Annex to the statement of management responsibility including internal control over financial reporting RCMP fiscal year 2022-2023

List of acronyms and abbreviations

ICFR: internal control over financial reporting
IM: information management
IT: information technology
RCMP: Royal Canadian Mounted Police

List of tables

Table 1: Progress during the 2022-2023 fiscal year
Table 2: Internal Controls over financial management processes
Table 3: Rotational ongoing ICFR monitoring plan

1. Introduction

This document provides summary information on the measures taken by the Royal Canadian Mounted Police (RCMP) to maintain an effective system of internal control over financial reporting (ICFR), including information on internal control management, assessment results and related action plans.

Detailed information on the RCMP’s authority, mandate and core responsibilities can be found in the 2022-2023 Departmental Plan and the 2022-2023 Departmental Results Report.

2. RCMP’s system of internal control over financial reporting

2.1 Internal control management

The RCMP recognizes the importance of setting the tone from the top and helps ensure that staff at all levels understand their role in maintaining an effective system of ICFR and are well equipped to exercise these responsibilities effectively. The RCMP’s focus is to ensure risks are managed through a responsive and risk-based control environment that enables continuous improvement and innovation.

The RCMP has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. The RCMP’s internal control management framework includes:

Organizational accountability structures to support sound financial management, including roles and responsibilities of senior managers for key areas of responsibility, as related to internal control management;
Values and ethics (RCMP renewed values through consultation in 2022-2023);
Ongoing communication, including training on statutory requirements, policies and procedures, for sound financial management and control;
A centralized internal control team, supported by regional units within the Corporate Management portfolio dedicated to the documentation, design and operating effectiveness of ICFR under the Chief Financial Officer authority; and
Periodic monitoring of, and regular updates to, internal control management, as well as the provision of related assessment results and action plans to the Commissioner and senior management through committees and, as applicable, the Departmental Audit Committee.

The Departmental Audit Committee provides advice to the Commissioner on the adequacy and functioning of the RCMP’s risk management, control and governance frameworks and processes.

2.2 Service arrangements relevant to financial statements

The RCMP relies on other organizations for the processing of certain transactions that are recorded in its financial statements, as follows:

Common service arrangements

Public Services and Procurement Canada (PSPC) administers the following:
- The payments of salaries and benefits under two different pay systems: Phoenix for public service employees and Member Pay System (MPS) for regular and civilian members of the RCMP
- The procurement of goods and services in accordance with the RCMP’s Delegation of Authority, and the provision of accommodation services
- The issuance of Receiver General payments and the processing of Interdepartmental Settlements on behalf of the RCMP via the Standard Payment System (SPS)
The Treasury Board of Canada Secretariat provides services related to public sector insurance for public service employees of the RCMP and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans (that is, the Public Service Pension Plan, Employment Insurance Plan, Canada Pension Plan, Quebec Pension Plan and Public Service Supplementary Death Benefit Plan) on behalf of the RCMP
The Department of Justice Canada provides legal services to the RCMP
Shared Services Canada (SSC) provides information technology (IT) infrastructure services to the RCMP in the areas of data centre, network and telecommunication services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the RCMP.

The annexes of the above-noted departments could be reviewed to obtain a greater understanding of the systems of internal control over financial reporting related to these specific services.

Specific arrangements

Public Services and Procurement Canada, under a service level agreement, provides the day-to-day pension administration services for members, including determining the eligibility and the calculation of pension benefits, providing call centre support, and providing information to Plan members and providing pension payroll services
Veterans Affairs Canada (VAC), under a Memorandum of Understanding (MOU), administers some of the programs and services that the RCMP is responsible to provide to its members, including the disability pension and health benefit programs for a service-related injury, illness or death, pursuant to Part II of the RCMP Superannuation Act and the Pension Act. Veterans Affairs Canada also provides transition support, case management, and access to the network of Operational Stress Injury (OSI) Clinics and Veterans Affairs Canada Assistance Service to eligible members

3. Departmental assessment results during the 2022-2023 fiscal year

The following table summarizes the status of the ongoing monitoring activities according to the previous fiscal year’s Annex.

Table 1 - Progress during the 2022-2023 fiscal year
Previous fiscal year’s rotational ongoing monitoring plan for the current fiscal year	Status
Key business process controls over significant risk ^{table 1 footnote 1}	Key controls were tested as planned; remedial actions to start in 2023-2024.
Entity-level controls; reassessment and review testing plan	Completed as planned; Framework was reviewed and updated; and controls tested; remedial actions to start in 2023-24.
IT general controls under departmental management	The assessment of controls over SAP and its feeder systems were completed as planned; remedial actions to start in 2023-2024.
Inventory; reassessment of controls	Completed as planned, remedial actions to start in 2023-2024.
Pension plan liabilities ^{table 1 footnote 2}	Under review
Tangible capital assets ^{table 1 footnote 3}	To be assessed in 2023-2024
Table 1 footnotes Table 1 footnote 1 Key business process controls over significant risks are tested annually. Return to table 1 footnote 1 referrer Table 1 footnote 2 A risk analysis of pension plan liabilities is in progress to determine whether the process should continue to be reassessed every 5 years as part of ongoing monitoring of internal controls over financial reporting. Return to table 1 footnote 2 referrer Table 1 footnote 3 The Tangible capital asset assessment was not carried out as presented in the 2022-2023 plan, due to adjustments to the ongoing monitoring plan made by senior management. Return to table 1 footnote 3 referrer

The RCMP is currently assessing the internal controls over financial management. Upon completion of the full assessment, the financial management processes will be added to the ongoing monitoring plan to reassess control performance on a rotational basis based on risk. Below is the status for 2023-2024:

Table 2 - Internal Controls over financial management processes
Financial Management Business Process	Risk Assessment and Documentation	Design effectiveness testing and recommendations provided to Process Owner for remediation	Operational effectiveness testing and recommendations provided to Process Owner for remediation
Project Management (Real Property)	Complete	Complete	Complete
Project Management (IM/IT)	Complete	In progress	In progress
Budgeting and Forecasting	Complete	In progress	In progress
Costing	Complete	In progress	In progress
Treasury Board Submissions including Chief Financial Officer attestation	Complete	In progress	In progress
Investment Planning	Complete	In progress	In progress

The key findings and significant adjustments required from the current year’s assessment activities are summarized below.

New or significantly amended key controls: In the current year, there were no significantly amended key controls in existing processes that required a reassessment. In 2022-2023, the Entity Level Controls (ELC) were reassessed and new key controls were added for a better integration with the updated Entity Level Controls framework within the RCMP.
Ongoing monitoring program: The key controls that were tested performed as intended and no significant deficiencies were found.

4. Departmental action plan for the next fiscal year and subsequent fiscal years

The RCMP’s rotational ongoing monitoring plan over the next five fiscal years is shown below in the table. The ongoing monitoring plan is based on:

an annual validation of high-risk processes and controls
resource availability
related adjustments to the ongoing monitoring plan, as required

Some key control areas are assessed over two fiscal years due to their size (number of sub-processes) and complexity.

In addition to the ongoing monitoring plan, the RCMP is continuing to conduct a full assessment of its internal controls over financial management, which is planned for completion by the end of the 2023-2024 fiscal year. Upon completion of the full assessment, the financial management processes will be added to the ongoing monitoring plan to reassess control performance on a rotational basis based on risk.

Table 3 - Rotational ongoing ICFR monitoring plan
Key control areas	2023-2024	2024-2025	2025-2026	2026-2027	2027-2028
Entity-level controls	No	No	Yes ^{table 3 footnote 3}	Yes ^{table 3 footnote 3}	Yes ^{table 3 footnote 3}
IT general controls under departmental management	Yes ^{table 3 footnote 1}	Yes ^{table 3 footnote 1}	Yes ^{table 3 footnote 1}	Yes ^{table 3 footnote 1}	Yes ^{table 3 footnote 1}
Operating expenditures and accounts payable	No ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}
Revenues and accounts receivable	No	No	Yes	Yes	No
Payroll and benefits – members	Yes ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}
Payroll and benefits – public service employees	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	No ^{table 3 footnote 2}
Financial reporting	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	No ^{table 3 footnote 2}
Tangible capital assets	Yes	Yes	No	No	No
Transfer payments	No	No	No	Yes	No
Inventory	No	No	No	Yes	No
Pension plan liabilities	Yes ^{table 3 footnote 4}	No	No	No	No
Departmental financial signing authorities	No ^{table 3 footnote 2}	Yes ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}	No ^{table 3 footnote 2}
Table 3 footnotes Table 3 footnote 1 The assessment of IT general controls under departmental management is based on a comprehensive risk-based four-year plan where high-risk areas are assessed on an annual basis and controls over medium- and low-risk elements are tested on a rotational basis. Return to table 3 footnote 1 referrer Table 3 footnote 2 Key business process controls over significant risk are tested annually. Return to table 3 footnote 2 referrer Table 3 footnote 3 Starting in 2025-2026, the reassessment of entity-level controls will span over multiple years where each of the five control components under the COSO framework will be tested by the end of the period. Return to table 3 footnote 3 referrer Table 3 footnote 4 Risk analysis in progress to determine whether this process should continue to be reassessed every 5 years. Return to table 3 footnote 4 referrer

Date modified:: 2023-11-09

Language selection

Search

Royal Canadian Mounted Police