ARCHIVED - DPR 2010-2011 - Annex - Assessment of Internal Control Over Financial Reporting

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

1 Introduction

This document is an annex to the Department of National Defence’s (DND) Statement of Management Responsibility Including Internal Control Over Financial Reporting for the fiscal year 2010-11. As required by the Treasury Board Policy on Internal Control (PIC), effective April 1, 2009, this document provides summary information on the measures taken by DND to maintain an effective system of Internal Control over Financial Reporting (ICFR). In particular, it provides summary information on the internal control assessments conducted by DND as at March 31, 2011, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to DND.

1.1 Authority, Mandate and Program Activities

Detailed information on DND’s authority, mandate and program activities can be found in Note 1 of these financial statements, as well as in the Departmental Performance Report and its Report on Plans and Priorities.

1.2 Financial highlights

Total assets were $87.6 billion at the end of 2010-11, an increase of $3.1 billion (4%) over the previous year's total assets of $84.5 billion (restated). Due from Consolidated Revenue Fund comprised 55.7% of total assets at $48.8 billion. Tangible Capital Assets comprised 36.1% of total assets at $31.6 billion. Inventories represented $6.0 billion (7.0%) while Prepaid Expenses represented $0.9 billion (1%) of total assets.

Total liabilities were $52.3 billion at the end of 2010-11, an increase of $1.4 billion (3%) over the previous year's total liabilities of $50.9 billion (restated). Canadian Forces Pension and Insurance Accounts represent the largest portion of liabilities at $46.5 billion or 89% of total liabilities.

Total expenses for the Department of National Defence were $19.6 billion in 2010-11 a decrease of $0.5 billion (-2%) from the previous year’s total of $20.1 billion.

The Department's total revenues amounted to $467.7 million for 2010-11, a decrease of $33.6 million (-7%) over the previous year's total of $501.3 million.

1.3 Service arrangements relevant to financial statements

DND relies on other organizations for the processing of certain transactions that are recorded in its financial statements, and relies on these service providers to ensure an adequate system of ICFR is maintained over services provided to the Department. These include:

  • Government-wide pay and Receiver General central systems administered by Public Works and Government Services Canada (PWGSC). The central systems consist of six individual systems: Standard Payment System (SPS), Government Banking System (GBS), Regional Pay System (RPS), Payroll System-General Ledger (PS-GL), Receiver General-General Ledger (RG-GL), and the Central Financial Management Reporting System (CFMRS);
  • Accommodations provided without charge from PWGSC totalling $80.8 million throughout the year;
  • Various other services without charge from Treasury Board Secretariat (TBS), Human Resources and Skills Development Canada (HRSDC), and Department of Justice (DOJ) totalling $689.5 million in fiscal year 2010-11;
  • Information from TBS used to calculate various accruals and allowances, such as the accrued severance liability; and
  • Information from DOJ for establishing the contingent liability note to the financial statements and for inclusion in the public accounts.

1.4 Material changes in fiscal-year 2010-11

DND adopted a new department-wide financial and materiel management system effective April 1, 2010. Other than this, no other significant departmental changes that are relevant to the financial statements occurred in 2010-11.

2 DND's control environment relevant to ICFR

DND recognizes the importance of senior management leadership in ensuring that staff at all levels understand their role in maintaining effective systems of ICFR and are well equipped to exercise these responsibilities effectively. DND’s focus is to ensure risks are managed through a responsive and risk-based control environment that enables continuous improvement and innovation.

2.1 Key positions, roles and responsibilities

Below are DND’s key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Deputy Minister - As DND’s Accounting Officer, the Deputy Minister assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control and signs the Statement of Management Responsibility Including Internal Control Over Financial Reporting, which includes this annex.

Chief of the Defence Staff (CDS) – The CDS has primary responsibility for command, control and administration of the Canadian Forces and military strategy, plans and requirements.

Vice Chief of the Defence Staff (VCDS) – The VCDS coordinates and directs the activities necessary to ensure Defence policy and departmental strategic objectives are achieved.

Chief Financial Officer (CFO) – The CFO supports and reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment. The CFO also signs the Statement of Management Responsibility Including Internal Control Over Financial Reporting, which includes this annex.

Senior Departmental Managers – The senior departmental managers in charge of program delivery are responsible for maintaining and reviewing effectiveness of the ICFR falling within their mandate.

Chief Review Services (CRS) – As DND’s Chief Audit Executive, CRS reports directly to the Deputy Minister and provides assurance through periodic internal audits which are instrumental to the maintenance of an effective system of ICFR.

Defence Management Committee (DMC) – The DMC provides the Deputy Minister and the CDS with decision support and advice with respect to issues of strategic importance and the overall effective management of the Department.

Defence Finance Committee (DFC) – The DFC acts as an advisory body to the Deputy Minister in support of his accountabilities under the Financial Administration Act (FAA). It provides high level strategic financial guidance and a more formal consolidated structure for dealing with resource issues.

Departmental Audit Committee (DAC) – The DND/CF DAC is an advisory committee, chaired by the Deputy Minister, which provides objective views on the department’s risk management, control and governance frameworks. It reviews DND’s Corporate Risk Profile and its system of internal control.

2.2 Key measures taken by DND

DND’s control environment includes a series of measures and tools to enable its staff to effectively manage risks through raising awareness, providing appropriate knowledge, as well as developing skill sets. This control environment sets the tone for the Department, and is the foundation for its ICFR. Key measures include:

A Defence Ethics Program which is a comprehensive values-based ethics program put in place to meet the needs of the Department of National Defence (DND) and the Canadian Forces (CF), at both the individual and the organizational levels;

  • A regularly updated Delegation of Authorities for Financial Administration matrix;
  • Adoption of the Defence Resource Management Information System (DRMIS) (Systems Applications and Products (SAP) version 6.0) as the new department-wide integrated financial and materiel management system on April 1, 2010. DRMIS is the foundation Enterprise Resource Planning (ERP) system that will facilitate better management of all business/operational functions and decision making across the Department, and improve the integrity of financial data and reporting;
  • Training programs and regular communication to employees on core areas of financial management;
  • Ongoing documentation of main business processes and related key risk and control points to support the management and oversight of its system of ICFR;
  • Ongoing review of financial policies.

3 Assessment of DND's system of ICFR

In 2007, DND completed an audit readiness assessment to determine our ability to sustain a controls-based audit of our departmental financial statements. This assessment, which met the requirements of the Treasury Board Policy on Internal Control, was used as the basis from which DND began to develop an approach to implement ICFR.

3.1 Assessment baseline

In support of the Policy on Internal Control, departments need to be able to maintain an effective system of ICFR with the objective of providing reasonable assurances that: a) transactions are appropriately authorized, b) financial records are properly maintained, c) assets are safeguarded and d) applicable laws, regulations and policies are complied with.

In doing so, departments are to assess, on an annual basis, both design and operating effectiveness of key controls over financial reporting in support of continuous improvement.

Design effectiveness means ensuring that key control points are identified, documented, in place and that they are aligned with the risks (i.e. controls are balanced with and proportionate to the risks they aim to mitigate) and that any required remediation is addressed.

Operating effectiveness means that key controls have been tested over a defined period and that any required remediation is addressed. The testing of controls covers all departmental control levels which include corporate or entity, general computer and business process controls.

3.2 Assessment method at DND

To achieve DND’s ICFR objective and to meet the long-term requirements of PIC, the Department needs to be in a position to perform on-going monitoring of its key controls. To do this, DND has followed an assessment process which comprises the following seven steps:

  1. Risk Assessment and Scoping;
  2. Documentation of Control Activities;
  3. Evaluation of Design Effectiveness;
  4. Remediation of Design Effectiveness of Controls;
  5. Evaluation of Operating Effectiveness of Controls;
  6. Remediation of Operating Effectiveness of Controls; and
  7. On-going Monitoring of Controls.

In the planning and scoping phase, materiality was used to determine which processes and locations were in scope. The table below highlights the areas of focus that were identified based on one percent of DND’s expenditures as outlined in the audit readiness assessment completed in 2007. These remained the same areas of focus based on 2010 expenditures.

 

Control LevelScopeLocation
Entity Level Controls Control Environment
Risk Management
Information and Communication
Monitoring
HQ and bases
HQ and bases
HQ and bases
HQ and bases
Information Technology
General Controls
Access Management
Quality Assurance and Testing
Change Management
Disaster Recovery
HQ, Borden and bases
HQ, Borden
HQ, Borden
HQ, Borden
Financial Transactions Revenue and Receivables
Prepaids
Inventory and Repairables Capital
Equipment
Realty Assets
P3 and Non-salary expenses
Payroll and Payroll Liabilities
Canadian Forces Pension Capital
Leases and Obligations
HQ
HQ
HQ and bases
HQ and bases
HQ and bases
HQ and bases
HQ and bases
HQ
HQ and bases
Financial Reporting and
Financial Statement
Preparation
Contingent Liabilities/ Gains
Financial Statements
Remediation Liabilities Contractual
Obligations
HQ
HQ
HQ and bases
HQ

 

4 DND's assessment results

4.1 Design effectiveness of key controls

In fiscal year 2010-11 DND continued to focus its efforts on documenting, understanding and assessing the design of controls, which includes the testing of documented controls through walkthroughs. Each business process has been assigned a risk rating ranging from low to high depending on the materiality and complexity of the transactions. This analysis has determined that information technology (IT), inventory and capital assets present the highest areas of risk for DND. Assessment results for the year are summarized as follows:

Information Technology General Controls – DND commenced a design effectiveness assessment of DRMIS against the IT General Control (ITGC) framework that was developed in 2009. The initial assessment will be concluded in 2011-12.

Inventory – In 2009-10 DND evaluated system platform options and determined that the new SAP financial and materiel system would be adopted as the standard platform for Materiel Management. In recognition of the significant effort that will be required to ensure converted data from legacy systems is accurate and timely, DND has developed a detailed conversion plan that includes reconciliations activities. In 2010-11 the Department assessed the IT Data conversion plan over inventory and concluded that there are now adequate controls in place over the completeness and accuracy of the data transfer process; however, it noted that there are still opportunities to formalize the retention of evidence of control activities when they occur.

Realty Asset Business Modernization – As part of the DND Realty Asset Business Modernization project, DND has undertaken a review of the existence and value of its real property asset portfolio in support of the conversion of realty data to DRMIS. During 2010-11, the validation of 20% of the portfolio was completed.

Transaction flows and processes – The implementation of the new financial and materiel system resulted in a review of documentation already developed prior to April 2010. In addition, the assessment of automated application controls within the new system was postponed, pending the completion of an ITGC assessment of the new system. Significant advancement was made in the control documentation of key processes, and some remediation activities have been initiated.

4.2 Operating effectiveness of key controls

DND has not yet started the assessment of operating effectiveness of key controls. The Department will first complete and test the design effectiveness of control activities as this is the basis for assessing the operational effectiveness of key controls.

5 DND's action plan

5.1 Progress as of March 31, 2011

DND continues to make progress in assessing and improving its key controls. The status summary below is at March 31, 2011, and outlines the Department’s progress in FY 2010-11 in documenting and assessing the design effectiveness of controls. While significant progress was made in some areas since the 2010 assessment, other areas did not progress as anticipated due to the size and complexity of DND’s departmental processes. The following methodology was used to assess the status of DND’s documentation and design effectiveness testing for each business processes:

Completed – For the process, DND has prepared all necessary documentation and remediated all identified gaps from sample testing rendering design effectiveness complete. (Note: No DND processes were deemed completed as at March 31, 2011)

Substantially advanced – For the process, DND has documented policy statements and procedures and has prepared narratives and flowcharts and control matrices which illustrate and describe the controls linked to the financial statements; DND has also validated and confirmed the accuracy of the documentation by tracing a sample of transactions from the beginning to the end (referred to as “walkthroughs”) of said processes.

Commenced/partially completed - For the process, DND has undertaken to document policy statements and procedures and has commenced the preparation of narratives and flow charts. However, documentation is not fully completed for the entire business process, control matrices have not yet been finalized and sample transactions have not been tested for accuracy and validity.

Not started - For the process, DND has not commenced the preparation of the documentation.

 

Financial Statement AreaDND’s stated 2010-11 Action Plan as per Annex2010–11 Progress compared to the Action PlanAssessment compared to 2010-11 Action Plan
Entity Level Controls (ELCs) Complete the assessment of design effectiveness, remediate control deficiencies identified and commence with the monitoring of operational effectiveness. Throughout 2010-11 DND continued work to maintain ELC documentation, and remediate deficiencies based on PricewaterhouseCoopers’ (PwC) assessment of design effectiveness. DND’s commencement of on-going monitoring of operational effectiveness is on hold pending development of a testing framework. Commenced/Partially Completed
Information Technology General Computer Controls (ITGCs) Make significant progress on work commenced in 2009-10.

 

DND made significant progress in the area of IT in 2010-11 with the implementation and operation of a single instance of SAP which merged the two (2) existing systems, Financial Management and Accounting System (FMAS) (the financial system of record) and Materiel Acquisition and Support Information System (MASIS) (the materiel management system), into a new single system called DRMIS. This is in line with the Department’s plan to integrate existing system functionality onto 2 ERP’s: SAP and PeopleSoft. To support the implementation of the single SAP instance, DND is in the process of performing a design effectiveness assessment of the new DRMIS system against the ITGC control framework that was developed in 2009. This assessment was completed in April 2011.

DND documented IT conversion controls and assessed their design and operating effectiveness in order to address issues identified by the Office of the Auditor General of Canada (OAG) and to support the ongoing project to migrate spares inventory data from the Canadian Forces Supply System (CFSS) to DRMIS. The assessment concluded that adequate controls now exist over the completeness and accuracy of data transfers; however, there are opportunities to formalize evidence of control when they occur.

Commenced/Partially Completed
Accounts Receivable/ Revenues Complete the assessment of design effectiveness, remediate control deficiencies identified and commence with the monitoring of operational effectiveness. DND has completed the update of the controls documentation (flowchart, narrative, control matrices) developed up to March 31st 2010, to reflect the new DRMIS environment. Some work previously completed had to be redone because of the DRMIS implementation, and as a result, DND was not able to perform an assessment of design effectiveness for application controls and remediate related control deficiencies. DND’s commencement of on-going monitoring of operational effectiveness will only commence following completion of a testing framework. Commenced/ Partially Completed
Prepaid Expenses Remediation of identified gaps. DND continued to remediate identified control deficiencies, specifically 5 out of the 9 medium/high risk deficiencies have been remediated in 2010-11. Commenced/Partially Completed
Inventories and Capital Assets Make significant progress on work commenced in 2009-10.

In 2010-11 DND evaluated system platform options and determined that the DRMIS system would be adopted as the standard platform for Materiel Management. Based on this decision, the department is in the process of blueprinting standard Materiel Management processes. This blueprinting exercise is leveraging the controls documentation that was developed in previous years. As part of the planned conversion to DRMIS, a reconciliation process was developed in 2010-11 for all inventory information being imported from the legacy materiel systems (CFSS).

Although these key controls related activities took place, significant progress toward the stated PIC objectives (as per the Annex) was not made in 2010-11.

Commenced/Partially Completed
Realty Assets No planned activities were specifically outlined in the 2009-10 Annex, however PwC is aware Assistant Deputy Minister Infrastructure and Environment (ADM IE) had plans to continue to improve data integrity issues. In 2010-11, DND continued the planning, development and implementation of an ERP solution for all real property asset life cycle accounting. This included the launch of Real Property Maintenance and Repair functionality within DRMIS. DND has undertaken a review of their real property asset portfolio, including data integrity starting with validation of the existence of the Department’s real property portfolio. N/A – no planned activity in 2010-11
Capital Leases and Capital Lease Obligations Substantially advance the assessment of design effectiveness and identification of major control deficiencies. During 2010-11, DND commenced the development of controls documentation (narratives, flowcharts, control matrices) for Capital Lease Obligations. Process walkthroughs, an assessment of design effectiveness, and identification of major control deficiencies has not yet been started.Although some progress was achieved, DND did not substantially advance Capital Leases and Capital Lease Obligations in 2010-11. Commenced/ Partially Completed
Procurement/Purchases/ Payables/ Payments and Accrued Liabilities Substantially advance the assessment of design effectiveness and identification of major control deficiencies, with the exception of Procurement. During 2010-11, DND advanced the controls documentation (process maps, narratives, control matrices) and assessment of the design effectiveness for the Payables and Payments process by completing the materially relevant business processes. However, the identification of major control deficiencies has not yet been completed for the entire process. Commenced/Partially Completed
Civilian Payroll Complete the assessment of design effectiveness, remediate control deficiencies identified, and commence with the monitoring of operational effectiveness. During 2010-11, DND completed the assessment of design effectiveness and initiated remediation activities. Given the nature of the control deficiencies identified, remediation was not fully completed in 2010-11 and subsequent monitoring of operational effectiveness did not commence. Commenced/Partially Completed
Military Payroll No planned activities in 2010-11. Development of controls documentation for the Regular and Reserve Payroll have been put on hold due to the planned future system conversion in 2014-15. Controls documentation should be developed during the design stage of the new system. N/A – no planned activity in 2010-11
Financial Reporting and Financial Statement Preparation No planned activities in 2010-11. In 2010-11, DND developed controls documentation (maps, narratives, control matrices) for the financial statement preparation and reporting process. These processes are scheduled for walkthroughs and an evaluation of design effectiveness during Spring-Summer 2011 in connection with preparation of the fiscal 2010-11 DND departmental financial statements. N/A – no planned activity in 2010-11
Remediation Liabilities and Contaminated Unexploded Explosive Ordnance (UXO) Sites Substantially advance the assessment of design effectiveness and identification of major control deficiencies. During 2010-11, DND developed policies and procedures related to Remediation Liabilities/Contaminated Sites to support enhanced control activities. However, DND did not substantially advance the assessment of design effectiveness or identify major control deficiencies. Commenced/Partially Completed
Canadian Forces Pension and Insurance Accounts No planned activities in 2010-11. The pension fund is audited annually therefore this area has not been deemed a high risk or priority. N/A – no planned activities in 2010-11
Contractual Obligations No planned activities in 2010-11. Not applicable (N/A) N/A – no planned activity in 2010-11
Contingent Liabilities No planned activities in 2010-11. N/A N/A – no planned activity in 2010-11

 

 

5.2 Action plan for the fiscal year 2011-12 and future years

Building on progress to date, DND is focusing on advancing the work that is under way in the assessment of its system of ICFR.

By end of 2011-12, DND plans to:

  • Complete the assessment of design effectiveness and remediate control deficiencies identified for the following areas:
    • Entity Level Controls
    • Accounts Receivable/Revenue; and
    • Civilian Payroll.
  • Continue to substantially advance the assessment of design effectiveness and identification of major control deficiencies, as well asthe completion ofwalkthrough testing for the materially-relevant business processes in the following areas:
    • Remediation Liabilities;
    • Capital Lease Obligations; and
    • Procurement, Purchases, Payables and Payments.
  • Make significant progress in the work that has commenced for ITGCs, Capital Assets and Inventory

For future years, DND plans to:

  • Work towards having in place an organizational structure that will be responsible for the on-going monitoring of operating effectiveness of the departmental system of ICFR.
  • Complete all processes for each element and commence on-going monitoring by fiscal year 2015-16, or earlier.
Date modified: