Review of AANDC Systems of Record
April 2015
Project #: 14-19
PDF Version (119 Kb, 22 Pages)
Table of contents
Acronyms
| AANDC |
Aboriginal Affairs and Northern Development Canada |
|---|---|
| CFO |
Chief Financial Officer |
| CIO |
Chief Information Officer |
| DPR |
Departmental Performance Report |
| FNCFS IMS |
First Nation Child and Family Services Information Management System |
| FNCP |
First Nation Community Profiles |
| GCIMS |
Grants and Contributions Information Management System |
| IFS |
Integrated Financial System |
| HQ |
Headquarters |
| IM |
Information Management |
| IMB |
Information Management Branch |
| IM/IT |
Information Management/Information Technology |
| IT |
Information Technology |
| ITSG |
Information and Technology Steering Group |
| LIMS |
Land Information Management System |
| PMF |
Project Management Framework |
| SAP |
Systems Applications and Products |
| SCBDB |
Specific Claims Branch Database |
| SDLC |
System Development Life Cycle |
| TB |
Treasury Board |
| TBS | Treasury Board of Canada Secretariat |
Executive Summary
Background
A review of departmental systems of record was requested by the Deputy Minister of Aboriginal Affairs and Northern Development Canada (AANDC or the Department) with the aim of improving governance over and user uptake of the departmental systems of record that support the activities and functions of programs, sectors, and regions.
A system of record can be considered the authoritative data source for a given data element or piece of information. In the context of AANDC, certain corporate systems (e.g. SAP and Grants and Contributions Information Management System (GCIMS)) have been informally accepted as authoritative sources of information for specific data elements. It is important to note that a system of record must be identified at the data element level, and thus a system may be identified as the system of record for some of its data elements, but not for all, particularly if the data element originates from another system of record.
Where systems of record do not exist, are inadequate (e.g. user needs are not met or usability is poor) or where the technology has not been maintained or is obsolete, alternative tools and methods (e.g. "black books") are sometimes created by users to manage the information. Further, where Information Management (IM) governance practices do not sufficiently promote the integration of support systems with established systems of record, duplicate data elements are often maintained in separate systems which reduces the accuracy and integrity of information for decision making.
Review Objective and Scope
The objective of this review was to provide management with an independent assessment of the management of authoritative sources of information held within departmental systems of record.
The scope of the review focused on the following:
- Identification, categorization and communication of systems maintaining authoritative sources of information that support the management and administration of departmental programs and the reporting of performance against program objectives;
- Stakeholder engagement, identification, and assessment of user requirements, and system governance during system development lifecycles to appropriately manage authoritative sources of information;
- Uses of alternatives to the existing departmental systems of record and the impediments to user uptake and to leveraging and consistently relying on existing departmental systems; and
- Identification of recommendations to improve user recognition, uptake and departmental reliance on official systems of record.
In order to meet the above-mentioned review objective and scope, the review focused on answering the following three questions related to departmental systems of record:
- How many departmental systems of record exist within the Department and is there a listing?
- What are the current governance mechanisms in place over departmental systems of record?
- What are the impediments to the use of departmental systems of record?
Conclusion
The review noted that although some corporate systems are considered authoritative sources of certain types of information, such as financial data from SAP, there is currently no definition of authoritative sources of information nor is there a comprehensive listing of authoritative sources of information available for use across the Department, although there are specific examples of good starting points for such a listing.
Governance frameworks/processes are in place and provide the opportunity to identify existing corporate systems and potential authoritative sources of information prior to the investment in new IT projects; however, without an associated policy framework and a comprehensive listing, the impact of these processes may be limited. Further, without these foundational elements, the Department cannot be assured that information presented and decisions made are based on the validated, appropriate source of information housed within a recognized system of record.
While the review did confirm that generally corporate systems are used as the basis of day-to-day operations and reporting results, alternative tools are being used to address functionality gaps and unfamiliarity with specific aspects of the corporate systems. This could impact the appropriateness and reliability of information used to support decision making.
Recommendations
Based on the evidence gathered through the examination of documentation, analysis and interviews, each area within the scope of the review was assessed by the review team, resulting in three recommendations as follows:
- The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, develop and maintain a comprehensive listing of authoritative sources of information that would include the systems of record that host this information, data definitions, data owners and other stakeholders.
- The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, establish a policy framework that governs, at a minimum, the process to identify and meet the information needs of the Department, from investment planning to the System Development Life Cycle. This would provide the framework to centrally prioritize new information needs, whether to be met by new systems or enhancements of existing systems, against the priorities of the Department and hold stakeholders accountable for compliance. We understand this action is being considered as part of the data management strategy within AANDC's Enterprise Architecture.
- The Chief Financial Officer in conjunction with the Chief Information Officer should, once the IM/IT Strategy and Plan have been implemented, communicate expectations and roles and responsibilities of data management stakeholders (owner, steward, custodian) which should include leveraging corporate systems and the associated reporting tools as a basis for reporting and decision making. This should include the development of a plan to address specific concerns related to impediments to user uptake (e.g. training and user guidance).
Management Response
Management is in agreement with the observations, has accepted the recommendations included in the report, and has developed a management action plan to address them. The management action plan has been integrated into this report.
1. Background
1.1 Rationale for the Review
A review of departmental systemsFootnote 1 of record was requested by the Deputy Minister of AANDC with the aim of improving governance over and user uptake of the departmental systems of record that support the activities and functions of programs, sectors, and regions.
1.2 Background on AANDC Systems of Record
The Treasury Board (TB) Policy on Information Management states that, "The availability of high-quality, authoritative information to decision makers supports the delivery of programs and services, thus enabling departments to be more responsive and accountable to Canadians." In order to ensure that information supports decision makers, which is identified in AANDC's 2013-14 Corporate Risk Profile as a key departmental risk, information must be rigorously managed throughout its life cycle, for as long as it is required to meet a department's responsibilities, legal obligations, and accountabilities. TheTB Policy on Information Management goes further to assign the responsibility for effective and well-coordinated information management within a department to the deputy head, who in turn designates an Information Management (IM) senior executive to represent him/her to TB for the purposes of the policy. At AANDC, the IM senior official is the Chief Information Officer (CIO) who reports to the Chief Financial Officer (CFO).
Based on the Application Portfolio Management Collection report, which is a listing of applications (based on a specific Treasury Board of Canada Secretariat (TBS) definition of an "application") prepared annually for the TBS, as of March 31, 2014, the Department maintained a total of 189 applicationsFootnote 2, of which 119 were owned within Headquarters (HQ) and 70 were owned by the regions. The breakdown of applications within the Application Portfolio Management Collection report by Program Alignment Architecture (PAA) is as follows:
| PAA | Number of Applications |
|---|---|
| The Government | 19 |
| The Land and Economy | 15 |
| The North | 20 |
| The People | 38 |
| Internal Services | 93 |
| OtherFootnote 3 | 4 |
| Total | 189 |
It has been confirmed by the CFO and CIO that, in the current environment of tighter budgets and reduced appropriations, the costs to maintain this number of existing applications within the Department is not sustainable. As part of the implementation of a planned enterprise-wide IM/IT Strategy (currently in the approval process), a rationalization exercise is being contemplated to confirm which applications are necessary and support the priorities of the Department, and which ones can be retired (or consolidated into existing systems), thereby freeing up limited resources for those applications that are critical to the achievement of the strategic objectives of AANDC.
A system of record can be considered the authoritative data source for a given data element or piece of information. In the context of AANDC, specific corporate systems (e.g. SAP and GCIMS have been informally accepted as authoritative sources of information for specific data elements. It is important to note that a system of record must be identified at the data element level, and thus a system may be identified as the system of record for some of its data elements, but not for all, particularly if the data element originates from another system of record. For example, SAP may be considered the authoritative source for grant and contribution payments, whereas the authoritative source of the funds allocated to each funding recipient may be GCIMS. Sources of data that are formally recognised as authoritative enable senior management to be presented with, and make decisions based on, validated data that can be referenced to the approved sources.
