Annual Report to Parliament 2014-2015

Source URL

https://www.canada.ca/en/revenue-agency/programs/about-canada-revenue-agency-cra/annual-report-parliament/annual-report-parliament-2014-2015/annual-report-parliament-2014-2015-4.html

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

Annual Report to Parliament 2014-2015

Summary of the assessment of effectiveness of the system of internal control over financial reporting and the action plan of the Canada Revenue Agency

(Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting – unaudited)

Fiscal Year 2014-2015

1. Introduction

This document provides summary information on the measures taken by the Canada Revenue Agency (CRA) to maintain an effective system of internal control over financial reporting (ICRF), including information on internal control management, assessment results, and related action plans.

Detailed information on the CRA 's authority, mandate, and program activities can be found in the 2014-15 Departmental Performance Report at www.cra-arc.gc.ca/gncy/prfrmnc_rprts/menu-eng.htmlxii and the 2014-15 Report on Plans and Priorities www.cra-arc.gc.ca/gncy/rprts/menu-eng.htmlxiii.

2. CRA system of internal control over financial reporting

2.1 Internal control management

The CRA has a well-established governance and accountability structure to support the CRA 's assessment efforts and oversight of its system of internal control. A CRA internal control management framework, approved by the Commissioner and the Board of Management, is in place and includes:

  • Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
  • Values and ethics;
  • Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control; and
  • Regular updates on internal control management, as well as the provision of related assessment results and action plans to the Commissioner, senior management, and the Audit Committee of the Board of Management.

The CRA Finance Committee provides support to the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) in relation to control activities. It is chaired by the CFO and has representatives from each branch and region at the executive level.

In addition, the Audit Committee of the Board of Management provides advice on the adequacy and functioning of the CRA 's risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The CRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common Arrangements

  • Public Works and Government Services Canada centrally administers the payments of salaries and the procurement of some goods and services in accordance with the CRA 's Delegation of Authority and provides accommodation services.
  • Treasury Board Secretariat provides the CRA with information used to calculate various accruals and allowances.
  • The Department of Justice provides legal services to the CRA .
  • Shared Services Canada provides information technology (IT) infrastructure services to the CRA in the areas of data centres and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the CRA .

Specific Arrangements

  • Revenu Québec is responsible for the joint administration of the goods and services tax and Quebec sales tax for businesses in the Province of Quebec.
  • The Department of Finance Canada provides the CRA with the federal and provincial shares of Goods and Services Tax/Harmonized Sales Tax (GST/HST) revenues that are used to determine provincial payments for the HST.
  • The Canada Border Services Agency provides the CRA with the amount of GST revenues collected from importers, which is used in the calculation of the provincial portion of the HST revenues.
  • Department of Finance Canada and Employment and Social Development Canada provide estimates of Canada Pension Plan and Employment Insurance revenues respectively for the months of January to March.

Other government departments rely on the CRA for the processing of certain transactions or information that affect financial statements as follows:

  • Canada Border Services Agency for information technology services, including commensurate internal controls testing for general computer controls, as well as collection services on their behalf for duties, taxes, fees, penalties, or other amounts owing under the Customs Act, Customs Tariff, Excise Tax Act, Excise Act 2001, and/or related regulations.
  • Department of Finance Canada for the determination of tax receivables and payables under Tax Collection Agreements (TCAs) with provincial and territorial governments and First Nations.
  • Employment and Social Development Canada for the collection of its accounts receivable and the administration of a number of activities related to the Canada Pension Plan and Employment Insurance Operating Account.

3. CRA assessment results during fiscal year 2014-2015

3.1 Design effectiveness testing of key controls

In 2014-2015, the CRA completed design effectiveness testing of the Trust Income Tax (T3) program, which falls under the TCAs with the provinces and territories.

As a result of the design effectiveness testing, the CRA identified the following required remediation:

  • Implementation of the final phases of the CRA action plan relating to the granting and monitoring of system access to prevent segregation of duty conflicts and to ensure minimum access need to be completed. The plan is complex and requires a multi-phased implementation, but the completion date remains on schedule.
  • Stronger controls are required to demonstrate compliance to documented information technology change management processes.
  • Controls over procedures and the review process need to be improved with respect to manual assessments and reassessments.
3.2 Ongoing monitoring of key controls

In 2014-2015, the CRA completed planned ongoing monitoring of the following processes:

1. entity-level controls;

2. general computer controls; and

3. all business processes related to

  • payroll,
  • capital assets, and
  • budget and projections

As a result of ongoing monitoring, the CRA identified the following required remediation:

  • Further progress is required to improve the process surrounding the granting and monitoring of access to prevent segregation of duty conflicts and ensure minimum access.

4. CRA action plan

4.1 Progress during fiscal year 2014-2015

The CRA continued to make progress in assessing and improving its key controls. The following table summarizes the CRA 's progress based on the plans identified in the previous fiscal year's annex.

Progress during fiscal year 2014-2015
Element in previous year's action plan Status
Agency Activities ongoing monitoring Ongoing monitoring testing was completed for entity-level controls, general computer controls, payroll, capital assets and budget and projections.
Non-Resident Tax Documentation of the control framework has started. Design effectiveness testing plans are in place to conduct the assessment as planned in 2015-2016.
Trust Income Tax (T3) Program Design effectiveness testing was completed and remediation action plans were identified.
Follow-up of activities requiring remediation from previous assessments

The CRA has followed up on all the action plans from the:

  • 2013-2014 agency activities testing as part of ongoing monitoring;
  • T2 design effectiveness assessment and OAG audit report as at November 30, 2008;
  • T1 design effectiveness assessment and OAG audit report as at November 30, 2010;
  • T2 operating effectiveness assessment and OAG audit for the six-month period ending March 31, 2013;
  • T1 Unapplied Taxes as part of the Individual Income Tax Program design effectiveness assessment and OAG audit report as at January 31, 2014; and
  • Goods and services tax/Harmonized sales tax design effectiveness assessment as at March 31, 2014.

Overall results have been positive and the majority of the recommendations made have been implemented. However, the following items that were identified in prior years remain:

  • Access to systems and segregation of duties; and
  • The processing of GST/HST elections filed by registrants.
4.2 Status and action plan for the next fiscal year and subsequent years

The CRA has continued to make progress on assessing its internal controls over financial reporting throughout the numerous programs that CRA administers. It is recognized that implementation for all its processes requires multi-year initiatives. After design effectiveness and operational effectiveness testing are complete, the CRA will be applying its rotational ongoing monitoring plan to reassess control performance on a risk basis across all control areas, with the exception of those under the scope of TCA assessments as explained in note 4.

Status and action plan for the next fiscal year and subsequent years
Key control areas Design effectiveness testing and remediation Operational effectiveness testing and remediation Ongoing monitoring rotation1
Administered Activities under the Tax Collection Agreements with the provinces and territories
T1 individual income tax (legacy system) Complete
T1 unapplied taxes/source deductions2 Complete
T1 individual income tax (T1 System Redesign)3 2016-2017 (limited scope) Future years2 N/A4
T2 corporation income tax Complete Complete N/A4
T3 trust income tax Complete Future years4 N/A4
Other Administered Activities
Goods and services tax/Harmonized sales tax Complete Future years Future years
Non-resident income tax 2015-2016 Future years Future years
Excise tax 2017-2018 Future years Future years
Benefits 2016-2017 Future years Future years
Agency Activities
Entity level controls5 Complete Complete 2015-2016
IT general controls under CRA management5 Complete Complete 2015-2016
Capital assets Complete Complete 2015-2016
Procurement and vendor master data Complete Complete 2015-2016
Payroll Complete Complete 2015-2016
Budget and projections Complete Complete 2015-2016
Financial close and reporting Complete Complete 2015-2016

Notes

1. The frequency of the ongoing monitoring of key control areas is risk-based and occurs over a three-year cycle.

2. The design effectiveness testing was performed in 2013-2014 as a partial scope of the T1 individual income tax program. In the future, it will be assessed as an integral component of the T1 program.

3. The legacy T1 system is being upgraded through the T1 System Redesign initiative. This initiative is a multi-year project that will significantly modify systems and business processes related to the processing of T1 returns. Due to the magnitude of these changes, it was determined that design effectiveness testing of the new processes and systems with a limited scope would be appropriate as a next step.

4. The CRA performs the readiness testing for engagements related to the TCA with the Provinces and Territories and submits the results along with a controls assessment report to the OAG who audits them in accordance with the Canadian Standard on Assurance Engagements 3416. TCA related control assessments do not go into a regular ongoing monitoring phase because complete re-assessment engagements are required to fully test all control activities to ensure that the selected income tax program is still designed and operating effectively. As such, the timing and frequency of these complete control assessment audits are determined in conjunction with the OAG and will continue to be conducted on a rotational annual basis.

5. Entity Level Controls and IT general controls under CRA management are also evaluated through the Administered Activities projects.


Page details

Date modified:
2016-01-25