Audit of IM/IT Governance and Application Systems Integration - Follow-up Report Status Update as of June 30, 2014

PDF Version (64 Kb, 10 Pages)

Action Plan Implementation Status Update Report to the Audit Committee - As of June 30, 2014

Chief Financial Officer

Audit of IM/IT Governance and Application Systems Integration
Approval Date: 11-21-2013
Project Recommendations	Action Plan	Expected Completion Date	Program Response
1. The Chief Information Officer should strengthen governance and strategic direction related to information management by establishing or enhancing the following key elements: Develop and approve an IM Plan consistent with the priorities identified in the Department's IM/IT Strategy, including prioritized initiatives for the five-year planning horizon. This may be part of an integrated IM/IT Plan or a separate IM Plan, but it is critical that IM direction be clarified. The draft Enterprise IM Strategy should be withdrawn to avoid confusion with having both an IM/IT Strategy and a separate IM Strategy. Ensure required IM policies and directives are finalized and approved, and are communicated within the Department to all impacted employees. Of priority are those meeting TBS requirements, especially the Directive on Recordkeeping, where compliance is required by March 2015.	The Director of CIMD, in collaboration with the CIO, other Directors in IMB, and members of ITSG and DGIOC, will develop and approve an IM Plan consistent with the priorities identified in the Department's IM/IT Strategy, including prioritized initiatives for the five-year planning horizon.	June 30, 2014	Status : Underway Update/Rationale: As of June 30, 2014 By request of the Deputy Minister, the Chief Information Officer is developing an AANDC IM/IT Strategy to be approved by Operations Committee (or Senior Management Committee (SMC)) by October 1, 2014. Once approved, an Information Management (IM) plan will be developed to implement the Information Management related recommendations of the new strategy. AES: Implementation ongoing.
	The draft Enterprise IM Strategy will be withdrawn.	November 30, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Draft Enterprise IM Strategy has been removed for the INTRA site. AES: Closed.
	The AANDC Record Keeping Directive and E-Mail Management Directive will be reviewed, updated and approved.	January 30, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Record Keeping Directive Approved, E-mail management directive to be implemented by SSC through ETI. AES: Closed.
	All approved policy instruments will be communicated to all employees via AANDC Express.	March 31, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Implementation process amended to include submission of communication about approved policy instruments for publication in AANDC Express. AES: Closed.
Ensure IM is a regular standing item at governance committees to monitor implementation of IM policies and directives as well as progress of key IM initiatives within the approved plan.	All IM/IT Policy Instruments will be organized into a prioritized list for review, update and approval as part of a life-cycle review and update.	March 31, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: IM/IT policy framework with associated prioritized list policy instruments for review and update completed. AES: Closed.
	An Intranet review and update process will be completed to remove draft policy instruments and ensure that only official/final versions are available.	December 15, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Intranet reviewed and all draft policy instruments removed. AES: Closed.
	Forward Agendas for IMB's Branch Management Team meetings as well as IM/IT governance committees (e.g. ITSG) will be reviewed and updated to ensure that there are IM agenda items discussed at least once a month, and escalated as required to DGIOC and/or DOC.	December 15, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: IM Updates (i.e. RK Directive, ETI) provided to BMT, ITSG, DGIOC and Ops. AES: Closed.
2. The Chief Information Officer should continue the process recently initiated of engaging sectors and regions through the five-year call for investment plans in order to facilitate integration of the IM/IT Strategy and Plans with departmental investment planning. In addition to those approved by Operations Committee as part of the Department's Investment Plan, which includes projects greater than $1 million only, these results should be incorporated into the annual updates of the IM/IT Plan to help ensure the IM/IT Plan remains consistent with the overall priorities of the Department and to allow for appropriate Information Management Branch resource planning.	The annual call for IM/IT initiatives will continue to be included in all future calls for Investment plans.	March 31, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: IM/IT Planning remains integrated with investment planning call letter. Management of IM/IT initiatives is integrated internally with the MOU, Application Portfolio Management and Portfolio Management processes and the reporting processes to TBS on IM/IT Expenditures, IM/IT Plans, APM and investment planning. AES: Implemented. The recommendation will be closed. Closed.
	Results will be included in updates to the Tactical IM/IT Plan	March 31, 2014
3. The Chief Information Officer should establish a centralized function to manage all IM and IT policies and directives to help ensure that they are tracked from draft status through to finalization and approval, and to manage the posting of only approved policies and directives on the Information Management Branch intranet site. This centralized function should track when policies and directives require review based either on the established timeline or when TBS requirements are modified, and monitor the process for updating. A communication process should be established to communicate the requirements of all new or modified policies and directives on a consistent basis to all those responsible for implementing them.	The office of the CIO will: Manage the development and updates to IM/IT policy instruments	November 15, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Ongoing. AES: Closed.
	Track the development/update of new and existing policy instruments	November 15, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Ongoing. AES: Closed.
	Manage the posting of existing/new policy instruments	November 15, 2013	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Ongoing AES: Closed.
	Develop an update life-cycle for all IM/IT policy directives	March 31, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: Developed and ongoing. AES: Closed.
	Prepare communiqués for AANDC Express to highlight the requirements of all new policy instruments.	March 31, 2014	Status:Request to Close (Completed) Update/Rationale: As of 31/03/2014: Communiqués prepared and ready for periodic submission to communications for publication in AANDC Express. AES: Closed. AES: Implemented. The recommendation will be closed.
4. The Chief Information Officer should enhance the Project Portfolio Management Framework (PPMF) documentation/adherence by: clarifying the requirements for information management considerations in the PPMF, including how these will be documented and monitored in the gating approval process;	The Chief Information Officer will create an Information Management overlay/underlay that will identify the information management considerations and requirements for each gate of the PPMF.	February 1, 2014	Status: Request to Close (Completed) Update/Rationale: As of 31/03/2014: IM Overlay created and in place. AES: Closed.
	The Director of Enterprise IM/IT Strategic Services will develop a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process.	February 1, 2014	Status: Request to Close (Completed) Update/Rationale: As of June 30, 2014 All current Project Portfolio Management Framework (PPMF) template documents have been updated and are included in the revised Master list of Gate Deliverables. The intranet page is updated since April 16, 2014. AES: Closed.
developing, approving, and posting to the Information Management Branch intranet site a document that clearly outlines the current requirements for approval by governance bodies at each gate in the PPMF gating process;	Once approved, the document will be posted on the Intranet.	February 28, 2014
clarifying PPMF requirements for projects requiring Treasury Board approval as these projects should follow the Department's defined and approved project governance process; and,	The Director of ESS will create a document clarifying PPMF requirements for projects requiring Treasury Board approval to ensure that PPMF gating requirements are known for projects requiring TBS approval.	March 1, 2014	Status : On hold Update/Rationale: As of June 30, 2014 Treasury Board Secretariat has been contacted for guidance. IMB is collaborating with a TBS analyst to define gating requirements for TBS approved projects. Once specific requirements for TBS approved projects are confirmed, the synopsis will be added to the Project Management Framework webpage. AES: Implementation ongoing.
ensuring that formal project close-out as defined in the PPMF, including lessons learned and benefits realization, is enforced.	The CIO, in collaboration with ITSG and DGIOC will update the IM/IT Frameworks and documents to ensure that formal project close-outs are completed.	February 1, 2014	Status: Request to Close (Completed) Update/Rationale: As of June 30, 2014: The Project Closeout template was updated and approved by Chief Information Officer's Branch Management Team (CIO-BMT), presented to ITSG and has been posted to the INTRA site. Projects are now being ‘officially' closed out in accordance with Project Portfolio Management Framework guidelines (i.e. FNCFS). AES: Closed.
5. The Chief Information Officer should ensure that Enterprise Architecture (EA) initiatives are addressed on a priority basis and leveraged to enhance application systems integration in future project investments. Specifically, timelines should be confirmed and resources assigned for the key EA initiatives that had been identified for 2012-2013, consisting of development of an EA strategy and integration of EA with the PPMF, as these were the basis for future initiatives. Further, the Architectural Standards Committee should be re-instituted and reactivated to perform its role as the governance body ensuring IM/IT investments comply with approved technology standards and enterprise architecture initiatives (including current terms of reference produced, membership confirmed, and regular meetings initiated).	The Director of ESS, in collaboration with all Directors in IMB, will: Develop an EA Strategy Develop an EA overlay/underlay for the PPMF Re-institute the BMT ASC with Terms of Reference Develop EA Principles/guidelines	March 31, 2014	Status: Underway Update/Rationale: As of June 30, 2014: Enterprise Architecture Strategy approved by ITSG on April 3, 2014. The Architectural Standards Committee (ASC) will be re-instituted in late Q3 (or early Q4). The Enterprise Architecture (EA) / Project Portfolio Management Framework (PPMF) overlay/underlay and EA principles/guidelines under development. AES: Implementation ongoing.
6. The Chief Information Officer should ensure that appropriately detailed information is reported by sectors and regions in the annual IM/IT spend analysis, especially information on specific IM/IT projects/initiatives undertaken, in order to effectively monitor compliance with departmental policies requiring pre-approval of all IM/IT expenditures. Once this additional information is gathered and evaluated, any indications of non-compliance with required pre-approvals should be evaluated and, based on significance, corrective actions should be initiated, such as direct follow-up with the region/sector or escalation to governance committees.	The CIO will develop and implement compliance process(es) and activities to ensure that appropriate spending is occurring outside of IMB.	April 30, 2014	Status: Request to Close (Completed) Update/Rationale: As of June 30, 2014: AANDC has approved policy instruments that require compliance (e.g. policies and directives are mandatory by definition). As an example, AANDC approved the Directive on Information Management and Information Technology Procurement Authorization which states roles and responsibilities for procurement as well as what specific financial coding to use in the financial systems. In addition, an annual process has been implemented whereby IMB does extracts from the departmental financial system and sends them to the Region/Sector for their review and attestation. This review and attestation ensures that the Regions are coding to the correct project code. AES: Implementation complete. Recommended to close. Closed.

Did you find what you were looking for?

What was wrong?

I can't find the information

The information is hard to understand

There was an error or something didn't work

Other reason

Please provide more details

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Date modified:: 2015-07-16