Annex to the Statement of Management Responsibility including Internal Control over Financial Reporting (Unaudited)

Consolidated financial statements quick links


For the year ended March 31, 2018

1. Introduction

This document provides summary information on the measures taken by NRC to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.

Detailed information on NRC's authority, mandate and program activities can be found in the 2017‑18 Departmental Results Report and the 2017‑18 Departmental Plan.

2. Departmental system of internal control over financial reporting

2.1 Internal control management

RC has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental financial management framework is in place which includes:

  • Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
  • Values and ethics;
  • Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
  • At least semi-annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Deputy Head and departmental senior management and, as applicable, the Departmental Audit Committee.

The Departmental Audit Committee provides advice to the Deputy Head on the adequacy and functioning of NRC's risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

NRC relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common arrangements

  • Public Services and Procurement Canada (PSPC) centrally administers the payments of salaries and the procurement of goods and services in accordance with NRC's Delegation of Authority, and provides some accommodation on behalf of NRC;
  • The Treasury Board of Canada Secretariat provides NRC with information used to calculate various accruals and allowances, such as the accrued severance liability;
  • The Department of Justice Canada provides legal services to NRC; and
  • Shared Services Canada provides information technology (IT) infrastructure services to NRC in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and NRC.

3. Departmental assessment results during fiscal year 2017‑18

The key findings and significant adjustments required from the current year's assessment activities are summarized below.

3.1 New or significantly amended key controls

Changes impacting NRC's key financial controls during 2017-18 included:

NRC continued moving towards more electronic processing with the implementation of invoice approvals in June 2017. This has further simplified and improved the promptness of the approval process as well as strengthened internal controls within NRC's financial system, including electronic audit trail of approvals and documentation.

NRCs contribution management system continues to be further integrated with NRCs financial system with respect to Payables-at-Year-End (PAYEs) and credit note processes. NRC continues to leverage system controls and operational efficiencies as well as performing operational effectiveness testing on key controls on an ongoing basis.

3.2 Ongoing monitoring program

NRC's rotational ongoing monitoring (OGM) plan was formally assessed and updated to reflect the impacts of key changes and previous year results. NRC completed its reassessment of financial controls within procurement to payment, transfer payments, capital assets, payroll administration, revenues/receivables as well as entity level controls and information technology general controls (ITGC).

Overall, the key controls tested performed as intended, with remediation required as follows:

  • Procurement to payment: Some improvements were noted with regards to key financial controls identified from the previous reviews for financial signing authorities. There were also minor improvements related to the application of expenditure initiation and section 34 for expenses with payments made to other government departments through interdepartmental settlements. As the NRC continues to develop and implement electronic approvals for purchases, including goods or services received from other government departments, it is expected that this will address the inconsistencies noted;
  • Transfer payments: This year's assessment of contribution files and sub-processes reviewed demonstrated compliance with most of the existing policies and business processes. Improvements were noted as most observations were quality issues and these were communicated to management and responsible parties. Results are expected to continue to improve with the ongoing system integration projects and electronic approvals.
  • Capital assets: Consistent with last year's assessment, there continues to be issues in relation to lower level custodianship accountability. A complete review of business processes surrounding the administration of capital assets will be done during 2018-19 in order to identify opportunities to strengthen controls.
  • Payroll: Payroll testing results remain consistent with last year's findings. Minor improvement opportunities in relation to some manual business processes with minimal impacts on financial controls were identified and communicated to management and to the responsible parties. NRC continues to review annually payroll business processes and controls, including those that may be prone to human error. The Phoenix payroll system continues to have a noticeable impact on the organization's workload;
  • Master data: Some segregation of duties risks were noted. A review of transactions was conducted and no issues were reported. An interim review of conflicting roles is in progress in addition to implementing a monitoring plan to monitor segregation of duties when conflictual roles are assigned.
  • Revenue: Consistent with the previous year's findings, there continue to be some elements of the business processes that are not consistently followed. In addition, although progress has been made with regards to better documentation, there is still room for improvement. In order to ensure that operational effectiveness was assessed, alternate testing was conducted to ensure that revenues were appropriately recorded.

4. Departmental action plan

4.1 Progress during fiscal year 2017-18

NRC continued to conduct its ongoing monitoring according to the previous fiscal year's rotation plan as shown in the following table.

Previous year's rotational ongoing monitoring plan for current year Status
Entity level controls (ELC), information technology general controls Completed as planned and no remedial actions required.
Procurement to payment, transfer payments, capital assets, master data, payroll administration and revenues, receivables and receipts Completed as planned with some remedial actions complete and some underway.

4.2 Action plan for the next fiscal year and subsequent years

NRC's rotational ongoing monitoring plan over the next three years, based on an annual validation of the high risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.

Key control areas Fiscal year
Fiscal year
Fiscal year
Entity Level Controls (ELCs)
IT General Controls (ITGCs) under departmental management
Procurement to payment
Transfer payments
Capital assets
Payroll administration
Revenues, receivables and receipts
Master data – customers / vendors

= Planned assessment of key controls (not all sub-processes are assessed annually)

In addition to the ongoing monitoring rotational plan, NRC also plans to review remediation actions completed in 2018-19 in all areas in which issues were noted in Section 3. NRC also plans to continue remediation of adjustments identified during its assessments. When new business processes are introduced, or significant internal control process changes occur, NRC will proactively identify, document and test key controls based on associated risks. The results will be incorporated into the assessment plan and the ongoing monitoring program.