Where systems of record do not exist, are inadequate (e.g. user needs are not met or usability is poor) or where the technology has not been maintained or is obsolete, alternative tools and methods (e.g. "black books") are sometimes created by users to manage the information. Further, where IM governance practices do not sufficiently promote the integration of support systems with established systems of record, duplicate data elements are often maintained which reduces the accuracy and integrity of information for decision making.
2. Review Objective and Scope
2.1 Review Objective
The objective of this review was to provide management with an independent assessment of the management of authoritative sources of information held within departmental systems of record.
2.2 Review Scope
The scope of the review focused on the following:
- Identification, categorization and communication of systems maintaining authoritative sources of information that support the management and administration of departmental programs and the reporting of performance against program objectives;
- Stakeholder engagement, identification, and assessment of user requirements, and system governance during system development lifecycles to appropriately manage authoritative sources of information;
- Uses of alternatives to the existing departmental systems of record and the impediments to user uptake and to leveraging and consistently relying on existing departmental systems; and
- Identification of recommendations to improve user recognition, uptake and departmental reliance on official systems of record.
3. Approach and Methodology
To the extent necessary, the review of AANDC systems of record was conducted in accordance with the requirements of the TB Policy on Internal Audit and followed the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing. The engagement team examined sufficient, relevant evidence and obtained sufficient information to support the conclusions provided in this report.
In order to address the above-mentioned scope, the review focused on answering the following three questions related to departmental systems of record:
- How many departmental systems of record exist within the Department and is there a listing?
- What are the current governance mechanisms in place over departmental systems of record?
- What are the impediments to the use of departmental systems of record?
The methodology used included performing various review procedures necessary to address the review’s objective. Based on the three scope questions outlined above, the review approach included but was not limited to:
- How many departmental systems of record exist within the Department and is there a listing?
- Requested a listing of departmental systems of record;
- In the absence of this listing, attempted to map the existing Performance Measurement Strategies to their source systems; however, as a result of inconsistencies in how the current Strategies are presented, it did not allow for this level of analysis;
- Focused on one type of performance reporting - the Departmental Performance Report (DPR) for the 2013-14 fiscal year - and selected a sample of program areas for case studies, specifically: First Nation Child and Family Services (FNCFS), Specific Claims, and Land and Water Management; and,
- Conducted interviews within the Information Management Branch (IMB) and with key representatives for each selected program area to understand the extent to which the applications being used, such as the First Nation Community Profiles (FNCP), are considered authoritative sources of information.
- What are the current governance mechanisms in place over departmental systems of record?
- Conducted interviews within IMB to understand the investment planning and prioritization process, the Project Management Framework (PMF) and the system development life cycle (SDLC);
- Conducted interviews within IMB to identify the current process for managing data and identifying the associated system of record; and,
- Reviewed relevant documentation related to the PMF and the SDLC.
- What are the impediments to the use of departmental systems of record?
- Conducted interviews with key representatives, as applicable at HQ and/or in selected regions, in each of the program areas selected (listed previously under Question 1) in order to understand and assess the current impediments to use of the corporate systems and the extent to which alternative tools are being leveraged; and,
- Selected a sample of Internal Services applications - specifically SAP and the Compliance tool - and conducted interviews with key representatives at HQ and in the regions in order to assess the current impediments to use of the corporate systems and the extent to which alternative tools are being leveraged.
The observations presented in Section 5 below are organized according to the three questions that were included in the approach to this review. For a description of the applications included in this report, see Appendix A.
4. Conclusion
The review noted that although some corporate systems are considered authoritative sources of certain types of information, such as financial data from SAP, there is currently no definition of authoritative sources of information nor is there a comprehensive listing of authoritative sources of information available for use across the Department, although there are specific examples of good starting points for such a listing.
Governance frameworks/processes are in place and provide the opportunity to identify existing corporate systems and potential authoritative sources of information prior to the investment in new IT projects; however, without an associated policy framework and a comprehensive listing, the impact of these processes may be limited. Further, without these foundational elements, the Department cannot be assured that information presented and decisions made are based on the validated, appropriate source of information housed within a recognized system of record.
While the review did confirm that generally corporate systems are used as the basis of day-to-day operations and reporting results, alternative tools are being used to supplement for functionality gaps and unfamiliarity with specific aspects of the corporate systems. This could impact the appropriateness and reliability of information used to support decision making.
5. Observations and Recommendations
Based on the evidence gathered through the examination of documentation, analysis and interviews, each area within the scope of the review was assessed by the review team and observations of strengths and opportunities for improvement were identified.
5.1 Existence of Departmental Systems of Record
The review attempted to determine the extent to which systems of record and authoritative sources of information have been identified within the Department, as well as the extent to which information reported publicly in the DPR is being sourced from systems of record.
Identification of Departmental Systems of Record
At the outset of this review, it was confirmed that within the Department there are a number of systems of record that are recognized as authoritative sources for some types of data, however, there is no formally documented definition of ‘system of record' nor is there a definition of an ‘authoritative source of information'. This was confirmed through interviews with management within IMB and process owners within various program areas. The planning phase of this review also confirmed that there is currently no comprehensive listing of systems of record or comprehensive listing of authoritative sources of information being maintained within the Department. It was confirmed by the CIO that, in the past, a corporate data dictionary did exist which outlined specific data elements, the authoritative source and the data owner; however, it has not been kept up-to-date for many years.
As noted earlier, despite the lack of a formal definition, systems of record do exist. It was noted that there appears to be a general awareness by process owners of the concept of authoritative sources of information and an acceptance of the authority of the information within specific applications. For example, it is clear that financial payment information would be sourced from SAP; however, for other information (e.g. band name, band address, Chief and Council) that may be housed in multiple applications, it can be unclear as to which system is the authoritative source.
The case studies of the three program areas selected confirmed that, generally, the information included in the DPR is sourced from the existing corporate systems. It was noted, however, that supplementary tools do exist and are used for reporting purposes in situations where the corporate systems cannot provide the information necessary to meet reporting needs. Additional information on the impediments to the use of the corporate systems is described in Section 5.3 of this report.
Without a comprehensive listing of authoritative sources of information for specific data elements, there is a risk that the same (or what, in theory, should be the same) information is being maintained in multiple applications. Without a determination of which system is the authoritative source of that information, reliance could be placed and decisions made based on inappropriate information. Further, without an acceptance of which systems are authoritative sources of information for specific data elements, there is a risk of wasted resources in the development and maintenance of new applications designed to collect information already maintained within an authoritative source.
Although no comprehensive listing of authoritative sources of information currently exists within the Department, the review identified specific examples that could be considered as potential starting points. The first is "CommonFootnote 4", which is a central database of over 100 tables of band-related data sourced from five (5) different corporate systems (GCIMS, Indian Registry System (IRS), Band Governance Management System (BGMS), Indian Government Support System (IGSS) and Indian Land Registry System (ILRS)) that feeds thirty-two other applications across the Department. It allows the thirty-two applications to access information originating from the authoritative source without accessing the source applications themselves. This central repository has been sourcing data since 1996 and demonstrates an effort to identify and source common information from its authoritative sources. However, there is no current documentation that confirms the authoritative source of each data element.
Another example is FNCP, an application that was developed and is maintained to obtain information from corporate systems in order to allow that information to be accessible for users to view within FNCP. In addition to the many data fields populated by the source systems (typically through Common), other fields allow the manual entry of information and are expected to be updated by regional representatives. As part of the development of this tool, a listing of the fields (or data elements) represented in the tool exists and includes the data source, the Directorate that owns the data represented in the application, and a definition describing what the data represents. While not completely populated, this listing could be considered a starting point to build upon for a more comprehensive, Department-wide listing.
Recommendation:
1. The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, develop and maintain a comprehensive listing of authoritative sources of information that would include the systems of record that host this information, data definitions, data owners and other stakeholders.
5.2 Governance over Systems of Record
As part of this review, interviews were conducted and documentation was reviewed to obtain an understanding of the existing departmental frameworks that govern the process to identify, prioritize and meet the information needs of the Department, including the IT investment process, the PMF and the SDLC. The focus of the review was to understand whether these frameworks provide the appropriate governance to ensure existing data maintained within the Department is being leveraged, as appropriate, in the development of new applications to meet business requirements.
IT Investment Planning
The current IT investment planning process does not allow for the holistic prioritization of all business requirements across the Department (i.e. the need vs. what currently exists) in terms of the achievement of the strategic objectives of the Department based on an available pool of resources. This challenge is complicated by the fact that certain regions have allocated funds to support local IT development and the maintenance of local applications - which a centralized IT investment planning process would have limited insight into.
Without a centralized approach to the prioritization and approval of IT projects (including those being considered by the regions), there is a risk that already limited resources are allocated to projects that may not be aligned with the Department's priorities and strategic objectives. Further, the creation and maintenance of applications solely by regional offices increases the risk that the resulting applications are not aligned with governmental requirements (e.g. relative to security, privacy, or back-up/recovery).
Project Management Framework
There is a formal Project Management Framework (involving gating processes) established for IM/IT-enabled projects. One significant aspect of the PMF is a governance body called the Information and Technology Stewardship Group (ITSG), which includes representatives from all sectors and regions. This oversight mechanism allows for the identification of information/business requirements outlined in project documents (e.g. business cases) to be compared against existing/similar information being captured within the Department in another application. This could potentially avoid the development of a system to house information already being captured in another system. While the oversight mechanism allows for this, the current mechanism is not likely to trigger consideration down to the detailed level of data elements and sources of information.
System Development Life Cycle
In the case where the Department chooses to implement a new application (i.e. develop its own or purchase an off-the-shelf solution), there is an SDLC program in place. Within the design phase of the SDLC, it is the responsibility of Database Administrators and Information Analysts to identify whether another application is maintaining information required by the new system in order to avoid duplication of the information; however, this relies on individuals' knowledge of existing information maintained across the Department, which can be challenging given the absence of a corporate listing of authoritative sources of information and the turnover that is experienced within the Department.
Although there are frameworks in place within the Department that allow for the identification of existing information prior to the development of a new system, without a complete and up-to-date listing of authoritative sources of information and the up-front mechanism to identify data requirements of a new system, there is the potential for the creation of the same (or what, in theory, should be the same) information across systems. This could result in inappropriate information being maintained and leveraged for decision making and in wasted resources (both in the development of the application and with the ongoing maintenance of the application).
Recommendation:
2. The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, establish a policy framework that governs, at a minimum, the process to identify and meet the information needs of the Department, from investment planning to the System Development Life Cycle. This would provide the framework to centrally prioritize new information needs, whether to be met by new systems or enhancements of existing systems, against the priorities of the Department and hold stakeholders accountable for compliance. We understand this action is being considered as part of the data management strategy within AANDC's Enterprise Architecture.
5.3 Impediments to the Use of Corporate Systems
The review included case studies of a sample of applications used by program areas and of Internal Services systems. The case studies involved interviewing representatives at HQ and from a sample of regions in order to identify potential impediments to the uptake of corporate systems, as well as any alternative tools being used. In addition, as part of the information gathered regarding the PMF and the SDLC, the opportunity for user input at various stages of the processes (e.g. business requirements gathering, user acceptance testing) was assessed to identify any potential linkages to a lack of uptake by users.
Many corporate systems exist to support ongoing operations within the Department. They vary in level of sophistication and complexity, and are used to varying degrees by the related program areas at HQ and, if applicable, in the regions. From the case studies completed, it was generally observed that these corporate systems are being used to conduct day-to-day business and are being used for reporting purposes. Some of the corporate systems have been developed to meet the majority of the needs of the HQ and regional representatives (either through the development of the necessary functionality or through the interfacing of the corporate system with the regional systems) and therefore, strong user uptake has occurred across the Department.
As an example, FNCFS IMS, a national system within the Child and Family Services program area, was recently implemented. Stakeholders were heavily involved in the consultation, development and implementation of the system, principles embedded in both the PMF and SDLC. Regional program representatives noted that although they face some challenges in using FNCFS IMS, it meets the majority of their functionality and reporting needs. During the development of the system, it was recognized that in some jurisdictions, specific information would need to be captured for provincial requirements and as a result, a decision was made to have specific, existing regional systems interface with the national system. This recognition has allowed these regions to capture the information required to meet the national requirements and continue to meet the unique provincial requirements. As a result, regional users interviewed confirmed that there was no need to leverage alternative tools.
In the cases described below, impediments to the exclusive use of the existing corporate systems were identified, resulting in the creation and maintenance of alternative tools by HQ and regional offices. Alternative tools are being used for the following primary reasons: 1) a lack of functionality and/or familiarity with corporate systems, and 2) a perception of a lack of resources available and priority given to regions' change requests to improve the functionality of corporate systems. The following sections provide additional details on these impediments.
5.3.1 Lack of Functionality within or Familiarity with Existing Systems
It was noted by regional offices that corporate systems may lack functionality to meet their needs, specifically with regard to unique jurisdictional requirements/nuances, and as a result, they have developed alternative tools to meet these needs. In addition to a lack of specific functionality, regional representatives noted that adequate guidance and training is not consistently provided by the Department to enable them to leverage the corporate systems to their full capabilities. As a result, they are not familiar enough with the corporate systems to use them in a way to fully meet their needs and, therefore, turn to alternative tools to bridge the gap in functionality. Two of the case studies conducted demonstrated this situation.Compliance
The Compliance tool is one example where an application was locally developed and is being maintained to bridge the gap associated with missing functionality. Based on interviews with representatives from one Region, there is currently a gap in the functionality within GCIMS relative to the documentation of the annual audited financial statement analysis required to be performed for each funding recipient. More specifically, the Region has identified that GCIMS does not allow for the documentation of the calculation of the current year recovery amount and unexpended funding amounts resulting from the review of the audited financial statements. In addition, it was noted that GCIMS does not provide for the ability to add notes so as to provide additional context for the analysis performed. As a result of this gap, the Region has developed an alternative tool, called the Compliance tool, to meet these requirements and address these specific data gaps. The missing data elements have been addressed by the Compliance tool and, while the information is manually entered back into GCIMS, regional representatives consider the Compliance tool the authoritative source of these calculations and the associated notes, and use this tool as part of management's review of the results from the audited financial statement process.
Feedback from other regions on this gap in the functionality of GCIMS varied. One region indicated that they recognized the same gap and created a series of complex spreadsheets to address the issue and complete their audited financial statement review. Two other regions interviewed indicated that, although not ideal and not the most efficient, there are ways to capture this information within GCIMS, including the ability to document notes and include them as attachments within the application.
SAP
SAP was implemented in April 2014 within AANDC to be used as the financial system of record (replacing OASIS, the previous Oracle-based financial system). Although all financial transactions have been processed within SAP since its implementation, users faced challenges following its implementation in generating information for Cost Center Managers to manage their budgets. Although this has been rectified with the introduction of the reporting tool, the Integrated Financial System (IFS), users continue to feel that the tools in place are not detailed enough to allow them to sufficiently manage their budgets and plan for operational requirements.
Regional representatives expressed challenges with using SAP to its full range of functionality. This is mainly due to a lack of training and guidance provided during implementation and an overall lack of familiarity with the system. Feedback from users indicated that the focus of the training was on how to use the system, and not how to adapt financial management processes to work within SAP. There was a perception that implementing SAP resulted in significant differences in business processes from those in place with OASIS and as a result, there were major impacts on regions' business processes. Users were seeking more support on how to adopt business processes and not just on the functionality of the system.
As noted above, because the reporting tool for SAP was not introduced at the same time as SAP was implemented, users were forced to maintain their own spreadsheets to track budgets and free balances. Although IFS is now fully operational, feedback from users indicates that these local tools continue to be relied upon. This is partially due to a lack of familiarity/comfort with the reporting tools and a lack of trust in the system (and the recently introduced accounting hub) that invoices will be appropriately processed and paid. Every individual interviewed about SAP as part of this review maintained a local spreadsheet to capture invoices received due to a lack of confidence in the accounting hub and/or SAP due to the relative newness of both.
5.3.2 Perception of a Lack of Resources or Priority
As discussed above, alternative tools have been developed to address perceived gaps in functionality within existing corporate systems. Users do have the ability to highlight the need for enhancements to existing systems or the need to create new corporate systems to meet operational requirements; however, the Department is facing funding constraints and as a result, must prioritize development activities for enhancements and new applications. As a result of limited resources, system changes that are considered lower priority for the Department may not be immediately addressed or addressed at all. A perception exists by many users interviewed that the Department will not address the functionality gaps they identify as the gaps are likely considered lower priority. Instead, alternative tools have been developed as a more effective and timely way to meet their operational needs. Two case studies performed demonstrated different extremes of this situation.
Specific Claims Branch Database
The Specific Claims Branch Database (SCBDB) is one example where alternative tools have been developed to bridge the gap between operational/reporting needs and existing system functionality. The SCBDB is the corporate system where all claims transactions are documented. While the majority of reporting requirements are met by running reports from the Specific Claims Branch Reporting Interface, the Branch maintains a spreadsheet that has a running total of claims in case of management requests for information. This tool is used because the current SCBDB does not provide all categorization and circumstances of claims to fully explain the current status of each claim. Since this is not considered a significant gap or a high priority by the Branch, they are very comfortable using a supporting tool to maintain the additional level of detail that the database does not include.Land Information Management System
The Land Information Management System (LIMS), one of the primary systems used in the Land and Water Management program area, is used to track all leases/permits and associated inspections and schedules. It was developed in the 1990's and as a result of subsequent legislative changes, the system no longer meets the operational requirements of the program. Program representatives are struggling to run reports from the system and recognize that the system does not allow for adequate planning for inspectors. Program representatives are currently tracking specific information in spreadsheets, including due dates for rents and lease expiry, in order to be able to send out notifications. Over the years, the program area has undertaken an exercise to determine the system requirements that meet its operational needs. This was expected to result in significant funds to design and implement a new system; however, given the relatively low volume of activity, it is considered a lower priority to the Department. Instead, the program area believes that maintaining its own spreadsheets is currently a more effective and efficient way to address its needs.
Leveraging alternative tools outside of corporate systems increases the risk that decisions are made based on information that may not be the most complete, current or the most appropriate.
Recommendation:
3. The Chief Financial Officer in conjunction with the Chief Information Officer should, once the IM/IT Strategy and Plan have been implemented, communicate expectations and roles and responsibilities of stakeholders for data management which should include leveraging corporate systems and the associated reporting tools as a basis for reporting and decision making. This should include the development of a plan to address specific concerns related to impediments to user uptake (e.g. training and user guidance).
6. Management Action Plan
| Recommendations | Management Response / Actions | Responsible Manager (Title) | Planned Implementation Date |
|---|---|---|---|
| 1. The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, develop and maintain a comprehensive listing of authoritative sources of information that would include the systems of record that host this information, data definitions, data owners and other stakeholders. | As per the draft IM Strategy, the CIO will establish a data management program based on the industry recognized Data Management Body of Knowledge (DMBOK) framework. The deliverables for fiscal year 2015-2016 will be: | Chief Financial Officer Chief Information Officer |
|
| 1 - Data inventory, including the identification of data owners and authoritative data sources; | 2015-2016 - Q4 | ||
| 2 - Establishment of an Enterprise data dictionary; | 2015-2016 - Q4 (ongoing) |
||
| 3 - Develop Level 1 of the conceptual enterprise data model. | 2015-2016 - Q3 | ||
| 2. The Chief Financial Officer in conjunction with the Chief Information Officer should, as part of the IM/IT Strategy and Plan, establish a policy framework that governs, at a minimum, the process to identify and meet the information needs of the Department, from investment planning to the System Development Life Cycle. This would provide the framework to centrally prioritize new information needs, whether to be met by new systems or enhancements of existing systems, against the priorities of the Department and hold stakeholders accountable for compliance. We understand this action is being considered as part of the data management strategy within AANDC’s Enterprise Architecture. | As per the draft IM Strategy, the CIO will review and update the IM/IT policy framework, including policy instruments associated with data management. The deliverables for fiscal year 2015-2016 will be: | Chief Financial Officer Chief Information Officer |
|
| 1 - IM/IT Target Policy Framework; | 2015-2016 - Q2 | ||
| 2 - Data Management Directive; | 2015-2016 - Q1 | ||
| 3 - Develop a data management overlay for the Project Management Framework. | 2015-2016 - Q3 | ||
| 3. The Chief Financial Officer in conjunction with the Chief Information Officer should, once the IM/IT Strategy and Plan have been implemented, communicate expectations and roles and responsibilities of stakeholders for data management which should include leveraging corporate systems and the associated reporting tools as a basis for reporting and decision making. This should include the development of a plan to address specific concerns related to impediments to user uptake (e.g. training and user guidance). | The CIO will communicate roles and responsibilities as per the renewed policy suite to the department. The deliverables for fiscal year 2015-2016 will be: | Chief Financial Officer Chief Information Officer |
|
| 1 - Present IM/IT Strategy to the AANDC governance committees for approval; | 2015-2016 - Q3 | ||
| 2 - Update the IM/IT policy suite on the AANDC INTRA web site, including the policy framework and rescinding unapproved and outdated policy instruments; | 2015-2016 - Q4 | ||
| 3 - Work with communications to promote policy instruments to AANDC. | 2015-2016 - Q4 | ||
| 4 - Conduct on-going expenditure analyses for compliance with AANDC IM/IT Policy Instruments. | 2015-2016 - On-Going |
Appendix A: Description of Applications
The following descriptions have been provided for the applications mentioned in this report:
- First Nation Child and Family Services Information Management System (FNCFS IMS): This system was developed to provide an information base that enables analysis and measurement of the effectiveness of the FNCFS program, including child well-being outcomes. The system was designed to help reduce the reporting burden by simplifying the reporting process as well as improving the data quality by streamlining information gathering and enabling early detection of anomalies.
- Compliance: This tool was developed by the Ontario Regional office for officers to collect and assess data as part of the annual audited financial statement review and reconciliation process.
- SAP: SAP is an Enterprise Resource Planning system and is designed to support planning, processing and reporting, and material management. It was implemented at AANDC to replace the OASIS system and support budgeting, commitments, procurement, payables and receivables, and the tracking of assets.
- Specific Claims Branch Database (SCBDB): This is a national on-line system which has been designed to track the progress of specific claims from receipt to settlement and produces various pre-established reports. The SCBDB is primarily focused on reporting, but is also a critical tool used for the calculation of the contingent liability of claims.
- Land Information Management System (LIMS): This system supports the implementation and management of the Crown’s regulatory obligations for Land administration in the Northwest Territories and Nunavut.
- First Nation Community Profiles (FNCP): FNCP is a collection of information that describes individual First Nation communities across Canada. The profiles include general information on a First Nation along with more detailed information about its reserve(s), governance, federal funding, geography, registered population statistics and various Census statistics. The solution provides a dynamic and real time platform to facilitate the capture and reporting of data related to communities.
Appendix B: Relevant Policies/Directives and Guides
The following authoritative sources were examined and used as a basis for this review:
- TBS Policy on Information Management
- AANDC Information Management (IM) & Information Technology (IT) Governance Policy
- AANDC Management of Information Technology Policy 2013
- AANDC Information Management Policy 2008
- AANDC Data Collection Policy 2011
- AANDC Directive on IM&IT Procurement Authorization Directive 2012
- TBS Project Management Guide: An Enhanced Framework for the Management of Information Technology Projects