Archived information

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting

Summary of the Assessment of Effectiveness of the System of Internal Control over Financial Reporting and the Action Plan for Fiscal Year 2011-2012

Note to the reader

With the Treasury Board Policy on Internal Control (PIC), effective April 1, 2009, departments are required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish an action plan to address any necessary adjustments, and attach a summary of their assessment results and action plan to their Statement of Management Responsibility.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risks to a reasonable level with controls that are balanced with, and proportionate to, the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, assess the effectiveness of associated key controls and adjust as required, as well as monitor the system in support of continuous improvement. As a result, the scope, pace and status of departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and unique circumstances.

Table of Contents

Top of page

1. Introduction

This document is attached to the Canadian International Development Agency (CIDA or the Agency)'s Statement of Management Responsibility Including ICFR for the fiscal year 2011-2012. As required by the Treasury Board PIC, this document provides summarized information on the measures taken by the Agency to maintain an effective system of ICFR. In particular, it provides information on the assessments conducted by CIDA as at March 31, 2012, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Agency. This is the third year of publication of this Annex.

1.1 Authority, mandate and program activities

CIDA is designated as a department for the purposes of the Financial Administration Act (Schedule I.1) by an Order-in-Council P.C. 1968-923 dated May 8, 1968. The authority for the CIDA program and related purposes is found in the Department of Foreign Affairs and International Trade Act, Annual Appropriations Act and International Development (Financial Institutions) Assistance Act.

CIDA's mandate is to manage Canada's aid resources effectively and accountably to achieve meaningful, sustainable development results, and to engage in policy development in Canada and internationally, enabling Canada's effort to realize its development objectives.

CIDA fulfills its mandate through six main program activities:

Further detailed information on CIDA's authority, mandate and program activities can be found in the Report on Plans and Priorities and Departmental Performance Report.

1.2 Financial highlights

Financial information can be found in the financial statements (unaudited) of the Canadian International Development Agency for fiscal year 2011-2012, in the Reports section. Financial information that is relevant to CIDA can also be found in the Public Accounts of Canada.

Key financial highlights for the 2011-2012 fiscal year are:

In 2011-2012, expenses processed and recorded directly in the field through the Department of Foreign Affairs and International Trade (DFAIT) represented approximately 2% ($80 million) of the Agency's total expenses. Field expenses details are transferred regularly from DFAIT's financial system to CIDA's financial and accounting system (SAP). CIDA will be increasing its field presence over the next few years as part of a decentralization initiative, which is to be implemented by 2014-2015. The decentralization initiative will have an impact on the level of field expenses incurred.

The Agency uses a stand-alone financial system based on the SAP application. This system is critical to its operations and financial reporting.

1.3 Service arrangements relevant to financial statements

CIDA's financial system is currently hosted and supported by Agriculture and Agri-Food Canada and Shared Services Canada (SSC).

The Agency also relies on other organizations to process certain transactions that are recorded in its financial statements:

1.4 Material changes in fiscal year 2011-2012

Changes Impacting Financial Resources

Change in Senior Management

On January 30, 2012, Ms. Greta Bossenmaier was appointed Senior Executive Vice-President of CIDA.

Top of page

2. CIDA's control environment relevant to ICFR

Entity level controls set the tone from the top to help ensure that all levels of staff at CIDA understand the purpose and importance of maintaining risk-based effective internal control systems as well as their roles and responsibilities in support of sound stewardship of public resources and reliable financial reporting.

Key components of entity level controls at CIDA aim to ensure solid governance and effective risk management at the corporate level, as well as the maintenance of other entity level controls to provide effective support to staff by raising awareness and providing appropriate knowledge, skills and tools. The ultimate objective is to manage risks while maintaining a responsive control environment for people at all levels that supports innovation and continuous improvement.

The Agency's main entity level controls currently in place and relevant to ICFR are set out below.

2.1 Key positions, roles and responsibilities

Below are CIDA's key positions and committees with responsibilities to maintain and review the effectiveness of its system of ICFR.

President — The Agency's President, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the President chairs the Departmental Audit Committee and the Management Board and receives advice and recommendations from the members.

Chief Financial Officer (CFO) — The Agency's CFO reports directly to the President and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Managers — CIDA's senior managers in charge of program delivery or corporate branches are responsible to maintain and review the effectiveness of the portions of the system of ICFR falling within their mandate.

Chief Audit Executive (CAE) — Consistent with the Treasury Board PIC, CIDA has a qualified CAE who establishes plans and performs risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the Agency, which are instrumental to the maintenance of an effective system of ICFR.

Audit Committee (AC) — The Audit Committee is an advisory committee that provides objective advice to the President on the Agency's risk management, control and governance frameworks. It is comprised of four external members and one internal member, the Agency's President. As such, the committee reviews the Agency's Corporate Risk Profile and its system of internal control, including the annual assessment and action plans relating to the system of ICFR.

Management Board (MB) — As the Agency's central decision-making body, the Management Board reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control.

2.2 Key measures taken by CIDA

CIDA's control environment includes a series of measures to equip its staff with the ability to manage risks well through raising awareness, providing the appropriate knowledge and the necessary tools to develop such skills. CIDA focuses on the following key control elements:

Top of page

3. Assessment of CIDA's system of ICFR

3.1 Assessment approach

In support of the Policy on Internal Control, an effective system of ICFR must be aligned with the objectives to provide reasonable assurance that:

Over time, this includes assessment of the design and operating effectiveness of the system of ICFR, leading to on-going monitoring and continuous improvement of the Agency's system of ICFR.

Assessing design effectiveness means that key control points are identified, documented, implemented and aligned with the risks they aim to mitigate, weaknesses are identified, and any required remediation is addressed. This includes the mapping of key IT systems, business processes to the main accounts, and other processes by location as applicable.

Assessing operating effectiveness means that the application of key controls has been tested over a defined period, that any weaknesses are identified and that any required remediation is addressed. Such testing covers all departmental control levels, including entity (corporate) level controls, IT general controls and business process controls.

On-going monitoring means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.

3.2 Scope of departmental assessment at CIDA during fiscal year 2011-2012

In support of the implementation of the PIC, the Agency has taken measures to assess its system of ICFR starting from the identification of its main financial statements accounts, business processes and other related processes.

In previous years, 14 processes, including risks and controls relevant to ICFR were documented and entity (corporate) level controls and IT general controls were assessed. In 2011-2012, the Agency continued to document and assess the design effectiveness of its system of ICFR, primarily focussing on the following processes:

In addition, the Agency started gathering information and mapping out the following additional key processes, with the identification and documentation of key risk and control points:

In 2011-2012, CIDA initiated the assessment of the operating effectiveness of its key controls. As at March 31, 2012, assessments were completed for nine processes, as indicated in the CIDA Action Plan Summary at page 11.

Top of page

4. CIDA's assessment results during fiscal year 2011-2012

The more significant findings from the assessments described above are summarized below.

4.1 Design effectiveness of key controls

In 2011-2012, CIDA pursued the assessment of design effectiveness of key controls not already covered in the previous years, as noted in Section 3.2 above. In doing so, the Agency completed the documentation of the key processes and verified whether appropriate controls were in place and corresponded to actual practice.

The existence of relevant and strong financial controls was confirmed through this assessment. The main control objectives pertaining to each process were generally well supported by appropriate control activities.

As a result of these assessments, the Agency has adopted or identified the appropriate measures to address minor weaknesses in the following areas:

Where feasible, remediation requirements were addressed as soon as the necessary adjustments had been identified. Otherwise, management action plans either were or are currently being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up will be performed on each of the remediation measures in 2012-2013 to ensure that they are being implemented as planned.

4.2 Operating effectiveness of key controls

In fiscal year 2011-2012, the operating effectiveness testing of key controls was performed on nine business processes as noted in Section 3.2. The Agency also assessed the operating effectiveness of the key financial controls that are embedded within the expenditures business process at four foreign CIDA offices.

In doing so, the Agency developed risk-based testing plans. Although no significant deficiencies have been identified, the testing results have identified potential improvements that could be made to enhance the operating effectiveness of key controls.

Where feasible, specific remediation requirements were addressed shortly after the necessary adjustments were identified. In other cases, management action plans are being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up will be performed on each of the remediation measures according to a monitoring program that will be established over the next two years.

4.3 On-going monitoring program

A CIDA PIC Implementation Project Plan, including the ongoing monitoring and testing timeline, was updated and presented to the AC in 2011-2012.

In 2011-2012, the Agency developed a draft strategy for the on-going monitoring of financial controls. This document outlines the rationale and the frequency of testing of key financial controls, for each significant process. This draft on-going monitoring program will be refined in the next fiscal years and is planned to be implemented in 2014-2015.

Top of page

5. CIDA's action plan

5.1 Progress as of March 31, 2012

During 2011-2012, the Agency continued to make significant progress in assessing and improving its key financial controls. Below is a summary of the progress made by CIDA.

The Agency completed work in the following areas, as planned in its 2010-2011 plan:

The Agency conducted the following work, which has had an impact on internal controls and provides remedial action in response to the findings of the assessments of design and operating effectiveness as follows — progress status is indicated in (brackets):

5.2 Action plan for the next fiscal year and future years

Building on progress to date, the Agency is well positioned to substantially complete the assessment of the design and operating effectiveness of its system of ICFR in 2013-2014 and will then implement its on-going monitoring program.

In 2012-2013, CIDA plans to:

In 2013-2014, CIDA plans to:

In 2014-2015 and future years, CIDA plans to:

CIDA is fully committed to this action plan. However, attainment of the milestones identified above will be contingent on the Agency being able to maintain its current level of resources to implement the requirements of the PIC. Any major changes to the departmental structure could certainly influence the associated timelines. CIDA will continue to update its action plan on an annual basis.

Top of page

6. CIDA action plan summary

CIDA Action Plan Summary
Elements in action planDocumentation and assessment of design effectiveness of key controlsAssessment of operating effectiveness of key controlsInitial plan for ongoing monitoring of the effectiveness of the system of ICFR
CompletedPlannedCompletedPlannedPlanned to start in year (frequency)
1 In 2010-2011, the Office of the Chief Audit Executive at CIDA performed an internal audit on payroll expenses. The results of the audit were considered as an initial assessment of the operating effectiveness of key controls.
2 Due to changes to Public Sector Accounting Standard 3410 (PS 3410- Government Transfers) effective April 1st, 2012, prepaid expenses will be considerably reduced and consequently the related business process will no longer be considered significant.
3 Due to changes to Public Sector Accounting Standard 3410 (PS 3410- Government Transfers) effective April 1st, 2012, prepaid expenses will be considerably reduced and consequently the related business process will no longer be considered significant.
4 The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.
5 The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.
6 The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.
7 The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.
Transfer payments: multilateral grants approach2010-2011 2011-2012 2013-2014 (2 yrs)
Transfer payments: directive contributions approach2010-2011  2013-20142015-2016 (2 yrs)
Transfer payments: responsive approach 2012-2013 2013-20142015-2016 (2 yrs)
Transfer payments: program-based approach 2012-2013 2013-20142015-2016 (2 yrs)
Salaries and employee benefits2011-2012  Note 12014-2015 (3 yrs)
Professional and special services expenses2010-2011  2012-20132014-2015 (2 yrs)
Gains and losses on foreign exchange2010-2011 2011-2012 2013-2014 (1 yr)
Loans to developing countries and IFIs 2012-2013 2013-20142015-2016 (2 yrs)
Investments and advances to IFIs2010-2011 2011-2012 2014-2015 (3 yrs)
Canada Investment Fund for Africa2010-2011  2012-20132014-2015 (2 yrs)
Prepaid expenses2010-2011  Note 2Note 3
General accounts payable and accrued liabilities2010-2011 2011-2012 2013-2014 (1 yr)
Accrued liability for Matching Funds Program2010-2011  2012-20132015-2016 (3 yrs)
Accrued employee severance benefits2010-2011  2012-20132013-2014 (1 yr)
Contractual obligations2010-2011 2011-2012 2013-2014 (1 yr)
Contingent liabilities2010-2011 2011-2012 2013-2014 (1 yr)
Year-end closing and financial statements preparation2011-2012 2011-2012 2013-2014 (1 yr)
Adjusting journal entries2010-2011 2011-2012 2013-2014 (1 yr)
Interdepartmental settlements2010-2011 2011-2012 2014-2015 (2 yrs)
Budgeting and forecasting 2012-2013 2013-20142015-2016 (3 yrs)
Field expendituresFinancial controls assessments are performed on the field expenditures on a rotational basis
Entity level controls2009-2010 Note 4Note 52012-2013 (5 yrs)
IT general controls2009-2010 Note 6Note 72013-2014 (3 yrs)
Date Modified: