Audit of IM/IT Governance and Application Systems Integration - Follow-up Report Status Update as of September 30, 2014

PDF Version (64 Kb, 10 Pages)

Action Plan Implementation Status Update Report to the Audit Committee - As of September 30, 2014

Chief Financial Officer

Audit of IM/IT Governance and Application Systems Integration
Approval Date: 11-21-2013
   Project Recommendations       Action Plan    Expected
   Completion Date   
   Program  Response   
1. The Chief Information Officer should strengthen governance and strategic direction related to information management by establishing or enhancing the following key elements:
  • Develop and approve an IM Plan consistent with the priorities identified in the Department's IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. This may be part of an integrated IM/IT Plan or a separate IM Plan, but it is critical that IM direction be clarified. The draft Enterprise IM Strategy should be withdrawn to avoid confusion with having both an IM/IT Strategy and a separate IM Strategy.
  • Ensure required IM policies and directives are finalized and approved, and are communicated within the Department to all impacted employees. Of priority are those meeting TBS requirements, especially the Directive on Recordkeeping, where compliance is required by March 2015.
The Director of CIMD, in collaboration with the CIO, other Directors in IMB, and members of ITSG and DGIOC, will develop and approve an IM Plan consistent with the priorities identified in the Department's IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. June 30, 2014

Status : Underway
Update/Rationale:
As of September 30, 2014

IM/ITStrategy and companion document are with the CFO (and DMs) for their review.

AES: Ongoing.

The draft Enterprise IM Strategy will be withdrawn. November 30, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Draft Enterprise IM Strategy has been removed for the INTRA site.

AES: Closed.

The AANDC Record Keeping Directive and E-Mail Management Directive will be reviewed, updated and approved. January 30, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Record Keeping Directive Approved, E-mail management directive to be implemented by SSC through ETI.

AES: Closed.

All approved policy instruments will be communicated to all employees via AANDC Express. March 31, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Implementation process amended to include submission of communication about approved policy instruments for publication in AANDC Express.

AES: Closed.

  • Ensure IM is a regular standing item at governance committees to monitor implementation of IM policies and directives as well as progress of key IM initiatives within the approved plan.
All IM/IT Policy Instruments will be organized into a prioritized list for review, update and approval as part of a life-cycle review and update. March 31, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

IM/IT policy framework with associated prioritized list policy instruments for review and update completed.

AES: Closed.

An Intranet review and update process will be completed to remove draft policy instruments and ensure that only official/final versions are available. December 15, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Intranet reviewed and all draft policy instruments removed.

AES: Closed.

Forward Agendas for IMB's Branch Management Team meetings as well as IM/IT governance committees (e.g. ITSG) will be reviewed and updated to ensure that there are IM agenda items discussed at least once a month, and escalated as required to DGIOC and/or DOC. December 15, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

IM Updates (i.e. RK Directive, ETI) provided to BMT, ITSG, DGIOC and Ops.

AES: Closed.

2. The Chief Information Officer should continue the process recently initiated of engaging sectors and regions through the five-year call for investment plans in order to facilitate integration of the IM/IT Strategy and Plans with departmental investment planning. In addition to those approved by Operations Committee as part of the Department's Investment Plan, which includes projects greater than $1 million only, these results should be incorporated into the annual updates of the IM/IT Plan to help ensure the IM/IT Plan remains consistent with the overall priorities of the Department and to allow for appropriate Information Management Branch resource planning. The annual call for IM/IT initiatives will continue to be included in all future calls for Investment plans. March 31, 2014

Status: Request to Close (Completed)

Update/Rationale:
As of 31/03/2014:

IM/IT Planning remains integrated with investment planning call letter.  Management of IM/IT initiatives is integrated internally with the MOU, Application Portfolio Management and Portfolio Management processes and the reporting processes to TBS on IM/IT Expenditures, IM/IT Plans, APM and investment planning.

AES: Implemented. The recommendation will be closed. Closed.

Results will be included in updates to the Tactical IM/IT Plan March 31, 2014
3. The Chief Information Officer should establish a centralized function to manage all IM and IT policies and directives to help ensure that they are tracked from draft status through to finalization and approval, and to manage the posting of only approved policies and directives on the Information Management Branch intranet site. This centralized function should track when policies and directives require review based either on the established timeline or when TBS requirements are modified, and monitor the process for updating. A communication process should be established to communicate the requirements of all new or modified policies and directives on a consistent basis to all those responsible for implementing them. The office of the CIO will:
  • Manage the development and updates to IM/IT policy instruments
November 15, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Ongoing.

AES: Closed.

  • Track the development/update of new and existing policy instruments
November 15, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Ongoing.

AES: Closed.

  • Manage the posting of existing/new policy instruments
November 15, 2013

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

Ongoing

AES: Closed.

  • Develop an update life-cycle for all IM/IT policy directives
March 31, 2014

Status: Request to Close (Completed)

Update/Rationale:
As of 31/03/2014:

Developed and ongoing.

AES: Closed.

  • Prepare communiqués for AANDC Express to highlight the requirements of all new policy instruments.
March 31, 2014

Status:Request to Close (Completed)

Update/Rationale:
As of 31/03/2014:

Communiqués prepared and ready for periodic submission to communications for publication in AANDC Express.

AES: Closed.

AES: Implemented. The recommendation will be closed. Closed.

4. The Chief Information Officer should enhance the Project Portfolio Management Framework (PPMF) documentation/adherence by:
  • clarifying the requirements for information management considerations in the PPMF, including how these will be documented and monitored in the gating approval process;
The Chief Information Officer will create an Information Management overlay/underlay that will identify the information management considerations and requirements for each gate of the PPMF. February 1, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of 31/03/2014:

IM Overlay created and in place.

AES: Closed.

The Director of Enterprise IM/IT Strategic Services will develop a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process. February 1, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of June 30, 2014

All current Project Portfolio Management Framework (PPMF) template documents have been updated and are included in the revised Master list of Gate Deliverables. The intranet page is updated since April 16, 2014.

AES: Closed.

  • developing, approving, and posting to the Information Management Branch intranet site a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process;
Once approved, the document will be posted on the Intranet. February 28, 2014
  • clarifying PPMF requirements for projects requiring Treasury Board approval as these projects should follow the Department's defined and approved project governance process; and,
The Director of ESS will create a document clarifying PPMF requirements for projects requiring Treasury Board approval to ensure that PPMF gating requirements are known for projects requiring TBS approval. March 1, 2014

Status : Underway
Update/Rationale:
As of September 30, 2014

IMB is collaborating with a TBS analyst, as part of OPMCA, to define gating requirements for TBS approved projects. Once specific requirements for TBS approved projects are confirmed, the synopsis will be added to the Project Management Framework webpage.

AES: Ongoing

  • ensuring that formal project close-out as defined in the PPMF, including lessons learned and benefits realization, is enforced.
The CIO, in collaboration with ITSG and DGIOC will update the IM/IT Frameworks and documents to ensure that formal project close-outs are completed. February 1, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of June 30, 2014:

The Project Closeout template was updated and approved by Chief Information Officer's Branch Management Team (CIO-BMT), presented to ITSG and has been posted to the INTRA site. Projects are now being 'officially' closed out in accordance with Project Portfolio Management Framework guidelines (i.e. FNCFS).

AES: Closed.

5. The Chief Information Officer should ensure that Enterprise Architecture (EA) initiatives are addressed on a priority basis and leveraged to enhance application systems integration in future project investments. Specifically, timelines should be confirmed and resources assigned for the key EA initiatives that had been identified for 2012-2013, consisting of development of an EA strategy and integration of EA with the PPMF, as these were the basis for future initiatives. Further, the Architectural Standards Committee should be re-instituted and reactivated to perform its role as the governance body ensuring IM/IT investments comply with approved technology standards and enterprise architecture initiatives (including current terms of reference produced, membership confirmed, and regular meetings initiated). The Director of ESS, in collaboration with all Directors in IMB, will:
  • Develop an EA Strategy
  • Develop an EA overlay/underlay for the PPMF
  • Re-institute the BMT ASC with Terms of Reference
  • Develop EA Principles/guidelines
March 31, 2014

Status: Underway
Update/Rationale:
As of September 30, 2014

Enterprise Architecture Strategy approved by ITSG on April 3. 2014.

The Architectural Standards Committee (ASC) will be re-instituted in late Q3 (or early Q4).

The Enterprise Architecture (EA) / Project Portfolio Management Framework (PPMF) overlay/underlay and EA principles/guidelines under development.

AES: Ongoing

6. The Chief Information Officer should ensure that appropriately detailed information is reported by sectors and regions in the annual IM/IT spend analysis, especially information on specific IM/IT projects/initiatives undertaken, in order to effectively monitor compliance with departmental policies requiring pre-approval of all IM/IT expenditures. Once this additional information is gathered and evaluated, any indications of non-compliance with required pre-approvals should be evaluated and, based on significance, corrective actions should be initiated, such as direct follow-up with the region/sector or escalation to governance committees. The CIO will develop and implement compliance process(es) and activities to ensure that appropriate spending is occurring outside of IMB. April 30, 2014

Status: Request to Close (Completed)
Update/Rationale:
As of June 30, 2014:

 AANDC has approved policy instruments that require compliance (e.g. policies and directives are mandatory by definition). As an example, AANDC approved the Directive on Information Management and Information Technology Procurement Authorization which states roles and responsibilities for procurement as well as what specific financial coding to use in the financial systems. In addition, an annual process has been implemented whereby IMB does extracts from the departmental financial system and sends them to the Region/Sector for their review and attestation. This review and attestation ensures that the Regions are coding to the correct project code.

AANDC will need to develop compliance processes for the new SAP coding structure which was introduced April 1, 2014.

AES: Implementation complete. Recommended to close. Closed.

 
 
Date modified: