• Previous page
• Next page

Canada Revenue Agency

Appropriate Minister

The Honourable Gail Shea, P.C., M.P. Minister of National Revenue

Institutional Head

Linda Lizotte-MacPherson, Commissioner and Chief Executive Officer

Constituent Act

Canada Revenue Agency Act, [1999, c. 17]

Year of Incorporation/Commencement

1999

Mandate

The Canada Revenue Agency (CRA) is responsible for: supporting the administration and enforcement of program legislation; implementing agreements between the Government of Canada and the government of a province, territory, or other public body performing a function of government in Canada; implementing agreements or arrangements between the CRA and departments or other agencies of the Government of Canada; and implementing agreements between the Government of Canada and First Nations governments to administer a tax.

Head Office

Connaught Building
555 MacKenzie Avenue, 7th floor
Ottawa ON K1A 0L5
Telephone: 613-957-3688
Fax: 613-952-1547
Website: www.cra-arc.gc.ca

Organizational structure

Rating our results

We use both qualitative and quantitative measures or indicators, to assess our success in producing the results that we expect from achieving our objectives. We gather operational data, statistical samples, and survey results that form the basis of our assessments. Our targets identify the percentage or degree we expect to attain for a performance level. Our management teams establish performance targets by analyzing affordability constraints, historical performance, the complexity of the work involved, and the expectations of Canadians. We rate our results in terms of whether the targets identified in our 2011-2012 Report on Plans and Priorities.

Service standards in the CRA

Maintaining the confidence of Canadians in the integrity of the tax system is essential to the success of the CRA. Service standards that are reasonable and consistently met contribute to increasing the level of confidence that Canadians place in government. Our service standards publicly state the level of performance that citizens can reasonably expect to encounter from the CRA under normal circumstances. We set targets that state the percentage of time or level of accuracy that we expect to attain for the established standard. Targets represent the percentage or degree of improvement we expect to attain, based on operational realities such as resource availability, infrastructure, historical performance, the public's expectations, and the complexity of the work. Our standards and targets are reviewed annually and updated, as necessary.

For more information on CRA's service standards.

Enterprise risks mapped to program activities in support of strategic outcomes

Summary of the assessment of effectiveness of the systems of internal control over financial reporting and the action plan of the Canada Revenue Agency

Fiscal year 2011-2012

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting.

Note to the reader

In accordance with the Treasury Board Policy on Internal Control, departments and agencies are required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments and agencies are expected to conduct annual assessments of their system of ICFR, establish action plans to address any necessary adjustments, and attach to their Statements of Management Responsibility a summary of their assessment results and action plan.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

• transactions are appropriately authorized;
• financial records are properly maintained;
• assets are safeguarded from risks such as waste, abuse, loss, fraud, and mismanagement; and
• applicable laws, regulations, and policies are followed.

It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risk to a reasonable level with controls that are balanced with and proportionate to the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process of identifying key risks, assessing the effectiveness of associated key controls and adjusting them as required, as well as monitoring the system in support of continuous improvement. As a result, the scope, pace, and status of departmental and agency assessments of the effectiveness of their systems of ICFR will vary from one organization to another based on risks and taking into account their unique circumstances.

The annual assessment of ICFR contemplated in the Treasury Board Policy on Internal Control is intended to be a management self-assessment led and administered by the Chief Financial Officer and supported by senior management. However, key external audit findings and results can contribute to this self-assessment. In the case of the CRA, federal-provincial tax collection agreements contain an audit provision requiring the Auditor General to periodically perform a review of the CRA's internal controls relevant to the financial information provided under the agreements, and to report the results to provincial and territorial finance Ministers. To fulfill these requirements, the Office of the Auditor General periodically audits those aspects of the CRA's self-assessment of ICFR that are relevant to the tax collection agreements. The portion of CRA's ICFR that is subject to audit under the agreements and the results of the control audits performed recently by the Office of the Auditor General are described in Sections 3 and 4 of the Annex.

1. Introduction

This document is part of the CRA's Statement of Management Responsibility Including Internal Control over Financial Reporting for the fiscal year 2011-2012. As required by the Treasury Board Policy on Internal Control, this document provides summary information on the measures taken by the CRA to maintain an effective system of ICFR. In particular, it provides summary information as of March 31, 2012 on the assessments the CRA conducted including progress, results, and related action plans. Some financial highlights pertinent to understanding the CRA's unique control environment are also provided.

1.1 Authority, mandate, and program activities

The CRA's mandate is based on a framework of complex laws enacted by Parliament and by provincial and territorial legislatures. To fulfill its mandate, the CRA administers a range of taxes, benefits, and related programs aimed at ensuring that taxpayers meet their obligations and receive their entitlements, and at protecting Canada's tax base. For more detailed information on the CRA's authority, mandate, and activities, refer to the Annual Report to Parliament on the CRA website or to the Report on Plans and Priorities on the CRA website.

1.2 Financial highlights

The CRA's key results for fiscal year 2011-2012 are as follows:

Canada Revenue Agency activities

• Total expenses of $4,758 million, 74% of which is personnel expenses.
• Total assets of $601 million and liabilities of $1,146 million. Capital assets comprise 67% of the CRA's total assets. Employee severance benefits comprise about 64% of total liabilities and accounts payable, and accrued liabilities comprise about 13%.

Administered activities

• Total administered revenues of about $331 billion, composed of $198 billion in revenue administered under tax and other related federal legislation on behalf of the Government of Canada, $94 billion in revenue administered on behalf of provincial, territorial, and First Nations governments under various Memoranda of Understanding and similar arrangements, and $39 billion in revenue administered on behalf of the Canada Pension Plan.
• Total payments of about $20.8 billion in benefits and credits administered under benefit programs and services on behalf of the Government of Canada and provincial and territorial governments.

The CRA's information technology (IT) capacity is also critical to its ability to deliver services to Canadians. This is a sizeable task which requires the involvement of two data centres which process up to 4 million transactions per hour, 7 mainframe computers, about 1,700 servers, and maintaining over 495 applications across a distributed computing environment covering more than 400 locations. Effective November 15, 2011, IT infrastructures services related to email, data centres and network services are provided through Shared Services Canada in partnership with the CRA.

The CRA's Finance and Administration Branch supports the delivery of CRA programs and services by providing sound advice, products, and services related to a number of key functions including financial administration, resource management, security, internal affairs, and administration. It also helps ensure compliance and accountability with related legislation, policies, and directives. Finance and Administration Branch activities are performed by a team of almost 2,500 employees, about 35% of whom are located in Headquarters and 65% in the regions. This team is integral to the effectiveness of the CRA's system of control over financial reporting, which encompasses two sets of financial statements: one for agency activities and one for administered activities. Also of importance to financial reporting, in particular to administered activities, are many of the procedures carried out as part of regional or Headquarters operations, such as collection, data entry, and processing of income tax returns, as well as support and development of a majority of the system applications the CRA uses. This makes the CRA's task of scoping, documenting, and assessing the related controls uniquely challenging.

1.3 Audited financial statements

As noted above, for financial reporting purposes, the activities of the CRA have been divided into two sets of financial statements: agency activities and administered activities. The Financial Statements - Agency Activities include those operational revenues and expenses that the CRA manages and utilizes in running the organization. The Financial Statements - Administered Activities include those revenues and expenses that are administered for someone other than the CRA, such as the federal, provincial and territorial governments, First Nations and other organizations.

The CRA has issued annual audited financial statements since 1999-2000 and has consistently received an unmodified opinion from the Auditor General of Canada.

1.4 Service arrangements relevant to financial statements

1.4.1 CRA reliance on other government service providers

The CRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements.

Common arrangements

• Public Works and Government Services Canada centrally administers salary payments and looks after items such as the calculation of general pay, payroll deductions, security of pay information, and automatic retroactive adjustments through the Regional Pay System.
• The Department of Justice provides legal advisory, litigation, and legislative services.
• The Office of the Auditor General of Canada provides auditing services.
• Shared Services Canada was created on August 4, 2011 to consolidate, streamline and improve the government's information technology (IT) infrastructure services, specifically email, data centre and network services for 43 federal departments and agencies. Effective November 15, 2011 the responsibility for email, data centre and network services, including associated resources, was transferred from the CRA to Shared Services Canada. The administration and delivery of these services were shared during the 2011-2012 transition period while Shared Services Canada was being established.

Specific arrangements

• Revenu Québec is responsible for the joint administration of the goods and services tax and Quebec sales tax for businesses in the Province of Quebec.

1.4.2 CRA services that other departments and agencies rely on

Specific arrangements

• The CRA provides information technology services to the Canada Border Services Agency's operational and financial systems and performs collection services on their behalf for duties, taxes, fees, penalties, or other amounts owing under the Customs Act, Customs Tariff, Excise tax Act, Excise Act, 2001, and/or related regulations.
• The CRA provides information to the Department of Finance to use in determining taxes receivable and payable under tax collection agreements with provincial, territorial, and Aboriginal governments.
• The CRA provides services to Human Resources and Skills Development Canada to collect its accounts receivable and to administer a number of activities for the Canadian Pension Plan and Employment Insurance Operating Account.

1.5 Significant changes in fiscal year 2011-2012

• Under agreements reached with the Government of Canada, the CRA started to administer the harmonized sales tax in Ontario and British Columbia on July 1, 2010. On August 26, 2011, British Columbia announced that it will return to the provincial sales tax on April 1, 2013. Until then, the CRA will continue to administer the harmonized sales tax for British Columbia. Shortly after the end of fiscal year 2011-2012, on April 18, 2012, the province of Prince Edward Island announced that it has entered into an agreement with the Government of Canada to bring Prince Edward Island into the harmonized sales tax revenue allocation framework effective April 1, 2013.
• Effective September 5, 2011, Mr. Mark Perlman was appointed to the position of Deputy Assistant Commissioner and Agency Comptroller, Finance and Administration Branch.
• Effective October 3, 2011, Mr. Bill Jones was appointed to the position of Deputy Commissioner of the CRA.
• Effective November 15, 2011, Shared Services Canada is responsible for controlling and supervising the CRA's email, data centre, and network services and has ownership of relevant assets. Since Shared Services Canada came into being, it has been operating with the CRA under a business continuity framework that identifies how work and services were to continue for the remainder of the 2011-2012 fiscal year. This framework is being extended until March 31, 2013, to allow for a sufficient transition period.

2. CRA's control environment relevant to ICFR

The CRA recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining an effective system of ICFR and are well equipped to exercise these responsibilities effectively. The CRA's focus is to ensure risks are well managed through a responsive and risk-based control environment that enables continuous improvement and innovation.

2.1 Key positions, roles, and responsibilities

This section explains the CRA's key positions and committees with responsibilities for maintaining and reviewing the effectiveness of its system of ICFR.

Commissioner - The Commissioner and Chief Executive Officer (CEO) of the CRA, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Commissioner chairs the Agency Management Committee, sits on the CRA Board of Management, and attends meetings of the Audit Committee.

Chief Financial Officer - The Chief Financial Officer (CFO) reports directly to the Commissioner and provides leadership for the coordination, coherence, and focus of efforts to design and maintain an effective and integrated system of ICFR, including its annual assessment. In this role, the CFO chairs the CRA's CEO/CFO Certification Steering Committee and attends meetings of the Audit Committee.

CEO /CFO Certification Steering Committee - This Committee is chaired by the CFO and composed of Assistant Commissioners with significant responsibility for ICFR including the Chief Information Officer, the Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch, and the Chief Risk Officer. It is responsible for reviewing the progress and results of the CRA's ICFR assessment process and approving action plans to address significant control issues.

Audit Committee of the Board of Management - The Audit Committee helps the Board of Management fulfill its oversight responsibilities by reviewing the CRA's accounting framework, internal and external audit results, financial and performance information, internal controls and financial risks, and compliance with financial and environmental legislation. On the recommendation of the Audit Committee, the Board approves the CRA's annual financial statements. The Commissioner, the CFO, and the Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch, as well as a representative of the Office of the Auditor General, each attend Audit Committee meetings. The Audit Committee was established in 1999 and is composed of five external members who are independent of the CRA.

Agency Management Committee - As the sole decision-making Committee in the CRA, this committee oversees program development and delivery, as well as the day-to-day business operations of the CRA and all associated risks. The Committee reviews, approves, and monitors the corporate risk profile.

Chief Audit Executive - The Chief Audit Executive and Assistant Commissioner, Corporate Audit and Evaluation Branch, reports directly to the Commissioner and provides, through an effective internal audit function, independent and objective assurance on the CRA's risk management, internal control, and governance practices. In this role, the Chief Audit Executive is a member of the CEO/CFO Certification Steering Committee and attends meetings of the Audit Committee.

Chief Risk Officer - The Chief Risk Officer and Assistant Commissioner of the Enterprise Risk Management Branch reports directly to the Commissioner and oversees the CRA's enterprise risk management function designed to provide sound risk information for use in decision-making at the corporate, operational, and project levels.

Internal Controls Division - The Internal Controls Division within the Finance and Administration Branch supports the CRA's efforts to design and maintain an effective and integrated system of ICFR by documenting and testing, in collaboration with information technology and business process control owners, the adequacy of ICFR and reporting results to the CEO/CFO Certification Steering Committee, the Commissioner, and the Audit Committee of the Board. If applicable, the Division also reports information on action plans to strengthen controls.

Senior managers - Senior managers in charge of services and program delivery are responsible for maintaining and reviewing the effectiveness of their system of ICFR falling within their mandate.

2.2 Key measures taken by the CRA

The CRA also helps to ensure its control environment remains effective in mitigating financial reporting risks by promoting ethical conduct and through upholding its commitment to competence, its governance and organization structure, its enterprise risk management function, and the systems and processes that help ensure relevant information is communicated to appropriate individuals accurately and on a timely basis. Key elements and activities are listed below.

• CRA's Code of Ethics and Conduct.
• Performance management system that formalizes management's commitment to values and ethics.
• An integrity framework composed of policy instruments, programs, and processes designed to reinforce a culture of integrity.
• Competency based human-resources system.
• A dedicated division on internal control.
• An independent and knowledgeable audit committee that is actively involved in overseeing the CRA's ICFR.
• An internal audit function and risk-based audit plan.
• An integrated enterprise risk management function, led by the Chief Risk Officer who reports directly to the Commissioner/CEO.
• A formal information technology strategy that guides information technology sustainability and development.
• The Internal Disclosures Office which provides a confidential channel through which employees can disclose wrongdoing.
• A delegated authorities matrix which is regularly reviewed and updated.
• A formal learning policy and annual individual learning plan process.

3. Assessment of CRA's system of ICFR

The CRA's financial statements have been audited, as required under the Canada Revenue Agency Act, by the Office of the Auditor General since 1999-2000. In parallel, the Audit Committee of the Board and CRA senior management have been providing increased oversight of the preparation and presentation of financial information including reviewing information regarding the design and effectiveness of its system of ICFR as they relate to the CRA's administered and agency activities. The objective of these reviews is to obtain greater assurance that significant financial reporting risks are being properly mitigated and our system of ICFRs is being adequately updated, tested and monitored.

In addition to the assessments that are conducted in accordance with the TB Policy on Internal Control, the CRA must also conduct assessments and undergo audits of a portion of its ICFR on Individual (T1), Corporate (T2) and Estate and Trust (T3) income tax programs under provisions outlined in the tax collection agreements between the federal government and the provincial and territorial governments. These assessments are audited by the Office of the Auditor General in accordance with the standards set out in the Canadian Institute of Chartered Accountants Handbook under the Canadian Standard on Assurance Engagements 3416 (formerly Section 5970), the guidance for audits of controls at a service organization. Audit results are reported to provincial and territorial governments to provide independent, audit-level assurance that the controls at the CRA that support the administration and reporting of provincial and territorial income tax revenue are properly designed to mitigate key risks and are operating effectively. The reports are intended to be used by provincial and territorial ministries, and their auditors, and are not public documents. However, the high level results of these audits are included in this document as they related to a key component of the CRA's system of ICFR related to administered activities.

To date the CRA has issued three Section 5970 control reports regarding the design of its ICFRs. The first two related to the T2 program as at March 31, 2007 and November 30, 2008, and the third was for the T1 program as at November 30, 2010. The fourth controls report relates to the operating effectiveness of the T2 program, and is currently being prepared for audit by the Office of the Auditor General during the 2012-2013 fiscal year.

3.1 Assessment baseline

Consistent with the Treasury Board Policy on Internal Control, the CRA has implemented a systematic risk-based and multi-year assessment plan of the design and operating effectiveness of its system of ICFR.

Through design effectiveness, the CRA will ensure that key controls relevant to financial reporting have been properly identified, documented, and in place and that they are aligned with the risks they aim to mitigate and that any remediation is addressed appropriately and in a timely manner. This includes ensuring appropriate mapping of key processes and information technology systems to the main financial statement accounts or class of transactions.

Through operating effectiveness, the CRA will ensure that the application of key controls over financial reporting has been tested over a defined period, they are working as intended and that any required remediation is addressed appropriately and in a timely manner.

Such testing covers all agency level controls which include corporate or entity, general computer and business process controls.

Testing of the design and operating effectiveness of key controls over financial reporting will lead to ensuring the on-going monitoring and continuous improvement of the CRA's system of ICFR.

3.2 Scope of CRA assessment as of March 31, 2012

Scope

In order to define the scope of its ICFR assessment, the CRA evaluates the main accounts and line items used in preparing the agency activities and administered activities financial statements to determine where there are risks that, individually or in combination with others, could reasonably result in a material misstatement.

Based on this evaluation, the following key business processes are currently in scope:

Agency activities financial statements

Business Process

• Financial close and reporting
• Fixed assets
• Payroll
• Operating expenditures (procurement to pay)
• Budgeting and projections

Administered activities financial statements

Business Process

• T1 individual income tax (includes unapplied taxes and source deductions)
• T2 corporation income tax
• T3 trust income tax
• Non-resident income tax
• Goods and services tax/harmonized sales tax (GST/HST)
• Excise taxes and duties
• Benefits

Control frameworks

The CRA uses the Committee of Sponsoring Organizations (COSO) framework to assess the design effectiveness of its system of internal controls, since it is the most widely used model of control for purposes of assessing ICFR. The COSO framework is based on five interrelated components of control. Each component contains a number of principles and attributes that an organization's ICFR may be assessed against: control environment, risk assessment, control activities, information systems and communication, and monitoring.

Because the COSO only provides limited guidance to help organizations establish and evaluate information technology controls, the CRA uses the COBIT (Control Objectives for Information and related Technology) for SOX (Sarbanes-Oxley Act of 2002) framework to document and assess the design of its information technology controls that are relevant to financial reporting.

4. Progress and assessment results as of March 31, 2012

This section summarizes the CRA's key assessment results from the design and operating effectiveness testing completed to date. In accordance with the plan published in the 2010-2011 Annex, the CRA completed the following activities for the 2011-2012 fiscal year.

Agency activities financial reporting

An assessment of the operating effectiveness of key controls over the five business processes related to financial reporting on agency activities as well as relevant application controls and information technology general controls for the Corporate Administrative System, the purchasing system (Synergy), and the budget tracking system.

• As a result of this review, the CRA identified areas for improvement and developed action plans to address findings on key controls related to segregation of duties and the design and management of access profiles.

Administered activities financial reporting

Further to the requirements of the tax collection agreements, the Office of the Auditor General completed its audit of the CRA's description of the design effectiveness of the individual (T1) income tax program as assessed by the CRA as of November 30, 2010. The audit included testing 88 entity level controls, 54 information technology controls over 44 processing systems, and 102 business process activities. The audit results confirmed that the CRA needs to enhance the design of certain key controls in the following areas:

• Documentation: Greater consistency in the quality and availability of documentation for audit trail purposes.
• Information technology general controls: Strengthen controls related to access and change management.
• Segregation of duties: Strengthen access provisioning practices as they relate to segregation of duties, and strengthen business process controls related to the design and management of access profiles.

The CRA's internal audit function completed an assessment of the operating effectiveness of controls related to the corporate (T2) income tax program. Management intends to use the assessment results to identify and plan any adjustments needed to enhance the effectiveness of these controls in preparation for the Auditor General's next controls audit under the tax collection agreements that will be completed in accordance with the Canadian Standard on Assurance Engagements 3416 auditing guidelines.

These reviews, including the Auditor General's report, included entity level control assessments and confirmed that the CRA continues to have a strong system of entity level controls.

5. CRA's action plan

This section summarizes how the CRA is addressing the results of control assessment activities and its plans for completing the assessment of the design and operating effectiveness of its system of internal control.

5.1 Progress as of March 31, 2012

Agency activities financial reporting

In 2011-2012, CRA management substantially advanced its action plans to address the results of its 2010-2011 assessment of the design effectiveness of its controls over agency activities financial reporting, including:

• drafting a policy to clarify and reinforce roles and responsibilities of system owners for the design and management of access profiles, which will be issued in 2012-2013;
• taking measures to improve documentation of review and monitoring activities for audit trail purposes; and
• developing a long-term-strategy to strengthen and automate the management of access provisioning throughout the CRA.

Administered activities financial reporting

In 2011-2012, the CRA addressed a good percentage of the findings from the Auditor General's audit of controls relating to the individual (T1) income tax program and made substantial progress on the following items:

• strengthening procedures for documenting review and monitoring activities related to non-routine assessments and reassessments for audit trail purposes;
• strengthening procedures for managing system changes; and
• clarifying roles and responsibilities to ensure access profiles are properly designed and monitored to address segregation of duty and access issues.

As result of the T1 audit findings, the scope of the long-term strategy for strengthening access management has been expanded in relation to segregation of duties. The strategy aims to standardize the business rules and automate how access profiles are provided and managed throughout the CRA.

Over 85% of the findings raised during the corporate (T2) income tax program design effectiveness audits conducted in 2007 and 2008 have been fully remediated and the remaining issues will be substantially remediated in 2012-2013.

5.2 Action plan for the next fiscal year and subsequent years

Entity level controls

The CRA's assessment efforts to date have revealed that overall the CRA has a strong and effective system of entity level controls that constitutes an important component of the CRA's ICFR for both agency activities and administered activities. Given the significance of entity level controls for the overall assessment of the effectiveness of ICFR, the CRA will continue to monitor them annually based on risk, by conducting self-assessment activities, internal audits, and Office of the Auditor General controls audits, to obtain assurance that they continue to be effective.

Agency activities financial reporting

In 2012-2013, the CRA intends to make significant progress on its action plans to strengthen the operating effectiveness of its controls, and launch a CRA-wide multi-year project to address its access management needs over the long term.

The CRA will move into an ongoing annual ICFR monitoring program that will test items requiring remediation and all new or changed controls, and will perform various other tests based on its annual risk ranking exercise.

Administered activities financial reporting

In 2012-2013, the CRA will prepare a description and management assertion pertaining to the operating effectiveness of its controls over the corporate (T2) income tax program in the context of the tax collection agreements, based on the results of its 2011-2012 self-assessment. The CRA expects that the Office of the Auditor General will audit this description in accordance with the new Canadian Standard on Assurance Engagements 3416. Action plans for assessing the remaining administered activity business processes for the period of 2012-2013 to 2015-2016, as well as the ongoing monitoring of the agency activity controls, are detailed in the table below.

The approach and timing for assessing the operating effectiveness of controls over the T1 program, as well as for assessing both the design and operating effectiveness of the ICFR for the remainder of the CRA's administered activities including IT general controls and application level IT controls, depend on a number of factors, including:

• plans currently under development to redesign the business processes and systems related to the T1 program;
• significant shifts in the CRA's program delivery agenda (e.g., if the CRA assumes responsibility for the implementation and administration of new federal, provincial, territorial, or First Nations tax, benefit, or credit programs);
• developments in the governance model that will apply to Shared Services Canada's providing information technology services on CRA's behalf after the transition period and, in particular, Shared Services Canada's approach to complying with the Policy on Internal Control in assessing general computer controls that are relevant to the CRA and government-wide financial reporting;
• the CRA's plans and progress in implementing business transformation initiatives and other government-wide priorities;
• changes in third-party requirements (including, but not limited to, the Office of the Auditor General, Internal Audit, or Treasury Board); or
• other developments that exert significant pressure on program and information technology staff's time and capacity.

In 2011-2012, CRA management evaluated the level of effort involved in assessing the operating effectiveness of its system of internal control and used this information to establish the next three-year plan, summarized in the following table.

It is important to note that certain variables, including those described in the preceding paragraphs, may affect the CRA's ability to complete this work as planned.

The CRA updates this plan annually to confirm the feasibility of the key deliverables and to take into account any new or changed financial reporting risks.

This table provides an overview of the CRA's plans in terms of the four following key ICFR assessment stages: document, assess design effectiveness, assess operating effectiveness, and transition to a program of ongoing monitoring.

• Previous page
• Next page