Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting (unaudited)

Note to the reader

With the Treasury Board Policy on Internal Control, effective April 1, 2009, organizations are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, organizations are expected to conduct annual assessments of their system of ICFR, establish an action plan to address any necessary adjustments, and to attach to their Statement of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

• Transactions are appropriately authorized;
• Financial records are properly maintained;
• Assets are safeguarded from risks such as waste, abuse, loss, fraud and/or mismanagement; and
• Applicable laws, regulations and policies are complied with.

It is important to note that the system of ICFR is not designed to eliminate all risks, rather to mitigate risk to a reasonable level with controls that are balanced and proportionate to the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, to assess the effectiveness of associated key controls and adjust as required, as well as to monitor the system in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.

1.1 Authority, mandate and program activities

Detailed information on OCOL's authority, mandate and program activities can be found in the Departmental Performance Report and Report on Plans and Priorities produced annually.

1.2 Financial highlights

OCOL's audited financial statements for the fiscal year ended March 31, 2012 can be found within the Departmental Performance Report. Financial information can also be found in the Public Accounts of Canada. The financial statements have been audited by the Office of the Auditor General since fiscal year 2003–04 and have always received a clean audit opinion.

Below is key financial information for fiscal year 2011–12:

• Total expenses were $24.5M. Salaries and employee benefits, excluding employee insurance plan costs, account for the majority of expenses (66% or $16.2M for 161 employees). The costs of accommodation ($1.8M) and employee insurance plans ($1.3M) are services provided without charge. The remaining expenses (21% or $5.2M) are for professional services, travel, communication, amortization of tangible capital assets and other operating expenses.
• Tangible capital assets comprise 99% or $0.788M, of OCOL's total non-financial assets of $0.795M. Financial assets are composed mostly of an amount due from the Consolidated Revenue Fund of $1.664M.
• Accounts payable and accrued liabilities comprise over 45% or $1.8M of total liabilities ($4.1M). The remaining is comprised of employee future benefits (37%) and vacation pay and compensatory leave (18%).
• OCOL's head office is in Ottawa with five regional offices across Canada. The finance and accounting function is centralized in Ottawa.
• OCOL has information systems that are critical to its operations and financial reporting, such as the financial system CDFS.

1.3 Service arrangements relevant to financial statements

OCOL relies on other organizations for the processing of certain transactions that are recorded in its financial statements:

• Public Works and Government Services Canada centrally administers the payment of salaries as well as the payment of invoices to suppliers through the Standard Payment System. It also provides the costs of accommodation for inclusion in the financial statements as "Common services provided without charge".
• The Treasury Board of Canada Secretariat provides financial information related to the contributions to employee benefit plans and to the health and dental insurance plans.
• The Office of the Auditor General provides audit services to OCOL.

1.4 Material changes in fiscal year 2011–12

The OCOL's financial statements have been prepared in accordance with the revised Treasury Board Accounting Standard 1.2, which is based on Canadian generally accepted accounting principles for the public sector. The financial statement presentation has changed in 2011–12 to include a net debt indicator on the Statement of Financial Position and a Statement of Changes in Net Debt. No other significant changes relevant to the financial statements occurred in 2011–12.

2.1 Key positions, roles and responsibilities

Below are OCOL's key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Commissioner – The Commissioner of Official Languages, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, he chairs the Audit and Evaluation Committee and the Executive Committee.

Chief Financial Officer (CFO) – The CFO reports directly to the Commissioner and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment. Falling under the CFO responsibilities is also the management of the Corporate Risk Profile of the organization.

Senior Managers – OCOL's senior managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their mandate.

Chief Audit Executive (CAE) – Given the small size of the organization, the CFO acts as Chief Audit Executive and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR. The independence of the CAE and the integrity of the internal audit function are ensured through the following mechanisms:

• Contracted audit professionals are engaged to audit OCOL programs, management processes, and practices. Auditors are provided with access to all records, databases, workplaces, and employees, and can obtain information and explanations from employees and contractors.
• The annual risk-based audit plan is approved by the Commissioner based on the recommendation of the independent Audit and Evaluation Committee (AEC).
• A direct reporting line is established between the contracted audit professionals and both the Commissioner and the AEC, ensuring independence, especially for audits which are conducted in the area of Corporate Management, which is managed by the CFO/CAE. The auditors present their audit findings directly to the Commissioner and the AEC, and are not required to go through the CFO/CAE when audit findings relate to Corporate Management and all other areas for which this position has responsibility.
• The OAG representative has the privilege to attend in camera AEC meetings and discuss any potential issues.

Audit and Evaluation Committee (AEC) – The AEC is an advisory committee that provides objective views on the OCOL's risk management, control and governance frameworks. It is comprised of the Commissioner and two external members. As such, the AEC reviews OCOL's Report on Plans and Priorities, Departmental Performance Report, Strategic Plan and related Operational Plans. It reviews and monitors OCOL's Corporate Risk Profile and provides oversight on OCOL's system of internal control, including the assessment and action plans relating to the system of ICFR. It also makes recommendations to the Commissioner on continuous improvement on ICFR.

Executive Committee (EXCOM) – As the organization's central decision-making body, the EXCOM reviews and approves the Corporate Risk Profile and the system of internal control, including the assessment and action plans relating to the system of ICFR.

2.2 Key measures taken by OCOL

OCOL's control environment includes a series of measures to equip staff to manage risks well by raising awareness, providing appropriate knowledge and tools as well as developing skills. Key measures taken include:

• The governance structure and strategic direction are established through EXCOM and supported by the sectorial management committees and by the Audit and Evaluation Committee.
• The Corporate Risk Profile is updated annually and mitigation strategies are monitored every six months.
• OCOL has developed a Code of Conduct designed to uphold OCOL's core values.
• Staff in key financial management positions hold accounting designations.
• The financial delegation instrument is updated regularly.
• The annual risk-based internal audit plan is updated annually.
• All OCOL policies and procedures are available to staff, training sessions are offered on core areas of financial management and orientation sessions for new employees are organized.
• Financial delegations are only given as managers successfully complete the mandatory Authority Delegation Training.
• Secure financial processing systems, with access limited to appropriate staff, are in place to ensure the integrity of financial data and processing of transactions.

3.1 Assessment baseline

OCOL maintains an effective system of ICFR with the objectives to provide reasonable assurance that:

• transactions are appropriately authorized;
• financial records are properly maintained;
• assets are safeguarded from risks such as waste, abuse, loss, fraud, and/or mismanagement; and
• applicable laws, regulations and policies are complied with.

As part of the requirements of the Treasury Board's Policy on Internal Control, OCOL is to assess both the design and operating effectiveness of key controls over financial reporting and ensure the on-going monitoring and continuous improvement of OCOL's system of ICFR.

Design effectiveness is the assurance that key control points are in place and that they are identified, documented, and aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate). This includes the mapping of key processes to the main accounts.

Operating effectiveness means that key controls have been tested over a defined period and that any remediation is addressed.

On-going monitoring means that a systematic integrated approach to monitoring is in place, including periodic risk-based assessment and timely remediation.

3.2 Assessment method

OCOL has taken measures to assess its system of ICFR starting by documenting and reviewing significant financial processes and controls in place during 2010–11. The following financial processes were documented and reviewed:

• Salary expenditures
• Procurement and supplier payments
• Delegation of financial authority and signature authentication
• Hospitality expenses
• Business travel credit cards and travel expenses
• Travel by non-public servants
• Asset management

The preparation of the internal controls documentation consisted of conducting interviews and walking through OCOL's financial processes with various stakeholders. Narrative descriptions and flowcharts of individual processes were prepared, and compared with OCOL and TB policy and directive requirements. The review was conducted during the months of February and March 2011. For each control documented, the following activities were conducted:

• Reviewed pertinent OCOL documentation.
• Reviewed pertinent TB policies and directives.
• Interviewed managers and officers as appropriate.
• Prepared draft narrative descriptions of internal controls.
• Submitted these draft narrative descriptions to OCOL personnel for review of accuracy.
• Finalized the narrative descriptions of internal controls.
• Prepared process flowcharts.
• Compared existing process controls with TB and OCOL's policies and directives.
• Discussed observations and recommendations with the Chief Financial Officer.

Financial records or specific transactions were not tested or reviewed to assess the effectiveness of controls in place. Recommendations resulting from the review process were intended to further strengthen stewardship and accountability over processes, and were based on the information obtained from OCOL, and discussions with OCOL's personnel, and professional judgment.

4.1 Design effectiveness

When completing design effectiveness testing, it was found that most key financial controls were in place. However, opportunities for improvement were identified in the area of salary expense review, approval and forecasting as well as material management. OCOL's financial processes are integrated with Government of Canada common financial systems; financial controls and directives are aligned with TB policies and directives.

The recommendations took into account OCOL's size and available resources. Due to the size of the organization, it is difficult to have a high level of segregation of duties; however, this limited control can be mitigated by rigorous oversight, monitoring and thorough documentation. The objective was to strengthen the effectiveness of the controls while recognizing the capacity and resources of the organization. Management response action plans were prepared and implemented.

4.2 Operating effectiveness

Operational effectiveness has not been tested internally. As part of the audit of the financial statements, the Office of the Auditor General was provided the process flowcharts and performed their own testing. OCOL considered the results of this audit, as well as the results of the review of the design effectiveness of the key controls performed previously and decided to initiate the testing of operating effectiveness in 2012–13.

5.1 Progress as of March 31, 2012

During 2011–12, OCOL continued to strengthen its key controls. The following is a summary and status of a number of initiatives undertaken to address observations from the previous year ICFR assessment, 2010–11.

• A Material Management Policy is near completion. This policy will clarify among other things the roles and responsibilities and processes related to the management of assets and other material, including the coordination of the material management process, the maintenance of records, and the custody and safeguard of assets.
• The Instrument of Delegation of Financial Authorities was modified to reflect recent changes to TB policy instruments.
• A new process was documented in order to obtain from managers certification under section 34 of the Financial Administration Act of their salary expenditures on a monthly basis. Training sessions were offered and the new process will be implemented at the beginning of fiscal year 2012–13.
• Key month-end and year-end accounting processes and procedures are being formally documented.

5.2 Action plan for future years

As an Agent of Parliament, the Commissioner of Official Languages is solely responsible for OCOL's compliance with the Policy of Internal Control and other TB policy instruments and for responding to any instance of non-compliance. Therefore, the Commissioner and senior managers are committed to sustaining and continuously improving its effective system of ICFR, including carrying out ongoing monitoring to ensure that the key controls meet the expectations of management and stakeholders, and appropriately mitigate associated risks.

In 2012–13, OCOL will:

• Increase the capitalization threshold to reflect practices in other Government departments of similar size, and to minimize the work associated with tracking capital assets and amortization for small items.
• Prepare instructions on physical counts procedures and conduct physical inventory counts.
• Improve the expertise provided to managers in the area of procurement contracting through a shared service agreement.
• Perform testing of key controls with particular focus on the procurement of goods and services.

In 2013–14, OCOL plans to:

• Review its control environment relevant to ICFR, which includes improving the documentation and testing of identified key controls, such as updating flowcharts that will compliment and simplify the understanding of the narrative descriptions.
• Develop and establish a formal process of continuous monitoring of ICFR. This may include putting cycles on a rotational review, with an in-depth review of one cycle being performed annually and walkthroughs of the other cycles being done during the same year.
• Follow up on progress made in any areas identified for improvement in previous years.

Finally, the Commissioner and senior managers will be making themselves available to parliamentary committees that may wish to discuss the system of internal control at OCOL or for Agents of Parliament in general.