Summary of the Assessment of Effectiveness of the Systems of Internal Control over Financial Reporting and the Action Plan of the Canadian Institutes of Health Research for the Fiscal Year 2014‑15 (Unaudited)

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting

1. Introduction

This document provides summary information on the measures taken by the Canadian Institutes of Health Research (CIHR) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans. In particular, it provides summary information on the internal control assessments conducted by CIHR as of March 31, 2015, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment of CIHR.

Detailed information on the CIHR authority, mandate and program activities can be found in the Departmental Performance Report and the Report on Plans and Priorities.

2. CIHR system of internal control over financial reporting

2.1 Internal control management

CIHR has a well-established governance and accountability structure to support agency assessment efforts and oversight of its system of internal control. An agency internal control management framework, approved by the President, is in place, including:

The DAC provides advice to the President on the adequacy and functioning of CIHR’s risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

CIHR relies on other organizations for the processing of certain transactions or the provision of information which impact its financial statements as follows:

Common arrangements:

Specific arrangements:

Other government departments rely on CIHR for the processing of certain transactions or the provision of information that affects their financial statements. Operating effectiveness testing has been implemented for the key controls and no issues were identified.

3. CIHR assessment results during fiscal year 2014-15

The key findings and significant adjustments required from the current year’s assessment activities are summarized below.

New or significantly amended key controls: In the current year, there were no significantly amended key controls in existing processes which required a reassessment and there were no new processes to test for design and operating effectiveness.

Ongoing monitoring plan: As a result of updates to the Management Accountability Framework (MAF) and the Committee of Sponsoring Organizations of the Treadway Commission Methodology (COSO), the ongoing rotational monitoring plan was updated to incorporate entity-level control testing into this year’s assessment to best reflect professional practice.

In 2014-15, CIHR completed its reassessment of IT general computer controls, entity-level controls, and financial controls, including grants and awards, financial statement closing (including payables at year end and accruals), hospitality, travel and travel cards, Institute Support Grants, procurement, salary and payroll, and grants and awards payments. For the most part, the key controls that were tested performed as intended, with remediation required as follows:

Approval process

Financial management

IT systems

4. CIHR’s action plan

4.1 Progress during fiscal year 2014-15

CIHR continued to conduct its ongoing monitoring as shown in the following table.

Previous year’s rotational ongoing monitoring plan for current year Status
Financial statement close (including payables at year end and accruals), travel and travel cards, procurement, salary and payroll, and Institute Support Grants – operating effectiveness testing and remediation of deficiencies Completed as planned; no remedial action required.
Grants and awards, grants and awards payments process, hospitality, IT general controls, and operating effectiveness testing and remediation of deficiencies Completed as planned; remedial actions in progress.
Entity-level controls Completed in the current year, no remedial action plan required.

4.2 Action plan for the next fiscal year and subsequent years

Building on the progress to date, CIHR has developed a risk-based annual validation of high-risk processes and controls in order to facilitate ongoing rotational monitoring. The plan takes into consideration any substantial changes to key controls in significant processes as well as addresses training to enhance the awareness and knowledge of internal controls over financial reporting and associated responsibilities across CIHR.  CIHR’s rotational ongoing monitoring plan over the next three years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.

Key control areas Fiscal year 2015–16 Fiscal year 2016–17 Fiscal year 2017–18
Financial statements close process (including payables at year end and accruals) Yes Yes Yes
Grants and awards Yes Yes Yes
Grants and awards payment process Yes Yes Yes
Hospitality Yes Yes Yes
IT general controls Yes Yes Yes
Travel and travel cards Yes Yes Yes
Institute Support Grants No No Yes
Procurement No No Yes
Salary and payroll No No Yes
Canada Research Chairs Yes No No
Entity-level controls Yes No No
Financial management and budgeting Yes No No
Collaborative agreements No Yes No
Deferred revenue and revenue No Yes No
Networks of Centres of Excellence No Yes No
Recoveries No Yes No
Date modified: