Summary of the assessment of effectiveness of the systems of internal control over financial reporting and the action plan of Library and Archives Canada for the 2012-2013 fiscal year
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting
This document provides summary information on the measures taken by Library and Archives Canada (LAC) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, the results of the assessment, and the related action plans.
2. LAC's control environment relative to ICFR
LAC's focus is to ensure that risks are well managed through a responsive, risk-based control environment that allows for continuous improvement and innovation.
The system of ICFR at LAC is conducive to maintaining the healthy control environment described in the organization's entity-level controls. These entity-level controls are designed to provide:
- a suitable control environment designed to allow for effective ICFR
- an effective risk assessment process that identifies, analyzes and manages risks related to financial reporting within the ministerial risk management framework
- an effective information and communications system that identifies and captures, in a timely manner, the information needed to keep the ICFR system up to date and that quickly communicates that information to the appropriate stakeholders
- an effective monitoring system to detect and remedy deficiencies in the system of ICFR
2.1 Positions, roles and key responsibilities
Below are LAC's key positions and committees with responsibilities for maintaining and reviewing the effectiveness of the organization’s system of ICFR.
Librarian and Archivist of Canada – The Librarian and Archivist of Canada assumes overall responsibility and leadership for the measures taken to ensure the effectiveness of the internal control system. In this capacity, the Librarian and Archivist of Canada chairs the Departmental Audit Committee and the Management Board.
Chief Financial Officer (CFO) – The CFO of LAC reports directly to the Librarian and Archivist of Canada. The CFO provides leadership to ensure the coordination, consistency and focus of the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.
Senior managers – The senior managers in charge of program delivery at LAC are responsible for maintaining and reviewing the effectiveness of those aspects of the system of ICFR that fall within their mandate.
Chief Audit Executive (CAE) – The CAE reports directly to the Librarian and Archivist of Canada. The audit function uses a disciplined, evidence-based approach to assess and improve the effectiveness of risk management, control and governance processes. It helps ensure that the organization achieves its objectives efficiently and in a way that demonstrates informed, ethical and accountable decision-making.
Departmental Audit Committee (DAC) – The role of the DAC is to provide objective advice and recommendations to the Librarian and Archivist of Canada regarding the sufficiency, quality and results of assurance services provided relating to the adequacy and functioning of LAC’s risk management, control and governance frameworks and processes (including accountability and auditing systems). The DAC was created in 2009 and has three external members. Each external member is appointed for a term of four years with the possibility of renewal.
Governance committees – LAC governance committees are involved in establishing and monitoring the linkages between the organization’s objectives and activities. The Management Board, chaired by the Librarian and Archivist of Canada, is the organization's decision-making body, acting like a “board of directors” by providing strategic direction, ensuring governance, and making organization-wide decisions to support the Librarian and Archivist of Canada. The Management Board is supported by subcommittees, including the Senior Management Committee responsible for examining, approving and monitoring the organization's risk profile and its internal control system, in particular the assessment of the system of ICFR and related action plans.
2.2 Key measures instituted by LAC
The LAC control environment provides for a set of measures designed to help employees effectively manage risks through increased awareness, relevant knowledge and tools, and professional skill development. These measures include:
Corporate risk profile – The LAC corporate risk profile sets out a comprehensive strategy for managing risk. It contains a list of the highest priority corporate-level risks for the organization, as well as mitigation strategies to ensure that these risks are well managed. Every year, the organization identifies activities or threats that may prevent it from achieving its objectives and develops strategies to mitigate those risks. Corporate risk management enables LAC to realign its resources and priorities to help ensure its continued success.
Risk-based audit plan – The CAE of LAC develops an annual risk-based audit plan (RBAP) based on an analysis of organizational risks, in consultation with the organization's senior management. This plan, which is instrumental to LAC's system of ICFR, is also submitted to the Office of the Comptroller General of Canada. The results of internal audit assessments identified in the RBAP are submitted to the Departmental Audit Committee and the Librarian and Archivist of Canada for approval. The internal audit function at LAC conducted three audits in 2012-2013.
Human resources management (HR) – The financial management capacities of LAC managers and financial experts are supported through a general HR approach that integrates HR planning with business planning and that includes recruitment, development and retention strategies to attract, equip and retain the talent the organization needs, including in the area of financial management.
Values and ethics – In accordance with the requirements of the Public Servants Disclosure Protection Act and following the coming into effect of the Values and Ethics Code for the Public Sector in April 2012, LAC developed and adopted its own rules. In January 2013, LAC introduced its own code of conduct; in 2011, it nominated a champion to promote workplace values and ethics. These elements are crucial in reinforcing the integrity that employees are supposed to demonstrate in all activities and at all levels, including in the area of financial management.
Communication and training – In order to foster employee engagement, LAC’s General Communications Directorate has implemented new, proven internal communications mechanisms to ensure that employees receive timely information on various topics and can find the information that they need. In addition, performance reviews are conducted and learning plans are established each year. In co-operation with the Canada School of Public Service and other training providers, LAC offers basic courses in key areas of management, including financial management. Some courses (addressing the key aspects of financial management, among other things) are mandatory, especially for finance managers and staff.
Delegated authorities, legislation, regulations and policies – LAC's CFO periodically updates and communicates to all staff a matrix of all authorities delegated across the organization. Mandatory requirements flowing from legislation, regulations and policies are systematically communicated to new employees where applicable and periodically reinforced through various awareness opportunities and learning events. Specimen signature cards for delegated signing authority related to financial operations are also available in electronic format. LAC has also set out detailed explanations of its guidelines related to the powers described in sections 32, 33 and 34 of the Financial Administration Act and to compliance with these provisions.
Internal control system – LAC has a section that reports to the assistant to the Chief Financial Officer and that is dedicated to internal control. This section is responsible for documenting the organization's main business processes, risks and related key controls in order to support the management and oversight of its system of ICFR, including assessing design effectiveness and operational efficiency. This documentation is critical to increasing the awareness and understanding of employees at all levels with regard to risks and key controls, as well as to supporting continuous improvement.
2.3 Service agreements relevant to the financial statements
LAC relies on other organizations to process certain transactions that are recorded in its financial statements:
- Public Works and Government Services Canada administers the payment of salaries, the procurement of goods and services based on Department-delegated authority, and the provision of office accommodations.
- The Treasury Board of Canada Secretariat provides LAC’s finance services section with information used to calculate various accruals and allowances, such as the accrued severance liability and the employer's share of health and dental insurance premiums.
- Justice Canada provides LAC with legal services.
- Human Resources and Skills Development Canada provides services related to the employer's share of workers' compensation benefits.
- Shared Services Canada manages general controls over information technologies (IT) with respect to email, data centres and network services.
3. LAC assessment results for 2012-2013
During the 2012-2013 fiscal year, LAC made progress in the assessment and improvement of its key controls. The 2012 Economic Action Plan slowed this progress, however, by diverting a significant number of employees from finance services and other corporate services, and members of senior management, to more urgent priorities. More specifically, LAC continued the work begun on:
- identifying any new or substantially modified key controls to be assessed
- updating 2011-2012 documentation on assessing the control of business processes
- documenting three new key processes and beginning the planning of tests to assess design and operational effectiveness
- reviewing corrective measures taken in response to the results of assessments from prior years
- updating the multi-year action plan on the implementation of the Policy on internal control
3.1 Assessment of design and operational effectiveness of key controls
The design and operational effectiveness of the entity’s key controls and of five of the twelve processes was first assessed in 2011-2012. In 2012-2013, efforts focussed on instituting the corrective measures targeted in 2011-2012 and updating documentation on these key controls. Specific corrective measures were instituted as the situation allowed; otherwise, action plans were developed or are in the process of being developed to remedy completely and in a timely manner the weaknesses detected in the controls. These measures will be monitored over the next few years to ensure that they were instituted as planned. No major change in key process controls required a new assessment, and all observations indicate that LAC continues to ensure solid controls at these levels.
Although planning began in 2012-2013, the actual assessment of the design and operational effectiveness of key controls for payables, benefits and the production of financial statements will not be completed until 2013-2014; such is also the case for the assessment of key controls for the process of establishing the value of the collection.
3.2 Ongoing monitoring of key controls
During the year, LAC proceeded with ongoing monitoring of controls at the entity-level and of key controls for salaries, payables and disbursements, purchases, and capital assets, as well as for sales, receipts and receivables.
This enabled LAC to determine that the following corrective measures are required:
- increase current communication and training activities on legislative requirements, and on the policies and procedures for sound financial management and control
- implement monitoring mechanisms and processes for providing the Librarian and Archivist of Canada and senior management with regular updates on internal control management
- reinforce organizational accountability structures for internal control management with a view to supporting sound financial management
4. LAC action plan
4.1 Progress in 2012-2013
In the 2012-2013 fiscal year, LAC continued to make significant progress in the assessment and improvement of key controls. Progress made based on the plans set out in the annex from the previous year has been summarized as follows:
Table: LAC action plan - Progress in 2012-2013
This table shows the progress made on the previous year’s action plan items. The first column lists the items in the previous year’s action plan and the second column describes their status.
||Cyclical re-assessment of entity-level controls and implementation of corrective measures continued.|
|Business process controls
Measures were implemented and, if not, action plans were developed or are in the process of being developed to remedy completely and in a timely manner the weaknesses detected in tests. Monitoring of measures will continue over the next few fiscal years to ensure that they have been instituted as anticipated for the following business processes:
- payables and disbursements
- capital assets
- sales, receipts and receivables
Documentation has been completed; tests on the design and operational effectiveness of the following processes have begun and will be completed in 2013-2014:
- accrued liabilities
- production of financial statements
Tests on design and operational effectiveness relating to the value of the collection have beenred to 2013-2014.
|IT general controls
||Work on IT general controls has beenred until the new financial and human resources management systems are in place. However, LAC is still the leader in working groups on HRIS/PeopleSoft and FreeBalance, and is implementing the recommendations of these respective groups.|
4.2 Action plan for the next fiscal year and subsequent years
With the progress made to date, LAC anticipates finishing the complete assessment of its system of ICFR in 2015-2016, while applying its cyclical continuous monitoring plan to re-assess the performance of risk-based controls at all control points. The status and action plan for completion at control points targeted for the next fiscal year and subsequent years are as follows:
Table: Action plan for the next fiscal year and subsequent years
This table shows the progress made and the action plan for the key control points for the next fiscal year and subsequent years.
|IT general organization-managed controls
|Capital assets - work in progress
|Value of the collection
|Budgets and projections
The frequency of ongoing monitoring of key control points is based on risk; monitoring is done on a multi-year cycle.