Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting

Summary of the Assessment of Effectiveness of the System of Internal Control over Financial Reporting and the Action Plan for Fiscal Year 2011-2012

Note to the reader

With the Treasury Board Policy on Internal Control (PIC), effective April 1, 2009, departments are required to demonstrate the measures they are taking to maintain an effective system of internal control over financial reporting (ICFR).

As part of this policy, departments are expected to conduct annual assessments of their system of ICFR, establish an action plan to address any necessary adjustments, and attach a summary of their assessment results and action plan to their Statement of Management Responsibility.

Effective systems of ICFR aim to achieve reliable financial statements and to provide assurances that:

  • transactions are appropriately authorized;
  • financial records are properly maintained;
  • assets are safeguarded from risks such as waste, abuse, loss, fraud and mismanagement; and
  • applicable laws, regulations and policies are adhered to.

It is important to note that the system of ICFR is not designed to eliminate all risks, but rather to mitigate risks to a reasonable level with controls that are balanced with, and proportionate to, the risks they aim to mitigate.

The system of ICFR is designed to mitigate risks to a reasonable level based on an on-going process to identify key risks, assess the effectiveness of associated key controls and adjust as required, as well as monitor the system in support of continuous improvement. As a result, the scope, pace and status of departmental assessments of the effectiveness of their system of ICFR will vary from one organization to another based on risks and unique circumstances.

Top of page

1. Introduction

This document is attached to the Canadian International Development Agency (CIDA or the Agency)'s Statement of Management Responsibility Including ICFR for the fiscal year 2011-2012. As required by the Treasury Board PIC, this document provides summarized information on the measures taken by the Agency to maintain an effective system of ICFR. In particular, it provides information on the assessments conducted by CIDA as at March 31, 2012, including progress, results and related action plans along with some financial highlights pertinent to understanding the control environment unique to the Agency. This is the third year of publication of this Annex.

1.1 Authority, mandate and program activities

CIDA is designated as a department for the purposes of the Financial Administration Act (Schedule I.1) by an Order-in-Council P.C. 1968-923 dated May 8, 1968. The authority for the CIDA program and related purposes is found in the Department of Foreign Affairs and International Trade Act, Annual Appropriations Act and International Development (Financial Institutions) Assistance Act.

CIDA's mandate is to manage Canada's aid resources effectively and accountably to achieve meaningful, sustainable development results, and to engage in policy development in Canada and internationally, enabling Canada's effort to realize its development objectives.

CIDA fulfills its mandate through six main program activities:

  • Fragile countries and crisis-affected communities;
  • Low-income countries;
  • Middle-income countries;
  • Global engagement and strategic policy;
  • Canadian engagement; and
  • Internal services.

Further detailed information on CIDA's authority, mandate and program activities can be found in the Report on Plans and Priorities and Departmental Performance Report.

1.2 Financial highlights

Financial information can be found in the financial statements (unaudited) of the Canadian International Development Agency for fiscal year 2011-2012, in the Reports section. Financial information that is relevant to CIDA can also be found in the Public Accounts of Canada.

Key financial highlights for the 2011-2012 fiscal year are:

  • Total expenses were $3.6 billion. Transfer payments comprised 93% of expenses followed by salaries and employee benefits at 5%.
  • CIDA's total revenues earned on behalf of Government were $38.9 million, mainly comprised of gains on foreign exchange ($22 million).
  • Financial assets consisted primarily of the amount due from the Consolidated Revenue Fund (75%) followed by the loans to developing countries and International Financial Institutions (22%). Investments and advances to International Financial Institutions were significant at $6.8 billion, but their net realizable value was reduced to zero since CIDA does not anticipate recovering these investments and advances in the future.
  • Non-financial assets consisted primarily of prepaid expenses, which comprise 12% of the total assets of $1.8 billion.
  • Accounts payable and accrued liabilities comprised 97% of the Agency's total liabilities of $1.3 billion.

In 2011-2012, expenses processed and recorded directly in the field through the Department of Foreign Affairs and International Trade (DFAIT) represented approximately 2% ($80 million) of the Agency's total expenses. Field expenses details are transferred regularly from DFAIT's financial system to CIDA's financial and accounting system (SAP). CIDA will be increasing its field presence over the next few years as part of a decentralization initiative, which is to be implemented by 2014-2015. The decentralization initiative will have an impact on the level of field expenses incurred.

The Agency uses a stand-alone financial system based on the SAP application. This system is critical to its operations and financial reporting.

1.3 Service arrangements relevant to financial statements

CIDA's financial system is currently hosted and supported by Agriculture and Agri-Food Canada and Shared Services Canada (SSC).

The Agency also relies on other organizations to process certain transactions that are recorded in its financial statements:

  • Public Works and Government Services Canada centrally administers the payments of salaries and benefits, the procurement of goods and services as well as the provision of accommodations, on behalf of the Agency.
  • Treasury Board Secretariat provides the Agency with the employer's contribution to health and dental insurance plans, and with information used to calculate various accruals and allowances, such as the accrued severance liability.
  • The Department of Justice Canada provides legal services to all departments including CIDA.
  • DFAIT provides payment processing, accounting and banking services to all CIDA offices that are located within the Canadian High Commissions or Embassies abroad. DFAIT also prepares periodic financial reports for CIDA staff detailing the Agency's expenses that were incurred directly in the field.

1.4 Material changes in fiscal year 2011-2012

Changes Impacting Financial Resources

  • Canada's Economic Action Plan included the following new funding for 2011-2012:
    • Contribution to G-8 Maternal, Newborn and Child Health initiative: $38.1 million; and
    • Funding from the International Assistance Envelope Crisis Pool that would allow CIDA to respond quickly to disasters and crises: $50 million.
  • Canada's Economic Action Plan also announced the conduct of a comprehensive review of program and operating costs across all of government in 2011-2012. Under this exercise, CIDA's activities were reviewed in the context of productivity improvements, program relevance and effectiveness. Pursuant to this review, budgets will be reduced for three fiscal years commencing in 2012-2013.
  • SSC was created on August 4, 2011 to consolidate, streamline and improve the government's information technology (IT) infrastructure services, specifically email, data centre and network services for 43 federal departments and agencies. Effective November 15, 2011, responsibility for email, data centre and network services, including associated resources, was transferred from CIDA to SSC. The administration and delivery of these services were shared during the 2011-2012 transition period while SSC was being established.

Change in Senior Management

On January 30, 2012, Ms. Greta Bossenmaier was appointed Senior Executive Vice-President of CIDA.

Top of page

2. CIDA's control environment relevant to ICFR

Entity level controls set the tone from the top to help ensure that all levels of staff at CIDA understand the purpose and importance of maintaining risk-based effective internal control systems as well as their roles and responsibilities in support of sound stewardship of public resources and reliable financial reporting.

Key components of entity level controls at CIDA aim to ensure solid governance and effective risk management at the corporate level, as well as the maintenance of other entity level controls to provide effective support to staff by raising awareness and providing appropriate knowledge, skills and tools. The ultimate objective is to manage risks while maintaining a responsive control environment for people at all levels that supports innovation and continuous improvement.

The Agency's main entity level controls currently in place and relevant to ICFR are set out below.

2.1 Key positions, roles and responsibilities

Below are CIDA's key positions and committees with responsibilities to maintain and review the effectiveness of its system of ICFR.

President — The Agency's President, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the President chairs the Departmental Audit Committee and the Management Board and receives advice and recommendations from the members.

Chief Financial Officer (CFO) — The Agency's CFO reports directly to the President and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Managers — CIDA's senior managers in charge of program delivery or corporate branches are responsible to maintain and review the effectiveness of the portions of the system of ICFR falling within their mandate.

Chief Audit Executive (CAE) — Consistent with the Treasury Board PIC, CIDA has a qualified CAE who establishes plans and performs risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the Agency, which are instrumental to the maintenance of an effective system of ICFR.

Audit Committee (AC) — The Audit Committee is an advisory committee that provides objective advice to the President on the Agency's risk management, control and governance frameworks. It is comprised of four external members and one internal member, the Agency's President. As such, the committee reviews the Agency's Corporate Risk Profile and its system of internal control, including the annual assessment and action plans relating to the system of ICFR.

Management Board (MB) — As the Agency's central decision-making body, the Management Board reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control.

2.2 Key measures taken by CIDA

CIDA's control environment includes a series of measures to equip its staff with the ability to manage risks well through raising awareness, providing the appropriate knowledge and the necessary tools to develop such skills. CIDA focuses on the following key control elements:

  • Gouvernance — The Agency has an established sound governance structure and receives strategic direction through the MB and standing committees.
  • Strategic Management Agenda — The Agency has a detailed strategic management agenda that provides clear orientation to managers and their staff.
  • Corporate Risk Profile — CIDA's regularly updated Corporate Risk Profile provides a proactive and systematic process to understand, manage and communicate risk across the Agency. It provides an ever-greening assessment of risk and a systematic response to the threats and opportunities faced by the Agency in the context of its mandate, objectives and resources.
  • Values and Ethics — CIDA adheres to the Values and Ethics Code for the Public Sector and is finalising an internal Code of Conduct. CIDA is actively implementing its Values and Ethics Action Plan (2008-13), which provides mechanisms for listening to employee concerns, ensuring broad training on values and ethics issues, and linking values and ethics to integrated risk management. Values and ethics dimensions are expected to be demonstrated in all activities and at all levels, including in the area of financial management.
  • Human Resources Management — Financial management accountabilities are systematically set out as a mandatory commitment in annual performance management agreements for executives. CIDA engages in integrated business and human resources planning, that also includes financial management requirements for managers and financial experts.
  • Communication and Training — CIDA has a suite of financial management and contracting courses designed for managers and specialists, some of which are provided by the Canada School of Public Service. Some courses are mandatory, in particular for managers and members of financial and procurement communities. The courses offered internally by CIDA complement those offered by the School by providing managers with additional training on the CIDA expenditure/budget context, its internal financial policies, reports and budget management practices, including CIDA's contractual and financial delegation instrument. A performance and learning plan exercise is performed annually to ensure that training needs are identified and appropriate learning strategies are employed. CIDA also has structured learning paths for managers and financial specialists to ensure that their learning is appropriately identified and planned each year in conjunction with the annual learning plan exercise.
  • IT Environment — An ongoing review of IT processing systems is performed to strengthen security, data integrity, efficiency and effectiveness. This has encompassed strengthening governance over processes and systems through the creation of whole-of-agency oversight and operating committees that enable process owner/stakeholder engagement. These include an Information Management and Information Technology Senior Advisory Committee and a Data Management Committee. Consideration of risks associated with systems and supporting business processes has been incorporated in a formal Certification and Accreditation Process. In addition to various corporate events tied to raising awareness to responsible stewardship, CIDA has implemented an on-line tool - "CIDA@Work", which is the primary source of up-to-date information for employees on what rules and tools must be used to guide them in the performance of their duties.
  • Legislation, Regulations and Policies — Mandatory requirements flowing from legislation, regulations and policies are systematically communicated to employees as well as periodically reinforced through various awareness opportunities and learning events. Departmental policies are tailored to the Agency's business and control environments.
  • Internal Audit Plan — The Agency has a 3-year risk-based rolling audit plan that is updated yearly, in consultation with senior management across the Agency. The plan, which is shared with the Office of the Comptroller General, is developed to ensure audit projects assess key governance, risk management and control practices of the organization, focusing on those areas that represent the highest perceived risk and significance to the Agency. In 2011-2012, CIDA initiated eight internal audit projects, and finalized three internal audit reports. These reports were reviewed by the AC members and sometimes modified as a result of their advice. The AC recommends the approval of the reports to the President. After the President approves the audit reports, they are posted on the Agency's public website. The AC regularly follows up on progress made by management in implementing its action plan to address recommendations contained in audit reports.
  • Internal Control Systems — CIDA has dedicated resources to internal controls, to document the Agency's main business processes and related key risks and controls to support the management and oversight of its system of ICFR, including the testing of design effectiveness described below. This documentation is fundamental in raising awareness and enabling staff at all levels to understand the key risks and controls and in supporting continuous improvements.

Top of page

3. Assessment of CIDA's system of ICFR

3.1 Assessment approach

In support of the Policy on Internal Control, an effective system of ICFR must be aligned with the objectives to provide reasonable assurance that:

  • transactions are appropriately authorized;
  • financial records are properly maintained;
  • assets are safeguarded; and
  • applicable laws, regulations and policies are adhered to.

Over time, this includes assessment of the design and operating effectiveness of the system of ICFR, leading to on-going monitoring and continuous improvement of the Agency's system of ICFR.

Assessing design effectiveness means that key control points are identified, documented, implemented and aligned with the risks they aim to mitigate, weaknesses are identified, and any required remediation is addressed. This includes the mapping of key IT systems, business processes to the main accounts, and other processes by location as applicable.

Assessing operating effectiveness means that the application of key controls has been tested over a defined period, that any weaknesses are identified and that any required remediation is addressed. Such testing covers all departmental control levels, including entity (corporate) level controls, IT general controls and business process controls.

On-going monitoring means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.

3.2 Scope of departmental assessment at CIDA during fiscal year 2011-2012

In support of the implementation of the PIC, the Agency has taken measures to assess its system of ICFR starting from the identification of its main financial statements accounts, business processes and other related processes.

In previous years, 14 processes, including risks and controls relevant to ICFR were documented and entity (corporate) level controls and IT general controls were assessed. In 2011-2012, the Agency continued to document and assess the design effectiveness of its system of ICFR, primarily focussing on the following processes:

  • Salaries and employee benefits expenses;
  • Year-end closing and financial statement preparation; and
  • Expenses incurred directly in the field at four foreign CIDA posts.

In addition, the Agency started gathering information and mapping out the following additional key processes, with the identification and documentation of key risk and control points:

  • Transfer payments expenses for responsive contributions and program-based approaches;
  • Loans to developing countries and International Financial Institutions (IFIs); and
  • Budgeting and forecasting.

In 2011-2012, CIDA initiated the assessment of the operating effectiveness of its key controls. As at March 31, 2012, assessments were completed for nine processes, as indicated in the CIDA Action Plan Summary at page 11.

Top of page

4. CIDA's assessment results during fiscal year 2011-2012

The more significant findings from the assessments described above are summarized below.

4.1 Design effectiveness of key controls

In 2011-2012, CIDA pursued the assessment of design effectiveness of key controls not already covered in the previous years, as noted in Section 3.2 above. In doing so, the Agency completed the documentation of the key processes and verified whether appropriate controls were in place and corresponded to actual practice.

The existence of relevant and strong financial controls was confirmed through this assessment. The main control objectives pertaining to each process were generally well supported by appropriate control activities.

As a result of these assessments, the Agency has adopted or identified the appropriate measures to address minor weaknesses in the following areas:

  • IT general controls (user access rights, segregation of duties);
  • Review and evidence of review prior to approval of documents;
  • Documenting of proper approval according to delegated authority; and
  • Review and reconciliation of the financial information.

Where feasible, remediation requirements were addressed as soon as the necessary adjustments had been identified. Otherwise, management action plans either were or are currently being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up will be performed on each of the remediation measures in 2012-2013 to ensure that they are being implemented as planned.

4.2 Operating effectiveness of key controls

In fiscal year 2011-2012, the operating effectiveness testing of key controls was performed on nine business processes as noted in Section 3.2. The Agency also assessed the operating effectiveness of the key financial controls that are embedded within the expenditures business process at four foreign CIDA offices.

In doing so, the Agency developed risk-based testing plans. Although no significant deficiencies have been identified, the testing results have identified potential improvements that could be made to enhance the operating effectiveness of key controls.

Where feasible, specific remediation requirements were addressed shortly after the necessary adjustments were identified. In other cases, management action plans are being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up will be performed on each of the remediation measures according to a monitoring program that will be established over the next two years.

4.3 On-going monitoring program

A CIDA PIC Implementation Project Plan, including the ongoing monitoring and testing timeline, was updated and presented to the AC in 2011-2012.

In 2011-2012, the Agency developed a draft strategy for the on-going monitoring of financial controls. This document outlines the rationale and the frequency of testing of key financial controls, for each significant process. This draft on-going monitoring program will be refined in the next fiscal years and is planned to be implemented in 2014-2015.

Top of page

5. CIDA's action plan

5.1 Progress as of March 31, 2012

During 2011-2012, the Agency continued to make significant progress in assessing and improving its key financial controls. Below is a summary of the progress made by CIDA.

The Agency completed work in the following areas, as planned in its 2010-2011 plan:

  • CIDA has substantially completed the documentation of all of its significant processes, encompassing full system descriptions, financial control matrices and design effectiveness assessment of the processes. In 2011-2012, this work was finalized for the following processes:
    • Salaries and employee benefits; and
    • Year-end closing and financial statements preparation.
  • CIDA has made progress in the operating effectiveness assessment of key controls for the following processes in 2011-2012 - progress status is indicated in (brackets):
    • Transfer payment expenses for multilateral grants (completed);
    • Gains and losses on foreign exchange (completed);
    • Investments and advances to IFIs (completed);
    • General accounts payable and accrued liabilities (completed);
    • Contractual obligations (completed);
    • Contingent liabilities (completed);
    • Year-end closing and and financial statement preparation (completed);
    • Adjusting journal entries (completed);
    • Interdepartmental settlements (completed);
    • Professional services expenses (partially completed); and
    • Accrued employee severance benefits (partially completed).
  • CIDA performed financial controls assessments over expenses incurred directly in the field at four foreign offices, in support of the increased decentralization of Agency operations.

The Agency conducted the following work, which has had an impact on internal controls and provides remedial action in response to the findings of the assessments of design and operating effectiveness as follows — progress status is indicated in (brackets):

  • An improved process was established for the review and approval of journal entries. CIDA has also sent a reminder of the journal entries approval procedures to all users. (completed)
  • CIDA reiterated the importance of maintaining good supporting documentation, audit trails and evidence when performing financial internal controls. (completed, ongoing)
  • The Agency launched the "CIDA@Work" initiative, which is a primary source of information for CIDA employees on the rules and the tools they need to exercise of their functions. It presents programming and operational rules and tools (policies, strategies, directives, guidelines, templates, etc.) applied Agency-wide for CIDA business processes. (completed, ongoing)
  • Users' access to the Agency's financial systems are being reviewed and updated to ensure a stronger segregation of duties. The list of users of the Interdepartmental Settlements functionality was reviewed and updated so that access is given only to employees who perform these specific duties. (partially completed)
  • CIDA is currently developing a single process for aid delivery: the Agency Programming Process (APP). This new approach, planned to take effect in winter 2013, will provide CIDA staff with clear and standardized processes on transfer payments. (underway)

5.2 Action plan for the next fiscal year and future years

Building on progress to date, the Agency is well positioned to substantially complete the assessment of the design and operating effectiveness of its system of ICFR in 2013-2014 and will then implement its on-going monitoring program.

In 2012-2013, CIDA plans to:

  • Complete the assessment of the design effectiveness of all of its remaining significant processes: transfer payments responsive approach and program-based approach, loans to developing countries and IFIs, and budgeting and forecasting.
  • Continue with the assessment of the operating effectiveness of key controls with particular focus on the following processes: professional services expenses, Canada Investment Fund for Africa, accrued liability for matching funds program and accrued employee severance benefits.
  • Perform additional assessments of the design and operating effectiveness of key financial controls over field expenditures, in support of the increased decentralization of Agency operations.
  • Confirm an internal control framework, which specifies, in particular, the roles and responsibilities and the control environment.
  • Re-assess the entity-level controls.

In 2013-2014, CIDA plans to:

  • Assess the operating effectiveness of the remaining key financial controls of the main business processes, in particular for the transfer payments business processes.
  • Continue to assess the design and operating effectiveness of key financial controls over CIDA's field expenditures.
  • Initiate the implementation of a detailed on-going monitoring program for the effectiveness of the departmental system of ICFR. This program will support the development of a risk-based design and operating effectiveness assessment plan that identifies key controls to be tested over a defined period of time, which includes the selection of locations, the test-period as well as the method and frequency of testing. The program will also incorporate training and communications to enhance the awareness and knowledge of ICFR and of the associated responsibilities across the Agency.

In 2014-2015 and future years, CIDA plans to:

  • Update the assessments related to the re-engineered processes for transfer payments, as a result of the APP as described in section 5.1.
  • Continue the implementation and maintain the on-going monitoring program of the effectiveness of the departmental system of ICFR, as described above, providing that the initial assessment of design effectiveness and operating effectiveness of key controls is completed for all of the Agency's main processes.

CIDA is fully committed to this action plan. However, attainment of the milestones identified above will be contingent on the Agency being able to maintain its current level of resources to implement the requirements of the PIC. Any major changes to the departmental structure could certainly influence the associated timelines. CIDA will continue to update its action plan on an annual basis.

Top of page

CIDA action plan summary

CIDA Action Plan Summary
Elements in action planDocumentation and assessment of design effectiveness of key controlsAssessment of operating effectiveness of key controlsInitial plan for ongoing monitoring of the effectiveness of the system of ICFR
CompletedPlannedCompletedPlannedPlanned to start in year (frequency)
Transfer payments: multilateral grants approach2010-20112011-20122013-2014 (2 yrs)
Transfer payments: directive contributions approach2010-20112013-20142015-2016 (2 yrs)
Transfer payments: responsive approach2012-20132013-20142015-2016 (2 yrs)
Transfer payments: program-based approach2012-20132013-20142015-2016 (2 yrs)
Salaries and employee benefits2011-2012Note Footnote 12014-2015 (3 yrs)
Professional and special services expenses2010-20112012-20132014-2015 (2 yrs)
Gains and losses on foreign exchange2010-20112011-20122013-2014 (1 yr)
Loans to developing countries and IFIs2012-20132013-20142015-2016 (2 yrs)
Investments and advances to IFIs2010-20112011-20122014-2015 (3 yrs)
Canada Investment Fund for Africa2010-20112012-20132014-2015 (2 yrs)
Prepaid expenses2010-2011Note Footnote 2Note Footnote 3
General accounts payable and accrued liabilities2010-20112011-20122013-2014 (1 yr)
Accrued liability for Matching Funds Program2010-20112012-20132015-2016 (3 yrs)
Accrued employee severance benefits2010-20112012-20132013-2014 (1 yr)
Contractual obligations2010-20112011-20122013-2014 (1 yr)
Contingent liabilities2010-20112011-20122013-2014 (1 yr)
Year-end closing and financial statements preparation2011-20122011-20122013-2014 (1 yr)
Adjusting journal entries2010-20112011-20122013-2014 (1 yr)
Interdepartmental settlements2010-20112011-20122014-2015 (2 yrs)
Budgeting and forecasting2012-20132013-20142015-2016 (3 yrs)
Field expendituresFinancial controls assessments are performed on the field expenditures on a rotational basis
Entity level controls2009-2010Note Footnote 4Note Footnote 52012-2013 (5 yrs)
IT general controls2009-2010Note Footnote 6Note Footnote 72013-2014 (3 yrs)

Footnotes

Footnote 1

In 2010-2011, the Office of the Chief Audit Executive at CIDA performed an internal audit on payroll expenses. The results of the audit were considered as an initial assessment of the operating effectiveness of key controls.

Return to footnote 1 referrer

Footnote 2

Due to changes to Public Sector Accounting Standard 3410 (PS 3410- Government Transfers) effective April 1st, 2012, prepaid expenses will be considerably reduced and consequently the related business process will no longer be considered significant.

Return to footnote 2 referrer

Footnote 3

Due to changes to Public Sector Accounting Standard 3410 (PS 3410- Government Transfers) effective April 1st, 2012, prepaid expenses will be considerably reduced and consequently the related business process will no longer be considered significant.

Return to footnote 3 referrer

Footnote 4

The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.

Return to footnote 4 referrer

Footnote 5

The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.

Return to footnote 5 referrer

Footnote 6

The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.

Return to footnote 6 referrer

Footnote 7

The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.

Return to footnote 7 referrer