System Under Development Audit of the Secure Integrated Registration and Certificate Unit Project

January 2017

PDF Version (122 Kb, 18 Pages)

 

Table of contents

Acronyms

ADM

Assistant Deputy Minister

CIS

Certificate of Indian Status

INAC

Indigenous and Northern Affairs Canada

IREMS

Indian Registration and Estates Management System

IRS

Indian Registration System

O&M

Operations and Maintenance

RIAS

Resolution and Individual Affairs Sector

SCIS

Secure Certificate of Indian Status

SIRCU

Secure Integrated Registration and Certificate Unit

 

 

Executive Summary

Background

The Audit and Assurance Services Branch of Indigenous and Northern Affairs Canada ("INAC" or "the Department") identified the System Under Development (SUD) Audit of the Secure Integrated Registration and Certificate Unit (SIRCU) Project in the Department's 2015-2016 to 2017-2018 Risk-Based Audit Plan. The audit was identified as a very high priority as the accuracy of the Indian Register and the issuance of Secure Certificates of Indian Status (status cards) are fundamental to timely, effective and accountable delivery of federal programs and services for eligible individuals. One component of the SIRCU Project is to replace the existing Indian Registration System (IRS) with the Indian Registration and Estates Management System (IREMS). Indian registration information within the existing system underpins billions of dollars in program funding as well as policy analysis and research. The audit was originally initiated in January 2015; at the end of the planning phase, it was agreed upon with program management that the SIRCU Project was not sufficiently advanced to warrant audit work. The audit was put on hold and re-initiated in June 2016.

Audit Objective and Scope

The objective of the audit was to assess the adequacy of controls in place to mitigate key risks to the successful implementation of the SIRCU Project and to recommend risk management strategies to augment the effectiveness of the project's existing management control framework.

The audit scope focused on assessing the adequacy (design) of controls in place to manage SIRCU implementation risks in the following four broad risk areas identified during the planning phase: organizational readiness; project management; financial management; and enterprise architecture. The audit focused on current-state registration and Secure Certificate of Indian Status (SCIS) application/issuance processes with a future-looking assessment of key implementation risks.

Statement of Conformance

This audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

Positive Observations

The audit found several areas of strength. Specifically, the audit noted that standard project management practices were in place, including the implementation of an active and engaged SIRCU project steering committee. Additionally, a business case had been developed for the Indian Registration and Estates Management System (IREMS) and the implementation has included a formalized gating process, a business costing model, along with comprehensive business requirements and a method of prioritizing these requirements.

The audit also noted that opportunities for process and administrative improvement supported the business case for SIRCU's vision of centrally-virtualized, consistent and streamlined services across intake channels and regions. Furthermore, there were indications from internal stakeholders that certain proposed changes under the SIRCU vision, such as enhancing the usability of supporting Information Technology, would be welcomed.

Conclusion

The audit found multiple leading practices in place as well as opportunities to strengthen the design of certain key controls to better mitigate risks to the successful implementation of SIRCU and achievement of project objectives. Anchoring the definition of SIRCU scope on intended outcomes (i.e. results in terms of impact to Canadians), and aligning required resources to attain these outcomes, would better position INAC to manage the interrelated initiatives, activities and risks to achieving SIRCU outcomes.

Recommendations

The audit team identified opportunities for improvement in relation to business vision and outcomes, project management, organizational readiness and technology implementation, resulting in the following four recommendations:

  1. The Assistant Deputy Minister, Resolution and Individual Affairs, should clearly define the intended SIRCU outcomes (i.e. results in terms of impact to Canadians), including how these outcomes will be measured and reported. This would include defining results in consultation with key stakeholders and then identifying, assessing and managing all relevant initiatives and risks in an integrated manner to deliver and demonstrate these results.
  2. The Assistant Deputy Minister, Resolution and Individual Affairs, should review, clarify and communicate SIRCU's scope (and associated resource needs/allocations) in alignment with the intended outcomes, and track actual costs/resource usage of SIRCU delivery (including, if necessary, human resources in terms of full-time equivalents (FTEs)) against project costs/resource estimates.
  3. The Assistant Deputy Minister, Resolution and Individual Affairs, should review the current SIRCU resourcing and funding model to determine whether there is sufficient capacity allocated to undertake the necessary policy, process, people and technology changes (including data conversion) to successfully implement the SIRCU outcomes. This would include reviewing the resources and subject matter expertise necessary to concurrently manage existing operations (including anticipated demands from legislative changes) as well as new initiatives supporting SIRCU (including IREMS).
  4. The Assistant Deputy Minister, Resolution and Individual Affairs, should include data governance in its SIRCU plans with strategies to prepare/cleanse, migrate/convert and manage/govern data coordinated across functions (i.e. estates, treaties, registration, SCIS), including developing funding strategies to account for existing data issues and inherent data risks, and defining and planning for the data-related activities both in and out of scope of IREMS.

Management Response

Management is in agreement with the findings, has accepted the recommendations included in the report, and has developed a management action plan to address them. The management action plan has been integrated in this report.

 

 

1. Background

The Audit and Assurance Services Branch of Indigenous and Northern Affairs Canada ("INAC" or "the Department") identified the System Under Development (SUD) Audit of the Secure Integrated Registration and Certificate Unit (SIRCU) Project in the Department's 2015-2016 to 2017-2018 Risk-Based Audit Plan. The audit was identified as a very high priority as the accuracy of the Indian Register and the issuance of Secure Certificates of Indian Status (status cards) are fundamental to timely, effective and accountable delivery of federal programs and services for eligible individuals. The audit was originally initiated in January 2015, but at the end of the planning phase, it was agreed upon with program management that the SIRCU Project was not sufficiently advanced to warrant audit work. The audit was put on hold and re-initiated in June 2016.

The integrity and credibility of the Department is highly dependent on a well-functioning registration and secure card issuance process. Likewise, a well-functioning registration system to maintain the Indian Register is fundamental and essential to Indigenous programs and services in Canada. Specifically, Indian Register information serves as the official record of individuals with Indian status in Canada. Numerous INAC functions as well as other federal and provincial government organizations rely on Indian registration information to administer programs and services and make entitlement decisions, including, but not limited to, education, non-insured health benefits, federal and provincial/territorial tax exemptions, on-reserve housing benefits, border-crossing, and treaty payments. Indian registration information also informs important research and policy aimed at improving the social well-being, health and economic prosperity of First Nations in Canada. In short, the Indian Register information underpins billions of dollars in program funding as well as policy analysis and research.

The SIRCU Project seeks to integrate and modernize the Indian registration and the Secure Certificate of Indian Status (SCIS) issuance processes. One component of this project is to replace the existing Indian Registration System (IRS), which is used by the Department to track Indian registration information, Band membership and demographic statistics, with the Indian Registration and Estates Management System (IREMS). IREMS is intended to support a paperless, electronic registration and card issuance process that will enable electronic administrative work and improve workflow management across regions and at INAC headquarters.

SIRCU can be described as a desired future state business model that combines registration and card issuance activities to modernize and enhance client services, increase operational efficiency, and promote a culture of client service excellence. SIRCU can also be described as a project (the "SIRCU Project") to implement and operationalize the desired future state business model. The SIRCU Project Charter defines a vision to offer a consistent service to clients, irrespective of the channel they use to submit a request, or the region in which they reside. The four objectives of the SIRCU Project are to:

  1. Integrate business processes by providing consistent services and consistent policies for registration and cards, across Canada, irrespective of the service channel used by the client;
  2. Enhance service delivery by providing client-centric services, as defined in the Treasury Board (TB) Policy on Service;
  3. Modernize IT systems that support productive workflows using virtual processes and accommodate the increased use of web tools; and
  4. Streamline the organization to create alignment between the new process and human resources, including the Indian Registration AdministratorsFootnote 1.

The SIRCU Project is the responsibility of the Individual Affairs Branch within the Resolution and Individual Affairs Sector at INAC. The Project is a three-year initiative that launched in April 2014 and consists of the following three phases:

Phase 1: Headquarters-oriented and includes the implementation of a new organization to develop, test and support new integrated policies and processes for registration and card issuance.

Phase 2: Introduction of integrated products for clients such as a single application form for registration and card issuance, and new roles for Regional Offices and Indian Registration Administrators to ensure clients are provided with harmonized service across the country.

Phase 3: Development and implementation of the IREMS to replace the four current applications used for: registration, the SCIS, estate management and treaty payments.

At the time this audit was initiated, the SIRCU Project was behind schedule and still completing Phase 1. However, certain elements of Phases 2 and 3 were also underway.

 

 

2. Audit Objective and Scope

2.1 Audit Objective

The objective of the audit was to assess the adequacy of controls in place to mitigate key risks to the successful implementation of the SIRCU Project and to recommend risk management strategies to augment the effectiveness of the project's existing management control framework.

2.2 Audit Scope

The scope of the audit focused on assessing the adequacy (design) of controls in place to manage SIRCU implementation risks in the following key areas, which were identified in the initial risk assessment performed during the audit planning phase:

  • Organizational Readiness;
  • Project Management;
  • Financial Management; and
  • Enterprise ArchitectureFootnote 2.

As this audit was designed to be forward-looking, the scope excluded assessing the effectiveness of the controls. Also excluded from scope were the activities outside of INAC, such as infrastructure provided by Shared Services Canada and processes implemented by First Nations that are not part of INAC regional operations.

Fieldwork activities were performed at headquarters (HQ), including the National Processing Unit (NPU), as well as the Winnipeg Processing Unit (WPU), and the Manitoba and Alberta regional offices.

 

 

3. Audit Approach and Methodology

The audit was conducted in accordance with the requirements of the TB Policy on Internal Audit and followed the Internal Auditing Standards for the Government of Canada.

The planning phase of the audit involved various procedures, including a review of preliminary documentation, such as SIRCU Project documentation (e.g. project charter, management briefing decks, project steering committee meeting minutes, and various other documents) and conducting interviews with SIRCU management and key stakeholders. Based on this information, a preliminary risk assessment was completed to determine the scope of the audit. Refer to Appendix A for the audit criteria developed for this audit. The audit criteria and subsequent fieldwork were informed by the industry standards and frameworks listed in Appendix B.

Based on the audit criteria, a risk-based work plan was developed and used to drive audit activities undertaken during the conduct phase. The audit activities were designed as a proactive risk assessment, focusing on key risks, issues and control design weaknesses. The audit activities undertaken included the following:

 

 

4. Conclusion

The audit found multiple leading practices in place as well as opportunities to strengthen the design of certain key controls to better mitigate risks to the successful implementation of SIRCU and achievement of project objectives. Anchoring the definition of SIRCU scope on intended outcomes (i.e. results in terms of impact to Canadians), and aligning required resources to attain these outcomes, would better position INAC to manage the interrelated initiatives, activities and risks to achieving SIRCU outcomes.

 

 

5. Findings and Recommendations

Based on a combination of the evidence gathered through interviews, the examination of documentation, and analysis, each audit criterion was assessed by the audit team and observations were developed for each audit criterion. Where a significant difference between the audit criterion and the observed practice was found, the risk of the gap was evaluated and used to develop relevant observations and to document recommendations for improvement.

Observations below focus on SIRCU vision and outcomes, project management, organizational readiness, and technology implementation.

5.1 SIRCU Vision and Outcomes

The audit team observed several indications that the business case for SIRCU's vision of centrally-virtualized, consistent and streamlined services across intake channels and regions is warranted. For example, backlogs and wait times across regions can vary, and events (e.g. the recent "Occupy INAC" incidents at various INAC offices) can interrupt or halt services in a region. Under a centrally-virtualized SIRCU vision, services can be load-balanced across regions, thus addressing these challenges. Similarly, the audit team observed instances of inconsistent regional interpretations and implementations of registration-related policy, and administrative redundancy in the registration and SCIS application processes. Realizing the SIRCU vision would address these inconsistencies and redundancies.

The audit team's examination of the current processes, procedures and systems suggested that changes are required to transform the organization (policy, processes, people, and technology) in order to realize the SIRCU vision.

The audit team noted operational interdependencies that will impact the realization of SIRCU's vision. As an example, the shift to integrated processing of registration and SCIS card issuance without decommissioning the Certificate of Indian Status (CIS) may not achieve INAC's intended integration outcomes.

The CIS is an identity document that confirms that an individual is registered as a Status Indian under the Indian Act and provides them with access to benefits and services. The SCIS includes several security improvements to help protect registered individuals from identity theft while still providing them with access to benefits and services.

The application requirements for a SCIS card are generally more substantial than they are for a CIS card. For example, the application for a SCIS card requires additional proof of identification. Therefore, there may be little incentive for individuals to take the additional steps for a SCIS card when CIS cards are readily available and provide access to the same benefits. Although integrating the processes for registration and SCIS card issuance could achieve greater security and process simplification, if individuals opt out of the SCIS component of the integrated process in favour of obtaining a CIS card separately, these outcomes may not be achieved and administrative burdens may rise within INAC.

The auditors also noted that the shift to integrated processing could increase service risks realized during initial integration testing at the WPU. For example, interviews indicated that several SCIS applications received at NPU, that leverage an integrated processFootnote 3 for both registration and SCIS card issuance, may be expired by the time they arrive for SCIS processing. One factor contributing to these expirations is that the SCIS application requires a recent photo (either 6 or 12 months)Footnote 4 of the applicant. However, because these applications first go through a registration process based on individual entitlement, the time needed for this process can exceed the expiry date of the photo. Registration entitlement decisions can be complex and take time to process, which can lead to an SCIS application expiring before it can be processed, significantly diminishing client service and impacting SIRCU's ability to achieve a streamlined process and demonstrate improvement in the clients' experience.

The audit did not find evidence to demonstrate that the SIRCU Project is being managed with a comprehensive view of these and other operational interdependencies and complexities.

To effectively manage the significant changes, a clear understanding of intended outcomes is important. The audit team did not see evidence of clearly stated outcomes (i.e. results in terms of impact to Canadians) and a method of measuring these outcomes. For example, the audit did not find evidence of existing service level baselines (i.e., a minimum service level or current starting point used for comparisons over time) being used to measure and demonstrate results throughout the duration of the Project.

Recommendation:

1. The Assistant Deputy Minister, Resolution and Individual Affairs, should clearly define the intended SIRCU outcomes (i.e. results in terms of impact to Canadians), including how these outcomes will be measured and reported. This would include defining results in consultation with key stakeholders and then identifying, assessing and managing all relevant initiatives and risks in an integrated manner to deliver and demonstrate these results.

5.2 Project Management

The audit team observed several standard project management practices being applied to the SIRCU Project. For example, the auditors found that an active and engaged SIRCU project steering committee has been implemented, and a SIRCU monthly newsletter is distributed to Individual Affairs Branch staff. The auditors also observed a formalized project management approach being applied for the IREMS implementation.

The SIRCU Project is a significant and complex initiative with several interdependent and transformative initiatives involving people, policy, processes, and technology being managed by different organizational units. Further, some of the initiatives within SIRCU are being managed as separate projects (e.g. IREMS is being managed as a separate IT project).

When examining the management of the SIRCU Project and related initiatives, the audit team observed several instances of standard project management practices. At the same time, they observed several instances where SIRCU project management could be improved, including clarity on the project scope and communication to stakeholders. For example:

  • The SIRCU Project Charter indicates that achievement of the SIRCU objectives depends on the initiative to phase out CIS cards, but the initiative is not included in the scope of the Project. However, subsequent documents, such as an update to the Assistant Deputy Minister, Resolution and Individual Affairs, include the initiative to phase out CIS cards as part of the SIRCU Project.
  • Management and staff interviewed explained that there is inconsistent use of the term "SIRCU" and no clear definition of SIRCU as a project. They also noted that the timelines and goals are often changing and/or delayed.

Additionally, the audit team did not find evidence of a method to track and demonstrate how resources, in FTEs and/or funds, are being utilized against SIRCU Project cost estimates. The SIRCU Project charter outlines that 2015-2016 project costs included: funding for a Transformation and Integration Unit, with four FTEs for a definite period of three years ending March 2017; and $915K in Operations and Maintenance (O&M) funds for IREMS. The audit team noted there were estimated costs for IREMS and practices in place to track IREMS-related costs. However, other SIRCU initiatives are being funded out of A-Base funding and no SIRCU project code was established to facilitate the tracking of resource usage.

Managing the collection of interdependent projects and initiatives that make up SIRCU, with a clear definition of outcomes (end results), could help validate, clarify and manage scope and resource utilization.

Recommendation:

2. The Assistant Deputy Minister, Resolution and Individual Affairs, should review, clarify and communicate SIRCU's scope (and associated resource needs/allocations) in alignment with the intended outcomes, and track actual costs/resource usage of SIRCU delivery (including, if necessary, human resources in terms of FTEs) against project costs/resource estimates.

5.3 Organizational Readiness

The SIRCU Project is introducing changes spanning people, policy, processes and technology, and will impact stakeholders across the country. A key success factor for any transformation is whether stakeholder groups are willing to accept the changes. Interviews with internal stakeholders in Alberta, Manitoba and headquarters, including the National Processing Unit and the Winnipeg Processing Unit suggested that several proposed changes under SIRCU are welcomed, such as enhancing the usability of supporting information technology.

Operational demands, such as ongoing legislative changes and litigation cases, present high risk to INAC's ability to deliver the SIRCU outcomes while at the same time maintaining critical services, such as certificate issuance.

The audit team observed evidence of current legislative efforts having an impact on SIRCU timelines. For example, auditors were informed that the phasing out of CIS cards was postponed and that SIRCU national calls were put on hold for a period of time in 2016 due to priorities related to legislative amendments. The audit team recognizes that litigation cases and legislative changes create operational demands that INAC must respond to on a priority basis, including a number of ongoing Human Rights Commission and litigation cases open at the time of this audit. However, many of the same resources responsible for delivering SIRCU are needed to respond to these priorities.

Furthermore, in addition to ongoing operations and legislative changes, many of the same resources needed to implement SIRCU changes will also be needed for the IREMS implementation (examples include, but are not limited to, developing IREMS requirements, cleansing and converting data, informing data governance plans, and assisting with user acceptance testing).

In light of the significant efforts needed for SIRCU, alongside with IREMS implementation, the audit team did not observe evidence of sufficient analysis demonstrating the adequacy of resources/funding going forward. In particular, the audit team did not find evidence of a comprehensive understanding of all the resources needed for the Project-related initiatives and activities, including the subject matter expertise required.

The audit team observed an incremental approach to delivering SIRCU with existing resources. Specifically, resources are working on SIRCU if and when they have additional capacity, increments at a time. However, proceeding incrementally without a funded approach fully supported by senior management heightens certain risks. In particular, without the organizational capacity needed to manage the significant changes, the benefits expected from the IREMS investment are at risk, the likelihood of a service disruption is heightened, and INAC may not meet operational obligations and/or stakeholder expectations.

Recommendation:

3. The Assistant Deputy Minister, Resolution and Individual Affairs, should review the current SIRCU resourcing and funding model to determine whether there is sufficient capacity allocated to undertake the necessary policy, process, people and technology changes (including data conversion) to successfully implement the SIRCU outcomes. This would include reviewing the resources and subject matter expertise necessary to concurrently manage existing operations (including anticipated demands from legislative changes) as well as new initiatives supporting SIRCU (including IREMS).

5.4 Technology Implementation

A significant component of the SIRCU Project is the implementation of IREMS. The audit team observed, and interviews indicated, that the Government of Canada gating process is being used by INAC to implement IREMS. Documentation reviewed demonstrated that a detailed business costing model, project approach, and business case had also been developed.

The audit team noted that comprehensive business requirements for IREMS had been developed, and that these requirements generally reflect the needs of stakeholders for registration, estates management, treaty payments and SCIS. The audit team also observed an appropriate method for prioritizing requirements. In particular, IREMS requirements had been prioritized as "must have," "should have" and "could have" and the following factors informed this prioritization: Business Value; Business or Technical Risk; Implementation Difficulty; Likelihood of Success; Relationship to other requirements; Urgency and Stakeholder Agreement. While further review and refinement of these requirements will be important, this prioritization approach is generally aligned with standard practices.

The Indian Register is the official record identifying all Status Indians in Canada and underpins billions of dollars in government-wide program funding for First Nations as well as policy analysis, design and implementation across jurisdictions. Therefore, the data integrity, confidentiality and availability of this information are critical to managing reputational and financial risks.

IREMS will replace four legacy systems: the Indian Registration System, the SCIS web application, the Estates Reporting System, and the Treaty Payment System. Integrating the existing legacy systems is expected by the audit team to be complex and resource-intensive, and will need a strong data governance model. Risks in these areas will need to be examined and managed. For example, known data quality issues with legacy systems exist. Strategies are needed to address these quality issues and data inconsistencies across these systems as well as to govern the information to be housed by an integrated IREMS.

Consideration for data governance (including data privacy and security, data integrity across legacy systems, and an ongoing approach to managing information in IREMS) should be planned early in the IREMS/SIRCU Project so that the technological options and implementation plans reflect the information needs of INAC. The plans should consider metadata management (for example, how to interpret each element of data in a given system) as well as master data management (for example, the "source of truth" or "system of record" for a given element of data).

The audit team did not observe early planning for these key areas in a manner commensurate with the inherent risks. As an example, at the time of the audit, certain IREMS transition requirements, such as for data integrity and conversion, had not yet been developed. Without a clear definition of plans and requirements, resource planning for data governance and conversion may not be adequate. Moreover, future data security analyses may expose weaknesses that may be more costly to address at a later date.

Recommendation

4. The Assistant Deputy Minister, Resolution and Individual Affairs, should include data governance in its SIRCU plans with strategies to prepare/cleanse, migrate/convert and manage/govern data coordinated across functions (i.e. estates, treaties, registration, SCIS), including developing funding strategies to account for existing data issues and inherent data risks, and defining and planning for the data-related activities both in and out of scope of IREMS.

 

 

6. Management Action Plan

Recommendations Management Response / Actions Responsible Manager (Title) Planned Implementation Date
1. The Assistant Deputy Minister, Resolution and Individual Affairs, should clearly define the intended SIRCU outcomes (i.e. results in terms of impact to Canadians), including how these outcomes will be measured and reported. This would include defining results in consultation with key stakeholders and then identifying, assessing and managing all relevant initiatives and risks in an integrated manner to deliver and demonstrate these results. 1.1 With the Branch implementation of the TB Results Policy, SIRCU outcomes will be articulated. The baseline will be established using results as of April 1, 2014. The progress against the baseline will be reported in the Quarterly and Annual Departmental Business Report. Assistant Deputy Minister, Resolution and Individual Affairs

1.1 December 31, 2016

Completed

1.2 Using existing SIRCU governance as defined in the SIRCU Project Charter, all initiatives and risks of SIRCU will be managed in an integrated manner through the SIRCU dashboard updated weekly by the SIRCU Project Manager, shared with the SIRCU Steering Committee bi-weekly and stored in the Corporate Information Document Management system.

1.2 November 30, 2016

Completed

2. The Assistant Deputy Minister, Resolution and Individual Affairs, should review, clarify and communicate SIRCU's scope (and associated resource needs/allocations) in alignment with the intended outcomes, and track actual costs/resource usage of SIRCU delivery (including, if necessary, human resources in terms of full-time equivalents) against project costs/resource estimates. 2.1 A national Program meeting will be held to clearly communicate SIRCU's scope and implementation plan for 2016-17 and 2017-18. Assistant Deputy Minister, Resolution and Individual Affairs

2.1 January 31, 2017

Completed

2.2 Bi-weekly national calls will be held to inform and address questions from Regions. Agenda and meeting records are kept in the Corporate Information Document Management system.

2.2 November 10, 2016

Completed

2.3 SIRCU as a vision is an integral part of the normal business of Individual Affairs' service delivery and tracked in the Departmental financial and human resources business decision tools and dashboard. SIRCU as a transformation and innovation project is led by a project team whose resources are identified separately through a specific Cost Center Manager.

2.3 Financial Status Report of the Individual Affairs Branch of November 30, 2016

Completed

3. The Assistant Deputy Minister, Resolution and Individual Affairs, should review the current SIRCU resourcing and funding model to determine whether there is sufficient capacity allocated to undertake the necessary policy, process, people and technology changes (including data conversion) to successfully implement the SIRCU outcomes. This would include reviewing the resources and subject matter expertise necessary to concurrently manage existing operations (including anticipated demands from legislative changes) as well as new initiatives supporting SIRCU (including IREMS). 3.1 The Branch will conduct an organizational review by an external expert. Assistant Deputy Minister, Resolution and Individual Affairs

3.1 March 31, 2017

Implementation underway

3.2 A strategy will be submitted to obtain additional resources to manage new workload created by legislative changes and to implement the SIRCU project.

3.2 December 31, 2016

Completed

3.3 A project unit, costed in the IREMS project plan, will be approved as part of the deliverables for Gate 4. To proceed, the project will need to identify resources internally.

3.3 Preliminary Project Management Plan to be approved by March 31, 2017 or Date of approval of Gate 4.

Implementation underway

4. The Assistant Deputy Minister, Resolution and Individual Affairs, should include data governance in its SIRCU plans with strategies to prepare/cleanse, migrate/convert and manage/govern data coordinated across functions (i.e. estates, treaties, registration, SCIS), including developing funding strategies to account for existing data issues and inherent data risks, and defining and planning for the data-related activities both in and out of scope of IREMS.

4.1 IREMS, as a major IT project, is following the Treasury Board Secretariat Gating approval process. A Data Management plan is included in the Preliminary Project Management Plan which is a Gate 4 deliverable.

To ensure the Plan is adequate, the Departmental Information Management Director is a member of the IREMS Project Implementation Committee (see IREMS Project Charter) reviewing and recommending Gate 4 deliverables to Senior Management.

Assistant Deputy Minister, Resolution and Individual Affairs

4.1 Preliminary Project Management Plan to be approved by March 31, 2017 or Date of approval of Gate 4.

Implementation underway

4.2 Starting before, and continuing concurrently with the development of IREMS, pursue data cleansing underway since 2015-16 in the Individual Affairs Branch which is part of the Monitoring and Compliance Framework. Funding has been secured through a multi-year Annex L.

4.2 Individual Affairs to report on progress to the Data Management governance set-up in the IREMS Project Management Plan

Implementation underway

 

 

Appendix A: Audit Criteria

To acquire an appropriate level of assurance to meet the audit objective, the following audit criteria were developed.

Area Examined Audit Criteria
1. Organizational Readiness 1.1 The Department has the human resource capacity to effectively implement the SIRCU Project.
1.2 The Department has Information Management/Information Technology capacity to effectively implement the SIRCU Project.
1.3 The Department has established and implemented an effective change management strategy.
1.4 SIRCU's service delivery model is aligned to the TB Policy on Service.
2. Project Management 2.1 Performance indicators and measurements are in place, and are used to inform decision making and to monitor benefits realization.
2.2 Project assumptions (including costing estimates) are documented with rationale and remain relevant.
2.3 Project status is actively monitored and reported to project sponsors, the SIRCU Governance Committee, and senior management (as appropriate).
2.4 Project risks and issues are being managed effectively.
3. Financial Management 3.1 Costs and expenditures are being accurately tracked and reported.
3.2 A viable funding strategy is in place and/or being established.
4. Enterprise Architecture 4.1 The unique processes and requirements of the regions are being accounted for in the new business model and all key stakeholders are engaged in the IREMS requirements gathering process.
4.2 The SIRCU model is being designed to be accessible to all First Nations/Canadians to which the service applies.
4.3 Requirements are prioritized and the selected technology solution for IREMS will address high-priority requirements.
4.4 The quality of data migrated into IREMS will be enforced.
4.5 IREMS will plan to implement data governance and controls on data read/write.
 

 

Appendix B: Relevant Policies, Directives, and Guidance

The following authoritative sources were examined and used as a basis for this audit:

 
 

Did you find what you were looking for?

What was wrong?

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Thank you for your feedback

Date modified: