Financial Statements for the year ended March 31, 2011

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting Fiscal year 2010-2011

Note to the Reader

Since April 1, 2009, in accordance with the Treasury Board Policy on Internal Control, departments have been required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

Under this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plans to address any significant issues, and attach to their Statement of Management Responsibility a summary of the results of their assessment and the actions taken in response to any significant issues identified.

An effective system of ICFR aims to achieve reliable financial statements and to provide assurance of the following:

• Transactions are appropriately authorized
• Financial records are properly maintained
• Assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement
• Applicable laws, regulations and policies are complied with

The system of ICFR is not designed to eliminate all risks, but rather to keep risks to a reasonable level using controls that are balanced with and proportionate to the risks they aim to mitigate.

Maintaining an effective system of ICFR is an ongoing process of identifying and prioritizing risks and the controls used to mitigate them. It also involves monitoring the system’s performance in order to support continuous improvement. The scope, pace and status of departments’ assessments of the effectiveness of their system of ICFR therefore vary depending on risks and circumstances.

Table of Contents

1. Introduction
2. Citizenship and Immigration Canada’s Control Environment Relevant to ICFR
3. Assessment of Citizenship and Immigration Canada’s System of ICFR
4. Assessment Results
5. Citizenship and Immigration Canada’s Action Plan

1. Introduction

This document, a requirement under the Treasury Board Policy on Internal Control, summarizes the measures that Citizenship and Immigration Canada (CIC) took to maintain an effective system of internal control over financial reporting (ICFR) in fiscal year 2010-2011. It contains some financial highlights pertinent to understanding the Department’s unique control environment and provides an overview of the assessments conducted by CIC during fiscal year 2010-2011, including progress, results and related action plans. This is the second year that CIC has produced this document.

Maintaining an effective system of ICFR is an ongoing process of identifying and prioritizing risks and the controls used to mitigate them. The system of ICFR is not designed to eliminate every possible risk, but rather to keep risk to a reasonable level using financial controls that are balanced with and proportionate to the risks they aim to mitigate.

1.1 Authority, mandate and program activities

CIC is responsible for the administration of the Immigration and Refugee Protection Act, the Citizenship Act and the Canadian Multiculturalism Act. Detailed information on CIC’s authority, mandate and program activities can be found in the Departmental Performance Report and in the Report on Plans and Priorities.

1.2 Financial highlights

The list below contains financial highlights for fiscal year 2010-2011. More information can be found in the CIC financial statements (unaudited) for the fiscal year ending March 31, 2011, and in the Public Accounts of Canada.

• Total expenses were $1.9 billion. Transfer payments comprise the majority of expenses (50%, or $948 million), followed by employee costs, which include salaries and benefits (32%, or $602 million).
• Total revenues were $465 million from services under the Immigration and Refugee Protection Act and the Citizenship Act.
• Tangible capital assets comprise 32% ($169 million) of total departmental assets ($528 million). Deferred revenues comprise 52% ($398 million) of total liabilities ($771 million).
• CIC has an important international presence in the delivery of immigration services to immigrants, visitors and refugees. In 2010-2011, the Department of Foreign Affairs and International Trade (DFAIT) spent $173 million on CIC’s behalf. This amount is reported CIC’s financial statements as services provided without charge.
• Across Canada, CIC has also a strong regional presence in the delivery of citizenship, immigration and multiculturalism programs and services.
• A number of information systems are critical to CIC’s operations and financial reporting requirements. These systems include the Global Case Management System (GCMS), the Field Operations Support System (FOSS), the Computer‑Assisted Immigration Processing System (CAIPS), the Integrated Financial and Material System (IFMS/SAP), the Handling of Public Money (HPM) system and the PeopleSoft Human Resources Management System (PSHRMS).

1.3 Service arrangements relevant to financial statements

CIC relies on other organizations for the processing of certain transactions that are recorded in its financial statements, including the following departments, which provide government-wide services and support:

• Public Works and Government Services Canada centrally administers the payment of salaries and provides cheque‑issuing and office accommodation services on behalf of CIC.
• The Treasury Board Secretariat provides the Department with information for the calculation of various accruals and allowances, such as severance liability and the employee benefit plan. It also pays the employer’s contribution to the health and dental insurance plans.
• The Department of Justice provides legal services for the Department.

In addition, CIC has particular arrangements with the following organizations:

• DFAIT provides common administrative services and support for the Immigration Program outside Canada, under a memorandum of understanding with CIC. Common administrative services include accommodations and telecommunications; and program support includes Canada‑based officers and locally engaged staff in missions abroad. In addition, DFAIT records all expenses incurred and remits revenues collected abroad on behalf of CIC.
• Since January 2011, Medavie‑Blue Cross has provided claims administration for the Interim Federal Health Program (IFHP). These services were previously provided by Funds Administrative Service Inc. (FAS Benefit). The IFHP reimburses service providers for emergency and essential health‑care services in cases where eligible clients, such as refugees, do not qualify for provincial, territorial or private health coverage.

1.4 Material changes in fiscal year 2010-2011

In 2010-2011, the Deputy Minister and Chief Financial Officer positions remained stable.

There were no new programs introduced or significant changes made in financial authorities.

Two significant changes were made that affected the delivery of departmental programs. First, administration of the IFHP was transferred from FAS Benefit to Medavie‑Blue Cross. That change did not affect service delivery to clients. Second, the roll‑out of the Global Case Management System to offices outside Canada was completed on March 31, 2011. That change will improve the management of immigration client files.

2. Citizenship and Immigration Canada’s control environment relevant to ICFR

CIC’s senior leadership ensures that staff at all levels understand their roles in maintaining an effective system of ICFR and that staff are equipped to exercise those roles effectively. The focus is on ensuring that risks are managed through a responsive, risk‑based control environment that enables ongoing improvement and innovation.

2.1 Key positions, roles and responsibilities

The key positions and committees responsible for maintaining and reviewing the effectiveness of the Department’s system of ICFR are as follows.

Deputy Minister: As Deputy Head, the Deputy Minister is the Department’s accounting officer and has overall responsibility for and leadership of the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Department’s Audit and Executive committees.

Chief Financial Officer (CFO): The CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior departmental managers: Senior departmental managers maintain and review the effectiveness of aspects of the system of ICFR that fall within their area of responsibility.

Chief Audit Executive (CAE): The CAE reports directly to the Deputy Minister and provides assurance through periodic audits that are key to maintaining an effective system of ICFR.

Audit Committee: The Audit Committee is an advisory committee that provides objective advice and recommendations to the Deputy Minister regarding the sufficiency, quality and results of assurance on the adequacy and functioning of CIC’s risk management, control and governance frameworks and processes, including accountability and auditing systems.  The Audit Committee has three members, including two external members. It reviews CIC’s Corporate Risk Profile and its system of internal control, including the risk‑based assessment plan and remediation action plans related to the system of ICFR.

Executive Committee (ExCom): As CIC’s senior decision‑making body, ExCom reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control, including the risk‑based assessment plan and remediation action plans related to the system of ICFR. ExCom is supported by the following committees: (1) the Policy Committee, which has the role of policy development; (2) the Business Operations Committee, which oversees the innovation agenda and operational delivery; and (3) the Management Accountability Committee, which focuses on a strategic agenda to strengthen departmental accountability.

Departmental Management Committee (DMC): The DMC is a regular information‑sharing forum for senior managers to connect on key business and management developments.

Working committees: A number of working committees inform and advise senior management on key segments of the Department’s business.

2.2 Key measures taken by CIC

CIC’s control environment also includes a series of measures to equip staff to manage risks effectively by raising awareness, providing appropriate knowledge and tools, and developing skills.

Key measures include the following:

• The Office of Conflict Resolution under the Deputy Minister
• The departmental Code of Conduct supported by the Deputy Minister as Values and Ethics champion
• The Financial Policies and Internal Controls Division reports to the Deputy CFO and is responsible for ensuring that financial processes are documented, for assessing their design and operating effectiveness in accordance with a multi‑year risk‑based assessment plan, and for following up on action plans established to remediate significant findings
• Annual performance agreements with clear financial management responsibilities for all executives
• Training programs and communications in core areas of financial management
• Departmental policies tailored to CIC’s control environment
• Periodically updated delegated authorities matrix
• Documentation of main business processes and related key risk and control points to support management and oversight of its system of ICFR
• Secure financial and program‑related information technology processing systems to achieve greater security, integrity, efficiency and effectiveness
• Internal client service standards for the Department

In addition to reporting on its results for the annual Departmental Performance Report, every sector also does so as part of the internal quarterly reporting exercise for senior management.

3. Assessment of Citizenship and Immigration Canada’s system of ICFR

3.1 Assessment approach

In support of the Policy on Internal Control, departments must be able to maintain an effective system of ICFR to provide reasonable assurance that:

• Transactions are appropriately authorized
• Financial records are properly maintained
• Assets are safeguarded
• Applicable laws, regulations and policies are complied with

To do so, departments are expected to assess the design and operating effectiveness of their system of ICFR and have in place an ongoing monitoring program to maintain and continuously improve their departmental system of ICFR:

• “Design effectiveness” means that key financial control points are identified, documented and in place; that they are aligned with the risks they aim to mitigate; and that any remediation is addressed. It includes the mapping of key processes and their applicable information technology application systems by location.
• “Operating effectiveness” means that key financial controls have been tested over a defined period and that any remediation is addressed.
• “Ongoing monitoring program” means a systematic, integrated approach to monitoring that includes periodic risk‑based assessments and timely remediation.

CIC has identified its key business processes and their key controls, and has documented and validated most of those processes with their owners. Action plans were developed to address any deficiencies in the processes.

The design and operating effectiveness of these processes will be completed over a three‑year period and reviewed on a three-year cycle in accordance with the risk‑based assessment plan. In addition, because the Department is decentralized, financially significant processes will be evaluated in each geographic area, on a rotational basis according to risk. CIC’s Financial Internal Controls team and Internal Audit and Accountability Branch will work with DFAIT’s Inspector General. That cooperation will allow an increase in coverage and help maximize efficiency.

Some key controls such as information technology (IT) general controls and entity‑level controls will be subject to some review or testing annually.

The Financial Policies and Internal Controls Division will report to ExCom and to the Audit Committee annually.

The implementation of management action plans and remedial action will be continuously monitored and will include two updates every year.

3.2 Assessment scope

CIC’s assessment of design effectiveness in 2010-2011 covered the activities performed at NHQ for the entity-level controls, the immigration loans process, and the financial planning, analysis and reporting process. The assessment of design effectiveness was also conducted for the revenue‑collection process at the London, England, office, in collaboration with DFAIT.

The assessment of operating effectiveness in 2010-2011 covered the activities performed at NHQ for the IT general controls and the capital assets process.

CIC also conducted the following financial reviews:

• Assessment of compliance with established procedures in various domestic offices: Sydney, Halifax and Mississauga
• Review of departmental priority cheque‑printing site
• Review of use of designated travel cards
• Review of use of journal vouchers

In 2011‑2012, CIC will continue to assess the design and operating effectiveness of controls in accordance with its multi‑year risk‑based assessment plan. This work will be conducted at NHQ and in the domestic and international regions.

More particularly, assessments will be undertaken in the following areas:

• Financial closing and reporting
• Revenue collection
• Operating expenses, including payroll

4. Assessment results

4.1 Design effectiveness of key controls

The field work and testing of design effectiveness was completed in 2010-2011 for the following processes: entity‑level controls; immigration loans; and financial planning, analysis and reporting. The results of the testing will be finalized and reported in 2011–2012, along with any required remediation action plans.

In addition, the design effectiveness of the revenue‑collection process at the office in London, England, was conducted. The review determined that the design of controls is effective overall. The review also highlighted the need to standardize revenue‑collection procedures and to clarify roles and responsibilities between CIC and DFAIT. Remediation actions have been identified and scheduled for implementation by the end of the first quarter of 2011–2012.

4.2 Operating effectiveness of key controls

The field work and testing of operating effectiveness was completed in 2010-2011 for the following processes: IT general controls and capital assets (NHQ). The results of the testing will be finalized and reported in 2011–2012, along with any required remediation action plans.

5. Citizenship and Immigration Canada’s action plan

5.1 Progress during fiscal year 2010-2011

In 2010-2011, CIC addressed most of the significant adjustments identified in the previous year through remedial actions. The progress achieved during 2010-2011 is as follows:

Completed

Accounting

• The year‑end verification and reconciliation processes were strengthened.
• Controls were increased over the posting of internal journal entries into the financial system.
• The process for writing off capital assets was strengthened.

Departmental programs

• The segregation of duties under the Resettlement Assistance Program and the Settlement Program was improved.
• The documentation of the review of grants and contributions was improved.
• The Grants and Contributions Financial Management team was created to develop and standardize procedures and tools for the financial management of grants and contributions, which will help standardize the management of financial resources in the Department.
• The delegation of financial signing authorities for grants and contributions was clarified.

Assets and inventory update

• The inventory reconciliation process for forms was improved.
• Inventory controls over information technology assets was strengthened.

Systems

• The Department upgraded its Integrated Financial and Materiel Management System, which now provides better controls over the setting of passwords.
• A procedure for regularly reviewing user access was put in place.
• Controls of configuration changes in the Department’s financial information system production environment were improved following the implementation of the change management tool.

Substantially advanced

• Updated procedures for revenue collection in missions abroad were developed, in collaboration with DFAIT, in order to clarify roles and responsibilities and to strengthen accountabilities and internal controls.
• Steps were undertaken to strengthen the review process for the subscription agreements under the Immigrant Investor Program.
• The accounting processes for capital assets were clarified (coding). The Department participated actively in the Office of the Comptroller General’s working group on the standardization of capital assets processes.
• The segregation of duty controls over the acquisition, maintenance, recording and management of capital assets was reviewed by an external consulting firm. The findings and recommendations will be addressed in the next fiscal year.
• Regular testing of the information management / information technology continuity plan was reviewed by an external consulting firm.

In addition to the commitments made in previous action plans, progress was made in the following areas:

• The Audit Committee is now involved in discussing and reviewing CIC’s assessment of financial risks and scoping.
• Improvements were made to strengthen financial controls:
  • A quarterly self‑assessment process by regional finance managers to assess their financial processes and controls was implemented.
  • Controls around the priority cheque‑printing site were improved.
  • Financial processes in the Prairies and Northern Territories region (processing payments and procurement) were centralized.
  • Quality assurance was performed on the payment approval process across most regions.

5.2 Action plan for the next year and future years

Progress will continue to complete the remedial actions that were substantially advanced by the end of fiscal year 2010-2011.

New actions plans will be established during 2011–2012, as needed, following the completion of the following assessments:

• Entity‑level controls
• IT general controls
• Immigration loans process, activities performed at NHQ
• Financial planning, analysis and reporting process, activities performed at NHQ
• Capital assets process, activities performed at NHQ

Assessments of the design and operating effectiveness of internal controls will be undertaken in future years as follows:

Ongoing Monitoring

Operating effectiveness testing is planned for the high‑, medium‑ and low‑risk processes on a rotational basis. A minimal level of testing will be performed every year for high‑risk processes, every two years for medium‑risk processes and every three years for low‑risk processes.