Annex – Assessment of Internal Control over Financial Reporting for the fiscal year ended March 31, 2016

1. Introduction

In support of an effective system of internal control, the Canadian Human Rights Commission (the Commission) annually assesses the performance of its financial controls to ensure that:

  • Financial arrangements or contracts are entered into only when sufficient funding is available;
  • Payments for goods and services are made only when the goods or services are received or the conditions of contracts or other arrangements have been satisfied; and 
  • Payments have been properly authorized.

The Commission leverages the results of the periodic core control audits performed by the Office of the Comptroller General. The Audit Report for the Core Control Audit conducted during fiscal year 2011-12 and the related Management Action Plan are posted on the Commission's web site. During fiscal year 2015-16, the Commission engaged a contractor to perform the assessment in accordance with the ongoing monitoring plan. Below is a summary of the results of the Commission’s independent assessment conducted during fiscal year 2015-16.

1.1 Service Arrangements Relevant to Financial Statements

The Commission relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows. Some other government departments and agencies rely on the Commission for the processing of certain transactions as per the interdepartmental arrangements.

Common Arrangements

  • Public Services and Procurement Canada centrally administers all payments including salaries, and the procurement of goods and services in accordance with applicable acts, regulations, and policies, provides accommodation services and manages MyGCHR for the Commission;
  • The Treasury Board of Canada Secretariat provides the Commission with information used to calculate various expenses, accruals and allowances, such as the accrued severance liability and the rate to be used for government payments to employee insurance plans; and
  • The Employment and Social Development Canada provides work’s compensation coverage to the Commission.

Specific Arrangements

  • The Commission provides Internal Support Services to some other government departments related to the provision of Finance, Compensation, Human Resources, Procurement, Administration and Information Technology services through Memorandums of Understanding. The information acquired through the assessments is shared with the clients who use the Commission’s Internal Support Services.

2. Assessment Results During Fiscal Year 2015-16

The key findings and significant adjustments required from the current year’s assessment activities are summarized below.

New or significantly amended key controls: In the current year, there were no significant amended key controls in existing processes which requires a reassessment. During the year, the Commission migrated from HRIS to MyGCHR, a PSPC managed application. The Commission has performed the necessary data validation to ensure the integrity of the information and addressed the required corrections.

Ongoing monitoring program: In compliance with its rotational ongoing monitoring plan, the Commission updated the documentation of its key processes and controls in place and reassessed the operating effectiveness of the following business processes: payment to suppliers; use of wireless devices; hospitality; travel; membership fees; acquisition cards; petty cash; Management of inventories less than $5,000; Year-end accounting and financial reporting. The findings of the audit concluded that the internal key controls over the audited business processes are strong and effective.

Operating effectiveness of information technology general controls (ITGCs) were also assessed in the areas of IT management; IT security; application and change management and computer and network operations. The results of the ITGCs identified that IT Management is strong while there is opportunities for improvement in the Commission’s documentation of the common controls of its IT security, its computer and network operations and in the application development and change management of its financial system. A management action plan has been developed and the required remediation is now in the process of being addressed

3. Action Plan

3.1 Progress During Fiscal Year 2015-16

The Commission continued to conduct its ongoing monitoring according to the previous fiscal year’s rotational plan as shown in the following table.

Progress During Fiscal Year 2014-15

Text version

Business Process Status Report indicating all items completed as planned.

3.2 Action Plan for the Next Fiscal Year and Subsequent Years

The Commission’s multi-year monitoring plan over the next three years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.

Rotational Ongoing Monitoring Plan

Text version

This table represents the Rotational Ongoing Monitoring Plan, establishing the frequency and risk rankings for business processes, for the years 2016-17, 2017-18, 2018-19.