Summary of the Assessment of Effectiveness of the Systems of Internal Control over Financial Reporting and the Action Plan of the Canadian Institutes of Health Research for the Fiscal Year 2020–21 (Unaudited)
Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting
1. Introduction
This document provides summary information on the measures taken by the Canadian Institutes of Health Research (CIHR) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.
Detailed information on CIHR’s authority, mandate and program activities can be found in the 2020-21 Departmental Plan.
2. CIHR’s System of Internal Control over Financial Reporting
2.1 Internal Control Management
CIHR has a well-established governance and accountability structure to support agency assessment efforts and oversight of its system of internal control. The agency internal control management framework, approved by the President, includes:
- organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities for senior managers in their areas of responsibility for control management;
- values and ethics;
- ongoing communication and training on statutory requirements, policies and procedures for sound financial management and control; and
- at a minimum, annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the President and departmental senior management and, where applicable, the Audit Committee.
The Audit Committee provides advice to the President on the adequacy and functioning of CIHR’s risk management, control and governance frameworks and processes.
2.2 Service Arrangements Relevant to Financial Statements
CIHR relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.
Common Arrangements
- Public Services and Procurement Canada centrally administers the payments of salaries and the procurement of goods and services in accordance with CIHR’s Delegation of Authority, and provides accommodation services;
- The Treasury Board of Canada Secretariat provides CIHR with information used to calculate various accruals and allowances.
- The Department of Justice Canada provides legal services to CIHR; and
- Shared Services Canada provides information technology (IT) infrastructure services to CIHR. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and CIHR.
Specific Arrangements
- The Tri-Council Secretariat administers the Networks of Centres of Excellence, Business-Led Networks of Centres of Excellence, Centres of Excellence for Commercialization and Research, College and Community Innovation Program, Canada Excellence Research Chairs, Canada First Research Excellence Fund, the Canada Research Chairs, and the Canada 150 Research Chairs on behalf of CIHR’s Research Programs Portfolio. The Secretariat has the authority and responsibility to ensure that funding decisions are fair, due process is followed, and payments are made in accordance with the terms and conditions set out by CIHR’s programs. As a result, reliance is placed on the control procedures of the Secretariat, which CIHR reviews at arm’s length by obtaining key control documentation.
3. CIHR Assessment Results during Fiscal Year 2020–21
The key findings and significant adjustments required from the current year’s assessment activities are summarized below.
Impact of COVID-19
In conducting the assessment for fiscal year 2020-21, CIHR considered the impact of remote work and the COVID-19 pandemic on controls and risks within the different business processes. For the most part, business processes and associated risks were unchanged, with the exception that documentation and approvals moved from hardcopy to electronic formats. The Travel and Hospitality business process was removed from the scope of the assessment due to extremely low transaction levels and associated dollar-values for the fiscal year. The low level of transactions resulted from the elimination of face-to-face peer review and committee meetings, and staff travel. Furthermore, the assessment of the Grants and Awards process took into account the potential higher risk of rapid response funding opportunities by applying a judgemental sampling approach to ensure those transactions were represented.
Deferral of the assessment of Information Technology General Controls (ITGCs) and Entity Level Controls (ELCs)
Although not directly related to remote work and the pandemic, the assessment of Information Technology General Controls (ITGCs) was also deferred for this cycle. Planning work was completed to enhance and modernize the approach to the assessment of ITGCs, which will be implemented for 2021-22.
The assessment of Entity Level Controls (ELCs) was also deferred this year due to the need to allocate available resources to the assessment of other, higher priority business processes. Similar to ITGCs, work was completed to modernize the approach to the assessment of ELCs and align it with the most recent version of COSO. COSO is a widely-accepted, industry-standard model used to establish and assess internal controls and is recommended by Treasury Board for the assessment of ELCs. This modernized framework will support a risk-based approach to the assessment of ELCs and enable more fulsome testing. This will also be implemented for fiscal year 2021-22.
New or significantly amended key controls: In the current fiscal year, there were no significantly amended key controls in existing processes that required a reassessment and there were no new processes to test for design and operating effectiveness.
Ongoing monitoring program: As part of its rotational ongoing monitoring plan, CIHR completed its reassessment of the following business processes:
- Financial controls:
- Grants and awards, including payment;
- Payroll and benefits;
- Procurement; and
- Financial statements closing, including payables at year end and accruals
Most key controls that were tested operated as designed. However, some improvements were required. The identified improvements were accepted by management and an appropriate management response was developed.
4. Departmental Action Plan
4.1 Progress During Fiscal Year 2020-21
CIHR continued to conduct its on-going monitoring according to the previous year’s rotational plans as follows:
Previous year’s rotational on-going monitoring plan for current year | Status |
---|---|
Grants and awards, including payment | Controls are operating as designed. No remedial actions are required at this time. |
Financial statements closing (including Payables at year end and accruals) | |
Payroll and benefits | Controls processes require minor improvements to their design or operational effectiveness. Management has accepted recommendations and has begun remedial actions. |
Procurement | |
Entity-level controls | Deferred |
Information technology general controls | |
Travel, hospitality, conference and event expenditures | Removed |
Financial management and budgeting | Not scheduled for review in 2020/21. |
4.3 Action Plan for the Next Fiscal Year and Subsequent Years
CIHR has implemented an ongoing rotational monitoring plan over the next three years based on a risk-based annual validation of high risk processes and controls. The plan takes into consideration any substantial changes to key controls in each process. CIHR’s rotational ongoing monitoring plan over the next three years is shown in the following table.
Key control areas | Fiscal Year 2020-21 | Fiscal year 2021-22 | Fiscal Year 2022-23 |
---|---|---|---|
Financial Statements Closing Process (including Payables at Year End and Accruals) | Yes | Yes | Yes |
Grants and Awards including Payment | Yes | Yes | Yes |
Payroll and Salary benefits | Yes | Yes | Yes |
Entity-Level Controls | Deferred | Yes | Yes |
Travel, Hospitality, Conference, and Event Expenditures | Removed | No | Yes |
IT General Controls | Deferred | Yes | No |
Procurement | Yes | No | No |
Financial Management (Budgeting and Forecasting) | No | Yes | No |
In addition to the on-going monitoring rotational plan, CIHR has completed or has planned the following assessment work to complement the system of internal control including:
- internal audits; and
- risk and other advisory activities.
- Date modified: