Skip to content

AOVS - Standing Committee

Audit and Oversight

44-1 44th Parliament, 1st Session (November 22, 2021 - Present)
Select a different session
Download as PDF

THE STANDING COMMITTEE ON AUDIT AND OVERSIGHT

EVIDENCE

OTTAWA, Wednesday, December 20, 2023

The Standing Committee on Audit and Oversight met with videoconference this day at 9:35 a.m. [ET] to supervise and report on the Senate’s internal and external audits and related matters; and, in camera, to report on the Senate’s internal and external audits and related matters.

Senator Marty Klyne (Chair) in the chair.

[English]

The Chair: I declare this public portion of the meeting in order. I’m Marty Klyne, senator from Saskatchewan, Chair of the Standing Committee on Audit and Oversight. Participating virtually in today’s meeting are Senator Renée Dupuis, deputy chair from Quebec; Senator David Wells, deputy chair from Newfoundland and Labrador; Senator Colin Deacon from Nova Scotia; Hélène Fortin, external member from Quebec. Participating in the room today is Mr. Robert Plamondon, external member.

[Technical difficulties] This will avoid any sound feedback that could negatively impact the committee staff in the room.

We’ll go to item 1, the meeting with the external auditors. I see we have our guests with us at the end of the room there. Excellent.

Our first item of business is a presentation from the independent external auditors on the draft audit results for the fiscal year ended on March 31, 2023. We’re welcoming from Ernst & Young, Suzanne Gignac, Partner, Assurance Services; and Niguel Givogue, Senior Manager, Assurance Services. I thank you both for being here today.

We also welcome, from the Senate Finance and Procurement Directorate, Pierre Lanctôt, Chief Financial Officer; and Nathalie Charpentier, Deputy Chief Financial Officer and Comptroller.

The committee has reviewed the draft audit results report from Ernst & Young, which summarizes their audit work and conclusions on the Senate’s financial statements. The committee has also received the Senate’s draft financial statements for the year ended March 31, 2023. These documents are drafts, and our committee will receive final documents once they are reviewed and approved by CIBA.

The Senate’s financial statements are audited each year by an independent external auditor. The committee considers the financial statement to be an important accountability document for the Senate and notes that, according to the draft audit results report, Ernst & Young has indicated they expect to issue an unmodified or unqualified auditor’s report on the financial statements for the 2022-23 fiscal year. I look forward to our discussion with you today and our committee’s oversight and external audit.

The committee will meet in camera with the external auditors during the second portion of this meeting. I will invite Ms. Gignac to deliver her opening remarks and we will open the floor for questions from committee members.

Suzanne Gignac, Partner, Assurance Services, Ernst & Young LLP: Thank you very much. In our executive summary, we summarize the audit results. I’ll start by thanking the Senate management team and their underlying team for their support in conducting the audit — very timely in providing us with information and very responsive to our questions.

Our audit, as mentioned, is substantially complete. We anticipate issuing an unmodified or a clean audit opinion essentially stating the financial statements are fairly stated in all material respects. I’ll speak to our areas of emphasis in a moment, but they’re in line with the plan we presented earlier in the year. For our scope of the audit, we did a substantive audit as we anticipated doing. We set materiality at 2.5% of expenditures, as we also anticipated, which resulted in materiality of approximately $2.7 million.

On our audit procedures, we do have some outstanding audit procedures as we are currently not completed the audit. We take it to where it is actually approved by the final committee and so we will do subsequent events and additional work, but at this point we don’t anticipate any issues with our unmodified opinion.

We have included some appendices that are really just for the committee’s interest in your role of oversight, and then we have some additional points that we will discuss in a moment.

Moving into the details, the areas of audit emphasis really go through all of the areas of the financial statements where we put our primary focus. When we go through each of these, we seek to understand how management actually walks through the process of initiating through to recording a transaction. We then do testing, and because it’s a substantive audit, we’ll do testing of large key items and then also do random sampling of any transactions based on our software which states how many random tests are required. We also do substantive analytics where we look at the prior year versus current year and make sure it looks reasonable as to the changes, and then we also do confirmations. That’s high level of what we do for each area of focus.

Moving to our fraud considerations, we are required to consider fraud as part of the audit, so we do journal entry testing where we extract all of the general ledger transactions and then we look for unusual items or anomalies and test those. We did not find any issues as a result of our testing on that basis.

We then have our corrected and uncorrected misstatements. There were two items disclosed in the report which relate to prior year differences that were identified and then the flow-through of those differences in the current year’s financial statements. One is capital assets that were not capitalized in prior years, so there is an understatement of amortization in the current year. The second is capital assets that were not rolled appropriately in the system so there was an understatement of amortization in the prior year that was recorded in the current year instead. Both are immaterial to the financial statements and as the second one has been corrected in the current year, it’s the correction that creates the error, so it’s appropriate to correct it.

There was a third item identified by management related to underaccrual of compensatory leave. This item also is immaterial — it is approximately 220,000 — management is correcting it in the current year as well. There are no other items to discuss at this time from a corrected/uncorrected perspective. We also looked at disclosures and had no concerns from a disclosure perspective. Management has included disclosure for the new standard that was implemented in the year for “PS 3450” on financial instruments.

Our required communications are included in your report; I won’t go through them in detail. A couple of items I’ll point out are that we didn’t identify any additional related party transactions that were not previously disclosed to us. We did not identify any independence matters. We did do a little bit of additional work related to Canadian Auditing Standard 315, which requires us to consider the IT systems. No additional risks were identified as a result of that.

Based on our audit, we don’t anticipate issuing a management letter. For those differences identified, management has put in place processes to support that they won’t happen in the future. Other than that, I think that’s at a high level all we have to provide at this point in time.

The Chair: I want to thank you again for your presentation. Before I open the floor to questions, I’d like to remind committee members that we are in public and ask you to keep confidential or detailed financial questions for the in camera portion. We will have an opportunity to meet with the auditors in camera and also without any staff present after this first portion of the meeting.

In public, we can ask questions otherwise.

Hélène F. Fortin, external committee member: Thank you very much, chair. Thank you for this good report on your audit procedures and findings. I basically just have two quick questions.

When you mentioned that during the year, management determined that certain assets were not properly amortized resulting in an understatement, can you ascertain or have you done any work to ensure that there will not be similar findings in future years, next year?

My second question pertains to your other comment with regard to the fraud procedures you have established to ensure that the fraud risk is minimized or audited. On page 5, you mentioned in the second paragraph that your audit procedures encompassed a requirement of CAS 240 for sure, but brainstorming, gathering information to facilitate the identification and response to fraud risk, et cetera. I was just wondering if you could speak to that precisely and what either has been done or if you have uncovered anything that would be worth knowing from your brainstorming and gathering information. Those were my two questions at the moment. Thank you so much.

Ms. Gignac: Thank you very much. On the first one, with respect to the rollover of amortization of assets, from my understanding, management looked at a complete list of the assets to make sure that everything that had not appropriately rolled over was considered and has put a process in place to ensure that going forward, they’re checking that all assets are rolling properly and amortized on an annual basis. I think that’s how we’re comfortable there won’t be similar findings in the future.

With respect to fraud, the brainstorming and gathering of information is part of our understanding the processes and walking through those processes. As far as the actual work we do, that is the work we do and we didn’t identify any fraud risk as a result of that, other than the presumed risk of management override. For a presumed risk of management override, we then do the journal entry testing and the types of things we look for are unusual pairings of transactions — a transaction that is just a debit to an asset credit to a liability, a transaction that is a credit to revenue debit expenses. We look for more significant date lags, so when the transaction was initially entered versus when it was posted, if there’s a long period of time, we’ll ask questions on why that happened. Entries made by preparers we wouldn’t expect to be preparing transactions and putting them into the system. Those are the types of things we look at, and we didn’t identify any transactions that raised additional fraud risk. We did test some, but they didn’t raise any concerns when we looked at them.

Ms. H. Fortin: Thank you.

The Chair: Thank you for that.

Robert Plamondon, external committee member: Thank you, Ms. Gignac, and thank you for being here with us this morning at the committee.

One of the desirable attributes, qualitative attributes of financial information is timeliness. As a case in point, the audited financial statements of the Government of Canada come out usually in September at some point in time, and here we are almost Christmas, it’s late in December, and we’re still reviewing the audited financial statements from last March.

Do you have any comment on the timeliness of these statements, the role of the audit team and the role of management in producing the audited financial statements in a timely basis?

Ms. Gignac: Thank you for the question. I agree, timeliness is important to financial information. We conduct the audit starting in June or July. The primary work on the audit is done much earlier in the year, so management is turning around that financial information, the financial statements, within a couple of months of year end, which is fairly common and very reasonable. I think there’s a process to work through the approval process for these financial statements, which results in them taking a little longer to get through to final completion.

So it is absolutely desirable to complete them early on; it also results in less subsequent events work, which goes on. As I mentioned, we have some procedures that go until the approval of the financial statements. Those procedures have to continue on very late into the following year. So, absolutely, timeliness is important and it would be ideal to have them approved earlier on in the year.

Mr. Plamondon: When Mr. Lanctôt speaks, I may ask the same questions. Perhaps you could address it in your remarks, to see what can be done to expedite the issuance of the audited financial statements, if possible.

Senator Wells: Thank you for your presentation, Ms. Gignac.

I want to ask you about cybersecurity. We’re under regular or maybe even constant attack with respect to cybersecurity. Did you note, or have you in your experience in auditing other organizations, attacks specifically targeting our or any financial systems; is that something that you look at, as it clearly is a vulnerability?

Ms. Gignac: As part of our procedures, we get an understanding of the cyber risk. We do have procedures. If there has been a cyber incident, we do additional procedures. Yes, I have seen that in other clients. We actually involve specialists when that does happen. We have not done that in this instance. We have looked at the cyber risk and haven’t assessed it any differently than we normally would.

From a financial statement auditor perspective, it’s fairly high level, what we’re doing, from the perspective of cyber risk. Only if there is an issue do we go into more detail.

Senator Wells: Thank you for that. In your experience with other organizations, are the risks on theft? Is it mischief? Is it someone testing to see if they can get into a system? Can you tell me your knowledge about what we should be thinking about for the future?

Ms. Gignac: Various different things. We see phishing exercises where individuals will try to divert payments.

We have seen ransom attacks where they have taken data and, in order to release that data, there would have had to have been discussions or payments potentially related to that. We’ve seen various different things.

Certainly, it is higher risk at this point in time. Organizations are managing that risk in various different ways.

Senator Wells: In your look at the Senate of Canada, did you look at any of the mitigation that our ISD department is doing? Is that something that you looked at, or is this purely a financial review?

Ms. Gignac: This is purely a financial review. We do look at the risk. If there is a risk there, we will assess it. We have not identified anything specific related to the financial reporting.

Senator Wells: Thank you.

Senator C. Deacon: If I could, to look at an element of where the Senate is heading, it’s committed to becoming a carbon-neutral organization by 2030. We’ve developed a process that is currently being implemented to assess changes that could possibly happen to allow us to free up capital, free up operating costs to pay for offsets and also reduce our overall carbon footprint.

In your experience around ESG — and I’m sure your organization has gotten an awful lot of experience in that regard — have you got advice for us or thoughts about where we’re at today in preparing for that move as an organization? Thank you.

Ms. Gignac: Ernst & Young does have specialists dealing with the ESG side of things. From a financial reporting perspective, this was not something we looked at specifically.

Certainly, there are a number of different things organizations are doing to manage risks and initiatives related to ESG, including looking at their capital assets and whether there are risks associated with climate change that would need to be considered with respect to their assets. We did not identify anything specific from a financial reporting perspective.

Of course, as I noted, Ernst & Young has teams, specialists and a group that deals with ESG and climate change. They could probably speak to that in more detail, if requested.

Senator C. Deacon: Thank you. Back to the question that Madam Fortin asked earlier in terms of your fraud assessment and the export of the general ledger data, I want to get a sense of the fact that you assess that against global experience that EY has gathered, expertise and doing a digital assessment versus analog. The way you answered that, I didn’t get great insight into the process that you actually undergo.

Ms. Gignac: We have a global audit methodology. The tools that we’re using are developed globally and then used at each of our organizations to perform our journal entry testing.

The process we go through is that we have a discussion as a team and with management as to what processes and risks they have; based on that, we determine whether there is a fraud risk. The fraud risk from a financial reporting perspective is whether there is a likelihood of material misstatement as a result of fraud. We did not identify any. We always have the presumed risk of management override.

With respect to the presumed risk of management override, we use these globally developed tools to extract, as noted, the entire GL data. Then we have developed things to look for that might indicate there is something unusual happening.

Based on the journal entries we identify, we then look at the underlying data to see if those transactions are actually supportable. Based on that, if they were not, then we would ask more questions and determine whether there was an additional fraud risk there and/or something that we needed to investigate further. We did not identify any.

The underlying support for the transactions was reasonable and in line with our expectations, so we did not have to take it any further than that.

Senator C. Deacon: Thank you very much.

[Translation]

Senator Dupuis: Thank you, Ms. Gignac.

My question builds on Mr. Plamondon’s. Was the timing different this year as compared with previous years when you performed the external audit of the Senate’s financial statements? In other words, did the reports come out later this year? Is that typical or what ends up happening every year in the Senate, or is this year different?

[English]

Ms. Gignac: It varies. The actual audit work, I would say, was generally in line with how it’s been done in prior years. We’re doing our work in the June/July time frame, having discussions with management, doing the actual transaction testing.

Then you have to work through the approval process of the financial statements. This year, it is a bit later than it has been in some years. I don’t know that it’s always consistent as to when it happens every year anyway.

Senator Dupuis: More or less.

Ms. Gignac: More or less it is. This is a later year.

[Translation]

Ms. H. Fortin: Ms. Gignac, I have a question further to the discussion around Senator Deacon’s questions.

On other audit and oversight committees, auditors meet with committee members prior to the audit to see whether there are any specific considerations relating to fraud or other irregularities.

Am I to understand that you are asking us that question now, further to implementation of the entire plan? Is it ultimately seen as part of the full set of questions put to the various bodies known as lines of defence?

[English]

Ms. Gignac: I believe we did meet with the committee when we were working on the audit plan, so we prepared the plan, met with the committee, provided responses to questions. Based on that, we asked at that point in time if there were any additional risks or areas of focus that we should consider or investigate in our plan and none were identified, so we moved forward with our plan as anticipated.

[Translation]

Ms. H. Fortin: I think I have one last related question. Does your procedural analysis take into account compliance with the various applicable policies? Those policies could be relevant such as policies on how expenditures should be incurred and recorded.

Do your procedures go as far as ensuring compliance with the policies in place? I am referring to the largest items in the financial statements. If not, do other procedures exist to ensure that the numbers in the financial statements are presented properly?

[English]

Ms. Gignac: As part of our procedures, we start by understanding the process, so we walk through how the process is actually recorded in the financial statements — from initiation of a transaction all the way through to recording the transaction. In doing that, we would consider if there is a policy. We might walk through a transaction and see if appropriate approvals happened on that transaction. But our testing is substantive, we are not doing a controls-based audit. After we have walked through the process and gotten comfortable that the process appropriately initiates processes and records a transaction, then we would go to substantive testing. In that substantive testing, we will be picking a transaction and making sure the underlying support ties into it, and we would not likely be going back to the policies at that point in time.

The Chair: Thank you for that.

Mr. Plamondon: Thank you, Mr. Chair. I want to come back to this issue of timing. I was surprised when you said that you do your audit work over the summer essentially. Is there a reason from EY’s perspective why that audit work could not start much earlier and sooner after the year end so that the audited statements could be produced on a more timely basis?

Ms. Gignac: The year end is March 31. There’s a little bit of time in there for management and the organization to close all the books, prepare all the financial statements and all the information that we need from an audit perspective. With similar organizations, we would do the audit end of May, into June, sometimes into July. It probably could be shortened slightly, but we would have to work with management on that.

Mr. Plamondon: Is that timeline determined by them or by you?

Ms. Gignac: It’s a mixture. It depends on timing of when the staffing is available and the information would be available, so on and so forth. It’s a bit of a mix, I would say. We would aim for June to do the audit, and then work from there.

Mr. Plamondon: I will get Mr. Lanctôt’s perspective on this when it’s his turn. Thank you. You could start earlier.

Ms. Gignac: Other than making sure we have appropriate staff in place to be able to do the audit, if everything was prepared, we likely could start earlier.

Mr. Plamondon: Thank you.

The Chair: I see no more questions. This will be the end of this part of our Q & A. I want to thank you for your presentation and for answering our questions. I would like to underline the high quality of the documents submitted to us. Thank you for your work and for helping our committee fulfill its mandate.

Before we proceed in camera, as acknowledged at the outset, Senator Dupuis will be retiring in January. As this is likely to be our last meeting before her retirement, I’m taking this opportunity to publicly thank Senator Dupuis, as a founding member of the Audit and Oversight Committee, for her active participation, engagement and valued contributions to this committee. We will certainly miss you, and we wish you a happy retirement from the Senate. Thank you very much, Senator Dupuis.

We will now move in camera.

(The committee continued in camera.)

Back to top