Library and Archives Canada
Symbol of the Government of Canada

Institutional links

ARCHIVED - About Us

Archived Content

This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.

Audits and Evaluations

Audit of Readiness for the Implementation of the Policy on Internal Control

Previous | Table of Contents | Next

2. Background

2.1 Policy on Internal Control—Overview

The Policy on Internal Control does not introduce new controls or require more controls; rather the policy aims to improve the consistency in how internal controls are managed

The Policy on Internal Control took effect April 1, 2009, and reaffirms the responsibility of the Deputy Head, as accounting officer, for ensuring the maintenance of effective risk-based systems of internal control in the following broad areas: effectiveness and efficiency of programs; operation and resource management; safeguarding of assets; reliability of financial reporting; compliance with legislation, regulation, policies and delegated authorities.3

The Policy on Internal Control does not introduce new controls or require more controls; rather the policy aims to improve the consistency in how internal controls are managed and supported by appropriate risk-based information.

The Policy on Internal Control seeks to:

  • clarify roles and responsibilities (raising awareness and understanding) for the establishment, use, maintenance and ongoing monitoring of effective departmental systems of internal control that are balanced with and proportionate to the risks they mitigate;
  • bring consistency and rigour on how internal controls over financial management and financial reporting are managed to support continuous improvement through, in particular, periodic assessments;
  • strengthen accountability and transparency for internal controls over financial reporting (ICFR) through the release of an annual Statement of Management Responsibility Including Internal Control over Financial Reporting signed by the Deputy Head and his or her Chief Financial Officer (CFO), and that is supported by appropriate evidence obtained annually from the execution of an assessment of the effectiveness of the departmental system of internal control over financial reporting;
  • enable the implementation and maintenance of controls that are balanced with and proportionate to the risks they aim to mitigate, based on the results of, and information provided through, ICFR assessments.

2.2 Statement of Management Responsibility

LAC must be ready to meet the requirements of the Statement of Management Responsibility Including Internal Control over Financial Reporting for the year ending 2011–2012

In the Canadian federal government, Deputy Heads have always had the responsibility to ensure that internal controls are regularly reviewed in the context of risk, ensuring that those internal controls are balanced against and proportional to the risks they mitigate. Deputy Heads and their CFOs sign an annual letter of representation to the Auditor General and the Deputy Receiver General in support of the Public Accounts covering their responsibilities for internal control and assertions over the integrity of financial information.4

One of the requirements flowing from the Policy on Internal Control is the revised Statement of Management Responsibility Including Internal Control over Financial Reporting. This statement, signed by the Deputy Head and the CFO, will preface the departmental financial statements and will acknowledge management's responsibility for:

  • ensuring the maintenance of an effective system of internal control over financial reporting;
  • conducting an annual risk-based assessment of the effectiveness of the departmental system of internal control over financial reporting;
  • establishing an action plan to address any weaknesses identified;
  • including a summary of assessment results and the action plan (showing progress from previous years) as an annex to the financial statements.

The Statement of Management Responsibility Including Internal Control over Financial Reporting will be implemented by departments, in clusters, over a three-year period from 2009–2010 through 2011–2012.5 LAC must be ready to meet the requirements of the Statement for the year ending 2011–2012.

2.3 Internal Control over Financial Reporting

Internal control over financial reporting (ICFR) is a sub-set of the broader system of internal control. Financial reporting refers to financial reports and disclosures that are both internal and external to a department. ICFR operate to provide reasonable assurance regarding the reliability of financial information and statements prepared for internal and external purposes. ICFR is intended to help ensure the integrity and usefulness of the financial statements.

ICFR helps provide management and users of financial statements with an understanding that:

  • the organization maintains records that fairly reflect all financial transactions;
  • transactions are recorded in accordance with applicable policies, directives and standards;
  • transactions are carried out in accordance with delegated authorities;
  • unauthorized transactions that could have a material effect on financial information and financial statements are prevented or detected in a timely manner;
  • financial resources are safeguarded against material loss due to waste, abuse, mismanagement, errors, fraud, omissions and other irregularities;
  • appropriate processes exist to review the effectiveness of internal control over financial reporting.

The annual assessment contemplated in the Policy on Internal Control is intended to be a management self-assessment process led by the CFO and supported by senior departmental managers (i.e., managers reporting directly to the Deputy Head).6 This requires the development and execution of a risk-based multi-year assessment plan to guide the assessment of the effectiveness of the design and operation of key controls over financial reporting. The pace and scope of the multi-year assessment plans are also based on risk. Each annual assessment can be considered a component of the multi-year assessment plan that is developed based on the following:

  • identifying key risks relevant to the department's financial reporting;
  • identifying the core financial processes and controls that correspond to key risks identified;
  • planning the scope and expected timing of the assessment of these key controls over the multi-year planning horizon. The scope, timing and extent of testing required can be determined based on:
  • the department's risk profile and priorities
  • the size, complexity and maturity of its operations
  • the extent to which results from other assessments, audits, and other central agency reports may be leveraged
  • departmental capacity

The results of the annual assessment and action plan are to be summarized in an annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting. In this summary, the Deputy Head and the CFO will provide a description of significant findings of the ICFR assessed in the given fiscal year per the assessment plan and management's plans to address any significant gaps or weaknesses identified.


3 Financial Administration Act, paragraph 16.4(1)(b)

4 Policy on Internal Control, paragraph 3.4

5 Policy on Internal Control, paragraph 1.2

6 In the context of Library and Archives Canada, this includes: ADM Corporate Management Sector, ADM Documentary Heritage Collection Sector, ADM Programs and Services Sector, Corporate Secretary, Chief Financial Officer, DG Communications, and Senior Advisor. While the Chief Audit Executive (CAE) reports to the Deputy Head, the role of the CAE in the annual assessment is to provide assurance in relation to the department's system of internal control, including as this relates to financial reporting. This is done by means of the risk-based audit work of the internal audit function and through work designed to support a more holistic view on departmental governance, risk management, and control arrangements.

Previous | Table of Contents | Next