Library and Archives Canada
Symbol of the Government of Canada

Institutional links


Archived Content

This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.

Audits and Evaluations

Audit of Readiness for the Implementation of the Policy on Internal Control

Table of Contents | Next

Executive Summary

To meet the Policy on Internal Control requirements, departments and agencies are expected to develop, and execute annually, a plan to assess the effectiveness of their Internal Control over Financial Reporting (ICFR).

The purpose of this audit was to provide real-time insight and assurance for the readiness to implement the ICFR assessment process. Such an "under development" approach, common during the implementation of major initiatives, is intended to provide timely and constructive guidance to the Chief Financial Officer (CFO) while also providing assurance.

Accordingly, the audit has assessed the adequacy of processes and practices in place to support the deployment of the Policy on Internal Control (PIC) requirement to assess Internal Control over Financial Reporting related to external financial statements. The audit approach and methodology are contained in Appendix A and Appendix B.

The process for planning and conducting a risk-based assessment of the effectiveness of internal control over financial reporting is comprised of five phases:

Phase 1: Planning;

Phase 2: Evaluating entity-level controls;

Phase 3: Evaluating internal control at the transaction or process level;

Phase 4: Testing control design and operating effectiveness; and

Phase 5: Assessing results of testing, reporting and developing management action plans, and revising future annual and multi-year plans.

The ICFR assessment process is an iterative one; the pace and scope of which is risk-based. Information obtained through each phase regarding risks and the effectiveness of controls in place to mitigate risks is used to refine and adjust ICFR assessment plans for continued relevance. This helps ensure an appropriate focus on the areas of most significance to the integrity of the financial statements.

The assessment is that Library and Archives Canada has started the planning phase of the ICFR assessment process, and significant work is still required to implement the processes and practices needed to be able to complete the remaining phases of the assessment process and comply with Policy on Internal Control requirements for the Statement of Management Responsibility Including Internal Control over Financial Reporting by 2011–2012.

The CFO has assigned the Manager, Financial Policies, Management Practices and Quality Assurance to lead the assessment planning process. Together, they are in the process of developing the risk-based approach.

This audit report provides recommendations to enable the planning and execution of the ICFR risk-based assessment plan, including:

  • Developing a framework to guide the risk-based plan;
  • Ensuring clear communication of roles and responsibilities to key internal parties who will support the Deputy Head (Librarian and Archivist of Canada) and the CFO in assessing and monitoring internal control over financial reporting;
  • Applying risk-management practices to identify significant financial statement accounts and processes, key financial systems and processes;
  • Selecting a control framework against which entity-level controls and IT general controls may be assessed;
  • On a risk basis, documenting key entity-level controls, financial systems controls and process-level controls and testing for design and operating effectiveness;
  • Defining training and awareness requirements to support key stakeholders in their roles and responsibilities for deploying the Policy on Internal Control.

Management has agreed and developed an action plan to address these recommendations.

Table of Contents | Next