Financial Statements for the year ended March 31, 2010

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting Fiscal year 2009–2010

Note to the Reader

With the new Treasury Board Policy on Internal Control, departments have been required, since April 1, 2009, to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and attach to their Statement of Management Responsibility a summary of their assessment results and action plan.

An effective system of ICFR aims to achieve reliable financial statements and to provide assurance that:

  • transactions are appropriately authorized;
  • financial records are properly maintained;
  • assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
  • applicable laws, regulations and policies are complied with.

It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The maintenance of an effective system of ICFR is an ongoing process designed to identify and prioritize risks and the controls to mitigate them, as well as to monitor its performance in support of continuous improvement. As a result, the scope, pace and status of departmental assessments of the effectiveness of their system of ICFR will vary from one organization to the other depending on the risks and taking into account their unique circumstances.

Table of Contents

  1. Introduction
  2. Citizenship and Immigration Canada’s Control Environment Relevant to ICFR
  3. Assessment of Citizenship and Immigration Canada’s System of ICFR
  4. Citizenship and Immigration Canada’s Assessment Results
  5. Citizenship and Immigration Canada’s Action Plan

1. Introduction

This document is an annex to the Citizenship and Immigration Canada (CIC) Statement of Management Responsibility, Including Internal Control over Financial Reporting for fiscal year 2009–2010. As required by the Treasury Board Policy on Internal Control, effective April 1, 2009, and for the first time, CIC has been required to provide summary information on the measures it took to maintain an effective system of internal control over financial reporting (ICFR). In particular, this document provides summary information on the assessments conducted by CIC as at March 31, 2010, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Department.

It is important to note that the system of ICFR is not designed to eliminate every possible risk, but rather to mitigate risk to a reasonable level with financial controls that are balanced with and proportionate to the risks they aim to mitigate. The maintenance of an effective system of ICFR is an ongoing process designed to identify and prioritize risks and the financial controls to mitigate those risks, as well as to monitor its performance in support of continuous improvement.

1.1 Authority, Mandate and Program Activities

CIC is responsible for the administration of the Immigration and Refugee Protection Act, the Citizenship Act and the Canadian Multiculturalism Act. Detailed information on CIC’s authority, mandate and program activities can be found in the Departmental Performance Report and Report on Plans and Priorities.

1.2 Financial Highlights

Below is key financial information for fiscal year 2009–2010. More information can be found in the CIC financial statements (unaudited) for the fiscal year ended March 31, 2010.  Information can also be found in the Public Accounts of Canada.

  • The total expenses were $1.8 billion. Transfer payments comprise the majority of the expenses (52%, or $932 million) followed by employee costs, which include salaries and benefits (31%, or $564 million).
  • The total revenues were $466 million from services under the Immigration and Refugee Protection Act and the Citizenship Act.
  • The tangible capital assets comprise 70% ($181 million) of the total departmental assets ($257 million). Deferred revenues comprise over 53% ($394 million) of total liabilities ($745 million).
  • CIC has an important international presence for the delivery of immigration services to immigrants, visitors and refugees. In 2009–2010, $164 million in services provided without charge was reported as being spent on the Department’s behalf by the Department of Foreign Affairs and International Trade (DFAIT).
  • Across Canada, CIC has also a strong regional presence responsible for the delivery of citizenship, immigration and multiculturalism programs and services.
  • CIC has a significant number of information systems that are critical to its operations and financial services, such as the Global Case Management System (GCMS), Field Operations Support System (FOSS), Computer-Assisted Immigration Processing System (CAIPS), Integrated Financial and Material System (IFMS/SAP), Handling of Public Money (HPM) system and PeopleSoft Human Resources Management System (PSHRMS).

1.3 Service Arrangements Relevant to Financial Statements

CIC relies on other organizations for the processing of certain transactions that are recorded in its financial statements.

  • DFAIT provides common administrative services and support to the immigration programs, governed under a memorandum of understanding. Common administrative services include accommodations and telecommunications, and program support includes Canada-based officers and locally engaged staff in missions abroad. In addition, DFAIT records all expenses and collects and remits revenues incurred abroad on behalf of CIC.
  • Public Works and Government Services Canada (PWGSC) centrally administers the payment of salaries and provides cheque-issuing services, as well as accommodations on behalf of CIC.
  • The Department of Justice provides legal services to the Department.
  • The Treasury Board Secretariat provides the Department with information to calculate various accruals and allowances, such as for severance liability and the Employee Benefit Plan (EBP), and pays the employer’s contribution to the health and dental insurance plans.
  • Funds Administrative Service Inc. (FAS Benefit) provides claims administration for the Interim Federal Health Program (IFHP). This program provides emergency and essential health-care coverage to eligible clients, such as refugees who do not qualify for provincial, territorial or private health coverage. FAS Benefit administers the payments made to the service providers on behalf of the Department for medically necessary services provided to eligible beneficiaries.

1.4 Material Changes in Fiscal Year 2009–2010

Material changes in fiscal year 2009–2010 resulted from the transfer of the Multiculturalism Program from Canadian Heritage to CIC in late 2008, of which the financial information is reflected in CIC’s financial statements starting in 2009–2010. In addition, the comparative financial statements presented for the year ended March 31, 2009 have been restated, as a result of adjustments to the value of tangible capital assets pertaining to prior fiscal years, due to a change in scope of the in-house developed software project.

2. Citizenship and Immigration Canada’s Control Environment Relevant to IFCR

CIC’s senior leadership ensures that staff at all levels understand their roles in maintaining an effective system of ICFR and is well equipped to exercise these responsibilities effectively. CIC’s focus is to ensure that risks are managed well through a responsive, risk-based control environment that enables ongoing improvement and innovation.

Below are CIC’s key positions and committees with responsibility for maintaining and reviewing the effectiveness of its system of ICFR.

Deputy Minister: CIC’s Deputy Head, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Head chairs the Departmental Audit Committee and the Executive Committee.

Chief Financial Officer (CFO): CIC’s CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Departmental Managers: CIC’s senior departmental managers in charge of program delivery are responsible for maintaining and reviewing the effectiveness of the system of ICFR falling within their authority.

Chief Audit Executive (CAE): CIC’s CAE reports directly to the Deputy Minister and provides assurance through periodic audits that are instrumental to the maintenance of an effective system of ICFR.

Departmental Audit Committee (DAC): The DAC is an advisory committee that provides objective views on the Department’s risk management, control and governance frameworks. Established in 2009, the DAC is composed of three members, including two external independent members. It reviews CIC’s Corporate Risk Profile and its system of internal control, including the assessment and action plans related to the system of ICFR.

Executive Committee (EXCOM): As CIC’s central decision-making body, EXCOM reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control, including the assessment and action plans related to the system of ICFR. EXCOM is supported by the following committees: (1) the Policy Committee, which has the role of policy development; (2) the Business Operations Committee (BOC), which oversees the innovation agenda and operational delivery; and (3) the Management Accountability Committee (MAC), which focuses on a strategic agenda to strengthen departmental accountability.

Departmental Management Committee (DMC): The DMC is a regular information-sharing forum for senior managers to connect on key business and management developments and Committee activities.

In addition, there are a number of working committees that are organized to inform and advise senior management on key segments of the Department’s business.

CIC’s control environment also includes a series of measures to equip its staff to manage risks well by raising awareness, providing appropriate knowledge and tools, and developing skills. Key measures include:

  • the Office of Conflict Resolution under the Deputy Minister;
  • the departmental Code of Conduct supported by the Deputy Minister as Values and Ethics champion;
  • the dedicated financial policies and internal controls division, reporting to the Deputy CFO, established in January 2010 with responsibility to expand the departmental monitoring program. First established in 2007, the monitoring program developed a bi-annual plan that was approved by senior management and the CFO. The plan’s objective was to provide assurance and assess the compliance of the financial activities with the policies and directives and ensure that the Department had the capacity to sustain a financial audit;
  • annual performance agreements with financial management responsibilities clearly set out for all executives;
  • training programs and communications in core areas of financial management;
  • departmental policies tailored to CIC’s control environment;
  • periodically updated delegated authorities matrix;
  • documentation of main business processes and related key risk and control points to support management and oversight of its system of ICFR;
  • secure financial and program-related information technology processing systems to achieve greater security, integrity, efficiency and effectiveness; and
  • internal client service standards for the Department.

In addition to the annual Departmental Performance Report, since 2009–2010, every sector has been reporting on its results as part of the internal quarterly reporting exercise for senior management.

3. Assessment of Citizenship and Immigration Canada’s System of ICFR

3.1 Assessment Baseline

In 2004, the Government of Canada undertook an initiative to determine the ability of departments to sustain control-based audits of their financial statements, thus relying on well-functioning internal financial controls. As a result, beginning in 2006, the largest departments, including CIC, have been formalizing their approach to managing their systems of ICFR, including readiness assessment and action plans.

Whether it is to support control-based audits or meet the requirements of the Policy on Internal Control, in both cases, departments need to be able to maintain an effective system of ICFR to provide reasonable assurance that:

  • transactions are appropriately authorized;
  • financial records are properly maintained;
  • assets are safeguarded; and
  • applicable laws, regulations and policies are complied with.

To do so, departments are expected to assess the design and operating effectiveness of their system of ICFR as well as have in place an ongoing monitoring program to sustain and continuously improve their departmental system of ICFR:

  • Design effectiveness means to ensure that key financial control points are identified, documented and in place, that they are aligned with the risks they aim to mitigate and that any remediation is addressed. This includes the mapping of key processes and their applicable IT application systems by location.
  • Operating effectiveness means that key financial controls have been tested over a defined period and that any remediation is addressed.
  • Ongoing monitoring program means that a systematic integrated approach to monitoring is in place, including periodic risk-based assessments and timely remediation.

3.2 Approach to CIC’s Assessment

In 2006, CIC, with the assistance of an independent external consulting firm, conducted an audit readiness assessment which also assessed the control basis of its financial statements. In doing so, it identified 12 processes that were key to its system of ICFR:

  • entity level controls;
  • general computer controls;
  • network support;
  • operating expenses;
  • grants and contributions;
  • capital assets;
  • immigrant investors program;
  • inventory;
  • revenues;
  • payroll and benefits;
  • immigration loans program; and
  • financial closing and reporting.

The completion of the assessment of the design effectiveness of the key controls of these processes will be followed by the validation and testing of the operating effectiveness of internal controls over financial reporting across the Department.

In terms of the overall approach, a process map was developed and documented for each business process and key financial controls and weaknesses were identified. A remedial action plan was then formulated to satisfy the requirements of the system of ICFR, taking into consideration the departmental risk assessment.

4. Citizenship and Immigration Canada’s Assessment Results

4.1 Design Effectiveness of Key Controls

In assessing its key business processes and their key controls, CIC updated its process documentation and validated the key processes with business owners. It verified that the documented processes corresponded to actual practices and, when the actual processes did not meet the key controls, a remedial action plan was developed. A departmental steering committee has been mandated to follow up on the implementation of the remedial action plan.

4.2 Operating Effectiveness of Key Controls

During 2010–2011, CIC will continue its testing of operating effectiveness to confirm that the key internal controls over financial reporting identified in the 12 processes in section 3.2 are functioning as described.

4.3 Ongoing Monitoring Program

In fiscal year 2007–2008, CIC established a monitoring unit within the Accounting Operations Directorate whose responsibility included the ongoing monitoring of the financial business processes to provide senior management with assurance that financial activities complied with policies, procedures and directives. A two-year plan which included visits to our regions was approved by the CFO and completed by March 31, 2010.

In January 2010, CIC established the Financial Policies and Internal Controls Division within the Financial Operations Branch whose responsibilities included the ongoing monitoring of the business processes and ensuring the existence and effectiveness of key financial internal controls. It also included the review of internal audit reports that may identify financial control weaknesses. It would therefore assess the adequacy of the proposed action plan and the monitoring of its implementation within the departmental system of ICFR.

5. Citizenship and Immigration Canada’s Action Plan

5.1 Progress as of March 31, 2010

By the end of 2010–2011, CIC intends to have completed the documentation and assessment of the design effectiveness of all the key business processes of CIC, including the two remaining processes: the entity level controls and the grants and contributions under multiculturalism. In addition to monitoring the implementation of management action plans to remediate the control weaknesses previously identified, the financial internal controls team will start to test the operating effectiveness of key processes, beginning with the Revenues and Capital Assets processes.

The main outstanding elements of other remedial action plans are the following:

Accounting

  • strengthening of the year-end verification and reconciliation processes, and improved audit trail for the corporate accounting function to provide evidence of review by management;
  • increased controls over the posting of internal journal entries into the financial system;
  • improved documentation over the performance of key control activities; and
  • strengthening of the process for the writing-off of financial assets.

Departmental Programs

  • stronger review process over the subscription agreements under the Immigrant Investors Program;
  • departmental standardization with regard to the management of financial resources and the segregation of duties under the Resettlement Adjustment Program; and
  • improved documentation over the review of grants and contributions.

Assets and Inventory

  • improved inventory reconciliation process;
  • improved segregation of duty controls over the acquisition, maintenance, recording and management of capital assets;
  • implementation of a defined process for capital assets; and
  • strengthening of the inventory controls over IT assets.

Systems

  • improved controls over the setting of passwords and regular review of user access;
  • regular testing of IM/IT continuity plan; and
  • improved controls within the departmental financial information system production environment.

5.2 Action Plan – Future Years

CIC plans on performing the following by the end of 2011–2012:

  • Prepare a multi-year risk-based assessment plan;
  • Assess the entity level controls;
  • Document the multiculturalism portion of the grants and contributions process;
  • Validate the progress and the completion of the management action plans addressing observations of previous assessments; and
  • Update the documentation and confirm the design effectiveness of all business processes identified as priorities as per the risk-based assessment plan. This work will be done for NHQ and in the domestic and international regions.

As design effectiveness is confirmed, CIC will proceed with the testing of the operating effectiveness of key financial controls for these business processes.

In future years, CIC intends to integrate, within its Global Case Management System, a revenue management system in support of the role performed by DFAIT to further improve controls over the management of revenues overseas. These improvements will further strengthen CIC’s overall system of ICFR.