Core Policy and Procedures Manual - Amendment Summary
December 2012

Policy

13.0 Financial Systems and Controls

13.0 Financial Systems and Controls – chapter rewritten to improve policy direction, clarify roles and responsibilities, assist ministries in understanding Financial Risk and Control Review (FRCR) requirements, and to support use of the suite of corporate financial systems to process financial information. Changes include new sections with:

  • definitions for financial information and financial systems, what a FRCR is, as well as, guidance to support ministries in preparing their FRCRs;
  • definitions for Payment Card Industry Data Security Assessments (PCI-DCAs), Privacy Impact Assessments (PIAs), Security Threat Risk Assessments (STRAs), and the Suite of Corporate Financial Systems;
  • guidance on risk-based internal controls, standards for accounting assertions and assessment of application and general computer controls;
  • guidance to ministries to lever related aspects where STRAs, PIAs, PCI-DSAs and FRCRs are completed on the same information technology systems and control regimes; and
  • a sample FRCR template.

Ministries are required to:

  • collaborate with the Office of the Comptroller General prior to developing a new financial system, enhancement or component thereof, and/or submitting a funding request for same;
  • ensure that in any ministry self-assessment situation, a FRCR is approved by independent ministry staff and/or a professional service provider with financial and IM/IT audit skills;
  • complete a pre-implementation FRCR and receive Comptroller General acceptance of the report before a financial system is put into production; and
  • conduct a post-implementation FRCR within two years of financial system operation, and have the report accepted by the Comptroller General before the third year of operations.

Thank you for visiting our web site.
If you have any comments or questions, please email us.