Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting Royal Canadian Mounted Police Fiscal year 2018-2019

1. Introduction

This document provides summary information on the measures taken by the Royal Canadian Mounted Police (RCMP) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.

Detailed information on the RCMP's authority, mandate and program activities can be found in the 2018-19 Departmental Results Report and the 2018-19 Departmental Plan.

2. RCMP's system of internal control over financial reporting

2.1 Internal control management

The RCMP recognizes the importance of setting the tone from the top and helps ensure that staff at all levels understand their role in maintaining an effective system of internal control over financial reporting (ICFR) and are well equipped to exercise these responsibilities effectively. The RCMP's focus is to ensure risks are managed through a responsive and risk-based control environment that enables continuous improvement and innovation.

The RCMP has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. The RCMP's internal control management framework, approved by the Commissioner, is in place and includes:

Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
Values and ethics;
Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control;
Centralized team with support from regional internal control units within the Corporate Management portfolio dedicated to the documentation, design and operating effectiveness of ICFR under the Chief Financial and Administrative Officer authority;
Periodic monitoring of, and regular updates to, internal control management, as well as the provision of related assessment results and action plans to the Commissioner, the Chief Financial and Administrative Officer, senior management and, as applicable, the Departmental Audit Committee.

The Departmental Audit Committee provides advice to the Commissioner on the adequacy and functioning of the RCMP's risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The RCMP relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common service arrangements:

Public Services and Procurement Canada (PSPC) centrally administers the payments of salaries and benefits under two different pay systems: Phoenix for Public Service Employees and Member Pay System (MPS) for Regular and Civilian Members of the RCMP. PSPC also administers the procurement of goods and services in accordance with the RCMP's Delegation of Authority, and provides accommodation services;
The Treasury Board of Canada Secretariat provides services related to public sector insurance for employees of the RCMP and centrally administers payment of the employer's share of contributions toward statutory employee benefit plans (i.e. the Public Service Pension Plan, Employment Insurance Plan, Canada Pension Plan, Quebec Pension Plan and Public Service Supplementary Death Benefit Plan) on behalf of the RCMP;
The Department of Justice Canada provides legal services to the RCMP; and
Shared Services Canada (SSC) provides information technology (IT) infrastructure services to the RCMP in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the RCMP.

Readers of this Annex may refer to the Annex of the above-noted organizations for a greater understanding of the system of ICFR related to these specific services.

The RCMP relies on other departments for the processing of certain transactions or information that are recorded in its financial statements, as follows:

Specific Arrangements:

PSPC administers the member pension administration on behalf of the RCMP. PSPC has the authority and responsibility to ensure that transactions and payments are made in accordance with the terms and conditions set out by the RCMP. As a result, reliance is placed on the control procedures of PSPC.
Veterans Affairs Canada (VAC) administers some of the programs and services that the RCMP is responsible to provide to its members, including the disability pension and health benefit programs for a service-related injury, illness or death, pursuant to Part II of the Royal Canadian Mounted Police Superannuation Act and the Pension Act. VAC also provides transition support, case management, and access to the network of Operational Stress Injury (OSI) Clinics and VAC Assistance Service to eligible members. As a result, reliance is placed on the control procedures of VAC.

3. Departmental assessment results during fiscal year 2018-19

The following table summarizes the status of the ongoing monitoring activities according to the previous fiscal year's rotational plan.

Progress during the 2018-19 fiscal year
Previous year's rotational ongoing monitoring plan for current year	Status
Key business process controls over significant risks	In progress; to be completed in 2019-20 and remedial actions to start in 2019-20.
IT general controls under departmental management	Completed as planned; remedial actions to start in 2019-20.
Tangible capital assets	In progress; to be completed in 2019-20.
Pension plan liabilities	In progress; to be completed in 2019-20.
Operating expenditures and accounts payable	In progress; to be completed in 2019-20.
Revenues and accounts receivable	In progress; to be completed in 2019-20.
Payroll and benefits – public service employees	In progress; to be completed once PSPC's payroll processing reaches a steady state.

The key findings and significant adjustments required from the current year's assessment activities are summarized below.

New or significantly amended key controls:

In the current year, there were no significantly amended key controls in existing processes that required a reassessment. Design and operating effectiveness testing on the departmental key controls for the new pay system, Phoenix, are still ongoing until PSPC's payroll processing reaches a steady state.

On-going monitoring program:

As part of its rotational ongoing monitoring plan, the RCMP completed its reassessment of IT general controls under departmental management. The reassessment of key business process controls over significant risks, tangible capital assets, pension plan liabilities, operating expenditures and accounts payable, and revenues and accounts receivable are in progress and will be completed in 2019-20. The reassessment of public service employee payroll processes is ongoing as described above. For the most part, the key controls that were tested performed as intended, with remediation required as follows:

Control deficiencies were found in key business process controls over significant risks related to the performance of reconciliations and reviews as well as segregation of duties. A management action plan addressing the recommendations will be developed by the process owners.
Control deficiencies were found in the IT general controls related to access to programs and data, computer operations and change management. A management action plan addressing the recommendations will be developed by the process owners.

4. Departmental action plan for the next fiscal year and subsequent years

The RCMP's rotational ongoing monitoring plan over the next four fiscal years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.

Rotational ongoing monitoring plan
Key control areas	Fiscal year 2019-20	Fiscal year 2020-21	Fiscal year 2021-22	Fiscal year 2022-23
Entity-level controls	No	Yes	No	No
IT general controls under departmental management^{Footnote 1}	Yes	Yes	Yes	Yes
Operating expenditures^{Footnote 2}	Yes^{Footnote 4}	No	Yes	No
Revenues and accounts receivable^{Footnote 2}	Yes^{Footnote 4}	No	No	No
Payroll and benefits – members^{Footnote 2}	No^{Footnote 3}	Yes	No	No
Payroll and benefits – public service employees^{Footnote 2}	No	Yes	No	No
Financial reporting	Yes	No	No	No
Tangible capital assets	Yes^{Footnote 4}	No	No	No
Transfer payments	No	No	Yes	No
Inventory	No	Yes	No	No
Pension plan liabilities	Yes^{Footnote 4}	No	No	No
Departmental financial signing authorities^{Footnote 2}	No	No	Yes	No
Financial management	Yes	No	No	No

Footnotes

Footnote 1

The assessment of IT general controls under departmental management is based on a comprehensive risk-based four-year plan where high risk areas are assessed on an annual basis and controls over medium and low risk elements are tested on a rotational basis.

Return to Footnote 1 referrer

Footnote 2

Key business process controls over significant risks are tested annually; otherwise key control areas are tested at least once over a four-year period.

Return to Footnote 2 referrer

Footnote 3

The payroll and benefits – members process was part of the 2019-20 ongoing monitoring rotational plan; however, the work has been deferred as remedial actions are still being implemented.

Return to Footnote 3 referrer

Footnote 4

Carry-over from previous year; to be completed in 2019-20.

Return to Footnote 4 referrer

Date modified:: 2020-02-26

Language selection

Search and menus

Search