Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting

Canadian Space Agency

Summary of the assessment of effectiveness of the system of internal control over financial reporting and the action plan for the Canadian Space Agency for fiscal year 2012-2013 (unaudited)

1. Introduction

This document provides summary information on the measures taken by the Canadian Space Agency (CSA) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management, assessment results and related action plans.

Detailed information on the CSA's Act, its mandate, and program activities can be found in the 2012-13 Departmental Performance Report and in the 2014-15 Report on Plans and Priorities.

2. Canadian Space Agency's Control Environment Relevant to ICFR

The CSA acknowledges that it is senior management's responsibility to set the tone so that employees at all levels understand the part they play in maintaining an effective system of ICFR and are able to carry out effectively their responsibilities in this regard. The CSA's priority is to ensure that risks are properly managed within a flexible, risk based control environment that enables continuous improvement and innovation.

2.1 Positions, Roles and Key Responsibilities

The CSA's key positions and committees that have the responsibility for maintaining and monitoring the effectiveness of the system of ICFR are described below.

President
As deputy head, the CSA's President assumes the overall responsibility and leadership with respect to the measures taken to ensure the effectiveness of the system of ICFR, chairs the Executive Committee and is a member of the Audit Committee. As President, he approves the Framework for Internal Control Over Financial Reporting and signs annually the CSA's Statement of Management Responsibility Including Internal Control Over Financial Reporting which accompanies the financial statements as well as the Letter of Representation regarding financial information reported in the Public Accounts of Canada.

Chief Financial Officer (CFO)
The CFO reports directly to the President and provides a leadership role in coordinating and ensuring the consistency and direction on the design and maintenance of an effective and integrated system of ICFR, including its annual assessments. The management of the organisation's risk profile is under the CFO's responsibility. The CFO chairs the Financial Management Committee and assists at the Audit Committee. The CFO also signs annually the CSA's Statement of Management Responsibility Including Internal Control Over Financial Reporting which accompanies the financial statements as well as the Letter of Representation regarding financial information reported in the Public Accounts of Canada.

Chief Audit Officer (CAO)
The CAO reports directly to the President and is independent of the line managers. The CAO provides assurance by conducting periodic internal audits, which are essential for maintaining the system of ICFR's effectiveness. The CAO also assists at the Audit Committee.

Audit Committee (AC)
The AC reports to the President of the CSA. It is an advisory committee whose mandate is to provide objective advice and oversee management control and accountability procedures. The AC met for the first time on February 18, 2010. In 2012-2013, the AC had two meetings, participated in six teleconferences and two work sessions. The CSA President, two ex-officio members whom are the CAO and the CFO, and three external members, one of whom chairs the Committee, form the AC. The AC reviews amongst others, the CSA's risk profile and internal control system, including assessments and action plans associated with the system of ICFR as well as the financial reports. The AC also recommends the financial statements to the President for signature.

Executive Committee (EC)
The CSA's EC, chaired by the President, is the CSA's official decision making body. As such, the EC is responsible for governance and control over the CSA's programs and activities. In accordance with its mandate, the EC is responsible for all management, monitoring and control of activities. The EC members review, approve and monitor the organization's risk profile and its internal control system, particularly by regular updates on assessments and action plans related to the system of ICFR.

2.2 Main Entity Level Controls

The CSA's control environment includes a series of measures to help employees manage risks effectively by increasing their awareness and knowledge, providing them with appropriate tools and upgrading their skills. The main measures include the following :

  • A departmental Accounting and Internal Control division who is dedicated to internal control;
  • The documentation of main business processes and related key risk and control points to support the management and oversight of its system of ICFR;
  • IT systems to achieve greater security, integrity, efficiency and effectiveness;
  • The public sector Values and Ethics Code, the CSA's Organisational Value and Ethics Code and a Values and Ethics Committee who reports to the President;
  • A risk based audit plan recommended by the AC and approved by the President;
  • A systematic follow-up on recommendations stemming from internal audits is performed by the AC until the full implementation of the action plans,
  • Training program's and communications in core areas of financial management in particular for financial officers and delegated managers;
  • A delegated signing authority instrument that is reviewed periodically;
  • Annual performance agreements that specify financial management responsibilities;
  • An organization risk profile which outlines mitigation strategies for key risks.

2.3 Service Arrangements Relevant to Financial Statements

The CSA relies on other organizations for the processing of certain transactions that are recorded in its financial statements :

Common Arrangements :

  • Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and the procurement of goods and services, as per the Department's Delegation of Authority and provides accommodation services;
  • Treasury Board Secretariat provides the CSA the necessary information to calculate various accruals and allowances, such as the accrued severance liability;
  • The Department of Justice provides legal services to the CSA;
  • Shared Services Canada (SSC) provides IT infrastructure services to the CSA in the areas of emails, data centers and telecommunications. The scope and responsibilities are addressed in the interdepartmental agreement between SSC and the CSA.

Specific Arrangements :

  • The department of Agriculture and Agri-Food provides the CSA with a SAP financial system platform to capture and report all financial transactions.

3. Assessment results during fiscal year 2012-2013

During 2012-2013, the CSA significantly progressed in design effectiveness testing in all key control areas and also significantly progressed in operating effectiveness testing for the process level control areas.

3.1 Design effectiveness testing of key controls

In the current year, the CSA completed design effectiveness testing of the following control elements: mandatory training, performance appraisal, delegation instrument, assignment of delegated authority, general IT controls and write-off and disposal.

As a result of design effectiveness testing, the CSA identified the following main corrective measures required :

Assignment of delegated authority

  • Improve communications in regards to the activation and cancellation of specimen signature cards.
    • Corrective measures have been implemented in this control area.

General IT controls

  • Conduct a periodic review of accesses granted.
    • Corrective measures have been implemented in this control area.

Write-off and disposal

  • Implement a control to confirm that all computer equipments are secured before their disposal;
  • Update the delegation instrument with respect to delegated authority for disposals.
    • Corrective measures have been elaborated and will be completely implemented in 2013- 2014 in this control area.

3.2 Operating effectiveness testing of key controls

In 2012-2013, the CSA completed operating effectiveness testing for payroll, operating expenditures (procurement to payment), travel and hospitality, transfer payments as well as for month / year-end procedures and financial reports.

As a result of the operating effectiveness testing, the CSA identified the following main corrective measures required :

Payroll

  • Improve controls in regards to departing employees to ensure that files are complete and that there is nothing due to the Crown before final payments are issued;
  • Correct the application of some collective agreement articles and communicate the interpretation to the various stakeholders;
  • Implement an account verification procedure for overtime taken in time;
  • Implement additional specific controls in regards to the different types of leave.
    • The departure process and the verification list have been in place since December 2012. The corrective measures in regards to some collective agreement articles and the communication of the interpretation have been implemented. The corrective measures for the other weaknesses have been elaborated and will be implemented in 2013-2014 for this control area.

Operating expenditures, travel and hospitality

  • Review the way to use blanket travel authorities.
    • Corrective measures have been implemented in this control area.

Transfer payments

  • Apply control mechanisms to ensure that files are documented according to prescribed standards and procedures and all relevant provisions and the required project information are addressed in the agreements.
    • The corrective measures have been elaborated and will be completely implemented in 2013-2014 for this control area.

Month / year end procedures and financial reports

  • Maintain the required evidence to support internal controls
    • Corrective measures have been implemented in this control area.

3.3 On-going monitoring of key controls

The CSA has not started the on-going monitoring of key controls in 2012-2013.

4. Canadian Space Agency's Action Plan

4.1 Progress during fiscal year 2012-2013

During 2012-2013, the CSA continued to make significant progress in assessing and improving its key controls and the progress status is in line with the Treasury Board Secretariat's expectations. The progress made by the CSA based on the plans identified in the previous fiscal year's annex are summarized as follows :

Elements in previous year's action plan identified for 2012-2013 Progress Status
Key Control Areas Documentation Effectiveness
Testing
Recommendation
and Action Plan
Design Operating
Entity level controls
Organizational Risk Management Yes The documentation is complete.
Performance Appraisal and Mandatory Training Yes Design effectiveness testing is complete, weaknesses have been identified and the corrective measures have been implemented.
Delegation Instrument and Assignment of Delegated Authority Yes
General IT controls
Access & Development of Modules / Functionalities Yes Design effectiveness testing is complete, weaknesses have been identified and the corrective measures have been implemented.
Process level controls
Payroll Yes Yes Yes Design and Operating effectiveness testing are complete, weaknesses have been identified and the corrective measures will all be implemented in 2013-2014.
Travel and Hospitality Yes Yes Operating effectiveness testing is complete, weaknesses have been identified and the corrective measures have been implemented.
Operating Expenditures - Procurement to Payment Yes Yes
Write-Off and Disposal Yes Design effectiveness testing is complete, weaknesses have been identified and the corrective measures will all be implemented in 2013-2014.
Work in Progress - Capital Assets Yes Design effectiveness testing has been deferred to 2013-2014 since the risk was low because the Office of the Auditor General of Canada annually audits this expenditure item and that no weaknesses have been previously identified.
Transfer Payments Yes Only the design effectiveness testing was planned for 2012-2013 however, operating effectiveness testing was also conducted and weaknesses have been identified. The corrective measures have been implemented for Month / Year-End Procedures and financial reports and will all be implemented in 2013-2014 in regards to Transfer Payments.
Month / Year-End Procedures and Financial Reports Yes

4.2 Status and action plan for the next fiscal year and subsequent years

Due to progress to date, the CSA will complete the design effectiveness testing and the associated corrective measures in 2013-2014 and will complete the full assessment of its system of ICFR in 2014-2015. At that time, the CSA will be applying its rotational on-going monitoring plan to reassess control performances on a risk basis across all control areas. The status and action plan for the completion of the identified control areas for the next fiscal year (Year 1, 2013-2014) and the subsequent years (Year 2, 2014-2015 and Year 3, 2015-2016) are as follows:

Key Control Areas Assessment Elements
Design effectiveness testing and corrective measures Operating effectiveness testing and corrective measures On-going monitoring rotationFootnote 1
Entity level controls
Organizational Risk Management Year 1 Year 1 Future years
Performance Appraisal and Mandatory Training Completed Year 2 Future years
Delegation Instrument and Assignment of Delegated Authority Completed Year 1 Year 2
Budgeting and Forecast Performance Year 1 Year 2 Future years
General IT controls
General IT Controls Completed Year 1 Year 3
Process level controls
Payroll Completed Completed Year 1
Travel and Hospitality Completed Completed Year 3
Operating Expenditures - Procurement to Payment Completed Completed Year 2
Write-Off and Disposal Completed Year 1 Year 2
Work in Progress - Capital Assets Year 1 Year 2 Year 3
Transfer Payments Completed Completed Year 1
Month / Year-End Procedures and Financial Reports Completed Completed Year 3

Consultations with the Audit Committee will continue in order to get independent advice on the CSA's system of ICFR, including advice on governance and risk management. Also, the CSA will continue to look for opportunities to strengthen its controls while considering assessment results and annual audits.

Footnotes

Footnote 1

The frequency of the on-going monitoring of key control areas is risk-based and may occur over a multi-year cycle.

Return to footnote 1 referrer