Coat of Arms

  Office of the Information Commissioner of Canada
  Skip all menus (access key: 2) Skip first menu (access key: 1) Access to the first menu (access key: M)  
Français Contact Us Help Search Canada Site
Home Page About FAQ Links
What's New Site Map
Print
   
About the Commissioner
Access to Information Act
The grids
Annual Reports
News and Resources
Travel and other Expenses
spacer
   
Right to Know
 
Right to Know Live Webcast!
Office of the Information Commissioner of Canada

2008

Annual Audit Results for the year ending 31 March, 2008

Report to Senior Management of August 8, 2008 by the Office of the Auditor General of Canada

About the Office of the Auditor General of Canada

We are an independent audit office serving Parliament and the well-being of Canadians, widely respected for the quality and impact of our work.

We promote accountable government, an ethical and effective public service, good governance, sustainable development, and the protection of Canada's legacy and heritage.

We do this by:

  • conducting independent audits and studies that provide objective information, advice and assurance to Parliament, government, and Canadians;


  • working collaboratively with legislative auditors, federal and territorial governments, and professional organizations; and


  • providing a respectful workplace in which our diverse workforce can strive for excellence and realize their full career potential.


Overall summary

We completed our audit in a manner consistent with the engagement letter dated 13 February 2008.

This document, Report to Senior Management – Annual Audit Results, has been prepared solely to assist senior management in its review of the financial statements before their approval. This report provides disclosures required by professional standards and other information we believe will be useful to senior management in its work. The information is not intended to be and should not be used by anyone other than this specific party.

Any communication by us of matters identified during the financial statement audit is a by-product of that audit. The audit would not necessarily identify all matters that may be of interest to senior management in fulfilling its responsibilities.

No restrictions were placed on the scope of our audit, and we obtained all of the information and explanations we considered necessary to provide our opinion on the financial statements.

Audit objectives

As noted in the engagement letter, the objectives of our audit were to provide an independent opinion on whether:

  • the financial statements have been fairly presented, in all material respects, in accordance with Canadian generally accepted accounting principles; and


  • the transactions coming to our notice in the course of our examination were, in all significant respects, in accordance with specified authority instruments.


Our auditor’s report addresses each of our audit objectives.

Auditor’s report

Following approval of the financial statements of the Office of the Information Commissioner of Canada (the Office) by the Commissioner, we intend to issue an unqualified opinion on the financial statements of the Office. A draft of the auditor’s report is included as Appendix A.

Financial statement highlights

Management has informed us that it will review the financial statements with senior management and outline the important differences from the approved operating budget and the results of the previous year. We will be available to answer any questions senior management may have.

Significant audit areas

Business risks, audit implications and related audit results

Our audit was risk-based. We reviewed the key business risks that could impact the achievement of the Office’s objectives and obtained an understanding of those risks that had implications for the financial statements. We focused on areas with a higher risk of a material error or non-compliance with a significant authority instrument, based on our understanding of the Office and its business.

For the 2008 audit, we did not identify any business risks that had significant audit implications.

Other audit risk areas and related audit results

Not all significant audit areas are derived from business risks. We also identified the following area of audit risk and addressed it in our audit. 

Other risk area Financial statement or authority implication Audit implication
and Results
The Office of the Information Commissioner and the Office of the Privacy Commissioner (OPC) have a joint server for their financial systems.  During the year, there was a loss of data as a result of maintenance work conducted by the OPC. The financial statements could be incomplete and not present fairly the financial position of the Office if the financial data was not accurately recovered or correctly re-entered in the financial system. The audit team addressed the risk by performing additional procedures and engaging an IT specialist to test the back-up procedures.  The IT specialist’s work is discussed in further detail later in this report.
The audit team tested the Office’s reconciliation of the P12 trial balance sent to PWGSC before the crash and the re-created P12 trial balance produced with the data re-entered after the system failure. We also increased our testing of subsequent payments and performed an additional analytical review on operating expenses (excluding salaries expense and amortization) for P13 comparing this year’s total to the prior year’s.  We concluded that management re-entered correctly all its financial data and that the financial data for 2007-2008 was complete.

New and emerging developments

No new accounting and auditing standards have to be reported to you in this report.

Important information on the results of our audit

Auditor’s responsibilities

We provide independent, objective assurance that the financial statements prepared by management are fairly presented, in all material respects, in accordance with Canadian generally accepted accounting principles. In addition, as legislative auditors, for the transactions coming to our notice, we determine if the Office has complied with key legislative authorities. We also have an obligation to bring to the attention of Parliament any “other matter” that we believe is significant.  Our audit was conducted in accordance with Canadian generally accepted auditing standards, our own quality management system, and the ethical standards of our profession. Accordingly, our auditor’s report provides a high, though not absolute, level of assurance that the conclusions expressed in our opinion are appropriate. However, owing to the inherent limitations of an audit, there is an unavoidable risk that some misstatements in the financial statements were not detected, even though the audit was properly planned and performed.

Materiality

Materiality represents our judgment of the degree of significance of misstatement(s) that could influence the decision of a knowledgeable user relying on the financial statements. In determining materiality both quantitative and qualitative factors are considered.

As indicated in the engagement letter, quantitative materiality when planning the audit was set at $185,000. During the audit, no significant developments or new information came to our attention to indicate that a change in quantitative materiality was warranted.

Use of the work of specialists

When we were informed that the Office had lost financial data as a result of maintenance work conducted by the OPC on their joint server, we engaged one of our IT specialists to perform additional work on OPC’s back-up and restore strategies and procedures.

At the end of our review, we concluded that OPC had taken the appropriate initiatives to ensure that its back-up and restore strategies would provide adequate protection for both entities.  The exceptions and issues noted are a reflection of OPC’s need to fine tune its back-up configurations and OPC continues to do so.  It was noted that successful data back-ups are taking place as well as database exports, which have been tested to be valid.  Testing needs to be re-performed at a later date after initial setup issues have been resolved, especially given that there are planned changes to infrastructure affecting the back-up process.  This will be followed up later in 2008.

Also, since OPC manages Free Balance and the data back-up process for itself and the Office, we recommend that a formal agreement be created between the Office and OPC to describe in adequate detail the joint understanding and responsibilities for management of the Free Balance system including access control, change management and back-up/recovery procedures.

During the audit, we also engaged one of our Human Resource specialists to follow-up on the human resource findings communicated in our last Report to Senior Management. Our conclusions are summarized below in the section called “Related matters”.

Management letter

As mentioned in our engagement letter, it is possible that we would identify opportunities for changes in procedures that would improve systems of internal control, streamline operations, and/or enhance the Office’s financial reporting practices.

We have discussed our audit findings with appropriate officials at the Office and obtained satisfactory responses. Therefore, we will not issue a management letter as a result of our audit of the 2008 financial statements.

Communication of other matters to senior management

Professional standards require the auditor to communicate certain matters arising from the audit to assist senior management in overseeing the financial reporting process and compliance with reporting and disclosure requirements. We summarize that information below.

Area Comments
Auditor’s independence

We confirm that the Office of the Auditor General of Canada remained independent of the Office of the Information Commissioner of Canada throughout the audit. No new matters have arisen since our engagement letter dated 13 February, 2008 that could reasonably be thought to bear on our independence.

In determining whether there is a need to bring any matter related to independence to the attention of senior management, we consider relevant rules and related interpretations prescribed by the Institute of Chartered Accountants of Ontario, applicable legislation and the Office’s Code of Values, Ethics and Professional Conduct covering such matters as:

  1. holding a financial interest, either directly or indirectly, in the Office;



  2. holding a position, either directly or indirectly, that gave the right or responsibility to exert significant influence over the financial or accounting policies of the Office;



  3. personal or business relationships of immediate family, close relatives, either directly or indirectly, with the Office;



  4. over familiarity with the Office due to a long-standing relationship;



  5. potential for self-interest such as employment offers;



  6. acceptance of gifts or hospitality unless the value is clearly insignificant; and



  7. provision of services in addition to this audit engagement.
Changes in accounting policies There were no changes in accounting policies or in the method of applying those policies during the year.
Auditor’s judgment about the qualitative aspects of accounting principles used in the Office’s financial reporting. We believe that the accounting principles selected by the Office are appropriate for its business and consistent with public sector practices.
Management judgments and accounting estimates

The preparation of financial statements requires the use of accounting estimates. Certain estimates are particularly sensitive due to their significance to the financial statements and the possibility that events may differ significantly from management’s expectations.

The most significant estimates used in this year’s financial statements are for the establishment of the useful life of tangible capital assets and the liability for employee severance benefits. 

We are of the opinion that management’s judgements and estimates are reasonable.
Significant audit adjustments The following significant adjustments were made to the financial statements:
  Impact on statement of operations over/(under statement) Impact on statement of financial position          over/(under statement)
Under statement of the operating expenses and under statement of the allowance for vacation pay. (15,669) (15,669)
GST receivable for period 1 to 12 was not transferred to CRA before March 31, 2008. Over statement of the assets and of equity.   64,033
(64,033)
Overstatement of the prepaid expenses and understatement of operating expenses.  (21,332) 21,332
Unadjusted audit misstatements There were no audit differences left unadjusted.
Disagreements with management on financial accounting and reporting matters There were no disagreements with management on financial accounting and reporting matters.
Serious difficulties encountered in performing the audit We did not encounter any serious difficulties in performing the audit.
Fraud or illegal or possibly illegal acts We performed the procedures outlined in the engagement letter dated 13 February 2008. As a result of the procedures performed during our audit, we did not identify any fraud or illegal or possibly illegal acts.
Significant weaknesses in internal control There is no significant weakness noted.
Departmental performance report

As the Office’s auditors, we are deemed to be associated with designated public documents containing the audited financial statements, including summarized financial statements. Designated documents include the departmental performance report or other documents where audited financial statements are included.

Section 7500 of the CICA Handbook requires the auditor to compare and agree the wording and figures of the financial statements and the auditor’s report to the original to ensure that they have been reproduced accurately. The auditor is also required to read the other information in the designated public documents and ensure that there are no inconsistencies with the financial statements on which he/she has reported. This review is done for the Office’s hard copy and electronic versions of its departmental performance report. In performing this review, the auditor is not providing any assurance on the other information in the departmental performance report nor on the document as a whole.

Please note that the extent of our audit work is not sufficient to express an opinion on the adequacy of the design and operation of the internal control over the Office’s internet site and its contents. It is the responsibility of management of the Office to ensure the accuracy and quality of the information presented on the internet and to ensure that there is adequate security and control over such information.

Related matters

Follow up on issues reported in our Report to Senior Management for 2007

During this year’s audit, we followed-up on the measures the Office has put in place in response to the matters raised in our last Report to Senior Management.
The following is a summary of our key findings:

    - Error in salary paid to the former Commissioner: A new order was issued by the Governor in Council on November 29, 2007 to correct the situation.


    - The executive performance pay practices didn’t fully comply with the requirements of the Canada Public Service Agency (CPSA): The performance pay for 2007-08 complied with CPSA requirements.


    - The leave balances in the Human Resources Information System were not accurate: We discussed with management the controls implemented for leave balances and tested on a sample basis these balances and we concluded they were accurate for 2007-08.


    - Unconventional language training provided to one employee: No similar cases found for 2007-08.  Based on our discussions with management and our review of a sample of employee files, language training is now provided in accordance with conventional public service practice.


    - Lack of compliance with a number of recruitment guidelines (use of non-advertised processes, irregularities in staffing processes and inadequate documentation in staffing files): These items were assessed by the Public Service Commission (PSC) in May-June 2008 to determine if an audit was necessary.  The Office is waiting for the PSC’s decision. 


    - Inadequate documentation of classification files: There was no reclassification during the period of June 2007 to May 2008. 


    - Applicable regulations on contracts were not followed and there was a lack of knowledge of the Treasury Board policy on acquisition cards: Corrective measures were under implementation during 2007-08. We reviewed these measures and they appeared to be appropriate to resolve the issues we raised in the 2006-07 audit. We plan to test these new processes and controls during the 2008-09 audit to ensure they are reliable.


    - Gift certificates given to employees to celebrate the Public Service Week: This practice has been discontinued.

Audit hours and costs

There will be no costs to the Office of the Information Commissioner of Canada for professional services for the audit. The costs are paid from moneys appropriated by Parliament to the Office of the Auditor General of Canada. Information on our budgeted and actual audit hours and the related audit costs is presented below for information.

  2008
Actual (Estimated)		 2008
Budgeted		 Difference 2007
(Actual)
Audit hours 950 800 150 1028

We estimate that the fully loaded cost of this audit was $133,000.

The difference between the audit hours of this year and those of last year is due to the fact that last year, we did additional work on executive compensation, travel and hospitality expenses.

The difference between the hours budgeted and the estimated actual of this year is due to the following facts: 

  • we performed additional work on the recovery of data to ensure that the financial data for 2007-2008 were complete; and


  • we followed up on the matters raised in the Report to the Senior Management of last year.

Appendix A – Draft Auditor’s Report

We intend to issue the following auditor’s report after the financial statements are approved by senior management:

AUDITOR’S REPORT

To the Speaker of the House of Commons and the Speaker of the Senate

I have audited the statement of financial position of the Office of the Information Commissioner of Canada as at March 31, 2008 and the statements of operations, equity of Canada and cash flow for the year then ended. These financial statements are the responsibility of the Office’s management. My responsibility is to express an opinion on these financial statements based on my audit.

I conducted my audit in accordance with Canadian generally accepted auditing standards. Those standards require that I plan and perform an audit to obtain reasonable assurance whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation.

In my opinion, these financial statements present fairly, in all material respects, the financial position of the Office as at March 31, 2008 and the results of its operations and its cash flows for the year then ended in accordance with Canadian generally accepted accounting principles.

Further, in my opinion, the transactions of the Office that have come to my notice during my audit of the financial statements have, in all significant respects, been in accordance with the Financial Administration Act and regulations and the Access to Information Act.

John Wiersema, FCA
Deputy Auditor General
for the Auditor General of Canada

Ottawa, Canada
July 11, 2008

   

Last Modified 2008-11-17

Top of Page

Important Notices