Audit of IM/IT Governance and Application Systems Integration - Follow-up Report Status Update as of December 31, 2014
PDF Version (48 Kb, 10 Pages)
Action Plan Implementation Status Update Report to the Audit Committee - As of December 31, 2014
Chief Financial Officer
Project Recommendations | Action Plan | Expected Completion Date |
Program Response |
---|---|---|---|
1. The Chief Information Officer should strengthen governance and strategic direction related to information management by establishing or enhancing the following key elements:
|
The Director of CIMD, in collaboration with the CIO, other Directors in IMB, and members of ITSG and DGIOC, will develop and approve an IM Plan consistent with the priorities identified in the Department's IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. | June 30, 2014 | Status: Underway Update/Rationale: The CIO has submitted an IM Strategy to the CFO and DMs for their review and approval AES: Implementation ongoing. Recommendation will be closed with approval of the strategy. |
The draft Enterprise IM Strategy will be withdrawn. | November 30, 2013 | Status: Request to Close (Completed) Update/Rationale: Draft Enterprise IM Strategy has been removed for the intranet site. AES: Closed. |
|
The AANDC Record Keeping Directive and E-Mail Management Directive will be reviewed, updated and approved. | January 30, 2014 | Status: Request to Close (Completed) Update/Rationale: Record Keeping Directive Approved, E-mail management directive to be implemented by SSC through ETI. AES: Closed. |
|
All approved policy instruments will be communicated to all employees via AANDC Express. | March 31, 2014 | Status: Request to Close (Completed) Update/Rationale: Implementation process amended to include submission of communication about approved policy instruments for publication in AANDC Express. AES: Closed. |
|
|
All IM/IT Policy Instruments will be organized into a prioritized list for review, update and approval as part of a life-cycle review and update. | March 31, 2014 | Status: Request to Close (Completed) Update/Rationale: IM/IT policy framework with associated prioritized list policy instruments for review and update completed. AES: Closed. |
An Intranet review and update process will be completed to remove draft policy instruments and ensure that only official/final versions are available. | December 15, 2013 | Status: Request to Close (Completed) Update/Rationale: Intranet reviewed and all draft policy instruments removed. AES: Closed. |
|
Forward Agendas for IMB's Branch Management Team meetings as well as IM/IT governance committees (e.g. ITSG) will be reviewed and updated to ensure that there are IM agenda items discussed at least once a month, and escalated as required to DGIOC and/or DOC. | December 15, 2013 | Status: Request to Close (Completed) Update/Rationale: IM Updates (i.e. RK Directive, ETI) provided to BMT, ITSG, DGIOC and Ops. AES: Closed. |
|
2. The Chief Information Officer should continue the process recently initiated of engaging sectors and regions through the five-year call for investment plans in order to facilitate integration of the IM/IT Strategy and Plans with departmental investment planning. In addition to those approved by Operations Committee as part of the Department's Investment Plan, which includes projects greater than $1 million only, these results should be incorporated into the annual updates of the IM/IT Plan to help ensure the IM/IT Plan remains consistent with the overall priorities of the Department and to allow for appropriate Information Management Branch resource planning. | The annual call for IM/IT initiatives will continue to be included in all future calls for Investment plans. | March 31, 2014 | Status: Request to Close (Completed) Update/Rationale: IM/IT Planning remains integrated with investment planning call letter. Management of IM/IT initiatives is integrated internally with the MOU, Application Portfolio Management and Portfolio Management processes and the reporting processes to TBS on IM/IT Expenditures, IM/IT Plans, APM and investment planning. AES: Implemented. The recommendation will be closed. Closed. |
Results will be included in updates to the Tactical IM/IT Plan | March 31, 2014 | ||
3. The Chief Information Officer should establish a centralized function to manage all IM and IT policies and directives to help ensure that they are tracked from draft status through to finalization and approval, and to manage the posting of only approved policies and directives on the Information Management Branch intranet site. This centralized function should track when policies and directives require review based either on the established timeline or when TBS requirements are modified, and monitor the process for updating. A communication process should be established to communicate the requirements of all new or modified policies and directives on a consistent basis to all those responsible for implementing them. | The office of the CIO will:
|
November 15, 2013 | Status: Request to Close (Completed) Update/Rationale: Ongoing. AES: Closed. |
|
November 15, 2013 | Status: Request to Close (Completed) Update/Rationale: AES: Closed. |
|
|
November 15, 2013 |
Status: Request to Close (Completed) Update/Rationale: Ongoing AES: Closed. |
|
|
March 31, 2014 | Status: Request to Close (Completed) Update/Rationale: Developed and ongoing. AES: Closed. |
|
|
March 31, 2014 | Status:Request to Close (Completed) Update/Rationale: Communiqués prepared and ready for periodic submission to communications for publication in AANDC Express. AES: Closed. AES: Implemented. The recommendation will be closed. Closed. |
|
4. The Chief Information Officer should enhance the Project Portfolio Management Framework (PPMF) documentation/adherence by:
|
The Chief Information Officer will create an Information Management overlay/underlay that will identify the information management considerations and requirements for each gate of the PPMF. | February 1, 2014 |
Status: Request to Close (Completed) Update/Rationale: IM Overlay created and in place. AES: Closed. |
The Director of Enterprise IM/IT Strategic Services will develop a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process. | February 1, 2014 |
Status: Request to Close (Completed) Update/Rationale: All current Project Portfolio Management Framework (PPMF) template documents have been updated and are included in the revised Master list of Gate Deliverables. The intranet page is updated since April 16, 2014. AES: Closed. |
|
|
Once approved, the document will be posted on the Intranet. | February 28, 2014 | |
|
The Director of ESS will create a document clarifying PPMF requirements for projects requiring Treasury Board approval to ensure that PPMF gating requirements are known for projects requiring TBS approval. | March 1, 2014 |
Status : Underway Update/Rationale: Work continues in this area. All projects need to at least have their final Project Complexity and Risk Assessment acknowledged by TBS before starting detailed planning. An integrated process is now in place to author, review and submit PCRAs to TBS for acknowledgment. Projects that require funding from TBS, or exceed the department's project authority, need to submit a funding request to Treasury Board, to which are attached a number of gating documents (business case and project charter at a minimum). This is the sole remaining area of discussion. We are still working with TBS to define what project documents need to be submitted for projects. This should be resolved by the end of Q4. AES: Recommend to close. Closed. |
|
The CIO, in collaboration with ITSG and DGIOC will update the IM/IT Frameworks and documents to ensure that formal project close-outs are completed. | February 1, 2014 |
Status: Request to Close (Completed) Update/Rationale: The Project Closeout template was updated and approved by Chief Information Officer's Branch Management Team (CIO-BMT), presented to ITSG and has been posted to the INTRA site. Projects are now being ‘officially' closed out in accordance with Project Portfolio Management Framework guidelines (i.e. FNCFS). AES: Closed. |
5. The Chief Information Officer should ensure that Enterprise Architecture (EA) initiatives are addressed on a priority basis and leveraged to enhance application systems integration in future project investments. Specifically, timelines should be confirmed and resources assigned for the key EA initiatives that had been identified for 2012-2013, consisting of development of an EA strategy and integration of EA with the PPMF, as these were the basis for future initiatives. Further, the Architectural Standards Committee should be re-instituted and reactivated to perform its role as the governance body ensuring IM/IT investments comply with approved technology standards and enterprise architecture initiatives (including current terms of reference produced, membership confirmed, and regular meetings initiated). |
The Director of ESS, in collaboration with all Directors in IMB, will:
|
March 31, 2014 |
Status : Underway Update/Rationale: Enterprise Architecture Strategy approved by ITSG on April 3, 2014. The Architectural Standards Committee (ASC) will be re-instituted in Q4. TOR are being developed in concert with those for the Architecture Review Board (ARB). The Enterprise Architecture (EA)/Project Portfolio Management Framework (PPMF) overlay/underlay is deferred due to lack of resources. The EA principles/guidelines are in the EA Strategy. AES: Actions have been completed or rational given as to why they cannot be. Recommend to close. Closed. |
6. The Chief Information Officer should ensure that appropriately detailed information is reported by sectors and regions in the annual IM/IT spend analysis, especially information on specific IM/IT projects/initiatives undertaken, in order to effectively monitor compliance with departmental policies requiring pre-approval of all IM/IT expenditures. Once this additional information is gathered and evaluated, any indications of non-compliance with required pre-approvals should be evaluated and, based on significance, corrective actions should be initiated, such as direct follow-up with the region/sector or escalation to governance committees. | The CIO will develop and implement compliance process(es) and activities to ensure that appropriate spending is occurring outside of IMB. | April 30, 2014 |
Status: Request to Close (Completed) Update/Rationale: AANDC has approved policy instruments that require compliance (e.g. policies and directives are mandatory by definition). As an example, AANDC approved the Directive on Information Management and Information Technology Procurement Authorization which states roles and responsibilities for procurement as well as what specific financial coding to use in the financial systems. In addition, an annual process has been implemented whereby IMB does extracts from the departmental financial system and sends them to the Region/Sector for their review and attestation. This review and attestation ensures that the Regions are coding to the correct project code. AANDC will need to develop compliance processes for the new SAP coding structure which was introduced April 1, 2014. AES: Implementation complete. Recommended to close. Closed. |