Archived - Audit of IM/IT Expenditures and Management Control Framework - Follow-up Report Status Update as of March 31, 2012
Archived information
This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
PDF Version (31 Kb, 5 Pages)
Action Plan Implementation Status Update Report to the Audit Committee - As of March 31, 2012
CHIEF FINANCIAL OFFICER (CFO)
Audit of IM/IT Expenditures and Management Control Framework (09-063)
Approval Date: 24/09/10
| Project Recommendations |
Action Plan | Expected Completion Date |
Program Response |
|---|---|---|---|
| 1. The CFO, in collaboration with the CIO, should develop and implement a directive that clearly defines IM/IT expenditures, specifying the respective line objects to be used for financial reporting. | The CIO will work with the DG, Planning and Resource Management and the DG, Corporate Accounting and Materiel Management to specify and define how the Departmental chart of accounts is to be used to track IM/IT expenditures effectively. The application of elements of the CoA will be clearly defined as a national standard. These requirements will be communicated in the form of a directive. | January 2011 | Status: Request to Close- Completed Update/Rationale: As of 31/03/2012: CIO: The Directive on IM/IT Procurement Authorization was approved by the DGIOC in early March 2011. The Directive outlines the necessary roles and requirements of impacted stakeholders when acquiring IM/IT good and services. Furthermore, the Directive includes a prescriptive mapping of mandatory financial coding for IM/IT goods and services once appropriately approved for acquisition. CAMM: Full advice on using project codes given to IM/IT. PRM: Actively participating in the IM/IT expenditures tracking initiative. The FMAs are making sure that IM/IT expenditures are coded appropriately for reporting purpose and especially for expenditures that we incurred on behalf of Shared Services Canada that the Department has to report on every month. The Working Group takes into consideration the COA restriction, the gating process for IM/IT projects to meet the different reporting requirements. Instructions as to how IM/IT expenditures should be coded will be communicated soon to Sectors and Regions so it is consistent across the department. AES: Fully implemented. The recommendation will be closed. |
| 2. The CFO, in collaboration with the CIO and Assistant Deputy Ministers (ADM) responsible for regional operations and staff, should implement a national system to track all IM/IT assets. This system should track device life-cycle, warranty, user and location information and should provide functionality to ensure that all devices and licenses assigned to employees and consultants are reacquired and/or removed upon departure. Once a national tracking system has been implemented, the CIO should conduct a Department-wide inventory of IM/IT assets. | The CIO has a software tool (viaTIL Remedy) that is capable of tracking assets and verifying inventory. The CIO will adjust existing processes to ensure that entry and exit procedures include the assignment and re-acquisition of hardware and software assets, and the effective management of system access rights and permissions. Once these measures are in place, the CIO will initiate a national baseline inventory and introduce inventory management processes. The CIO will issue a directive specifying the process to be followed and making mandatory the use of the Remedy tool as a national standard. |
January 2011 | Status: Underway Update/Rationale: As of 31/03/2012: Server Configuration Centre Manager (SSCM) is being used as the tool for managing inventory configuration items. For the NCR, all Desktop and Laptop items have been loaded in SSCM. The forms and templates for data collection and loading are available and are shared with the regions. There are bi-weekly ITSM meetings outlining the tool availability and functionality. Regions have been provided access to all forms and templates within SSCM. Currently Quebec, BC, Alberta, Saskatchewan have loaded and are using the tool. Enterprise Network and Computer Operations equipment are tracked via spreadsheets maintained by the Network Operations team and the Computer Operations Team. These items have not been loaded to the AANDC tracking tool as we are waiting on how Shared Services Canada wishes to proceed with tracking this type of equipment. Regions have been engaged within the ITSM group bi-weekly meeting with various regions. Processes have been documented and distributed for review and comments to the team members. The ITSM team will continue to provide support and guidance to regions that have not entered their IT Assets in ITSP/Remedy and finalize the processes and procedures. Processes will be finalized and draft IT Asset Management directive will be presented to ITSG in Q1 2012/2013. AES: Recommendation closed with new IT Asset Management Directive. |
| 3. The CFO, in collaboration with the CIO, should establish a consistent, documented and communicated procurement process for acquiring IM/IT assets that enforces appropriate segregation of duties across all regions and headquarters. | The CIO will issue a directive under the policy on the governance of IM/IT that will specify the processes and authorities for the procurement of IM/IT professional services and hardware and software. The CIO will work with the DG, Corporate Accounting and Materiel Management to ensure that the necessary controls and reporting capabilities exist to support these processes. These measures will include dedicated procurement capacity, monitoring, tools and templates, etc. The CIO will also encourage greater use of the centralized procurement of IT assets which may address such issues as the segregation of duties with respect to procurement and receipt as was observed during the audit. |
March 2011 | Status: Request to close Update/Rationale: As of 31/03/2012: The Directive on IM/IT Procurement Authorization was approved by the DGIOC in early March 2012. Communication forthcoming. AES: substantially implemented. Recommendation to close. |
| 4. The CFO should establish and maintain a complete inventory of IM/IT contracts, SLAs and MOUs. The CFO, in collaboration with the CIO, should also formalize a process to perform appropriate cost-benefit analyses for IM/IT service agreements based on strategic significance. | The CIO will specify the parameters for defining and measuring performance of acquired services, service agreements, and Memoranda of Understanding that pertain to IM/IT. This will include the requirement for an explicit statement of the expected benefits associated with the 3rd party arrangement, and the means and periodicity of reviewing and reporting. The CIO will endeavour to define a standard approach for the determination of benefits realized from such arrangements. This requirement will be communicated in the form of a Directive under the policy on governance of IM/IT. The CIO will develop an inventory of these agreements which will be reviewed by the Information and Technology Stewardship Group, and monitored on an annual basis. | December 2010 | Status: Underway Update/Rationale: As of 31/03/2012: The consolidated inventory of agreements will be presented to ITSG in Q1 2012/2013. AES: Implementation is ongoing. Recommendation to close once an approach to cost-benefit analysis is finalized and communicated across the department, and once the consolidated inventory is presented and approved, and the requirement to register all future IM/IT contracts with the inventory is communicated across the department. |
| 5. The CFO, in collaboration with the CIO and ADMs responsible for regional operations and staff, should finalize a Departmental IM/IT strategy to which local strategies and processes align across all regions and headquarters. Root causes of inconsistent practices should be addressed to establish a consistent approach to managing IM/IT initiatives across the Department. | The CIO will complete and obtain approval of the draft IM/IT Strategy. This strategy will provide the context for the policy on the governance of IM/IT and will form the basis for plans and activities across the Department's sectors and regions. | January 2011 | Status: Request to Close Update/Rationale: As of 31/03/2012: The IM/IT Strategy was approved by the Departments Operations Committee in February, 2012. Communications forthcoming. AES: substantially implemented. Recommendation to close. |