  • List showing reconciliations carried out between trial balances and items in the financial statements during the preparation of financial statements;
  • Briefing notes containing highlights to be submitted to the President when financial statements are signed.

However, we understand that this is insufficient and we will ensure that evidence is kept to demonstrate that the controls were carried out.

Recommendation 2: A finance clerk checks all journal vouchers and a sample of journal vouchers is checked for quality assurance purposes. However, we agree that there must be a better control relative to acceptance of the completeness of received journal vouchers.

Management's Action Plan

Recommendation 1: We will include with the checklists and lists of documents that we already have written proof indicating that controls have been carried out (name and date). The work has already begun and will be completed during the preparation of the 2012–2013 financial statements.

Deadline: June 30, 2013

Recommendation 2: Recommendation 2 has already been implemented.

Deadline: n/a

Criterion 2

Internal controls over the process of preparing annual financial statements and quarterly financial reports are adequate.

Findings
Condition

For the identified internal controls over the process of preparing annual financial statements and quarterly financial reports (see details of these controls in the Appendix), operational effectiveness tests were conducted for the period covered by the Statement of the Scope of Work, as per Section 2.2 of this report.

The test strategy concerning operational effectiveness was determined on the basis of the frequency of internal controls and the level of risk associated with the process.

Frequency of Controls Size of Sample
Annually 1
Quarterly 2
Monthly 3
Per transaction 45

Based on the tests conducted, the following are the findings as to the controls' operational effectiveness:

  1. For 8 controls, as mentioned for Criterion 1, the design is inadequate owing to the absence of evidence of review and proof that the control was carried out; so a conclusion as to their operational effectiveness cannot be drawn.
  2. For one control associated with the journal entry review, we found in the operational effectiveness tests that the review was not carried out satisfactorily and systematically. Of the 45 journal entries inspected, there were 7 without vouchers supporting the entry, and supporting approval that the entry was reviewed. Owing to the nature of the journal entries, the vouchers were kept in a place other than the usual place, but no mention of this was recorded in the journal entry description.
  3. In the case of one control where we found design deficiency, we were able to conduct part of the operational effectiveness tests, during which we found that the journal entry review had not been done properly. Of the 45 entries inspected, there were 20 that had not been initialized by the accounting clerk when he did his quality review as proof that the delegation of authority had been reviewed.
Cause
  1. The absence of proof of review and supporting documentation appears to be caused by a lack of awareness of the importance of keeping proof of review that makes it possible to demonstrate that internal controls were carried out as intended.
  2. The absence of documentation supporting journal entries appears to be caused by a lack of awareness of the importance of keeping records or of mentioning where to find supporting evidence for the recording of journal entries and for review and approval purposes.
  3. The absence of the accounting clerk's initials during his review of journal entries as an indication of quality control appears to be caused by a lack of awareness of the importance of keeping evidence of the review that was carried out.
Effect
  1. In the case of 8 controls, the design is inadequate; so a conclusion as to their operational effectiveness cannot be drawn.
  2. In the case of one control associated with the review of journal entries, the review of journal entries was not carried out satisfactorily and systematically.
  3. In the case of one control associated with the journal entry review by the accounting clerk, the review was not documented satisfactorily; so the operational effectiveness was inadequate.
Recommendation
  1. Recommendation No. 1 applies here. Make the CSA employees concerned aware of and provide them with training in the CSA's internal control policy, particularly the importance of keeping necessary supporting proof for the key internal controls that they carry out.
  2. Recommendation No. 3 – The supporting documents for all journal entries should be appended to make it easier for approvers to understand and properly review the entries. If the documents are kept in a place other than the designated place, this should be mentioned in the entry description.
  3. Recommendation No. 4 – All journal entries reviewed for quality control purposes should be initialized to provide evidence that they were reviewed.
Identified Responsibility
Organization

Accounting Operations and Financial Policies

Position concerned

Manager, Accounting Operations and Financial Policies

Management's Response

Recommendation 1: Same as for Criterion 1

Recommendation 3: We agree

Recommendation 4: We agree

Management's Action Plan
Action plan details

Recommendation 1: Same as for Criterion 1

Deadline: June 30, 2013

Recommendations 3 and 4: Issue a reminder to employees and pay attention to compliance with these requirements when quality assurance is done. This reminder was issued during a meeting attended by Finance employees. A formal written reminder will also be issued.

Deadline: April 30, 2013

Criterion 3

Internal controls over the process of preparing annual financial statements and quarterly financial reports help to prevent or detect errors or fraud that may result in significant errors in the annual financial statements and quarterly financial reports.

Findings
Condition

Based on the audit work carried out, as described in the approved audit program and the scope of work stated in Section 2.2 of this report, of the 29 controls identified, there were 10 with a deficiency in either their design or their operational effectiveness.

To assess the seriousness of the deficiencies, the following were analysed during discussions with management:

  1. The presence of compensating controls to mitigate the seriousness of the deficiency;
  2. The likelihood of the occurrence of an error or a fraud because of the control deficiency identified;
  3. The potential magnitude of an error or fraud after the control deficiency has occurred.

It should be noted that the deficiencies in the process for preparing annual financial statements and quarterly financial reports were analysed in isolation. As previously mentioned, the other procedures for generating the CSA's financial information were not assessed during this audit and, if they had been, additional potential deficiencies could have been identified. Normally, these potential deficiencies should be assessed along with the deficiencies that this report has brought to light.

That said, following the discussions and the review of deficiencies, the manager in Accounting Operations and Financial Policies agreed that they would implement measures to correct them. It was also concluded that the type of deficiencies, their impact and likelihood of occurrence did not pose a major risk of a material error in the financial statements.

However, it is important to note that because of their inherent limitations, it is possible that the internal controls over the financial information may not facilitate the timely prevention or detection of inaccuracies.

Cause

N/A

Effect

N/A

Recommendation

N/A

Identified Responsibility
Organization

N/A

Position concerned

N/A

Management's Response

To support the assertion that the type of the deficiencies, their impact and likelihood of occurrence did not pose a major risk of a material error in the financial statements, the following are some examples of compensating controls that may provide additional assurances of the compliance of the financial statements.

The Office of the Comptroller General (OCG) does compliance monitoring of our draft financial statements by using a list of more than 150 controls. We receive a few comments and make the required adjustments to our final financial statements.

The Receiver General does monthly and annual monitoring of our submitted trial balances. The CSA's near perfect results demonstrate that our controls are appropriate. By carrying out various monthly monitoring measures, we have reduced the number of errors from over 50 in 2007 to a single error in 2010–2011 and only one also in 2011–2012.

Management's Action Plan
Action plan details

N/A

Deadline

N/A

Appendix: Key Internal Controls Identified for Covering Each Identified Risk

Risk No. 1: Accounting Standards

Necessary changes to the accounting standards for the annual financial statements are not determined, approved, or implemented satisfactorily or in a timely manner.

  1. Every year, the Receiver General sends changes (infrequent) to the accounting standards. The Manager, Accounting Operations and Financial Policies is responsible for determining which changes are applicable to the Agency (this is not an accounting choice or a decision that must be approved by a higher authority. It is a matter of determining whether or not the change is applicable, depending on the type of department or agency) and sends this information by email to the Chief, Corporate Accounting and Internal Control, who prepares the financial statements according to the new standards.
  2. Every year, the Chief, Corporate Accounting and Internal Control prepares the financial statements in accordance with the new standards and ensures that the changes determined in Control No. 1 above have been properly implemented by comparing the current financial statements with those of the previous year. Deficiency: Refer to Recommendation No. 1

Risk No. 2: Chart of Accounts

  • Necessary changes to the Chart of Accounts for the annual financial statements are not determined, approved, or implemented satisfactorily or in a timely manner.
  • General Ledger accounts are not properly grouped together in the financial statements.

Every year, when the Receiver General sends the changes to the chart of accounts, the Manager, Accounting Operations and Financial Policies is responsible for sending these changes by email to the Chief, Corporate Accounting and Internal Control, who is responsible for determining which changes are applicable to the Agency. The identified changes and email are kept on file in the form of notes.

  1. Every year, the Chief, Corporate Accounting and Internal Control confirms that all of the changes that the Receiver General has requested be made to Control No. 1 are implemented by checking the initial trial balance of the month following implementation of the changes. She uses a checklist to validate this trial balance review. Deficiency: Refer to Recommendation No. 1
  2. Every year, the Chief, Corporate Accounting and Internal Control check the wording of the General Ledger accounts and their classification in the Chart of Accounts, and revise the G/L Account Report list and the coding manual. Deficiency: Refer to Recommendation No. 1
  3. Any person wishing to make a change to the General Ledger Accounts must submit a request to do so to the Financial Analyst, who submits a request to the Coding Committee, which includes representatives of Accounting, Financial Planning, Governance and Computer Systems. The Coding Committee, of which the Chief, Corporate Accounting and Internal Control is a member, authorizes all changes, creation or cancellation of accounts to the General Ledger using the new account form produced by the Financial Analyst.
  4. Once the Coding Committee's approval is obtained, the Financial Analyst sends an email to the SAP team, which will make the change in the system. The SAP team will not make any changes to the coding if this approval email is not received (the SAP team's change management controls include reviews to determine appropriate account creation based on the submitted request). Once the change has been made, the SAP team sends an email confirming that the request has been processed. The Financial Analyst then makes the change in the coding manual.
  5. Access to create, make changes to or cancel accounts in the General Ledger is limited to SAP team analysts (ten persons make up the team). Only the team leader of the SAP team is a member of the Coding Committee.

Risk No. 3: Journal Entries and Closing of Accounting Periods

  • Journal entries and transactions are not entered in the correct accounting period.
  • Adjusting entries are inaccurate, incomplete and not properly authorized.
  • Access to journal entries is not properly controlled.
  1. Every year, at the closing of Period P12-1, the Chief, Corporate Accounting and Internal Control sends notification of the period closing date to SAPAIDE so that access to carry out transactions or make entries can be withdrawn. SAPAIDE sends a confirmation email to the Chief, Corporate Accounting and Internal Control when the period is closed.
  2. When an accounting period is closed in the system, no entry or transaction can be charged to that period.
  3. Using a list of entries generated by the system, the Financial Analyst selects entries for review in accordance with the criteria of materiality and General Ledger accounts at risk. These criteria are determined each year by the Manager, Accounting Operations and Financial Policies and the Chief, Corporate Accounting and Internal Control and approved by the Chief Financial Officer. Deficiency: Refer to Recommendation No. 3
  4. When the clerk enters journal entries in the system, he or she checks that the entry has been authorized. Paper copies of the entries are then given to the accounting clerk for filing. Before filing the entries, the accounting clerk checks that the entry is appropriate and in compliance with the delegated authority. The clerk makes a tick mark on the paper copy before filing it. Deficiency: Refer to Recommendation No. 2 and No. 4
  5. The computer system blocks any transactions that do not show a balance.
  6. Access to make journal entries is limited to Finance unit and SAP team employees.

Risk No. 4: Accuracy, Completeness and Presentation of Financial Statements

  • The presentation of items in the financial statements is inaccurate and incomplete.
  • Analyses of accounts and reconciliations for the financial statements are incomplete or incorrect.
  • Financial statements are not approved prior to their dissemination.
  1. Every year, at the end of the fiscal year, the Chief, Corporate Accounting and Internal Control carries out for all at-risks items an analytical review in order to validate variances with previous fiscal years (past summary). The at-risk items are determined on the basis of quantitative and qualitative factors. The list, called a Sampling Plan, is prepared the Chief, Corporate Accounting and Internal Control and the Manager, Accounting Operations and Financial Policies and approved by the Chief Financial Officer. To confirm asset balances and assets under construction, the Chief, Corporate Accounting and Internal Control also ask managers to confirm and validate the data. For some at-risk accounts (eg, salary advances paid to employees, expenses paid in advance, and costs incurred) the Chief, Corporate Accounting and Internal Control also uses a control list in order to obtain confirmation of these balances from the analysts. At-risk accounts are determined in the same way as described above. Deficiency: Refer to Recommendation No. 1
  2. Every year, when the financial statements are prepared, the Chief, Corporate Accounting and Internal Control reconciles the financial statements with the trial balance and sorts out any detected variances. Deficiency: Refer to Recommendation No. 1
  3. The Chief Financial Officer and the President review the draft annual financial statements in June. They are also discussed with and reviewed by the Office of the Comptroller General, the Audit Committee and the Governance team. The President and the Receiver General approve the final version of the financial statements in August. Deficiency: Refer to Recommendation No. 1
  4. There is a schedule of fiscal year-end activities for the preparation of the annual financial statements. This schedule states what has to be done, on what date, by whom, and from whom approval must be obtained. It also includes the dates for submitting the financial statements for each fiscal year.

Risk No. 5: Accuracy, Completeness and Presentation of Notes to the Financial Statements

  • Accuracy and completeness of the notes to the financial statements and compliance of the information in and presentation of the notes with directives are unsatisfactory.
  • The notes to the financial statements are not approved.
  1. Every year, in order to prepare the financial statements, the Chief, Corporate Accounting and Internal Control review all of the notes to the financial statements to ensure that they comply with directives and that the explanations and comments are appropriate. The Chief, Corporate Accounting and Internal Control take the notes from the previous year and makes changes to them in accordance with Standard 1.2 for all changes. The Quality Assurance Production Officer does quality assurance of the information in the notes.
    Every year, the Office of the Comptroller General also asks the Chief, Corporate Accounting and Internal Control to confirm that all subsequent events and contingencies have been identified. The Chief, Corporate Accounting and Internal Control uses the email received from the Office of the Comptroller General to, in turn, send a confirmation request to all of the managers. The reply emails are kept as proof for review purposes and the subsequent events and contingencies, if any, are taken into consideration in the preparation of the notes.
  2. The draft notes to the annual financial statements are reviewed and discussed by the Chief Financial Officer and the President, as well as by the Office of the Comptroller General, the Audit Committee and the Governance team. The President and the Receiver General approve the final version of the financial statements and notes in August. Deficiency: Refer to Recommendation No. 1

Risk No. 6: Trial Balance Submitted to the Office of the Receiver General

  • The submitted trial balance is inaccurate and incomplete.
  1. Every month, the Chief, Corporate Accounting and Internal Control confirms that all of the changes requested by the Receiver General have been implemented and checks the initial trial balance for the month following implementation of the changes. She uses a checklist to validate this trial balance review. Deficiency: Refer to Recommendation No. 1
  2. The Receiver General is solely responsible for allocating user codes for the sending of trial balances from a Central Financial Management Reporting System (CFMRS) secure site of Public Works and Government Services Canada (PWGSC), using an Entrust key. Only three persons at the Agency have access to this Entrust key for the purposes of sending trial balances: Two Financial Analysts and the Chief, Corporate Accounting and Internal Control.
  3. Each year, the Receiver General contacts the Agency to obtain confirmation of the names of the users given access to the system in order to send trial balances from the CFMRS site. The Manager, Accounting Operations and Financial Policies then signs and returns the document listing the names. It should be noted that the Manager, Accounting Operations and Financial Policies does not have access to trial balances.
  4. Once a year, PWGSC checks the trial balance in detail. An Excel file listing the various items in the trial balance is sent to the Chief, Corporate Accounting and Internal Control along with clarifications and questions for which the Chief, Corporate Accounting and Internal Control must provide answers. She answers the questions by email and sends a copy to the Manager, Accounting Operations and Financial Policies.

Risk No. 7: Preparation and Approval of Quarterly Financial Reports

  • The accuracy and completeness of the quarterly financial reports are unsatisfactory.
  • The quarterly financial reports are not approved prior to their dissemination.
  1. When the Receiver General requests new changes with respect to the financial reports, the Manager, Accounting Operations and Financial Policies receives emails directly from the Treasury Board. The Chief, Corporate Accounting and Internal Control sends the emails to the Senior Analyst, Corporate Accounting and Internal Control, who then sends them to the various persons concerned and specifies what they have to do (i.e., highlights the relevant instructions). She ensures first that the Treasury Board requirements have been incorporated, and the Chief, Corporate Accounting and Internal Control then carries out quality assurance when he reviews the quarterly financial report.
  2. Every quarter, the Senior Analyst, Corporate Accounting and Internal Control extracts information on actual expenditures in the trial balance and validates the financial data with the help of a second SAP generated report (SAP Report).
    The budget data are compiled by two Analysts, Planning and Financial Management. The Manager, Accounting Operations and Financial Policies and the Manager, Corporate Budget Planning and Financial Resources Management validate the draft quarterly report.
  3. Every month, to ensure that actual expenditures are satisfactory, managers are responsible for conducting a monthly review of expenditures charged to their funds centre, reporting any errors and submitting requests for corrections to their financial analyst, if necessary. The review is then recommended by the Director and approved by the Director General of the sector. The review is kept on file.
    Every month, the Financial Resources Management Analyst also submits a report on the monthly financial situation to senior management. The submitted financial situation report includes a comparison of budgets, expenditures and estimates. The analyst is also responsible for investigating significant variances and explaining them to the Executive Committee. The presentation is kept on file.
  4. The quarterly financial reports are reviewed and discussed with the Audit Committee in a teleconference meeting. The corrections are then sent to the Audit Committee members by email to ensure that their comments are taken into consideration. The email and the Audit Committee members' replies are kept as proof for review purposes.
  5. The quarterly financial reports are approved by the Chief Financial Officer and the President prior to their dissemination. The quarterly financial report is also signed by the Chief Financial Officer and kept on file.

Risk No. 8: Task Segregation

  • There is no appropriate task segregation for the purposes of carrying out a control or co-ordinating between controls, thus increasing the risk of error or fraud.

A task segregation matrix has been prepared.

The assessment did not include activities that people concerned may perform in other CSA processes. It's possible that the control activities of these other processes may raise task segregation issues.

In addition, the assessment that was done covered manual tasks associated with the process for preparing financial statements and quarterly reports and did not cover access to the CSA's computer systems.

Taking the above into consideration, there is appropriate task segregation in the process for preparing annual financial statements and quarterly financial reports.