Annex to the Statement of Management Responsibility Including Internal Control Over Financial ReportingRoyal Canadian Mounted Police Fiscal year 2015-2016

1. Introduction

This document provides summary information on the measures taken by the Royal Canadian Mounted Police (RCMP) to maintain an effective system of internal control over financial reporting, including information on internal control management, assessment results and related action plans.

Detailed information on the RCMP's authority, mandate and program activities can be found in the 2015-16 Departmental Performance Report and the 2015-16 Report on Plans and Priorities.

2. RCMP's system of internal control over financial reporting

2.1 Internal control management

The RCMP recognizes the importance of setting the tone from the top and helps ensure that staff at all levels understand their role in maintaining an effective system of internal control over financial reporting (ICFR) and are well equipped to exercise these responsibilities effectively. The RCMP's focus is to ensure risks are managed well through a responsive and risk-based control environment that enables continuous improvement and innovation.

The RCMP has a well-established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. The RCMP's internal control management framework, approved by the Commissioner, is in place and includes:

Governance:

• Organizational accountability structures as they relate to internal control management to support sound financial management, including roles and responsibilities of senior managers in their areas of responsibility for control management;
• Values and ethics;
• An Office of Professional Responsibility, under the Commissioner;
• Quarterly monitoring of and regular updates on internal control management, as well as the provision of related assessment results and action plans to the Commissioner and senior management and, as applicable, the Departmental Audit Committee;
• Clear administrative, organization and financial management policies;
• Robust account verification framework;
• Regular reviews of the delegated authorities matrices to meet operational needs of the organization;
• Annual employee performance agreements and learning plans with clear financial management responsibilities for budget holders; and
• A risk-based internal audit plan with input requested from each member of the Senior Executive Committee (SEC) before the risk-based audit plan is adopted.

Oversight:

• Centralized and regional internal control units within the Corporate Management portfolio dedicated to the documentation, design and operating effectiveness of ICFR under the Chief Financial and Administrative Officer (CFAO) functional authority;
• Process owners within policy centres to address control weaknesses identified; and
• Quarterly Departmental Audit Committee meetings.

Capacity:

• Ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control;
• Mandatory Canada School of Public Service financial courses are incorporated in the learning plan of financial specialists to ensure a skilled workforce; and
• Hiring through the Financial Officer Recruitment and Development (FORD) Program where employees are exposed to key aspects of governmental finance in order to develop a competent and knowledgeable workforce. Actively engaged in gaining knowledge of the training requirements in direct support of the consolidation of professional accounting entities under the new Chartered Professional Accountant (CPA) program.

The following are the RCMP's key positions and committees with responsibilities for maintaining and overseeing the effectiveness of its system of ICFR:

Commissioner – The RCMP's Commissioner, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Commissioner chairs the RCMP's Senior Executive Committee.

Departmental Audit Committee (DAC) – The DAC is an independent advisory committee that provides objective views on the RCMP's risk management, control and governance frameworks and processes. It is comprised of three external members. The Committee reviews the RCMP's Corporate Risk Profile and its system of internal control, including the assessment and action plans relating to the system of ICFR.

Chief Financial and Administrative Officer (CFAO) – The CFAO supports and reports directly to the Commissioner and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment. The CFAO is an ex-officio member at the Departmental Audit Committee quarterly meetings.

Deputy Commissioners – The RCMP's senior departmental executives in charge of operations and program delivery are responsible for maintaining and reviewing effectiveness of their system of ICFR falling within their area of responsibilities.

Chief Audit and Evaluation Executive (CAEE) – The RCMP's CAEE reports directly to the Commissioner and, through the work of the Internal Audit staff, contributes to the effectiveness and adequacy of the RCMP's system of internal control by conducting periodic risk-based audits of different areas of the RCMP's operations. The CAEE considers the system of ICFR in the annual risk-based planning process. The CAEE is an ex-officio member at the Departmental Audit Committee quarterly meetings.

Professional Responsibility Officer (PRO) – The PRO is responsible for providing a comprehensive integrity/responsibility regime across all RCMP business lines across Canada. The PRO also champions the entrenchment of professional values and ethics across all aspects of RCMP decision making and employee behavior.

Senior Executive Committee (SEC) – The SEC is the senior decision-making committee of the RCMP. It is responsible for setting the overall strategic direction and vision for the RCMP, establishing strategic priorities, and making final decisions regarding key RCMP policy, program, and planning and strategic communications proposals.

2.2 Service arrangements relevant to financial statements

The RCMP relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common Arrangements:

• Public Services and Procurement Canada (PSPC) centrally administers the payments of salaries and benefits under two different pay systems: Phoenix for Public Service Employees and Member Pay System (MPS) for Regular and Civilian Members of the RCMP. PSPC also administers the procurement of goods and services in accordance with the RCMP's Delegation of Authority, and provides accommodation services;
• The Treasury Board of Canada Secretariat provides the RCMP with information used to calculate various accruals and allowances, such as the accrued severance liability;
• The Department of Justice Canada provides legal services to the RCMP; and
• Shared Services Canada (SSC) provides information technology (IT) infrastructure services to the RCMP in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between Shared Services Canada and the RCMP.

Specific Arrangements:

• PSPC administers the member pension administration on behalf of the RCMP. PSPC has the authority and responsibility to ensure that transactions and payments are made in accordance with the terms and conditions set out by the RCMP. As a result, reliance is placed on the control procedures of PSPC.
  

3. Departmental assessment results during fiscal year 2015-16

The key findings and significant adjustments required from the current year's assessment activities are summarized below.

New or significantly amended key controls: In the current year, there were significant amendments to key controls in existing processes which require a reassessment. During the year, implementation of an automated Financial Signing Authority functionality, the Travel and Expense Management Solution (TMS) and the Shift Scheduling and Exception Pay Processing (SSEPP) functionality required changes to the departmental financial information system. These changes will be assessed for both design and operating effectiveness as part of the ongoing rotational monitoring plan for 2016-17.

On-going monitoring program: As part of its rotational ongoing monitoring plan, the RCMP completed its reassessment of financial controls within the business process of inventory, and the reassessment of IT general controls under departmental management and financial reporting are progressing as planned. The reassessment of entity-level controls and key business process controls over significant risks are in progress and will be completed during 2016-17. For the most part, the key controls that were tested performed as intended, with remediation required as follows:

• Control deficiencies were found in the IT general controls related to access to programs and data. A management action plan addressing recommendations will be developed by the process owners.
• Control deficiencies were found in the area of inventory management. A management action plan addressing recommendations is being developed by the process owners.

4. Departmental action plan

4.1 Progress during fiscal year 2015-16

The RCMP continued to conduct its ongoing monitoring according to the previous fiscal year's rotational plan as shown in the following table.

4.2 Action plan for the next fiscal year and subsequent years

The RCMP's rotational ongoing monitoring plan over the next three years, based on an annual validation of the high-risk processes and controls and related adjustments to the ongoing monitoring plan as required, is shown in the following table.

Date modified:

2016-11-21