Audit of Internal Control in Support of Quarterly Financial Reporting AU1306

Table of Contents

EXECUTIVE SUMMARY

The Government of Canada recently introduced policy changes to financial reporting and internal control requirements for government departments.

Firstly, amendments to the Financial Administration Act required that federal departments present to Parliament Quarterly Financial Reports (QFR) 60 days after the end of each of the first 3 fiscal quarters. These reports are required to be prepared according to a new Treasury Board guideline - Treasury Board Accounting Standard 1.3 (TBAS 1.3). The objective of the TBAS 1.3 standard is to provide stakeholders with more timely and relevant information regarding public expenditures.

Secondly, departments are required to demonstrate the measures taken to maintain an effective system of Internal Control over Financial Reporting (ICFR). As part of the Policy on Internal Control (PIC), NRCan is expected to conduct annual assessments of the system of ICFR and establish action plans to address any issues identified. This process helps improve the accuracy and reliability of financial information. The maintenance of an effective system of ICFR is an ongoing process that requires departments to identify key risks and controls, assess their design and operating effectiveness and adjust as required as well as to monitor performance in support of continuous improvement.

This audit focused on the NRCan’s production processes for its Quarterly Financial Report for the 1st and 2nd Quarter of FY 2012-13 and the internal controls which were pertinent to the control of information and production of the QFR.

In relation to the policy changes highlighted above, NRCan has experienced several changes that directly impact the implementation of PIC. The implementation of a new financial management system (SAP) required that the Financial Management Branch (FMB) update internal control documentation for all key business processes. Since the implementation of SAP all control documentation has been updated to reflect process changes. However, the consolidation of the Government wide pay services has introduced significant changes in operating procedures for NRCan’s pay and benefits processes. These changes will affect how this process is managed and controlled. Additionally, minor changes to the PIC documentation for the Offshore Royalties and Statutory Transfer Payments process are planned to reflect the implementation of new control activities. This resulted in minor changes to the original audit approach.

Audit Purpose and Objectives

The overall purpose of the audit was to ensure that Natural Resources Canada was meeting the requirements for the preparation of the Quarterly Financial Report. These requirements have been established in Treasury Board Accounting Standard 1.3 and are supplemented by additional guidance provided by the Office of the Comptroller General. Additionally, the audit would ensure that key internal controls in support of quarterly financial reporting were documented, implemented and monitored to ensure the accuracy and reliability of the quarterly financial information.

Scope

The audit reviewed NRCan’s QFRs for June 2012 (Q1) and September 2012 (Q2), and the associated processes and controls for their preparation. These QFRs were selected as they were the most recent at the time of the audit.

Scope Limitation

The audit team had planned on testing operating effectiveness of internal controls using the documentation and test results available from FMB. During the audit, the audit team found that revisions to the ICFR documentation for the Payroll and Benefits process were planned but not yet completed. Minor updates were also planned for the Offshore Royalty process. The auditors also found that internal control testing for the Operating Expenditures process was underway and that the Department was in the process of remediating some internal control weaknesses. Consequently, the audit team did not conduct testing to provide an opinion on the operating effectiveness of internal controls at this point in time. A strategy for completing this segment of the audit work is included in the report and will be part of a subsequent phase. The audit does, however, conclude on the NRCan’s overall QFR process, documentation and monitoring of remedial actions for the key controls.

Strengths

Many strong points were observed during the audit including a structured process for the preparation of the Quarterly Financial Report. As a result, NRCan is meeting, for the most part, the standards set out in key elements of Treasury Board Accounting Standard 1.3.

FMB has implemented processes to ensure that key internal controls are documented to reflect the current control environment and the internal control documentation met all assessed criteria.

FMB has created and implemented plans for the testing of internal controls. The audit concluded that testing procedures were sufficient to address the key control activities and risks. An ongoing monitoring strategy is planned to ensure key internal controls are continuously tested by FMB on a risk based basis.

Areas for Improvement

Improvement is required in the variance analysis process for the QFRs to ensure that all material variances are adequately identified and explained. Communication of the methodology used to produce the financial information for variance analysis and training of Sector Financial Advisors responsible for analysis will support improvements to the process. These improvements will ensure a high level of compliance with Treasury Board Accounting Standard 1.3.

Improvements to the follow-up approach for internal control corrective measures that consist of ongoing reviews could be strengthened to also provide assurance that these internal controls are operating effectively.

Audit Conclusion and Opinion

Reasonable assurance can be provided that NRCan’s FMB has implemented an adequate process for the preparation of the QFR which demonstrates compliance with Treasury Board Accounting Standard 1.3. NRCan has also implemented an adequate process for the documentation and testing of key control activities. A risk-based testing strategy will help ensure internal controls are monitored on an ongoing basis.

The audit did not conduct testing to provide an opinion on the operating effectiveness of internal controls as they pertained to the QFR as revisions to internal control documentation and actions to address outstanding remedial actions were in progress. A plan for completing this segment of the audit work will be part of a subsequent phase of testing internal controls.

In my opinion, NRCan’s QFR preparation process meets the majority of reporting requirements; however, improvement in the variance analysis process will help improve the reliability and completeness of reported information in the QFR. Opportunities for improvement also exist for increasing the rigor in the follow-up approach for certain corrective measures.

Statement of Assurance

In my professional judgement as Chief Audit Executive the audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the internal Quality Assurance and Improvement Program (QAIP).

Christian Asselin, CPA, CA, CMA, CFE
Chief Audit Executive

INTRODUCTION

In December 2009 Parliament approved amendments to the Financial Administration Act (FAA) which required that federal departments present quarterly financial reports to Parliament 60 days after the end of each of the first 3 fiscal quarters. This change was introduced to address Parliamentarians’ request to receive more timely financial information on the use of appropriations at the departmental level. Previously, details on public spending were only available when the Public Accounts were tabled in the fall which was 18 months after the planned spending was tabled in Parliament.

The amendments to the FAA required that the financial information be prepared in a prescribed format as determined by the Treasury Board. This format is set out in the Treasury Board Accounting Standard 1.3 – Departmental and Agency Quarterly Financial Report (TBAS 1.3). The standard was approved in March 2010.

As per TBAS 1.3, NRCan is required to produce Quarterly Financial Reports (QFRs), using an expenditure basis of accounting, for each of the first three fiscal quarters. This basis of preparation is different from that used to prepare the annual financial statements. The reports detail the use of appropriations and expenditures for the quarter and year-to-date, with comparative figures from the equivalent quarter and year-to-date of the preceding fiscal year. In addition, these statements must be accompanied by information highlighting significant events affecting the quarter and year-to-date results and the financial risks and uncertainties which may impact the financial plan for the current year.

Additional measures were also introduced to strengthen the financial reporting and control framework. These requirements are identified in the Treasury Board Policy on Internal Control (PIC). Effective April 1, 2009, departments were required to demonstrate the measures taken to maintain an effective system of Internal Control over Financial Reporting (ICFR).

As part of the policy, NRCan is expected to conduct annual assessments of its system of ICFR and establish action plans to address any issues identified. A summary of the annual assessment results and action plan is included as an Annex to the Statement of Management Responsibility including Internal Control Over Financial Reporting in the annual departmental financial statements.

The audit was designed to assess NRCan’s progress in implementing these new policy initiatives. The audit focused on the key internal controls as they related to departmental QFRs. Historically, in 7 of the last 8 quarters, the following business processes and corresponding key controls accounted for more than 90 percent of quarterly expenditures and payments:

  • Offshore Royalties and Corresponding Statutory Transfers;
  • Grants and Contributions;
  • Payroll and Benefits; and
  • Operating Expenditures.

In addition to the challenges associated with implementing the policy changes highlighted above NRCan has experienced financial and government wide changes that directly impact the implementation of these new policies. The implementation of SAP required that the Financial Management Branch (FMB) update control documentation for all key business processes. Since the implementation of SAP all control documentation has been updated to reflect process changes. The consolidation of Government wide pay services has introduced significant changes in the operating procedures for pay and benefits. Subsequently, this has impacted the way this process is managed and controlled. Additionally, minor changes to PIC documentation for the Offshore Royalties and Statutory Transfer Payments process are planned to reflect the implementation of new control activities. This is included in FMB’s FY 2013-14 plan.

The system of ICFR aims to improve the accuracy and reliability of financial information. The maintenance of an effective risk based system of ICFR is an ongoing process that requires departments to identify key risks and controls, assess their design and operating effectiveness and adjust as required as well as to monitor performance in support of continuous improvement.

The 2012-2015 Risk-Based Audit Plan identified Internal Controls in Support of Quarterly Financial Reporting as a “High Audit Priority”. This project was selected for several reasons, notably, the lack of internal audit coverage for NRCan’s financial reporting and the new risks associated with the implementation of departmental requirements for internal control and quarterly financial reporting.

Audit Purpose and Objectives

The overall purpose of the audit is to provide reasonable assurance on the two following objectives:

  • NRCan has an adequate process for the preparation of Quarterly Financial Reports and that they are prepared in compliance with TBAS 1.3 and additional guidance provided by the Office of the Comptroller General (OCG); and
  • NRCan has documented, implemented and monitors key internal controls in support of quarterly financial reporting.

Scope and Methodology

The audit reviewed NRCan’s QFRs for June 2012 (Q1) and September 2012 (Q2), and the associated processes and controls for their preparation. These two QFRs were selected as they were the most recently completed at the time of the audit.

The audit methodology was based on internal auditing guidelines and included:

  • Reviewing key documents and relevant background documentation including TBAS 1.3, PIC, and the Policy on Financial Resource Management, Information and Reporting;
  • Reviewing business and operational plans;
  • Interviews with the key personnel responsible for the documentation and testing of key controls and those involved in the preparation of the QFRs;
  • Reviewing internal control documentation and internal control testing performed by the Financial Management Branch (FMB); and
  • Reviewing financial reporting processes and outputs.

Scope Limitation

During the audit, the audit team found that recent revisions to several control processes/systems for the Payroll and Benefits process were underway. Minor updates were also planned for the Offshore Royalty process and internal control testing for the Operating Expenditures process was underway. Finally, the Department was in the process of remediating some internal control weaknesses that had been previously identified. Consequently, the auditors were not able to fully conduct internal control testing that was planned at the onset of the audit. Adjustments to the audit scope were undertaken to adapt to the changing operational environment.

The audit team did not conduct testing to provide an opinion on the operating effectiveness of internal controls as they pertained to the QFR. A strategy for completing this segment of the audit work is included in this report and will be part of a subsequent audit of financial reporting.

Criteria

The audit criteria used in the audit were developed from the Treasury Board of Canada’s Core Management Controls and the relevant associated policies, notably, TBAS 1.3 and PIC. The criteria were approved by management prior to the commencement of the audit. Please refer to Appendix B.

FINDINGS AND RECOMMENDATIONS

PREPARATION OF THE QUARTERLY FINANCIAL REPORT

Summary Finding

The process for the preparation of the QFR was sufficiently documented to demonstrate that all key steps were completed as per TBAS 1.3 requirements. Although the majority of variances were well explained an opportunity exists for improvement in the variance analysis process.

Supporting Findings

The Quarterly Financial Reporting Process

The audit team reviewed FMB’s process for the preparation of the 1st and 2nd quarter QFRs for FY 2012-13. Interviews were held with the key individuals responsible for providing information and analysis for major sections of the QFR and to understand the key steps involved. The auditors found that a documented process existed which included consideration of key activities, timelines and the personnel responsible for completing key activities. The process included the coordination of information and analysis prepared by individuals from across the Department and included:

  • Risk and uncertainties from the Science Policy and Integration Sector;
  • Financial information from the Corporate Reporting Division of FMB;
  • Variance Analysis prepared by the Sector Financial Advisors;
  • Review of the report by the Communications Branch; and
  • Review and approvals from the Chief Financial Officer and Deputy Minister’s office.

Documentation review demonstrated that the information contained within the report was supported by analysis from individuals who had the required expertise. The audit team reviewed sufficient documentation to conclude that the process was being consistently applied for Q1 and Q2 of FY 2012-13.

Reporting of Financial Information

Analysis of financial information showed that the data reported for Q1 and Q2 of FY 2012-13 contained accurate totals for budgeted authorities. These included the reported totals for operating, capital and grants and contributions. Furthermore, the audit team confirmed that a documented process was in place to reconcile expenditure information to the trial balance. This process helped to ensure that financial data was accurately reported. Processes for obtaining financial reporting information were documented to ensure consistency from quarter to quarter as required by TBAS 1.3.

Review of Variance Analysis

As required by TBAS 1.3 QFR’s set out and explain the use of appropriations and expenditures for the equivalent quarter and year-to-date of the preceding year with comparative figures from the previous quarter and year-to-date and explain material changes in appropriations and expenditures. Variances were explained for changes in authorities, personnel expenditures, professional and special services and transfer payments.

NRCan’s Sector Financial Advisors (SFAs), responsible for preparing the analysis of variances, indicated that difficulties existed in obtaining accurate financial information needed to produce variance reports. Some SFA’s were not fully aware of the system parameters needed to reproduce the required information. These difficulties may impact the quality and efficiency of the variance preparation process. Although the process has matured, opportunity exists to improve the analysis process through improved communication and training.

The auditors reviewed a judgemental sample of 20 variances reported in the QFR for the 1st and 2nd Quarter of FY 2012-13 and found that 15 or 75% were adequately explained. Of the 5 variances that were not explained to 10% of the actual variance, the total unexplained portion of the variance was approximately $86M. When reviewing the variance analysis process the audit team noted that FMB had not yet established thresholds above which variance explanations are required. This may have lead to challenges in the variance analysis process.

RISK AND IMPACT

Stakeholders who rely on the analysis contained in NRCan’s QFR do not have complete and reliable information.

RECOMMENDATION

1. FMB should improve the variance analysis process by:

  1. Determining acceptable thresholds above which explanations are required.
  2. Including a reconciliation control to ensure that analysis meets acceptable thresholds and to ensure that significant variances are adequately explained.

2. FMB should communicate to Sector Financial Advisors the methodology used to extract information from the financial system and provide training to the individuals responsible for preparing variance analysis.

MANAGEMENT RESPONSE, ACTION PLAN AND TIME FRAME

1. Management concurs with the recommendation.

  1. FMB will determine acceptable thresholds above which explanations are required. These thresholds will be implemented by communicating them to impacted stakeholders and ensuring that thresholds are respected with the preparation of each QFR. FMB will be responsible for the implementation. Thresholds will be implemented for the first QFR of 2013-14. Each QFR will be monitored to ensure the thresholds have been respected.
  2. FMB will develop a reconciliation control tool in consultation with stakeholders that will be used to ensure thresholds have been respected. Each QFR, the tool will be completed and the final copy kept on record by FMB for audit purposes. A copy of the tool will be provided to the CFO at the time the CFO is asked to sign the QFR. Additionally, the Memorandum to the DM asking the DM to sign the QFR will include a reference to the thresholds having been respected.

Time Frame: First QFR of 2013-14

2. Management concurs with the recommendation.

FMB will hold a training session for the Sector Financial Advisors in which the methodology for extracting information from the financial system will be explained.

Training will be provided to individuals responsible for preparing variance analysis on an “as needed” basis.

Time Frame: On-going

DOCUMENTATION OF KEY INTERNAL CONTROLS

Summary Finding

Review of internal control documentation completed by the FMB, demonstrates that key business processes and the associated key internal controls are well documented. FMB is implementing a plan to update documentation to reflect NRCan’s changing business environment.

Supporting Findings

Documentation of Internal Controls

As required by the PIC, NRCan must establish and maintain a system of internal controls to ensure the efficiency of programs, operations and resource management, the reliability of financial reporting and compliance with legislation, regulations, policy and delegation of authorities. The system of internal controls is reflected through the documentation of business processes and associated key control activities. Interviews with FMB staff confirmed that major business processes were identified based on materiality and the associated key controls were documented. To ensure major risks were addressed, established risk frameworks were used to document key controls.

The audit team confirmed that all business processes pertaining to the preparation of the QFR were adequately documented to reflect process changes caused by the implementation of a new financial management system in April 2011.

The documentation of business processes and corresponding key controls is an ongoing effort as the operating environment is subject to continuous change. For example, the change in government direction to consolidate pay services will require NRCan to update documentation for the Payroll and Benefit process. Additionally, minor changes to the PIC documentation for the Offshore Royalties and Statutory Transfer Payments process are planned to reflect the implementation of new control activities. FMB’s operational plan indicates that the necessary updates will be completed in FY 2013-14.

Assessment of Internal Control Documentation

When reviewing internal control documentation, the audit team assessed whether documentation included the key elements necessary for testing internal controls and evaluating operating effectiveness. The auditors found that internal controls were in place to address the risks identified within the key business processes. When reviewing roles and responsibilities, the auditors found that roles and responsibilities were well defined for control activities. Control owners were identified for business process activities therefore ensuring that accountabilities were in place.

RECOMMENDATION

No recommendation required.

MANAGEMENT RESPONSE, ACTION PLAN AND TIME FRAME

Not required.

TESTING OF KEY INTERNAL CONTROLS

Summary Finding

Based on interviews with management, review of operational plans and the results of internal control testing completed by the FMB NRCan has demonstrated that a process is in place to ensure key controls are reviewed on an ongoing basis. The initial scope of the audit included a test of the internal controls. However, due to planned updates to internal control documentation and outstanding remedial actions, the audit team did not conduct operating effectiveness testing of internal controls as they pertained to the QFR at this time. A plan for completing this segment of the audit work will be part of a subsequent phase of testing internal controls.

Supporting Findings

Review of the Planning Process for Internal Control Testing

Interviews with the FMB and review of operational plans demonstrated that plans were established for the testing of internal controls. Interviews with FMB officials confirmed that the planning process was done in consideration of available resources. When deliverables were reviewed against planned activities, the auditors concluded that FMB was able to deliver on results for the testing of design and operating effectiveness as planned.

Since the implementation of PIC, the FMB has completed testing for design effectiveness for all business processes. Design effectiveness testing seeks to verify that internal controls are working as documented and can effectively mitigate risks. FMB was in the process of completing operating effectiveness testing for all processes by the end of March 2013. Operating effectiveness testing reviews a sample of internal controls to determine if the controls are working as intended over a defined period. At the time of the audit, FMB had completed operating effectiveness testing for most business processes and some testing was underway for the following business processes:

  • Capital Assets;
  • Revenues and Receivables; and
  • Operating Expenditures.

The auditors reviewed the long-term strategy for the ongoing monitoring and testing the key internal controls. Review of the process demonstrated that it is risk based. The monitoring strategy is designed to allow FMB to prioritize based on both the highest risk internal controls and business processes.

Operating Effectiveness of Internal Controls

The audit focused on the key internal controls as they related to the QFR. Historically, in 7 of the last 8 quarters, the following business processes and corresponding key controls accounted for greater than 90% of quarterly expenditures and payments:

  • Offshore Royalties and Corresponding Statutory Transfers;
  • Grants and Contributions;
  • Payroll and Benefits; and
  • Operating Expenditures.

In order to assess the operating effectiveness of internal controls, the auditors planned to assess a sample of controls which were key to the QFRs. However, documentation review indicated that substantial changes to the key controls in the payroll and benefits process had occurred due to the consolidation of Government wide pay services. Minor changes are planned in the offshore royalties and statutory transfer process. At the time of the audit these processes could not be tested using FMB documentation has it preceded these process changes; documentation updates are planned for next fiscal year.

The most recent results of the assessment of the operating effectiveness for the system of ICFR performed by FMB indicated that, for those processes assessed, most controls were found to be in place and operating effectively. Control deficiencies were addressed in many of the areas previously identified for improvement. Although much progress had been made, some remedial actions were still outstanding.

Due to planned updates to internal control documentation and outstanding remedial actions, the audit team did not conduct operating effectiveness testing of internal controls as they pertained to the QFR at this time. A plan for completing this segment of the audit work will be part of a subsequent phase of testing internal controls. This plan will include the Audit Branch testing key internal controls as they relate to the QFR once documentation updates are completed by FMB in FY 2013-14.

RECOMMENDATION

No recommendation is required.

MANAGEMENT RESPONSE, ACTION PLAN AND TIME FRAME

Not required.

MONITORING OF CORRECTIVE ACTIONS

Summary Finding

The audit found that a process was in place to ensure that recommendations for outstanding corrective actions were followed-up for completion. This approach was to ensure evidence was on file for remedial actions taken. The follow-up approach for addressing internal control deficiencies where ongoing review is required could be improved to provide assurance that internal controls are operating effectively.

Supporting Findings

As part of PIC requirements, the FMB regularly follows-up on recommendations made for internal control weaknesses identified during the testing of business process internal controls. The status of recommendations are tracked and followed up on a quarterly basis to assess whether the Department has implemented remedial actions to rectify ineffective internal controls.

The auditors reviewed a judgemental sample of 25 recommendations for corrective actions identified as “complete” to assess if the actions taken by the Department were sufficient to ensure that the internal controls identified as not effective were now operating as intended. When reviewing the evidence on file, the auditors found that in 5 of 25 or 20% of cases, evidence on file was not sufficient to conclude that internal controls were working as intended.

Although FMB has an adequate follow-up process in place for monitoring corrective actions, additional rigor would improve the process for some corrective actions and provide a higher level of certainty that internal controls are working as intended. For example, when determining whether the corrective actions taken to remediate an internal control deficiency related to monthly monitoring was completed, the auditors expected that FMB review an adequate number of files and test that ongoing reviews were taking place. However, when reviewing the follow-up action taken, only one month was reviewed to determine that the corrective action was completed. In 4 of 5 instances identified as requiring additional rigor, evidence of completion did not demonstrate that ongoing review was taking place as was required by the internal control. Additional attention should be given for corrective actions that require the establishment of an ongoing review process. Where necessary, timelines for follow-up activities should include enough lead time to allow control owners to demonstrate that the control activity has been implemented and is operating effectively. This process improvement can provide a higher degree of certainty that the system of internal control is working as intended.

RISK AND IMPACT

Some files did not contain sufficient evidence to demonstrate that internal controls were operating effectively. The risk exists that some internal controls identified as “complete” are not working as intended. The related control will be tested as per the multi-year on-going monitoring plan which reviews business processes on 2 to 4 year cycles. Control weaknesses may exist during this period if follow-up actions do not provide adequate assurance that controls are working as intended.

RECOMMENDATION

3. FMB should ensure that sufficient documentation is on file to demonstrate that actions identified as “complete” have been fully implemented.

MANAGEMENT RESPONSE, ACTION PLAN AND TIME FRAME

3. Management concurs with the recommendation.

FMB currently requests evidence of corrective measures at the time of implementation. FMB conducts operating effectiveness (OE) testing of the corrective measures as part of the next round of testing for the related business process, in accordance with the established risk-based multi-year monitoring plan.

FMB will strengthen the follow-up approach for implemented corrective measures that consist of ongoing reviews as follows: FMB will conduct OE testing of these corrective measures with some exceptions in the fiscal year immediately following the fiscal-year in which they are implemented (e.g. testing in 2013/2014 for a corrective measure implemented in 2012/2013).

Implementation of this management action plan can be monitored by Internal Audit and senior management through the review of the annual Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting (the Annex) that accompanies the departmental Financial Statements. The Annex is the existing reporting mechanism on the annual assessment of the system of Internal Control over Financial Reporting.

Time Frame: Starting April 1, 2013

APPENDIX A – STANDARD RISK TYPES AND AUDIT RATINGS

Standard Risk Types

Our standard risk types are classified based on the COSOFootnote1 Internal Control-Integrated Framework as follows:

Strategy – High-level goals, aligned with and supporting the Department's mission.

Operations – Effective and efficient use of resources.

Monitoring – Accurate assessments or evaluation of activities.

Reporting – Reliability of operational and financial reporting.

Compliance – Compliance with applicable laws, regulations, policies and procedures.

Standard Audit Risk Ratings

Audit findings are rated as follows:

Major: A key control does not exist, is poorly designed or is not operating as intended and the related risk is potentially significant. The objective to which the control relates is unlikely to be achieved. Corrective action is needed to ensure controls are cost effective and/or objectives are achieved.

Moderate: A key control does not exist, is poorly designed or is not operating as intended and the related risk is more than inconsequential. However, a compensating control exists. Corrective action is needed to avoid sole reliance on compensating controls and/or ensure controls are cost effective.

Minor: A weakness in the design and/or operation of a non-key process control. Ability to achieve process objectives is unlikely to be impacted. Corrective action is suggested to ensure controls are cost effective.


APPENDIX B – AUDIT OBJECTIVES AND CRITERIA

The audit criteria were derived from widely recognized control models (e.g. Management Accountability Framework, CICA Criteria of Control - CoCo) and relevant policies, acts and legislation. Actual performance was assessed against the audit criteria resulting in either a positive finding or the identification of an area of improvement.

The overall purpose of the audit was to provide reasonable assurance that Natural Resources Canada was meeting the requirements for the preparation of the Quarterly Financial Report and that key internal controls in support of quarterly financial reporting were documented, implemented and monitored.

Audit Criteria Used to Conduct Audit
Audit Sub-Objectives Audit Criteria

Sub-Objective 1: To ensure that a system of key internal controls (key business processes, entity level controls, general computer controls) is established, documented, operating and monitored.

1.1 It is expected that ‘key’ business processes have been documented to reflect the current control environment and key control activities pertaining to the annual departmental financial statements.

1.2 It is expected that key internal controls are operating effectively at the business and entity level in order to reduce risks to an acceptable level.

1.3 It is expected that management has established and implemented plans to monitor and test entity and business level controls on an ongoing basis.

1.4 It is expected that deficiencies are identified and action plans are created to remediate identified control weaknesses.

Sub-Objective 2: To ensure that an adequate process for the preparation of quarterly financial reports exists and is in compliance with TBAS 1.3 and additional guidance provided by the OCG.

2.1 It is expected that management has established and documented adequate tools, templates and processes for the preparation of quarterly financial reports.

2.2 It is expected that financial and non-financial information contained within the quarterly financial reports is supported by an adequate document trail.

2.3 It is expected that the Quarterly Financial Report is presented in accordance with TBAS 1.3 and additional guidance provided by the OCG.