Annex to the Statement of Management Responsibility including Internal Control over Financial Reporting - Transport Canada - Fiscal year 2012-13

|Print Version|

Table of Contents

1. Introduction

This document provides summary information on the measures taken by Transport Canada to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management and assessment results and related action plans.

Detailed information on Transport Canada’s authority, mandate and program activities can be found in the 2012-13 Part III-Departmental Performance Report (DPR) TC DPR 2011-12 , and Report on Plans and Priorities TC RPP 2013-14.

2. Departmental System of Internal Control over Financial Reporting

2.1 Internal Control Management

The department has an established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Deputy Minister, is in place which includes:

  • organizational accountability and oversight structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior departmental managers (TMX members) in their areas of responsibility for control management through the established management committee structure as detailed in the Transport Canada Governance under the PAA – An integrated Decision Making Framework;
  • an updated TC Code of Values and Ethics framework;
  • on-going communication and training on statutory requirements, policies, and procedures for sound financial management and control;
  • monitoring and regular updates at least semi-annually on internal control management for ICFR plus assessment results and action plans to the Deputy Minister, TMX executive members and the Departmental Audit Committee (DAC) as applicable. The DAC provides advice to the Deputy Minister on the adequacy and functioning of the Department’s risk management, control and governance frameworks and processes;
  • internal control measures included in senior management performance measurement agreements; and
  • annual validations of internal control management results through TMX members’ sign-off on controls management for their areas of responsibility.

2.2 Service Arrangements Relevant to Financial Statement

Transport Canada relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common Arrangements:

  • Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and the procurement of goods and services, as per the Department’s Delegation of Authority and provides accommodation services;
  • Treasury Board Secretariat provides the department with information used to calculate various accruals and allowances, such as the accrued severance liability;
  • The Department of Justice provides legal services to the Department; and
  • Shared Services Canada (SSC) provides IT infrastructure services to Transport Canada in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between SSC and Transport Canada.

Specific Arrangements:

  • Transport Canada performs financial management, accounting and reporting, as well as payroll administration services on behalf of Transportation Appeal Tribunal of Canada (TATC).

3. Departmental assessment results during fiscal year 2012-13

During 2012-13, the Department completed the design and most of its operating effectiveness testing of remaining key control areas in accordance with the risk-based assessment approach as outlined in Transport Canada ICFR Framework for Risk-based Assessment and Monitoring document. On-going monitoring has commenced as per the plan.

3.1 Design effectiveness testing of key controls

In the current year, the Department completed design effectiveness testing of planned key processes as follows:

  • Entity Level Controls;
  • Financial Budgeting and Forecasting;
  • Manage Payroll and Salary Benefits; and
  • Manage Capital Assets and WIP (work-in-progress capital expenditures).

As a result of design effectiveness testing, the Department identified deficiencies for which the required corrective action was in place by the end of this reporting period as follows:

  • Improved process and greater accountability for the management and monitoring of work-in-progress capital expenditures to ensure completed assets are properly capitalized and the work-in-progress accounts are reconciled and cleared on a timely basis; and
  • Strengthened reconciliation, period-end procedures and reporting of progress of work-in-progress accounts across headquarters and the regions.

Operating effectiveness testing on WIP projects will be performed in 2013-14 once the corrective measures have been in place for a sufficient period of time.

In addition, as per the departmental on-going monitoring plan, the following design of key processes were analyzed and updated to ensure sound financial management continues to be in place for:

  • Manage Travel Procurement - design updated to reflect new procedures for improved iTravel system and paperless travel claim process;
  • Manage Procurement (Operating expenditures) - design updated in response to corrective action (from previous financial controls Internal Audit assessment) and initiative to centralize payable functions at the regional/NCR level;
  • Manage Revenue and Receivables - design updated for specific revenue streams to reflect process change to centralize port and airports billing into one single region;
  • Manage Contracting and Commitments - design updated to reflect process change to centralize entry of NCR purchase order information.

3.2 Operating effectiveness testing of key controls

In 2012-13, the Department completed operating effectiveness testing of Entity level controls, key business process controls and IT application controls as detailed below:

  • Entity Level Controls;
  • Manage Financial Budgeting and Forecasting;
  • Manage Payroll and Salary Benefits;
  • Manage Capital Assets and WIP; and
  • IT Oracle EBS R12 Application controls.

As a result of the operating effectiveness testing, the Department identified the following remediation required:

Entity Level Controls:

  • Complete the implementation and communication of the new TC Code of Values & Ethics and related framework;
  • Strengthen awareness of roles and responsibilities related to Values and Ethics for employees and managers;
  • Implement and communicate the amended Fraud Policy and new Fraud risk management procedures;
  • Improve monitoring of period-end close process to ensure timely completion;
  • Improve commitment control and forecasting practices;
  • Build capacity with respect to in-depth financial analytical and reporting skills to enhance financial advice provided to senior management; and
  • Improve IM/IT governance to strengthen IM/IT strategy and investment decision making.

Manage Financial Budgeting and Forecasting:

  • Strengthen the finance “challenge function” and increase oversight in support of strong budget management processes.

Manage Payroll and Salary Benefits:

  • Strengthen account verification for on-line payroll bulk payment approvals; and
  • Improve consistency for required approvals and supporting documentation.

Manage Capital Assets:

  • Strengthen roles and responsibilities and procedures for WIP project monitoring and timely project close out; and
  • Improve internal asset disposition process to ensure controls related to dispositions and accounting for dispositions are operating consistently and effectively.

Remediation identified from departmental self-assessments for the above key processes are addressed through established management corrective action plans and are advanced in most areas.

The Department takes a risk-based approach for remediation of control deficiencies. Every effort is made to correct significant control deficiencies and priority is given to any remediation deemed high risk. It should be noted the Department accepts that certain corrective actions may require a reasonable amount of time to complete due to the level of complexity and/or effort. For low risk items, management may choose to accept the stated risk, with no further corrective action being undertaken. All remediation actions are tracked through approved management action plans (MAPs) which are regularly monitored so that status can be reported to senior management.

3.3 On-going monitoring of key controls

During 2012-13, the Department was unable to continue planned on-going monitoring to re-assess the operating effectiveness of Revenue and Receivables due to a change in process to centralize the billing of certain functions to a single region. The re-assessment was deferred to allow sufficient time for the new process and related procedures to take effect. As such, only the design effectiveness of significant sub-processes and related controls were updated as detailed in section 3.1 above.

In the context of other on-going monitoring activities, the Department implemented continuous improvements where feasible, including improving on its monitoring of compliance with the directive on account verification through a newly updated TC National Sampling Plan.

In addition, the account verification process for Grants and Contributions transfer payments was streamlined and aligned with the risk management framework for transfer payments in the Department.

4. Departmental Action Plan

4.1 Progress during fiscal year 2012-13

During 2012-13, the Department made significant progress in completing its assessments and improving on its key controls framework. A summary of the main progress made by the Department based on the plans identified in the previous fiscal year’s annex is presented below and further highlighted in section 4.2 (see table):

Element in previous year’s action plan

Status

Operating effectiveness testing

Entity Level Controls

  • Design effectiveness testing was updated from previous assessment.
  • Operating effectiveness testing completed as planned, with remediation of operating deficiencies substantially advanced with the remaining approved MAPs to be completed in 2013-14.

Manage Financial Budgeting and Forecasting

  • Design effectiveness testing completed. No major deficiencies noted.
  • Operating effectiveness testing completed as planned with no major deficiencies identified. Remediation of operating deficiencies is substantially advanced via MAPs and will be completed in 2013-14.

Manage Payroll and Salary Benefits

  • Design effectiveness completed. No major deficiencies noted.
  • Operating effectiveness testing completed with remediation substantially advanced with the remaining MAPs to be completed in 2013-14.

Manage Capital Assets and WIP (work-in-progress capital expenditures)

  • Design effectiveness testing completed. Design deficiencies noted for the WIP process, which required urgent correction. Remediation is now complete.
  • Operating effectiveness testing for capital asset accounts did not include WIP transactions due to the design deficiencies noted above and the fact that remediation had not been in place for a sufficient period of time. Required remediation for capital assets process is substantially advanced with the remaining MAPs to be completed in 2013-14.

Manage Travel Procurement

  • Rotational design effectiveness updated.
  • Operating effectiveness re-assessment required in 2013-14 to address findings from OAG follow-up controls audit.

Manage Procurement (Operating expenditures)

  • Rotational design effectiveness updated.
  • Operating effectiveness testing to be re-assessed as part of on-going monitoring in 2013-14 due to change to centralize payable process.

Manage Accruals and Other General Entries (PAYES, JEs) and Environmental liabilities

  • Design and Operating Effectiveness testing to be completed in 2013-14 to address findings from the OAG follow up controls audit.

Manage Revenue and Receivables

  • Rotational design effectiveness updated for certain revenue streams. During 2012-13, the Department was unable to continue planned on-going monitoring to re-assess the operating effectiveness of Revenue and Receivables due to a change in process to centralize the billing of certain functions to a single region. The re-assessment was deferred until 2013-14 to allow sufficient time for the new process and related procedures to take effect. The 2013-14 operating effectiveness testing will encompass all significant revenue streams to address findings from the OAG follow up controls audit.

Manage Contracting and Commitments

  • Design effectiveness updated.
  • Operating effectiveness testing to be completed in 2013-14 due to efforts to centralize NCR Purchase Order entry.

Manage Financial Close and Reporting

  • Design and operating effectiveness testing were not complete due to resource constraints. Testing was deferred to 2013-14.

Oracle ERP IT General Controls (ITGC)

  • Remediation related to the 2011-12 operating effectiveness assessment was completed.

Oracle EBS R12 IT Application Controls (ITAC)

  • Operating effectiveness testing completed. Remediation of deficiencies to be completed in 2013-14.

Transport Canada Billing System (TCBS)

  • Initial Assessment was deferred until 2013-14 due to change in process to centralize the billing of certain functions to a single region.

ITGC – Distributed Air Personnel Licensing System (DAPLS) and Oracle Download Interface (OADI)

  • Design review during the year concluded that these two subsystems are not key controls within the IT general control framework because of low risk and insignificance to the overall effectiveness of ICFR. DAPLS collects licensing information and is not considered to be a key process. OADI is a utility tool that is used in a limited number of specific circumstances. Management has recommended their removal from the list of key controls for future assessments.

4.2 Status and action Plan for the next fiscal year and subsequent years

Building on progress made and following the updated departmental ICFR Framework for Risk-based Assessment and Monitoring, the Department is positioned to complete a full risk-based assessment of its system of ICFR in 2013-14.

During 2013-14, the Department intends to update its financial reporting risk assessments for key business processes. This updated risk assessment could impact the frequency of future on-going monitoring of the business processes described below. The Department has also upgraded its IT general control (ITGC) risk assessment over the recently implemented Oracle R12 EBS financial system and the various extended sub-systems that form the overall Oracle ERP system. As a result, the scheduled re-assessment of the operating effectiveness of these systems has been advanced from 2015-16 to 2013-14.

In 2013-14 the Department will complete the remaining business process not previously assessed, address any findings or gaps identified in the follow-up OAG controls audit, and complete remediation of deficiencies noted in various departmental self-assessments conducted during the year.

At the same time, the Department will be applying its rotational on-going monitoring plan to reassess control performance on a risk basis across completed control areas. The status and action plan for the completion of the identified control areas for 2013-14 and subsequent years is as follows:


Internal Controls over Financial Reporting (Key Control Areas)

Assessment Elements

Design Effectiveness
Testing and Remediation

Operational Effectiveness
Testing and Remediation1

On-going Monitoring2
Rotation

As of Mar 31, 2013

As of Mar 31, 2013

Entity Level Controls

Entity Level controls (Design and Operating Effectiveness)

Complete

Advanced; to complete in 2013-14

2015-16

Business Process Controls

Manage Financial Budgeting and Forecasting

Complete

Advanced; to complete in 2013-14

2015-16

Manage Payroll and Salary Benefits

Complete

Advanced; to complete in 2013-14

2014-15

Manage Capital Assets and WIP (Capital Expenditures)

Complete

Advanced; to complete in 2013-14

2014-15

Manage Travel Procurement

Complete

Started; to complete in 2013-14

2015-16

Manage Procurement (Operating Expenditures)

Complete

Complete

2013-14

Manage Accruals and Other General Entries (PAYEs, Pay accruals, Environmental Liabilities and other JEs)

Complete

Started; to complete in 2013-14

2015-16

Manage Grants & Contributions Transfer Payments

Complete

Complete

2014-15

Manage Revenues and Receivables

Complete

Advanced; to complete in 2013-14

2015-16

Manage Contracting and Commitments

Complete

Started; to complete in 2013-14

2015-16

Manage Financial Close and Reporting

Started

2013-14

2015-16

IT Controls

ITGC
Oracle ERP (include iTravel)

Complete

Complete

2013-14

ITGC
GAC (Oracle Gov’t Acquisition Card)
TCBS
TIPS (Transport Pay system)
LEX (Leave and Extra Duty)
SMS (Salary Management System)
Hyperion (Corporate reporting)

Complete

Advanced; to complete in 2013-14

2013-14

ITGC
DAPLS (Distributed Air Personnel Licensing System)
OADI (Oracle download interface)

Complete

To remove

To remove

IT Application Controls Oracle EBS R12 (including iTravel)

Complete

Advanced; to complete in 2013-14

2014-15

1 Advanced refers to completion of operating effectiveness testing, with required remediation to address findings identified from OAG follow-up audit and deficiencies noted through self-assessments being addressed through approved management action plans.

2 On-going monitoring rotation for future years, once initial assessments are fully completed in 2013-14

The following document is available for downloading or viewing:

To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:

Date modified: