Audit of IM/IT Governance and Application Systems Integration - Follow-up Report Status Update as of March 31, 2014

PDF Version (63 Kb, 10 Pages)

Action Plan Implementation Status Update Report to the Audit Committee - As of March 31, 2014

Chief Financial Officer

Audit of IM/IT Governance and Application Systems Integration
Approval Date: 11-21-2013
   Project Recommendations       Action Plan    Expected
   Completion Date   
   Program Response   
1. The Chief Information Officer should strengthen governance and strategic direction related to information management by establishing or enhancing the following key elements:
  • Develop and approve an IM Plan consistent with the priorities identified in the Department’s IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. This may be part of an integrated IM/IT Plan or a separate IM Plan, but it is critical that IM direction be clarified. The draft Enterprise IM Strategy should be withdrawn to avoid confusion with having both an IM/IT Strategy and a separate IM Strategy.
  • Ensure required IM policies and directives are finalized and approved, and are communicated within the Department to all impacted employees. Of priority are those meeting TBS requirements, especially the Directive on Recordkeeping, where compliance is required by March 2015.
The Director of CIMD, in collaboration with the CIO, other Directors in IMB, and members of ITSG and DGIOC, will develop and approve an IM Plan consistent with the priorities identified in the Department’s IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. June 30, 2014 Status: Underway
Update/Rationale:
As of 31/03/2014:


Draft IM plan completed, on schedule to be finalised by June 30, 2014.

AES: Ongoing.
The draft Enterprise IM Strategy will be withdrawn. November 30, 2013 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Draft Enterprise IM Strategy has been removed for the INTRA site.

AES: Closed.
The AANDC Record Keeping Directive and E-Mail Management Directive will be reviewed, updated and approved. January 30, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Record Keeping Directive Approved, E-mail management directive to be implemented by SSC through ETI.

AES: Closed.
All approved policy instruments will be communicated to all employees via AANDC Express. March 31, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Implementation process amended to include submission of communication about approved policy instruments for publication in AANDC Express.

AES: Closed.
  • Ensure IM is a regular standing item at governance committees to monitor implementation of IM policies and directives as well as progress of key IM initiatives within the approved plan.
All IM/IT Policy Instruments will be organized into a prioritized list for review, update and approval as part of a life-cycle review and update. March 31, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


IM/IT policy framework with associated prioritized list policy instruments for review and update completed.  

AES: Closed.
An Intranet review and update process will be completed to remove draft policy instruments and ensure that only official/final versions are available. December 15, 2013 Update/Rationale:
As of 31/03/2014:


Intranet reviewed and all draft policy instruments removed.

AES: Closed.
Forward Agendas for IMB’s Branch Management Team meetings as well as IM/IT governance committees (e.g. ITSG) will be reviewed and updated to ensure that there are IM agenda items discussed at least once a month, and escalated as required to DGIOC and/or DOC. December 15, 2013 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


IM Updates (i.e. RK Directive, ETI) provided to BMT, ITSG, DGIOC and Ops.

AES: Closed.

AES: Implementation ongoing. This recommendation will be closed upon approval of the IM Plan.
2. The Chief Information Officer should continue the process recently initiated of engaging sectors and regions through the five-year call for investment plans in order to facilitate integration of the IM/IT Strategy and Plans with departmental investment planning. In addition to those approved by Operations Committee as part of the Department’s Investment Plan, which includes projects greater than $1 million only, these results should be incorporated into the annual updates of the IM/IT Plan to help ensure the IM/IT Plan remains consistent with the overall priorities of the Department and to allow for appropriate Information Management Branch resource planning. The annual call for IM/IT initiatives will continue to be included in all future calls for Investment plans. March 31, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


IM/IT Planning remains integrated with investment planning call letter.  Management of IM/IT initiatives is integrated internally with the MOU, Application Portfolio Management and Portfolio Management processes and the reporting processes to TBS on IM/IT Expenditures, IM/IT Plans, APM and investment planning.

AES: Implemented. The recommendation will be closed.
Results will be included in updates to the Tactical IM/IT Plan March 31, 2014
3. The Chief Information Officer should establish a centralized function to manage all IM and IT policies and directives to help ensure that they are tracked from draft status through to finalization and approval, and to manage the posting of only approved policies and directives on the Information Management Branch intranet site. This centralized function should track when policies and directives require review based either on the established timeline or when TBS requirements are modified, and monitor the process for updating. A communication process should be established to communicate the requirements of all new or modified policies and directives on a consistent basis to all those responsible for implementing them. The office of the CIO will:
  • Manage the development and updates to IM/IT policy instruments
November 15, 2013 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Ongoing.

AES: Closed.
  • Track the development/update of new and existing policy instruments
November 15, 2013 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Ongoing.

AES: Closed.
  • Manage the posting of existing/new policy instruments
November 15, 2013 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


Ongoing

AES: Closed.
  • Develop an update life-cycle for all IM/IT policy directives
March 31, 2014 Status: Request to Close (Completed)

Update/Rationale:
As of 31/03/2014:


Developed and ongoing.

AES: Closed.
  • Prepare communiqués for AANDC Express to highlight the requirements of all new policy instruments.
March 31, 2014 Status:Request to Close (Completed)

Update/Rationale:
As of 31/03/2014:


Communiqués prepared and ready for periodic submission to communications for publication in AANDC Express.

AES: Closed.

AES: Implemented. The recommendation will be closed.
4. The Chief Information Officer should enhance the Project Portfolio Management Framework (PPMF) documentation/adherence by:
  • clarifying the requirements for information management considerations in the PPMF, including how these will be documented and monitored in the gating approval process;
The Chief Information Officer will create an Information Management overlay/underlay that will identify the information management considerations and requirements for each gate of the PPMF. February 1, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


IM Overlay created and in place.

AES: Closed.
The Director of Enterprise IM/IT Strategic Services will develop a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process.  February 1, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


All current PPMF template documents are for light and full gating have been made ready and are currently on the development version of the Master list of Gate Deliverables.  It is expected that the intranet page will be updated by 4 Apr 14.

AES: Ongoing.
  • developing, approving, and posting to the Information Management Branch intranet site a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process;
Once approved, the document will be posted on the Intranet. February 28, 2014
  • clarifying PPMF requirements for projects requiring Treasury Board approval as these projects should follow the Department’s defined and approved project governance process; and,
The Director of ESS will create a document clarifying PPMF requirements for projects requiring Treasury Board approval to ensure that PPMF gating requirements are known for projects requiring TBS approval. March 1, 2014 Status: Underway
Update/Rationale:
As of 31/03/2014:


This is under discussion with TBS. Once specific requirements are confirmed, the synopsis will be added to the PMF webpage.

AES: Ongoing.
  • ensuring that formal project close-out as defined in the PPMF, including lessons learned and benefits realization, is enforced.
The CIO, in collaboration with ITSG and DGIOC will update the IM/IT Frameworks and documents to ensure that formal project close-outs are completed. February 1, 2014 Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:


The Project Closeout template was updated, approved by BMT, and is available on the web and has been socialized through ITSG.  It has been in use since Jan 2014.

AES: Ongoing.

AES: Implementation ongoing.
5. The Chief Information Officer should ensure that Enterprise Architecture (EA) initiatives are addressed on a priority basis and leveraged to enhance application systems integration in future project investments. Specifically, timelines should be confirmed and resources assigned for the key EA initiatives that had been identified for 2012-2013, consisting of development of an EA strategy and integration of EA with the PPMF, as these were the basis for future initiatives. Further, the Architectural Standards Committee should be re-instituted and reactivated to perform its role as the governance body ensuring IM/IT investments comply with approved technology standards and enterprise architecture initiatives (including current terms of reference produced, membership confirmed, and regular meetings initiated). The Director of ESS, in collaboration with all Directors in IMB, will:

  • Develop an EA Strategy
  • Develop an EA overlay/underlay for the PPMF
  • Re-institute the with Terms of Reference
  • Develop EA Principles/guidelines
March 31, 2014 Status: Underway
Update/Rationale:
As of 31/03/2014:


Draft of EA strategy completed and being reviewed by BMT prior to sharing for comment to the larger IM/IT governance audience. The strategy includes  principles and guidelines, and tasks for the development of the EA overlay/underlay for the PPMF, the staffing of the EA function and the development of two EA specific EA governance bodies of which ASC is one.

AES: Ongoing.
6. The Chief Information Officer should ensure that appropriately detailed information is reported by sectors and regions in the annual IM/IT spend analysis, especially information on specific IM/IT projects/initiatives undertaken, in order to effectively monitor compliance with departmental policies requiring pre-approval of all IM/IT expenditures. Once this additional information is gathered and evaluated, any indications of non-compliance with required pre-approvals should be evaluated and, based on significance, corrective actions should be initiated, such as direct follow-up with the region/sector or escalation to governance committees. The CIO will develop and implement compliance process(es) and activities to ensure that appropriate spending is occurring outside of IMB. April 30, 2014 Status: Underway
Update/Rationale:
As of 31/03/2014:


Proposed coding structure for use beginning 1 Apr 2014 is in final stages of approval, along with proposals for providing the CIO with the requisite visibility to be aware of assignment of budget and expenditures against them in IM/IT related areas of work.  The staffing of the IM/IT planning function is underway.  They will be charged with monitoring changes to financial data and flagging anomalies to the CIO for follow up with the program.

AES: Ongoing.
 
 
Date modified: