Annex – Assessment of Internal Control over Financial Reporting for the fiscal year ended March 31, 2014
In support of an effective system of internal control, the Canadian Human Rights Commission (the Commission) annually assesses the performance of its financial controls to ensure that:
- Financial arrangements or contracts are entered into only when sufficient funding is available;
- Payments for goods and services are made only when the goods or services are received or the conditions of contracts or other arrangements have been satisfied; and
- Payments have been properly authorized.
Below is a summary of the results of the Commission’s assessments. The Commission also leverages the results of the periodic core control audits performed by the Office of the Comptroller General. The Audit Report for the Core Control Audit conducted during fiscal year 2011-12 and the related Management Action Plan are posted on the Commission's web site.
1.1 Service arrangements relevant to financial statements
- Public Works and Government Services Canada centrally administers all payments including salaries, and the procurement of goods and services in accordance with applicable acts, regulations, and policies, and provides accommodation services to the Commission.
- The Commission provides Internal Support Services to some other government departments related to the provision of Finance, Compensation, Human Resources, Procurement, Administration and Information Technology services through Memorandums of Understanding. The information acquired through the assessments is shared with the clients who use the Commission’s Internal Support Services.
2. Assessment results
During fiscal year 2009-10, in an effort to comply with the requirements of the Policy on Internal Control, the Commission took the initiative to document key internal controls and carry out an annual assessment of the effectiveness of its internal controls in place as at March 31, 2010. For the most part, controls related to payment for goods and services and payment authority were functioning well and formed sufficient basis for the Commission’s system of internal control. Management identified opportunities for improvement in the management of inventories and the use of wireless devices and prepared an action plan to address them.
During fiscal year 2010-11, the Commission proceeded with the documentation of internal controls related to the End of period accounting and financial reporting processes as well as Budgetary controls and cash flow management processes. The Commission also performed a limited review of specified controls related to salary administration and a follow-up review of the implementation of management action plans proposed in response to the recommendations contained in the prior year’s assessment report. For the most part, controls related to payment for goods and services and payment authority continued to function well and areas that required attention were improved.
During fiscal year 2012-13, the Commission revisited the design effectiveness of its key financial processes and performed design and operating effectiveness testing over its IT general controls (ITGC). A weakness was noted in the segregation of duties and actions were taken to address the situation. Overall, the Commission’s design and operating testing revealed that the key financial processes are functioning as described and the internal financial controls in place are reliable and allow the Commission to substantially mitigate the risk of non-compliance in terms of financial management and financial reporting with legislation, Treasury Board and the Commission’s policies and directives. When completing operating effectiveness testing for ITGC, the Commission identified that some controls in areas of IT security, application development, and change management required attention. Any remediation requirements to date are still in the process of being addressed.
During fiscal year 2013-14, in compliance with its ongoing monitoring plan, the Commission reviewed and assessed internal controls related to payment to suppliers, membership fees, acquisition cards, petty cash, use of wireless device, year-end accounting and financial reporting, budgetary controls and cash flow management and ITGC. The results of the assessment allowed the Commission to identify the risk level specific to each control. Analysis of the controls and processes has led to important lessons on matters such as the drafting of annual business plans and budgets, performing monthly reviews of financial reports, analyzing budget gaps and financial forecasts, and risk management. As the organization evolves, continuous stakeholder feedback and periodic control assessments will help identify opportunities for improvements to ensure the efficiency and economy of the internal control system, as well as help the Commission to reach its objectives.
The documentation and assessment of the effectiveness of internal controls is part of a continuous improvement process that allows the Commission to comply in all material aspects with the Policy on Internal Control.
3. Action plan for the next fiscal year and subsequent years
The Commission’s multi-year monitoring plan over the next four years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.