Archived - Audit of IM/IT Expenditures and Management Control Framework - Follow-up Report Status Update as of March 31, 2011
Archived information
This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
PDF Version (27 Kb, 4 Pages)
Action Plan Implementation Status Update Report to the Audit Committee - As of March 31, 2011
Chief Financial Officer (CFO)
Audit of IM/IT Expenditures and Management Control Framework (09-063)
Approval Date: 24/09/10
| Project Recommendations |
Action Plan | Expected Completion Date |
Program Response |
|---|---|---|---|
| 1. The CFO, in collaboration with the CIO, should develop and implement a directive that clearly defines IM/IT expenditures, specifying the respective line objects to be used for financial reporting. | The CIO will work with the DG, Planning and Resource Management and the DG, Corporate Accounting and Materiel Management to specify and define how the Departmental chart of accounts is to be used to track IM/IT expenditures effectively. The application of elements of the CoA will be clearly defined as a national standard. These requirements will be communicated in the form of a directive. | January 2011 |
Update/Rationale: As of 31/03/2011: IT expenditure definitions have been defined, adopted and communicated as part of a TBS request for departmental expenditure information. The INAC Directive is being drafted based on the work that is currently being done by TBS and will include applicable changes to the Chart of Accounts and accounting system. Draft directives will start circulating to the IM/IT governance committees in late Q1, or, early Q2. AES: Implementation is ongoing. The recommendation will be closed once the directive has been finalized and communicated across the department. |
| 2. The CFO, in collaboration with the CIO and Assistant Deputy Ministers (ADM) responsible for regional operations and staff, should implement a national system to track all IM/IT assets. This system should track device life-cycle, warranty, user and location information and should provide functionality to ensure that all devices and licenses assigned to employees and consultants are reacquired and/or removed upon departure. Once a national tracking system has been implemented, the CIO should conduct a Department-wide inventory of IM/IT assets. |
The CIO has a software tool (viaTIL Remedy) that is capable of tracking assets and verifying inventory. The CIO will adjust existing processes to ensure that entry and exit procedures include the assignment and re-acquisition of hardware and software assets, and the effective management of system access rights and permissions. Once these measures are in place, the CIO will initiate a national baseline inventory and introduce inventory management processes.
The CIO will issue a directive specifying the process to be followed and making mandatory the use of the Remedy tool as a national standard. |
January 2011 |
Update/Rationale: As of 31/03/2011: INAC has a tool deployed software (ITSP/Remedy) that can track the IT hardware assets software licences installed on individual desktop/laptops, we use Microsoft System Management Center (formally SMS). The hardware assets are tracked at HQ. Consistent processes have not been documented and communicated across regional offices. Plans include adding network and server assets, as well as documenting, communicating and implementing processes, procedures to capture and maintain the asset information in the ITSP/Remedy tool. AES: Implementation is ongoing. |
| 3. The CFO, in collaboration with the CIO, should establish a consistent, documented and communicated procurement process for acquiring IM/IT assets that enforces appropriate segregation of duties across allregions and headquarters. |
The CIO will issue a directive under the policy on the governance of IM/IT that will specify the processes and authorities for the procurement of IM/IT professional services and hardware and software. The CIO will work with the DG, Corporate Accounting and Materiel Management to ensure that the necessary controls and reporting capabilities exist to support these processes. These measures will include dedicated procurement capacity, monitoring, tools and templates, etc.
The CIO will also encourage greater use of the centralized procurement of IT assets which may address such issues as the segregation of duties with respect to procurement and receipt as was observed during the audit. |
March 2011 |
Update/Rationale: As of 31/03/2011: The draft Directive on IM/IT procurement has been reviewed by the Information Technology and Stewardship Group (ITSG). Presentation to the Director Generals Implementation and Operations Committee (DGIOC) is expected in Q1 of 2011. AES: Implementation is ongoing. The recommendation will be closed once the directive has been finalized and communicated across the department. |
| 4. The CFO should establish and maintain a complete inventory of IM/IT contracts, SLAs and MOUs. The CFO, in collaboration with the CIO, should also formalize a process to perform appropriate cost-benefit analyses for IM/IT service agreements based on strategic significance. | The CIO will specify the parameters for defining and measuring performance of acquired services, service agreements, and Memoranda of Understanding that pertain to IM/IT. This will include the requirement for an explicit statement of the expected benefits associated with the 3rd party arrangement, and the means and periodicity of reviewing and reporting. The CIO will endeavour to define a standard approach for the determination of benefits realized from such arrangements. This requirement will be communicated in the form of a Directive under the policy on governance of IM/IT. The CIO will develop an inventory of these agreements which will be reviewed by the Information and Technology Stewardship Group, and monitored on an annual basis. | December 2010 |
Update/Rationale: As of 31/03/2011: The inventory is currently being conducted. Initial results indicate that the vast majority of contracts have been competed, and therefore, provide value for money. The approach to conducting cost-benefit analyses will be developed in Q1 of 2011-12. All future contracts, MOUs and service level agreements developed by IMB will have explicit statements on expected benefits. AES: Implementation is ongoing. The recommendation will be closed once an approach to cost-benefit analysis is finalized and communicated across the department, and once the inventory is complete, and the requirement to register all future IM/IT contracts with the inventory is communicated across the department. |
| 5. The CFO, in collaboration with the CIO and ADMs responsible for regional operations and staff, should finalize a Departmental IM/IT strategy to which local strategies and processes align across all regions and headquarters. Root causes of inconsistent practices should be addressed to establish a consistent approach to managing IM/IT initiatives across the Department. | The CIO will complete and obtain approval of the draft IM/IT Strategy. This strategy will provide the context for the policy on the governance of IM/IT and will form the basis for plans and activities across the Department's sectors and regions. | January 2011 |
Update/Rationale: As of 31/03/2011: IMB has prepared a draft strategy that has been presented to the Information and Technology Stewardship Group (ITSG). The finalization of the Key Business Line Strategies (e.g. Individual Affairs, Lands and Resources) is necessary in order to complete the IM/IT Strategy and present it to DGIOC and Operations Committee for final approval. To address inconsistent practices to managing IM/IT initiatives across the Department, Operations Committee recently approved the Enhanced Portfolio Management Framework. This will allow different "gating" approaches based on the risk and complexity of the initiative. AES: Implementation is ongoing. |