This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.
The ICFR assessment process hinges on conducting a financial reporting risk assessment.
As a first step, LAC would need to identify and analyze risks to the achievement of financial reporting objectives as a basis for determining how the risks should be managed.
Finding 3.2: Financial reporting risk-management principles have not been established
Broadly speaking, financial reporting risk relates to anything that threatens the department's ability to produce reliable financial information and financial statements for internal and external reporting purposes.
For financial reporting purposes, the risk-assessment process includes how management identifies risk relevant to producing reliable financial information and financial statements, estimates their significance, assesses the likelihood of their occurrence, and decides what actions are required to manage them. The general process is: understand financial reporting objectives; identify financial reporting risk areas; assess financial reporting risks; risk response—implementation of financial reporting risk control strategy; and monitor, evaluate and revise financial reporting risk strategies.
The CFO and Manager, Financial Policies, Management Practices and Quality Assurance are in the process of developing the approach for conducting the assessment. They have not defined the LAC financial reporting objectives, neither have they identified or assessed financial reporting risks, nor have they implemented risk-monitoring strategies.
The ICFR assessment process hinges on conducting a financial reporting risk assessment. The consulting firm provided management with guidance from the Canadian Institute of Chartered Accountants handbook regarding financial statement assertions/reporting objectives, and a tool for identifying financial reporting risk areas.
The absence of a systematic and documented approach to financial reporting risk management could result in an ineffective approach to the ICFR assessment process.
The CFO develops a framework for assessing ICFR that includes documenting the organization's approach to assessing and managing risks related to financial reporting.
Management agrees with this recommendation. During the implementation of the policy on internal controls, we will develop a risk matrix on financial reports. When the matrix is established, management will adopt an approach that will help assess, review and manage risks related to financial reports and thus periodically update the risk matrix.