Skip booklet index and go to page content

Unaudited Financial Statements for the period ending March 31, 2013

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2012-2013

Table of Contents


Annex to the Statement of Management Responsibility

1. Introduction

This document is an annex to Environment Canada's (EC) Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2012-2013. This document provides summary information on the measures taken by EC to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management and assessment results and related action plan.

Detailed information on EC's authority, mandate and program activities can be found in the Departmental Performance Report and Report on Plans and Priorities.

2. Environment Canada's System of Internal Control Over Financial Reporting

2.1 Internal Control Management

EC's internal control management (ICM) is governed by an Internal Control Framework and is an integral component of the Financial Management Framework (FMF). ICM includes the following components:

  • governance and accountability structures for internal control management;
  • an integrated ICFR approach and methodology;
  • effective oversight, assessment and remediation mechanisms; and
  • a comprehensive ICFR monitoring program which includes an annual monitoring plan.

EC has invested significant effort into aligning, streamlining and integrating these components essential to effective ICM to ensure continuous progression is made towards a state of maturity that is consistent with the guidance and common practices set by the Office of the Comptroller General of Canada and in accordance with the Policy on Internal Control (PIC).

Internal Control Framework

EC's February 2012 Internal Control Framework, approved by the Chief Financial Officer, provides a structure for internal control practices, and describes the standard approach, context and processes by which internal controls are identified, assessed and monitored. The EC Internal Control Framework addresses:

  • internal control definitions adopted by EC's, that create a common language and contribute to a common understanding of the designed approach;
  • roles and responsibilities, that are aligned with EC's FMF and the Treasury Board's PIC; and
  • an internal control structure and management approach, that depicts the overall approach for internal control identification, documentation and assessment.

Organizational Accountabilities Structure

Through the implementation of its Internal Control Framework, EC has a well established governance and accountability structure which supports departmental assessment efforts and provides an oversight of its system of internal controls. This Framework articulates clear roles and responsibilities which define the organizational accountability structure relating to ICM supporting sound financial management.

Roles and responsibilities as they relate to (ICM) are as follows:

  • Deputy Minister (DM) - EC's DM, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control.
    On August 1, 2012, Bob Hamilton was appointed Deputy Minister of Environment Canada.
  • Chief Financial Officer (CFO) - EC's CFO reports directly to the DM and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICM, inclusive of ICFR. The CFO is also responsible for the annual risk-based assessment of EC internal controls.
  • Senior Departmental Managers (SDMs) - SDMs, who report directly to the DM, are responsible to provide leadership in financial management, internal controls, and financial reporting and disclosure. They are also responsible for seeking the advice and support of the CFO in the development and maintenance of an effective financial management, risk and control framework over programs. Additionally, SDMs must provide the DM with assurance that business processes and appropriate controls are in place to ensure the effectiveness of their organization's financial management and internal control systems to meet the requirements set out in the Statement of Management Responsibility Including Internal Control Over Financial Reporting.
  • Chief Audit Executive (CAE) - The CAE provides independent assurance to the DM regarding the effectiveness of risk management, control and governance processes.
  • External Audit Advisory Committee (EAAC) - The EAAC is an independent external advisory committee that provides advice to the DM on the adequacy and functioning of EC's risk management, control and governance frameworks and processes.
  • Executive Management Committee (EMC) - The EMC is the most senior management committee with oversight responsibilities for the department. The EMC is responsible for monitoring the organization's response to corporate risks and ensuring the effectiveness of risk mitigation measures and that internal controls are in place to address key corporate risks. A new governance model for EC came into effect on February 1, 2012.
  • Corporate Accountability and Administrative Renewal (CAAR):
    • ADM Steering Committee – Reporting to the DM, this CAAR Steering Committee supports policy renewal functions including the responsibility for the remediation of deficiencies in EC’s financial management, controls and processes to support officers accountable in the execution of their financial accountabilities. The ADM Steering Committee membership is comprised of most EC’s SDMs.
    • DG Business Transformation Committee - Providing guidance to the CAAR ADM Steering Committee with the same mandate. The DG Business Transformation Board is comprised of the DGs representing most branches of the department and has Regional DG representation.
  • Quality and Business Process Management Division (QBPM) - The QBPM Division functions as the centre of expertise for ICM, inclusive of the assessment of the effectiveness of ICFR, the guardian of business process documentation and is a key advisor with regards to process and controls enhancement.
  • Quality Assurance (QA) Unit - The QA Unit is responsible for the implementation of the 2012 National Framework of Quality Assurance on Account Verification, monitoring key financial transactions and account verification controls, and informs QBPM on the status of these controls.

Governance and Oversight Measures

EC's control environment includes a series of measures which help ensure that risks are effectively managed through a responsible and risk-based approach.

Key measures include:

  • the August 1, 2012 implementation of the new EC Values and Ethics Code that is aligned with the Values and Ethics Code for the Public Sector and lays out the values and expected behaviours that will guide EC employees in their daily work;
  • an Integrated Risk Management Framework and multi-year Corporate Risk Profile that proactively manages potential risks that programs may face. Through ongoing monitoring, timely mitigations actions are implemented to adjust the department's resources or program objectives when risks materialize;
  • a comprehensive review of the Delegation of Financial Signing Authorities and Designation Order Instrument was undertaken in 2012-2013. The results of this review will be implemented in 2013-2014 with planned annual reviews thereafter;
  • annual Performance Management Agreements for SDMs that assess accountabilities and financial management responsibilities;
  • a Public Accounts Letter of Representation signed by SDMs confirming that the respective organization had maintained a system of financial management; and
  • training programs and regular communication to departmental employees on core areas of financial management and financial policies.

ICM Monitoring Program

EC's ICM Monitoring Program provides a description of the approach and methodology to ensure that ICM activities, including monitoring of its system of ICFR, align with the PIC. This Program describes in detail EC's ongoing system of testing, remediation, and monitoring of its internal controls to ensure key controls are working as intended. The Program is based on internal control assessment best practices and references and supports Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information and Related Technology (COBIT) standards.

The key components of the ICM Monitoring Program include:

  • an enhanced annual risk-based assessment based on a combination of quantitative and qualitative elements;
  • an annual controls assessment plan which includes documentation, design and operating effectiveness testing, remediation and monitoring plans;
  • comprehensive remediation monitoring activities that systematically address required adjustments stemming from assessments;
  • the requirements for reporting to TBS, EC's EAAC and ADM CAAR Steering Committee and the DG Business Transformation Board regarding ICM, inclusive of ICFR;
  • QBPM collaboration with multi-disciplinary areas of responsibility across EC, namely with the Finance Branch QA Unit and the Audit and Evaluation Branch, for the risk-based assessment and monitoring of all key control elements; and
  • stakeholder engagement and horizontal/cross functional integration to provide a coordinated approach to monitoring the effectiveness of EC's ICM.


2.2 Service Arrangements Relevant to financial statements

EC relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common Arrangements

  • Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and expenditures, and the procurement of goods and services, as per EC's Delegation of Authority and provides accommodation services;
  • The Treasury Board Secretariat provides EC with information used to calculate some accruals and allowances, such as the accrued severance liability;
  • The Department of Justice provides legal services to EC; and
  • Shared Services Canada (SSC) provides IT infrastructure services to EC in the areas of telecommunications, data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between SSC and EC.

Specific Arrangements

EC has no specific arrangements in place at this time.

3. Departmental Assessment Results During Fiscal Year 2012-2013

During 2012-2013, EC completed all of its planned design effectiveness testing and its operating effectiveness testing of key control areas expected for the year and made substantial advancement in additional control areas to ensure key controls are working as intended. Ongoing monitoring was implemented as planned.

3.1 Design Effectiveness of Key Controls

Work Completed as Expected and Planned:

In 2012-2013, EC completed the design effectiveness testing of the following key control areas:

  • Entity Level Controls (ELCs);
  • Information Technology General Controls (ITGCs); and
  • The following Key Business Processes:
    • Pay Administration;
    • Manage Grants and Contributions;
    • Manage Financial Close (period end and year end); and
    • Manage Inventory.
  • The following Key Business Processes were completed in the National Capital Region and were substantially advanced in the design effectiveness testing in the regions:
    • Manage Other Capital Assets; and
    • Manage Real Property.

Additional Work Completed:

In addition to the planned work, EC also substantially advanced design effectiveness testing of:

  • Manage Procure to Payment (Procurement).

Remediation Actions:

As a result of design effectiveness testing, EC identified and is undertaking the following design effectiveness remediation actions. According to the management action plans, a significant level of work was expected to be completed in the first quarter of 2013-14:

  • ensure greater consistency in the retention of supporting documentation of controls within processes;
  • make updates to policies and associated roles and responsibilities;
  • implement improvements in documenting and standardizing processes and procedures;
  • strengthen and implement standardized key controls for the management of inventory;
  • develop processes and procedures for periodic asset counts and complete an asset count; and
  • introduce risk-based post payment verification and reconciliation of systems for Pay Administration.

3.2 Operating Effectiveness of Key Controls

Work Completed as Expected and Planned:

In 2012-2013, EC completed operating effectiveness testing and remediation actions of its ELCs and ITGCs.

Additional Work Completed:

EC substantially advanced operating effectiveness testing of Manage Procure to Payment (Finance).

Remediation Actions:

As a result of the operating effectiveness testing, EC identified and undertook the following operating effectiveness remediation actions. According to the management action plan, a significant level of work was expected to be completed by the first quarter of 2013-14:

  • assessed the adoption of the new governance structure and the controls used in the file management process;
  • ensured fraud risk assessment was considered within the Corporate Risk Profile and Operating Risk assessment and conducted a Fraud Risk Assessment;
  • clarified the financial policy function and its associated roles and responsibilities; and
  • continued to reinforce communications regarding ICFR throughout the EC.

3.3 Ongoing Monitoring of Key Controls

In 2012-2013 EC has improved the application of ongoing monitoring of key ICFR controls by formalizing the approach and methodology used for the EC Monitoring Program for ICM and the associated Annual Monitoring Plan. The work completed in 2012-2013 established the foundation for EC's action plan to implement ongoing monitoring assessments beginning in 2013-2014. Stakeholder engagement was actively sought in 2012-2013 to ensure a common understanding and commitment to strengthen ICFR monitoring.

The Annual Monitoring Plan has the following key elements:

  • internal control systems will be monitored in order to assess the quality of the system's performance over time. This is accomplished through various monitoring activities, separate evaluations or a combination of the two with various parties/partners. More importantly, monitoring occurs in the regular course of operations and not in isolation;
  • key elements are data, information and reporting, which are foundational to effective monitoring. Following the direction of the EC Monitoring Program, the annual monitoring plan will identify the types of information that will be required periodically and regularly to support a sustainable monitoring program; and
  • EC has developed its control assessment plan and has begun its ongoing monitoring. EC continues to produce a quarterly ICFR dashboard report to Senior Management and is also in the process of launching its quarterly ICFR status reporting on the management actions and remediation plans.

4. Environment Canada’s ICFR Action Plan

4.1 Progress During Fiscal Year 2012-2013

During 2012-2013, EC continued to make significant progress in completing the assessment of its key controls and met all of the expectations that were set in its action plan for the year in the 2011-2012 annex. Table 1 provides a summary of the progress made by EC based on the plans identified in the 2011-2012 annex.

Table 1 - Work Completed in 2012-2013 Based on Action Plan in 2011-2012 Annex
Element in previous year’s (2011-2012) action plan 1Updated Status at March 31, 2013
ELC - Complete design and operating effectiveness testing.Design and operating effectiveness testing completed.
ITGC - Complete design effectiveness testing of security, business continuity planning and access ITGCs.Design and operating effectiveness testing completed.
Procure to Payment, Pay Administration, Capital Assets, Inventory, Transfer Payments, and Financial Close - Complete design and operating effectiveness testing and implement remediation action plans.Design effectiveness testing completed for Procure to Payment (Finance) Pay Administration (Finance), Capital Assets (NCR), Inventory, Grants and Contributions, and Financial Close. Operating effectiveness testing completed for Financial Close
Capital Assets - Conduct capital asset count and valuation and remediate valuation discrepancies.Capital asset count was performed at 75% of the net book value as at March 31, 2013. Capital Asset valuation and remediation of identified valuation discrepancies is underway and expected to be completed in 2013-2014
Capital Assets –Business Processes Complete development and update detailed policies,and roles and responsibilities based upon the Office of the Comptroller General Common Financial Management Business Process for Fixed Assets.Capital Assets Policy, associated policies, procedures and roles and responsibilities are in final draft form.
Improve and enforce compliance with the common Financial Management Business Processes (FM-BP), Common Enterprise Data Initiative (CEDI) and Financial Management System Configuration (FM-SC) set forth by the OCG.In 2012-2013, EC has improved compliance and continued assessments to ensure continuous improvement with regards to the following OCG requirements:
• FM-BP - Through assessments completed as per Table 2.
• CEDI and FM-SC - EC has demonstrated its progress through the production of its annual Departmental Financial Management Systems (DFMS) Operational Plan prepared in accordance with MAF AoM7 requirements and submitted to the TBS-OCG in November 2012; and through its regular attendance and participation at the Oracle Cluster Group meetings.
Continue the monitoring program to ensure internal controls over financial reporting are maintained and that changes to business processes are documented on a timely basis and internal controls are assessed during 2012-2013, 2013-2014 and beyond.EC has begun its ongoing monitoring; developed its controls assessment plan and is in the process of producing its quarterly reporting on the status of ongoing monitoring and its quarterly dashboard regarding the status of the assessment of EC’s system of ICFR.
Update the Departmental Financial Management Systems (DFMS) Operational Plan.The CFO approved EC’s DFMS annual operational plan, which was prepared in accordance with AoM 7 MAF requirements and submitted to TBS-OCG in November 2012.


1 Business process naming conventions used in 2011-12 were subsequently updated in 2012-2013 to adopt a common lexicon in accordance with standards from the Office of the Comptroller General for Common Financial Management Business Processes. (e.g. Inventory is now referred to as Manage Inventory).

4.2 Status and Action plan for Fiscal Year 2013-2014 and Subsequent Years

Under the Policy on Internal Control, departments need to be able to maintain an effective system of ICFR with the objectives to provide reasonable assurances that a) transactions are appropriately authorized, b) financial records are properly maintained, c) assets are safeguarded and d) applicable laws, regulations and policies are followed.

Building on progress made to date on previously established plans, EC is now positioned to complete documentation, design effectiveness testing, and remediation activities for most business processes by the end of 2013-2014 and operating effectiveness testing is expected to be completed by the end of 2014-2015. This will ensure that EC has in place an ongoing system for testing internal controls to ensure key controls are working as intended, as described in the EC Monitoring Program (section 2.1 of this Annex).

In 2013-2014, EC will begin to apply its rotational ongoing monitoring plan by using a risk-based approach to reassess control effectiveness across all key control areas. Ongoing monitoring in 2013-2014 will include the implementation of the EC Annual Monitoring Plan for ICM that details the planned monitoring activities including the launch of the quarterly monitoring and reporting to the CFO on the status of management remediation actions and plans.

It should be noted that the activities planned in 2013-2014 and beyond will need to be considered in the context of: limitations on further investments in the current Oracle system; strategy to a hosted partnership for the implementation of SAP; and other emerging departmental priorities resulting from Government-wide initiatives. These influences may impact EC's action plan for the full assessment of EC's system of ICFR. This work will continue to focus on standardizing, streamlining and integrating business processes to support the transition to a new DFMS and alignment with both the Government of Canada's general direction and the Common Financial Management -Business Processes (FM-BPs).

Given the planned transition to SAP scheduled for April 2015, EC will undertake the design effectiveness assessments of affected FM-BPs and associated controls during the SAP implementation. Once SAP has been implemented and EC formally declares completion of the stabilization phase, which is expected to take six to nine months, EC will resume operating effectiveness testing of these FM-BPs impacted by this project. This operating effectiveness testing and subsequent ongoing monitoring will begin thereafter using a risk-based approach.

The status and action plan for the completion of the identified control areas for fiscal year 2013-2014 and two subsequent years is shown in Table 2.

Table 2 - ICM Three Year Controls Assessment Plan for 2013-2014 to 2015-2016*
Key Control AreasAssessment elements
DocumentationDesign EffectivenessOperating EffectivenessOngoing monitoring rotation
Entity Level ControlsCompleteCompleteCompleteCompleteComplete2013-14
Information Technology General Controls (ITGCs)CompleteCompleteCompleteCompleteComplete2013-14
Procure to Payment - Manage CommitmentsComplete2013-142013-142014-152014-152015-16
Procure to Payment - FinanceCompleteCompleteComplete2013-142013-142014-15
Procure to Payment - ProcurementComplete2013-142013-142014-152014-152015-16
Manage Financial CloseCompleteComplete2013-14Complete2013-142014-15
Manage Other Capital Assets2013-142013-142013-142016-172016-172016-17
Manage Real Property2013-142013-142013-142016-172016-172016-17
Manage InventoryCompleteComplete2013-142016-172016-172016-17
Manage TravelCompleteComplete2013-14Complete2013-142013-14
Pay AdministrationCompleteComplete2013-142014-152014-152014-15
Manage Grants and Contributions – Transfer Payments*CompleteComplete2013-142016-172016-172016-17
Manage Distribution and Maintenance of Acquisition Cards*CompleteComplete2013-142016-172016-172016-17
Manage Other Payments*2014-152014-152014-152016-172016-172016-17
Manage Vendor Master Data File*2014-152014-152014-152016-172016-172016-17
Manage Customer Master Data File*2014-152014-152014-152016-172016-172016-17
Manage Revenue, Receivables and Receipts*2014-152014-152014-152016-172016-172016-17
Manage Interdepartmental Settlements*2014-152014-152014-152016-172016-172016-17
Manage Planning and Budgeting*2014-152014-152014-152016-172016-172016-17
Manage Forecasting and budget Review*2014-152014-152014-152016-172016-172016-17
Manage Collection of Overdue Receivables*2014-152014-152014-152016-172016-172016-17
Manage Departmental Chart of Accounts*2014-152014-152014-152016-172016-172016-17
Manage Delegation of Financial and Spending Authorities*2014-152014-152014-152016-172016-172016-17
Manage Post Payment Verification*2014-152014-152014-152016-172016-172016-17
Environmental Liabilities*2014-152014-152014-152016-172016-172016-17
*Note: Certain common financial management business processes will be significantly impacted by EC’s planned DFMS renewal. Assessments of these common financial management business processes will be determined using a risk-based approach once EC formally declares completion of the stabilization phase of SAP implementation


In completing the action plan as presented, EC will ensure a timely progression is made towards a mature system of ICM that provides the Government and Canadians with assurance regarding the reliability of its financial reporting contained within departmental financial statements and Public Accounts. This progression reflects EC's commitment to continue to make progress towards more robust and auditable financial statements.

Page 7
Date modified: