Summary of the Assessment of Effectiveness of the Systems of Internal Control over Financial Reporting and the Action Plan of the Canadian Institutes of Health Research for the Fiscal Year 2019–20 (Unaudited)
Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting
1. Introduction
This document provides summary information on the measures taken by the Canadian Institutes of Health Research (CIHR) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.
Detailed information on CIHR’s authority, mandate and program activities can be found in the 2018–19 Departmental Results Report (DRR).
2. CIHR’s System of Internal Control over Financial Reporting
2.1 Internal Control Management
CIHR has a well-established governance and accountability structure to support agency assessment efforts and oversight of its system of internal control. The agency internal control management framework, approved by the President, includes:
- organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities for senior managers in their areas of responsibility for control management;
- values and ethics;
- ongoing communication and training on statutory requirements, policies and procedures for sound financial management and control; and
- at a minimum, annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the President and departmental senior management and, where applicable, the Audit Committee.
The Audit Committee provides advice to the President on the adequacy and functioning of CIHR’s risk management, control and governance frameworks and processes.
2.2 Service Arrangements Relevant to Financial Statements
CIHR relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.
Common Arrangements
- Public Services and Procurement Canada centrally administers the payments of salaries and the procurement of goods and services in accordance with CIHR’s Delegation of Authority, and provides accommodation services;
- The Treasury Board of Canada Secretariat provides CIHR with information used to calculate various accruals and allowances.
- The Department of Justice Canada provides legal services to CIHR; and
- Shared Services Canada provides information technology (IT) infrastructure services to CIHR. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and CIHR.
Specific Arrangements
- The Tri-Council Secretariat administers the Networks of Centres of Excellence, Business-Led Networks of Centres of Excellence, College and Community Innovation Program, Canada Excellence Research Chairs, Canada Graduate Scholarships, Canada First Research Excellence Fund, the Canada Research Chairs, and the Canada 150 Research Chairs on behalf of CIHR’s Research Programs Portfolio. The Secretariat has the authority and responsibility to ensure that funding decisions are fair, due process is followed, and payments are made in accordance with the terms and conditions set out by CIHR’s programs. As a result, reliance is placed on the control procedures of the Secretariat, which CIHR reviews at arm’s length by obtaining key control documentation.
3. CIHR Assessment Results during Fiscal Year 2019–20
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
Impact of COVID-19
On March 11, 2020, the World Health Organization declared that COVID-19 was a global pandemic. On March 15, 2020, the Office of the Chief Human Resources Officer (OCHRO) in the Treasury Board of Canada Secretariat (TBS) provided direction to public servants to work remotely and all year-end deadlines were extended, including those related to the Financial Statements (normally due in June). To respond to the uncertainties introduced by the COVID-19 pandemic, the President invoked the CIHR Business Continuity Plan (BCP)Footnote 1, restricted access to CIHR headquarters, and shifted the agency's highest priority to assisting with the pandemic. This resulted in a number of normal CIHR workplace activities (including completion of the ICFM exercise for 2019/20 and issuing of the Financial Statements) being delayed or temporarily put on hold, and all staff were directed to work remotely until further notice, which has continued to the present time. As part of this response, in conjunction with the CFO, Chief Audit Executive (CAE), Audit Committee, and approved by Governing Council, the President decided to issue unaudited Financial Statement for 2019/20.
In addition to the delay in the completion of the ICFM exercise, effectiveness of certain controls, normally assessed with hardcopy documents, could not be verified remotely. In these circumstances, a modified review based on available electronic documents was used where possible and practical. As nearly all relevant documents for the Payroll and Salary Benefits process are only available as hardcopy files, the CAE (after discussion with Audit Committee) decided to defer the review of this process until 2020/21 when it is expected that access to workplace may be possible. The review of entity-level controls was also delayed.
New or significantly amended key controls: As discussed above, due to the COVID-19 pandemic the review of Payroll & Benefits and Entity-Level Controls was deferred until 2020/21.
Ongoing monitoring program: As part of its rotational ongoing monitoring plan, CIHR completed its reassessment of the following business processes:
- Financial controls:
- Grants and awards; and
- Financial statement closing including payables at year end and accruals
Most key controls that were tested operated as designed. However, some improvements were required. The identified improvements were accepted by management and an appropriate management response was developed.
4. Departmental Action Plan
4.1 Progress During Fiscal Year 2019-20
CIHR continued to conduct its on-going monitoring according to the previous year’s rotational plans as follows:
| Previous year’s rotational on-going monitoring plan for current year | Status |
|---|---|
| Grants and awards, including payment | Controls processes require minor improvements to their design or operational effectiveness. Management has accepted recommendations and has begun remedial actions. |
| Financial statements preparation (including Payables at year end and accruals) | |
| Entity-level controls | Deferred due to COVID-19. |
| Payroll and benefits | |
| Information technology general controls | Not scheduled for review in 2019/20. |
| Travel, hospitality, conference and event expenditures | |
| Financial management and budgeting | |
| Procurement |
4.2 Action Plan for the Next Fiscal Year and Subsequent Years
CIHR has implemented an ongoing rotational monitoring plan over the next three years based on a risk-based annual validation of high risk processes and controls. The plan takes into consideration any substantial changes to key controls in each process. CIHR’s rotational ongoing monitoring plan over the next three years is shown in the following table.
| Key control areas | Fiscal Year 2019-20 | Fiscal Year 2020-21 | Fiscal year 2021-22 |
|---|---|---|---|
| Financial Statements Closing Process (including Payables at Year End and Accruals) | Yes | Yes | Yes |
| Grants and Awards including Payment and Collaborative Agreements | Yes | Yes | Yes |
| Payroll and Salary benefits | Deferred due to COVID-19 | Yes | Yes |
| Entity-Level Controls | Deferred due to COVID-19 | Yes | Yes |
| Travel, Hospitality, Conference, and Event Expenditures | No | Yes | No |
| IT General Controls | No | Yes | No |
| Procurement | No | Yes | No |
| Financial Management (Budgeting and Forecasting) | No | No | Yes |
In addition to the on-going monitoring rotational plan, CIHR has completed or has planned the following assessment work to complement the system of internal control including:
- internal audits;
- risk and other advisory activities; and
- the continued utilization of the information gathered from the November 2016 Fraud Risk Assessment.
- Date modified: