With the new Treasury Board Policy on Internal Control, effective April 1, 2009, departments are now required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).
As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish action plan(s) to address any necessary adjustments, and to attach to their Statements of Management Responsibility a summary of their assessment results and action plan(s).
Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:
An effective system of ICFR is designed to mitigate risks to an acceptable level rather than eliminate them altogether. Controls are balanced with and proportionate to the risks they aim to mitigate. It is an on-going process to identify key risks, to assess the effectiveness of associated key controls and to make any necessary adjustments in support of continuous improvement. As a result, the scope, pace and status of those departmental assessments of the effectiveness of their system of ICFR will vary from one organization to the other based on risks and taking into account their unique circumstances.