Language selection


Audited Financial Statements 2017-18

Back to Audited Financial Statements List

Office of the Privacy Commissioner of Canada

Unaudited 2017-18 annex to the statement of management responsibility, including internal control over financial reporting

1. Introduction

This document provides summary information on the measures taken by the Office of the Privacy Commissioner of Canada (the Office) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results and related action plans.

Detailed information on the Office's authority, mandate and program activities can be found in the Office’s Departmental Plan and Departmental Results Report.

2. The Office’s system of internal control over financial reporting

2.1 Internal control management

The Office has a well-established governance and accountability structure to support the assessment efforts and oversight of its system of internal control. A departmental internal control management framework, approved by the Commissionner, is in place which includes:

  • Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
  • Values and ethics;
  • Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
  • At least annual monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Commissioner and the Office’s senior management and, as applicable, the Office’s Audit Committee.

The Office’s Audit Committee provides advice to the Commissioner on the adequacy and functioning of the Office's risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The Office relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows.

Common Arrangements
  • Public Services and Procurement Canada (PSPC) centrally administers the payments of salaries and the procurement of goods and services in accordance with the Office’s Delegation of Authority, and provides the costs of accommodation for inclusion in the financial statements as "Common services provided without charge";
  • The Office of the Auditor General provides audit services to the Office;
  • The Treasury Board of Canada Secretariat provides the Office with information used to calculate various accruals and allowances, such as the accrued severance liability;
  • Shared Services Canada (SSC) provides information technology (IT) infrastructure services to the Office in the areas of internet connectivity and email security. The scope and responsibilities are addressed in the interdepartmental arrangement between SSC and the Office, and
  • For the purposes of the Financial Administration Act, the Office and the Office of the Information Commissioner (OIC) submit their trial balances jointly to the Receiver General.
Specific Arrangements
  • The Office does not contract external service providers to administer programs on his behalf or to capture and report financial transactions.
  • In addition to processing the Office’s invoices, the Commission of Human Rights of Canada (CHRC) continued to provide the Office with a GX financial system platform to capture and report all financial transactions.

3. The Office’s assessment results during fiscal year 2017-18

3.1 Testing results of key controls

A third party was engaged to assist the Office in meeting its commitment to continuously improve its effective system of ICFR to ensure associated risks were appropriately mitigated.

No issues were noted in the course of the third party’s engagement conducted during 2017-18. It was determined that the Office’s contributions, budgeting and forecasting business processes were well designed and operating effectively. No deficiencies were noted or recommendations requiring the tabling of a management action plan for consideration by the Office’s Audit Committee.

3.3 Ongoing monitoring program

The Office continues to ensure that controls are effective over time and seek opportunities to strengthen its key financial control activities, taking into account results from annual assessments and audits. This involves developing and implementing a well-integrated monitoring program to raise awareness and understanding of the organization’s system of ICFR at all levels of the organization, equip staff with the knowledge, skills and tools needed to maintain a robust ICFR, and continue to assess the status of ICFR on an ongoing basis.

4. The Office’s action plan

As an Agent of Parliament, the Commissioner is solely responsible for Office’s compliance with the Treasury Board Financial Management Policy and related instruments and for responding to any instance of non-compliance. Therefore, the Commissioner and senior managers are committed to sustaining and continuously improving its effective system of ICFR, including carrying out ongoing monitoring to ensure that the key controls meet the expectations of management and stakeholders, and appropriately mitigate associated risks.

4.1 Progress during fiscal year 2017-18

The Office made progress on risk areas identified last fiscal year. The progress achieved is summarized as follows:

Key Control Areas Status
Payroll Design and operating effectiveness testing completed. No remedial actions required.
Procure to Pay Design and operating effectiveness testing completed. No remedial actions required.
Financial Close Design and operating effectiveness testing completed. No remedial actions required.

4.2 Action plan for the next fiscal year and subsequent years

During fiscal year 2018-19, the Office will undertake a review of its multi-year testing plan given design and operating effectiveness testing of key business processes results year-over-year demonstrate the Office’s system of ICFR is working. The review will also serve to inform if the Office’s risk assessment matrix should be amended and subsequently its three year testing plan to ensure an effective use of resources.

In addition, considering known financial controls issues identified in the Phoenix payroll process, the Office will conduct the design effectiveness testing and operating effectiveness testing for its payroll business.

The Office’s rotational ongoing monitoring plan will be updated and will form part of the Office’s unaudited 2018-19 annex to the statement of management responsibility, including internal control over financial reporting.

Risk-Based Rotational Ongoing Monitoring PlanFootnote 1
Business Process Cycle Overall Risk Frequency of Testing Ongoing Rotational Plan
2018-19 2019-20 2020-21
IT General ControlsFootnote 2 Based on Service Provider’s ICFR Plan
Capital Assets Medium Every Three (3) Years x    
Entity Level Controls Medium Every Three (3) Years x    
Financial Close &
Medium Every Two (2) Years x   x
Payroll Medium Every Two (2) Years x   x
Procure to Pay Medium Every Three (3) Years   x  
Budgeting &
Low Every Three (3) Years     x
Contributions Low Every Three (3) Years     x
Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: