EXECUTIVE SUMMARY...5

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EXECUTIVE SUMMARY...5"

Transcription

1

2

3 Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS INTRODUCTION BACKGROUND OBJECTIVES SCOPE METHODOLOGY STATEMENT OF ASSURANCE OVERALL ASSESSMENT AUDIT CONCLUSION SCORECARD: CURRENT PROJECT STATUS OBSERVATIONS AND RECOMMENDATIONS PROJECT GOVERNANCE MEETING BUSINESS REQUIREMENTS PROJECT MANAGEMENT TECHNOLOGY AND INFRASTRUCTURE CONCLUSION...35 APPENDIX A DETAILED AUDIT METHODOLOGY...37 Table of Contents 3

4

5 Executive Summary Context Information Technology has been identified in Elections Canada s Strategic Plan as a key enabler to carry out the mandate of Elections Canada. The Information Technology sector is responsible for ensuring that the services it provides are aligned with the agency s business objectives. The current IT environment has served the agency well. However, Elections Canada must now make substantial investments in its IT environment to improve and enhance its capabilities. The agency has started an Information Technology Renewal (ITR) project to modernize its IT infrastructure and business applications. This project is one of the most significant information technology initiatives to be undertaken by Elections Canada and includes processes that were not previously required. It was considered important to include the IT Renewal project in the Risk-Based Audit Plan. The focus of this audit is on the Integrated Program Office, which is important for effective and efficient project management. It is important to note that IT Renewal was a system under development at the time of the audit. The criteria were assessed within that context, and this assessment is the result of comparing what was observed with what was expected at this point of the project. As the project moves forward, a new assessment of some or all of the criteria will be necessary. Audit Objective The objectives of this audit are to provide assurance to senior management that: the IT Renewal Integrated Program Office has implemented effective project management techniques, systems, processes and controls for managing the IT Renewal project in line with the size and importance of the project; the IT Renewal Integrated Program Office framework and program are complete and reporting is consistent with Elections Canada s overall governance, plans and best practices. Audit Scope The audit scope included: the IT Renewal Integrated Program Office and project management framework for the management of the IT Renewal project the governance structure used by Elections Canada and the IT Renewal Integrated Program Office to provide oversight to the project. The audit did not provide an overall assessment of the ITR initiative. Rather, it focused on the Integrated Program Office, project management and governance. Executive Summary 5

6 The audit was conducted from October to December Audit Conclusion The IT Renewal Integrated Program Office has implemented many elements of effective project management techniques, systems, processes and controls for managing the IT Renewal project, in line with the size and importance of the project. Much of this structure is new to Elections Canada and it will remain once the ITR is complete. However, the governance structure within which the ITR reports requires management attention and the level of involvement of the business sponsors should be improved. The IT Renewal Integrated Program Office framework and program are currently being implemented and many components were established and functioning at the time of the audit. The Integrated Program Office is to act as integrator across all ITR efforts but it has not yet put in place adequate reporting processes. Improvements are needed in management status reporting, financial control and reporting, risk management, project performance reporting and technology transition. Key Observations and Recommendations These are the key observations and recommendations of the audit. Governance Project governance is seen as a high risk. The governance processes are inconsistent and unclear. Management should clarify the roles, responsibilities and relationships of the three involved committees to strengthen the governance of the ITR initiative. Status reports appropriate for the various committees have yet to be defined. Without appropriate information, the governance structure may not be able to provide adequate oversight and reasonable assurance that the project will achieve its objectives. The project has not started to do any measurement of benefits achievement. A formal process to identify, measure and monitor benefits and outcomes of the project should be established. Business Requirements It is too early in the overall process to measure the degree to which business requirements have been identified. The focus of the audit was primarily to examine the degree to which the business sectors understood how ITR would benefit business users in the future. There has been little involvement from the business sectors since the business case was developed. ITR should fully engage the business sectors to ensure its deliveries ultimately meet the requirements of business users. ITR is bringing a new infrastructure and IT services to Elections Canada. Organizational changes needed to properly use and support it, need to be identified and established. 6 Audit of the IT Renewal Integrated Program Office

7 Project Management Project organization and structure A project management structure has been established, and it has evolved as the project progressed and management reacted to the complexity of the project. The organization has used many contractors, which add a level of complexity. Segregation of duties is in place and is appropriate for contracting and financial approvals. Efforts should be made to retain knowledge when contractors leave the agency. Elections Canada has experienced over a period of time difficulty in arranging the contracted resources required. Recent initiatives have improved the process. Development Process It is too early to assess most criteria under the Development Process. Documentation for implementation and fallback plan is not complete. These plans should be developed for the various projects in IT Renewal. Project Control Processes Project control processes should be set up to ensure that all project activity has the appropriate management oversight, and that it delivers the anticipated product with minimum risk. In some cases, it is too early to measure these standards. An approved integrated plan exists. The schedule is complex with many interdependencies. It is difficult to obtain a complete and clear corporate financial report of the current status of the project, and of the activities for which funding was approved. Technology and Infrastructure Architecture Past architectural choices have resulted in different technology silos. The IT Renewal will establish new standards for applications and IT services. Senior management should support the Architecture and Standards Board (ASB) and ensure that the ASB s standards and decisions apply to all Infrastructure Management/Information Technology (IM/IT) initiatives. Appropriate security is essential to deliver the business solutions. A plan for achieving security and establishing security requirements for applications that will use the new infrastructure should be developed and implemented. Technology Transition ITR project plans assume the use of a high-speed network linking to the offices of all Returning Officers. In reality the available network speeds will vary considerably across the country. The ITR project should be coordinated with the Telecommunications Infrastructure Evolution project, and a plan should be developed for telecommunications in areas where high speed bandwidth is not available. Executive Summary 7

8

9 1. Introduction 1.1 Background Elections Canada is an independent, non-partisan agency reporting directly to Parliament and headed by the Chief Electoral Officer of Canada. Its mandate is to be prepared at all times to conduct a federal general election, by-election or referendum, administer the provisions of the Canada Elections Act, monitor compliance and enforce electoral legislation. To be able to carry out its mandate, IT has been identified in Elections Canada s Strategic Plan as one of the four key Enablers. The Information Technology sector has the responsibility of ensuring that the services it provides are aligned with the agency s business objectives. The current IT environment has served the agency well. However, Elections Canada must now make substantial investments in its IT environment to improve and enhance its capabilities. In , Elections Canada started an Information Technology Renewal (ITR) project initiative to modernize its IT infrastructure and business applications. The chosen renewal option consists of an IT Enterprise Architecture with networked, high-speed connectivity, consolidated processes, centralized data, a primary data centre in new facilities and a backup data centre, and upgraded core field applications. The latter deal with elector registration, event results and payment of electoral workers. Remaining business process requirements are to be addressed subsequent to the initial ITR project. The ITR consists of three phases. At the time of the audit, Phase 1 was planned to be completed by October The total cost for the four-year ITR project is estimated at $39 million. A business case was accepted by the IT Renewal Steering Committee and approved by Elections Canada s Executive Committee (EXCOM) in February The IT Renewal project includes the establishment of an Integrated Program Office (IPO), which is the management focal point for the coordination and integration of the various IT projects. It was considered important to include the IT Renewal project in the Risk-Based Audit Plan. This audit focuses on the Integrated Program Office, which is important for effective and efficient project management. 1.2 Objectives The objectives of this audit are to provide assurance to senior management that: the IT Renewal Integrated Program Office has implemented effective project management techniques, systems, processes and controls for managing the IT Renewal project in line with the size and importance of the project; and, the IT Renewal Integrated Program Office framework and program are complete and reporting is consistent with Elections Canada s overall governance, plans and best practices. 1. Introduction 9

10 1.3 Scope The audit scope included: the IT Renewal Integrated Program Office and project management framework for the management of IT Renewal project the governance structure used by Elections Canada and the IT Renewal Integrated Program Office to provide oversight to the project. The audit did not provide an overall assessment of the ITR initiative. Rather it focused on the Integrated Program Office, project management and governance. The audit was conducted from October to December Methodology The audit methodology used is largely based on the Control Objectives for IT (COBIT) published by the Information Technology Governance Institute. COBIT is an IT governance framework and supporting tool set that allows organizations to bridge the gap between control requirements, technical issues and business risks. The model also draws from other sources of standard IT approaches including the IT Infrastructure Library (ITIL). ITIL, which has become the de facto standard for IT service delivery, is currently being researched and potentially implemented in the federal government. This assessment addresses the COBIT processes, allowing for the unique nature of each project. This risk methodology is modeled after the normal set of accountabilities involved in developing software and managing systems projects. This resulted in the following four domains: Governance Risk, Business Risk, Project Risk, and Infrastructure Risk. The detailed audit criteria used in this audit are provided in Appendix A. Our approach relied on a review of existing documentation and on gaining an understanding of the processes through interviews with key Election Canada staff and Integrated Program Office consultants. The audit team conducted 18 individual interviews and reviewed all relevant documentation. 10 Audit of the IT Renewal Integrated Program Office

11 2. Statement of Assurance In my opinion as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed with management. The opinion is applicable only to the entity examined. 2. Statement of Assurance 11

12

13 3. Overall Assessment 3.1 Audit Conclusion The IT Renewal (ITR) Integrated Program Office (IPO) has implemented many elements of effective project management techniques, systems, processes and controls for managing the IT Renewal project, in line with the size and importance of the project. This project is one of the most significant IT initiatives to be undertaken by Elections Canada and includes processes that were not previously required. The new structure will remain once ITR is complete. However, the governance structure within which the ITR reports requires management attention and the level of involvement of the business sponsors should be increased. The IT Renewal Integrated Program Office framework and program are currently being implemented and many components were established and functioning at the time of the audit. The Integrated Program Office is to act as integrator across all ITR efforts but has not yet put in place adequate reporting processes. Improvements are needed in management status reporting, financial control and reporting, risk management, project performance reporting and technology transition. It is important to note that IT Renewal was a system under development at the time of the audit. The criteria were assessed within that context, and this assessment is the result of comparing what was observed with what was expected at this point of the project. As the project moves forward, a new assessment of some or all of the criteria will be necessary. 3.2 Scorecard: Current Project Status The scorecard below reflects the current status of the IPO at the time of the audit. The rating and explanation indicate the status of the current implementation and the level of improvement required, given that ITR is still a system under development. Scorecard Criteria Refer to Appendix A Governance Senior Management Control Framework Management of Scope and Change Investment Management and Benefits Achievement Rating Explanation The mandates of three committees with influence over the ITR initiative are in conflict. Governance processes are inconsistent and unclear. Memberships of committees overlap. The IPO has yet to define a status report process appropriate for the various committees. Scope has not been an issue to date. Once Phases 1A and 1B are completed, management will have to confront more difficult questions of scope. The project has not started to measure benefits achievement. 3. Overall Assessment 13

14 Criteria Refer to Appendix A Business Requirements Business Requirements Management Business Solutions Analysis Management of Organization Development Project Management Project Organization and Structure Project Management Framework Standard Project Documentation Management Reporting IPO Properly Staffed and Supervised Contracting Arrangements for Hardware and Human Resources Development Process Adequate Software Development and Acquisition Standard Business Solution Design Approval Project Developed in Accordance with Design Specification Project Developed in Accordance with Development and Documentation Standards Project Assurance Methods Implementation and Fallback Plan Project Control Processes Approved Integrated Project Plan Rating Explanation Since the business case was created, there has been very little involvement by the business sectors. The business sectors do not have a good understanding of how ITR will benefit them, and how future business solution design will be affected. A communication strategy about benefits and outcome of ITR is necessary. A formal communications program is now being launched. ITR is bringing a new infrastructure and IT services to Elections Canada. Organizational changes to properly use and support it, need to be identified and established. Project management structure has been established, and it has evolved as the project progressed and management reacted to the complexity of the project. Project documentation exists and standards have been established for such deliverables. Management reports are not yet regularly submitted to the oversight committees - not enough management level information is available. Reports are being revamped to provide more management focus. The organizational structure is still evolving and the many consultants add a complexity to segregation of duties. IPO management has ensured that EC employees are in place to handle contracting and financial approvals. Efforts should be made to retain knowledge when contractors leave the agency. EC has experienced difficulty arranging the contracted resources needed over a period of time. Recent initiatives have improved the process. It is too early to measure this criterion. It is too early to measure this criterion. It is too early to measure this criterion. It is too early to measure this criterion. It is too early to measure this criterion This area is included in the work plan. Documentation is planned but not yet completed. Appropriate implementation and fallback plans still need to be developed for the various projects. An approved integrated plan exists. The schedule is complex with many interdependencies. 14 Audit of the IT Renewal Integrated Program Office

15 Criteria Refer to Appendix A Project Financial Control Project Change Control Process Quality Assurance Project Risk Management Project Performance Measurement, Monitoring and Reporting IPO Problem Management Procedures and Standards for Acquisition of IT-Related Solutions Technology and Infrastructure Infrastructure Management Technology Transition Rating Explanation It is difficult to obtain a complete and clear corporate financial report of the current status of the project at the activity level. A policy has been developed for Change Management (within the development process) and there is a Change Management form. This process is new and we have not looked at it in the operating context of the IPO There is a Quality Management Plan. This process is new and there is not enough evidence of application to rate the process. This process is new and the templates are not yet fully used. The IPO is working to gain acceptance. This process is new and outcomes measures are not yet defined There is an Issue Management Procedure. Issue logs are being kept and reviewed at the project level and discussed at the working committees. Procedures and processes associated with procurement process established. However, procurement process was over and above the ITR resource workplan, which created delays. It Renewal will establish new standards for applications and IT services. Senior management should support the Architecture and Standards Board and ensure that its standards and decisions apply to all IM/IT initiatives. A process should be established to ensure that all new applications are reviewed to verify compliance with the standards of the new architecture before being approved. A plan for achieving IT security should be developed and implemented. ITR should be coordinated with the Telecommunications Infrastructure Evolution project, and a plan should be developed for telecommunications in areas where high speed bandwidth is not available. 3. Overall Assessment 15

16

17 4. Observations and Recommendations The details of each observation, conclusion and recommendation resulting from our audit procedures are outlined below. 4.1 Project Governance The IPO is responsible for the governance of the various projects within ITR. However, since it operates within the larger governance of the project, both must be examined since they are interrelated. Senior Management Control Framework Committee Structure There are three committees involved in overseeing the ITR project: the IM/IT Committee, the ITR Steering Committee and Elections Canada s Executive Committee (EXCOM). The alignment and integration points among these three committees are unclear. The IM/IT Committee was set up in November 2007 at the request of the Chief Electoral Officer, as part of a new governance structure. Its mandate is to ensure that Elections Canada s longer-term direction and strategic objectives are supported by adequate IT infrastructure, systems, initiatives and information management framework. EXCOM approved the Terms of Reference though there are no minutes to support this. The committee is supposed to monitor project progress but it does not actually grant or deny funding. It recommends projects for approval to EXCOM. However, IT projects sometimes go to EXCOM for funds without first going through the IM/IT committee. The committee has met on an irregular basis, sometimes with large time gaps between meetings. The agenda of the IM/IT committee rarely addressed the ITR project. The ITR Steering Committee is meant to guide the ITR project, keep EXCOM informed and to monitor major changes to the project including budget. The Terms of Reference exist in draft form and there is no record of them having been approved. Members are unclear about this committee s role versus that of the IM/IT Committee. The ITR Steering Committee reports to EXCOM but because it is mainly composed of EXCOM members, it almost replicates EXCOM. EXCOM meets weekly for a roundtable meeting and on a monthly basis. EXCOM approves the funding for the ITR project. The Chief Information Officer (CIO) has presented items related to ITR on a regular basis. The items mentioned at EXCOM were mainly related to the large and high cost streams: the data centre move; the facilities management contract; the request for proposal for ITR support and the telecommunications project. EXCOM has made decisions on two subjects related to ITR, the business case and the data centre move options, at special meetings for which there are no minutes. 4. Observations and Recommendations 17

18 The mandates of the three key committees are not clear. Some of the committees duplicate each other in membership which may be the cause of the irregular meeting schedule and the lack of a defined order for consideration of issues. The actual process for decision making across the three committees is not clear. The practice has often been that ITR project issues go to the ITR Steering Committee and then directly to EXCOM, while some non-itr projects go through the IM/IT Committee after funding is approved by EXCOM and they are then included in the operating plan. Projects are sometimes approved, funded and monitored through different processes. An inconsistent and unclear governance process may result in ineffective and inefficient project monitoring and decision making. It is essential to clarify the mandates of the committees. The IPO has recommended governance changes to the CIO that will affect reporting relationships for ITR. However, steering committees are being set up for two other major projects, e-registration and Special Voting Rules System (SVRS), but if they follow the same model and remain independent from the IM/IT committee, they will exacerbate the problems mentioned. Recommendation 1. It is recommended that Elections Canada senior management strengthen the governance of the ITR initiative and clarify the roles and responsibilities of the three committees, and especially the relationships among them. Management Action Plan Responsible Position: CIO We accept this recommendation. Action has been taken to implement this recommendation. Given the size, complexity and risk associated with IT Renewal (ITR), it was recommended and approved on February 17, 2009 that an ITR Program Board comprising all EXCOM members be instituted to provide direction, oversight, and support to ITR. The Board will provide improved and expanded access to the business sectors providing detailed insight into the implementation activities of ITR. The Governance and decision making for ITR have been strengthened as a result. The ITR Program Board replaces the ITR Steering Committee. The CEO is the ITR Program Sponsor. The Draft Terms of Reference (TOR) for the Program Board clearly detail roles and responsibilities, membership, expectations, and authorities as well as identifying the relationship of Program Board with the IM/IT Committee and EXCOM. To ensure we have time to allow the Governance process to fully evolve we expect this recommendation to be completed by June Audit of the IT Renewal Integrated Program Office

19 Management Information It is important to provide sufficient management information on the project and its current status to properly support analysis and decision making. The IPO has not yet defined a status report format appropriate for the various committees. Some reports have been developed, but the level of information is too detailed to support the governance at senior management and committee level. Neither the ITR Steering Committee nor the IM/IT Committee have controlled or reviewed budgets, although a budget review function is part of the Terms of Reference of the ITR Steering Committee. Management status reporting needs improvement. Senior management needs to know how the risks of the project are being managed. Without appropriate information, the governance structure may not be able to provide adequate oversight to ensure the success of the project. For example, a scorecard or dashboard could clearly indicate where ITR is according to the plan, in terms of time, delivery and budget. Recommendation 2. The IPO should develop and present on a regular basis management status reports, concentrating on achievements, financial status and issues for the various committees. Management Action Plan Responsible Position: Director, IT Renewal. We agree with the recommendation. ITR Governance has been streamlined due to the establishment of the new ITR Program Board, meetings are held monthly. Project implementation plans will be presented at the Board level in order to communicate and discuss issues, risks, accomplishments, financial information, and next steps based on the master integrated schedule. The Project Team has committed to working closer with the Finance Directorate to consolidate and implement additional reporting at the overall Program level (see Recommendation# 9). Executive reporting will evolve to meet expectations of the new ITR Program Board but will include status against the master integrated schedule, accomplishments, risk, issues, and financial updates. A management dashboard report for the CIO has been refined and has been in use since January Finally, the Program office will ensure increased visibility at the IM/IT committee attending at least every 2nd meeting (meetings are held every 3 weeks). It is expected that these measures will be complete by the end of May, Observations and Recommendations 19

20 Change Management The ITR business case defined the initial scope for each phase of the project. Phase 1A represents the foundation or start-up phase in which the short term priorities for data centre services, ITR organization, overall architecture and portal capabilities are addressed. Phase 1B builds on the foundation of Phase 1A and introduces functionality that is aligned with specific business direction e.g. in support of Elections Canada s strategic goals to provide more e-access and e-registration services. Phase 2 introduces more e-services capabilities. There have been only two decisions on scope so far. One was made internally by the project team on the backup data centre issue, and another one was made in committee when the ITR Steering Committee agreed on the need to freeze the applications. Otherwise, scope has not been an issue. In the future, management will have to confront more difficult questions regarding scope. The scope of the project has been managed satisfactorily to date Benefits Achievement There is a gap in corporate expertise and experience in the area of business case management, especially regarding the outcome and benefits of an IT Renewal project for the organization. The business case was very long (116 pages) and an abridged 26 page version was also produced as a high level overview to facilitate decision-making. A significant amount of time was spent on developing the business case, partly because there were no business case models in Elections Canada and because of the time required to get models from Treasury Board Secretariat and from Elections Ontario. Despite that process, it is still not clear to many what will be the outcome and benefits of the IT Renewal project for Elections Canada. Business agility was listed as one of the benefits but that is difficult to define and measure. At present, benefits and outcomes are not being monitored but there are plans to hire an outcomes manager shortly. A lack of monitoring the defined benefits and outcomes may result in the project not achieving the desired or anticipated benefits for the agency. Recommendation 3. It is recommended that a formal process to identify, measure and monitor benefits and outcomes of the project, be established. Management Action Plan Responsible Position: Director, IT Renewal. We agree with the recommendation and have initiated a formal process to develop more comprehensive benefits and outcomes program, and Program performance measurement. Completion of this action plan will be Fall of Audit of the IT Renewal Integrated Program Office

21 4.2 Meeting Business Requirements It is too early in the overall process to measure the degree to which business requirements have been identified and captured. It is also too early to derive risks for future designs. Therefore, the audit primarily examined the degree to which the business sectors understood how ITR/IPO would benefit them in the future. Business Requirements It was accepted that business owners would not play a large role in ITR Phase 1, since this phase is an infrastructure project. Some business interviewees expressed the concern that information is not easily available about what is going on and how it will affect them. There is uncertainty regarding what the IPO does, and what the ultimate outputs of the ITR will be. Because business sectors have received little formal communication since the business case was created, there has been very little involvement by the business sectors in the ITR initiative. The business sectors in Elections Canada are not sufficiently involved in the ITR project. Lack of involvement from the business user increases the risk that the outcome of IT renewal will not be aligned with the needs of the users. The CIO and the business sponsor should now focus on building business involvement. Recommendation 4. It is recommended that ITR fully engage the business sectors to ensure ITR deliveries ultimately meet the requirements of business users. Management Action Plan Responsible Position: Director, IT Renewal Phase I of the Program involves implementing new underlying Information Technology infrastructure and systems, which is required to prepare for new IT systems functionality, and in consideration of the ITR Integrated Schedule, we do agree with the recommendation. Further, we do believe that the timing is right for IT Renewal to renew the process of closer involvement with the business sectors. In past months, the project has experienced access problems to key EC personnel as a result of constraints due to election readiness activities. We have also been unable to acquire a key project resource (the Organizational Change manager) which is critical to this activity. In both cases, we believe these issues have now been overcome. Resolution of the IT Renewal governance issue allows us to provide more focus because of the participation of all business stakeholders. We would plan to have at least one presentation to each of the Management Teams by October 2009 with additional presentations on an on-going basis. 4. Observations and Recommendations 21

22 Business Solutions Design The business case identified four IT Renewal options and scored them based on risks, benefits and costs. During this process the ITR/IPO conducted informal discussions with Elections Canada business areas in order to understand the priorities and expectations of clients. However, the business sectors do not have a good understanding of how ITR/IPO will benefit them. There is a perception that a lot of money has been spent on project management processes and paper deliverables and little spent on actual deliverables. This shows a misunderstanding of the role of the IPO because two of the deliverables of ITR are a system of documentation and a project management capability. They are intended to be used in all future major projects such as e-registration. A communications strategy is necessary in order to obtain buy-in from the whole organization. Without proper communication of the benefits of IT Renewal, there is a risk that management will not properly align their future business plans with the new architecture. At the time of the audit, it was noted that a formal communications program was to be initiated, with a communications expert to be hired soon. Recommendation 5. It is recommended that a formal communication program be developed for business sectors to inform them of the IT Renewal benefits, outputs and outcomes, and the current status of the renewal project. Management Action Plan Responsible Position : Director, IT Renewal We do agree with the recommendation. Further, we believe that the timing is now right for the Program Team to begin to engage stakeholders in discussions to ensure they begin planning for the use of ITR s deliverables. The Project Team has a Communications Plan which was developed several months ago but not executed due to resource constraints. As one example of a recent engagement, the Field Application Systems Technology project (FAST) have engaged business sectors through a working group to ensure planned changes, upgrades and fallback plans meet their expectations in consideration of electoral event responsibilities. The Web Enablement (Portal) project has recently defined their governance structure which will be used to engage business owners on an on-going basis. In addition, the 2 key Communications tools which have been recently developed ITR Key Messages and an ITR101 presentation will be important vehicles in presenting the project and its deliverables to stakeholders. We plan to undertake an activity to explain the components of ITR and engage business areas to help them plan for the use of ITR deliverables by October 2009, with additional presentations on an on-going basis. 22 Audit of the IT Renewal Integrated Program Office

23 Management of Organizational Development ITR is tasked with inculcating new processes as well as the infrastructure that will support Elections Canada business in the future. On the IT side, the organization has limited capacity with regards to permanent employees. The Information Technology Directorate (ITD) has a high ratio of contractors to employees and this has been the accepted way of doing IT business at Elections Canada ITR management has attempted to staff as many permanent positions as possible to retain knowledge in the organization. IPO resources were intended to mentor other staff on project management techniques. This is not working as well as intended at this point, partly because of problems in staffing IPO positions and partly because of the pressures of getting the project up and running. On the business side, the business representatives indicated that an overall vision for what ITR will enable has not been developed. This visioning process has been adversely affected by other business priorities and the fact that the ITR / business interface requires more work. The CIO indicated that this work is both necessary and anticipated, but also needs a common vocabulary so that both technologists and business specialists can understand each other. IT Renewal is the largest project that Elections Canada has attempted. There is a risk that the organization will not properly evolve to best use the new IT infrastructure and services. Organization change management is required for such a large project. Recommendation 6. It is recommended that the IPO identifies the required organizational changes needed to properly use and support the new IT architecture and services when they will be established. Management Action Plan Responsible Position : CIO We agree with the recommendation. There are significant challenges involved in moving away from the general contractor model, and in the short term we do not believe we will have any flexibility to do so, given the resource constraints on the organization. We will continue over time to add additional resources, but this will be a long term process and will probably only marginally lower our reliance on contracted resources. However, we did recognize this as a risk two (2) years ago and attempted to mitigate by planning for twenty-seven (27) new positions that would be required because of IT Renewal. Since then we have managed to acquire fifteen (15) of these positions and this has resulted in the core of the Technology Planning and Special Projects group acquiring some indeterminate resources. An Organizational Change Manager has now been retained to assist in defining opportunities to make organizational adjustments. As well, the recent establishment of the Architecture and 4. Observations and Recommendations 23

24 Standards Board (ASB) will be a forum to ensure consistent technical architecture and standards are developed and maintained. IT Management will continue to assess and update skill requirements including overall resource capacity and we are planning to participate in the Agency s upcoming A-Base review as well as any future TB HR submission to add required positions. 4.3 Project Management Project Organization and Structure The project management structure has been established. It has been changing dynamically as management reacts to the complexity of the project. The organization of the project was recently changed to transfer the responsibility for some functions from the IT Renewal initiative to other IT Directors. The CIO had identified the concerns of IT employees who saw changes being made without their involvement to the IT environment that they would eventually have to maintain. Standard project documentation for IM/IT is new to EC and work is ongoing to institutionalize it. Policies and standard forms and templates for all documentation were created and most have been reviewed and formally approved. For example, a manual of all templates and policies that have been approved is given to all new employees and contractors. In addition, a standard document storage system has been set up on the corporate shared drive. Project documentation exists and a standard format has been established for such deliverables. IPO staff understands that formal documentation is important and are enforcing requirements. The CIO has initiated a risk mitigation strategy that is realized by the use of the general contractor approach rather than the prime integrator approach. This approach gives the organization more control over how a project is carried out, but the start-up can be more difficult. The organization benefits from greater flexibility in planning, resourcing, scheduling and retaining technical and business knowledge in the organization. Contractors for the IPO have been specifically hired for their expertise. Elections Canada has had difficulty recruiting contractors through the competitive process which is very time consuming. In addition, accommodation for needed staff is a serious constraint on the project. The recently established Request for Proposal Supply Arrangement has helped the situation. The hiring of consultants, who are specialists in procurement to help evaluate bids, has sped up the process. A review of segregation of duties and assignment of financial signing authorities demonstrated that the IPO management is correctly applying the rules for contracting and financial approvals. Positions with these responsibilities are staffed by Elections Canada employees who have completed the required training courses to be delegated signing authorities and the delegations provide for segregation of duties. 24 Audit of the IT Renewal Integrated Program Office

25 Many of the contractors are in senior positions. One of the results is that there are contractors supervising contractors and groups of contractors have been transferred to different Elections Canada managers other than the managers who hired them. Using contractors increases the risk that the agency could lose key corporate knowledge with their departure. Recommendation 7. It is recommended that, before the contractors leave the project, efforts are made to capture lessons learned. Management Action Plan Responsible Position : Director, IT Renewal We accept the recommendation. The Project Team is now using standard templates for development of all deliverables and we have implemented a more frequent series of project walkthroughs which we expect will help ensure contractors pass on their knowledge on an on-going basis to team members. In addition, we will implement a formal process of debriefing, including the capturing of lessons learned, as part of our contract close out procedures. This new process will be in place by August Development Process The development process involves setting up software development and acquisition standards. These standards normally include how business solution designs are developed and approved, monitoring how the product is developed according to the accepted design, ensuring that documentation standards are being met, and ensuring the overall quality of the business solution. It is too early to measure these standards. The development process should be reviewed later once it is in operation. Standard documentation in the area of implementation and fallback plan is not completed. None of the projects has produced implementation or fallback plans for approval. Implementation and fallback plans are important to ensure the continuity of the operation. As an example of risk that might need a fallback plan, the centralized proposed infrastructure called for high-speed Internet to be the standard but it is not available in all areas of the country. Implementation and fallback plans are needed for each stage of the ITR project. This will become even more important as the projects get more complex and dependencies increase. 4. Observations and Recommendations 25

26 Recommendation 8. It is recommended that appropriate implementation and fallback plans are developed for IT Renewal. Management Action Plan Responsible Position: Director, IT Renewal. We accept this recommendation. The overall approach, which we have used, will be to maintain and operate existing systems, then transition over time to the new systems; as a fallback plan the old systems will remain and will eventually be decommissioned when the new systems are fully tested and stable. Customized and gated project management processes have been applied to each of the IT Renewal projects. This improves management and risk associated with projects as they move from phase to phase commensurate with the Master Integrated Schedule. These measures will reduce integration risk, ensure management attention and approval when projects transition between phases, will support decision making at that the board level, and enhance reporting. Each of the ITR streams, or projects, have applied thorough scope management. These plans will contain specific deliverables for implementation and fall back plans to ensure business continuity, a key goal and benefit of IT Renewal. While not all projects within IT Renewal require a fallback plan, those impacting operational delivery will have a formal plan developed by October 2009, which can be monitored at the Program and ITR Program Board level. Project Control Processes Project control processes should be set up to ensure that all project activity has the appropriate management oversight, and can deliver the anticipated product with minimum risk. These processes normally include managing resources, achievements, issues, problems, risks and changes. In some cases, it is too early to measure these standards. Approved Integrated Project Plan An approved Integrated Master Schedule for Phase 1A exists. The schedule is complex with many interdependencies. This is a far more complex project than Elections Canada has ever attempted before. Because of the unexpected election of October 2008 there has been approximately three months of slippage in some areas due to the lack of user availability. The team will walk through the new schedule and try to ensure that all dependencies are recognized and all elements are represented. 26 Audit of the IT Renewal Integrated Program Office

27 Financial Control IT Renewal is a complex multi-year project. There is a need to ensure that proper financial controls are in place to plan and monitor each part of the project, as well as the overall multi-year cost of the IT Renewal project. It was noted that it was difficult to obtain a complete and clear financial report of the current status of the project versus the amount approved for it. Managers, senior management, and committees are not receiving clear financial reports on IT Renewal. Expenditures are not coded in a consistent way that would enable various roll-up reports of the overall project. Without complete, accurate, and timely financial information, it is difficult for management to properly monitor the progress and make decisions supported by complete financial information. Funding is gated and approved by phases. It is also important to be able to monitor the actual costs of the activities that were approved. Recommendation 9. It is recommended that all costs relevant to IT Renewal be reflected in the corporate financial reports in a way that provides information on the current status of the overall project and approved phases, to assist in the planning, monitoring and decision making process. Management Action Plan Responsible Position : Director, IT Renewal. We agree with this recommendation and will be meeting with officials in the finance group to ensure our coding structure will allow appropriate roll-up and reporting at the overall Program level. It is expected these improvements will be implemented for the end of the first fiscal quarter, June 30th Project Change Control A policy has been developed for Change Management within the development process and there is a Change Management form. This process is new and it was too early in the audit to assess this process. Quality Assurance There is a Quality Management Plan. It describes the activities required to ensure that program and project products and services (including process documentation, systems documentation, software and hardware) are correct and to ensure that the program s defined project management, development, and service processes are applied. This document outlines the strategy, approach and plans for ensuring program quality. This process is new and there is not enough evidence of application to assess the process. 4. Observations and Recommendations 27

28 Project Risk Management According to the Risk Assessment Plan, a threat situation is assessed, assigned a severity code and then recorded in the Risk Log. Once recorded, the threat situation is managed as a risk to the project. This process is new and the IPO staff is working to gain its acceptance. The information flows that result in managers providing the same information to several people should be reviewed and streamlined. Key personnel should be aware of what other processes are affected by any changes they receive and they should proactively notify the appropriate people. As this project gets more complex, risk management will become more critical. Recommendation 10. It is recommended that the IPO ensures that the risk management process is fully implemented and operational. Management Action Plan Responsible Position: Director, IT Renewal. We agree with the recommendation. The ITR Program Office has in place a stringent process and procedure for managing risk across the program that is a Risk Management System. In September 2008, a risk consultant was hired who facilitated and produced the ITR Program Risk Level Assessment. The Program has a Risk Manager assigned to work with each project on risk, and manage the existing risk plan and the risk log. Formal risk management takes place during Project status meetings on a bi-weekly basis and during a formal monthly risk management meeting. Mitigation plans for high severity risks are tracked in the integrated master schedule. These are now presented at the ITR Program Board, and the ITR Executive Dashboard contains a risk component. The role of the Program Office also includes provision and education and support to ensure new projects managers understand and adopt the required Program risk management processes. We believe risk management processes are critical and need to be continually improved, however we believe we have already acted on this recommendation, as of March 31, Project Performance Measurement, Monitoring and Reporting There is an outcomes and performance measurement position in the plan which will implement a dashboard and other performance metrics and develop a plan for measuring benefits as outlined in the business case. This process is new and outcomes measures are not yet defined. IPO Problem Management There is an issue management procedure that outlines how to register an issue, how it should be logged, escalation and follow-up procedures and the decision making process. Issue logs are kept and reviewed at the project level and discussed at the working committees. 28 Audit of the IT Renewal Integrated Program Office

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Internal Audit. Audit of HRIS: A Human Resources Management Enabler Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4

More information

Final Report. Audit of the Project Management Framework. December 2014

Final Report. Audit of the Project Management Framework. December 2014 Final Report Audit of the Project Management Framework December 2014 Audit of the Project Management Framework Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011 North Carolina Procurement Transformation Governance Model March 11, 2011 Executive Summary Design Approach Process Governance Model Overview Recommended Governance Structure Recommended Governance Processes

More information

Audit of Project Management Governance. Audit Report

Audit of Project Management Governance. Audit Report Audit of Project Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 3 What we examined... 3 Why it is important... 3 What we found... 3 Background... 5 Objective... 6

More information

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management OFFICE OF THE PRIVACY COMMISSIONER OF CANADA Audit of Human Resource Management May 13, 2010 Prepared by the Centre for Public Management Inc. TABLE OF CONTENTS 1.0 Executive Summary... 2 2.0 Background...

More information

Audit of Financial Management Governance. Audit Report

Audit of Financial Management Governance. Audit Report Audit of Financial Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 2 What we examined... 2 Why it is important... 2 What we found... 2 Background... 4 Objective...

More information

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette

More information

Information Technology Project Oversight Framework

Information Technology Project Oversight Framework i This Page Intentionally Left Blank i Table of Contents SECTION 1: INTRODUCTION AND OVERVIEW...1 SECTION 2: PROJECT CLASSIFICATION FOR OVERSIGHT...7 SECTION 3: DEPARTMENT PROJECT MANAGEMENT REQUIREMENTS...11

More information

Health Information Management Module. Annual Review. Internal Audit Branch 378-1-233. Approved by Audit Committee

Health Information Management Module. Annual Review. Internal Audit Branch 378-1-233. Approved by Audit Committee Health Information Management Module Annual Review Internal Audit Branch 378-1-233 Approved by Audit Committee September 25 th, 2007 Table of Contents Executive Summary... i 1.0 Background...1 2.0 Objective

More information

Audit of IT Asset Management Report

Audit of IT Asset Management Report Audit of IT Asset Management Report Recommended by the Departmental Audit Committee for approval by the President on Approved by the President on September 4, 2012 e-doc : 3854899 1 Table of Contents EXECUTIVE

More information

Status Report of the Auditor General of Canada to the House of Commons

Status Report of the Auditor General of Canada to the House of Commons 2011 Status Report of the Auditor General of Canada to the House of Commons Chapter 1 Financial Management and Control and Risk Management Office of the Auditor General of Canada The 2011 Status Report

More information

Audit of the Management of Projects within Employment and Social Development Canada

Audit of the Management of Projects within Employment and Social Development Canada Unclassified Internal Audit Services Branch Audit of the Management of Projects within Employment and Social Development Canada February 2014 SP-607-03-14E Internal Audit Services Branch (IASB) You can

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

September 2005 Report No. 06-009

September 2005 Report No. 06-009 An Audit Report on The Health and Human Services Commission s Consolidation of Administrative Support Functions Report No. 06-009 John Keel, CPA State Auditor An Audit Report on The Health and Human Services

More information

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada Final Audit Report Audit of the Human Resources Management Information System December 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective...

More information

MINNESOTA STATE POLICY

MINNESOTA STATE POLICY Version: 2.00 Approved Date: 02/24/2012 Approval: Signature on file MINNESOTA STATE POLICY From the Office of Carolyn Parnell Chief Information Officer, State of Minnesota IT Project Portfolio Data Management

More information

State of Minnesota IT Governance Framework

State of Minnesota IT Governance Framework State of Minnesota IT Governance Framework June 2012 Table of Contents Table of Contents... 2 Introduction... 4 IT Governance Overview... 4 Process for Developing the New Framework... 4 Management of the

More information

The growing importance of EPMO (Enterprise Project Management Office) in today s organizations

The growing importance of EPMO (Enterprise Project Management Office) in today s organizations The growing importance of EPMO (Enterprise Project Management Office) in today s organizations Abstract: This paper discusses the growing importance of Enterprise PMO in organizations. The paper highlights

More information

Audit of Procurement Practices

Audit of Procurement Practices Audit Report Audit of Procurement Practices Audit and Evaluation Directorate April 2014 TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 INTRODUCTION... 5 Background... 5 Risk Assessment... 5 Objective and Criteria...

More information

Project Governance Plan Next Generation 9-1-1 Project Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1)

Project Governance Plan Next Generation 9-1-1 Project Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1) Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1) Date: October 1, 2014 Version: 3.1 DOCUMENT REVISION HISTORY Version Date Changes Updated By 0.1 02/13/014 Initial

More information

IT Infrastructure Audit

IT Infrastructure Audit IT Infrastructure Audit Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate June 2011 Cette publication est également disponible en français. This publication is

More information

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall

More information

2007 Follow-Up Report on the Audit of Information Technology January 2005

2007 Follow-Up Report on the Audit of Information Technology January 2005 2007 Follow-Up Report on the Audit of Information Technology January 2005 Natural Sciences & Engineering Research Council of Canada & Social Sciences & Humanities Research Council of Canada October 2007

More information

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services Office of the Superintendent of Financial Institutions Internal Audit on Corporate Services: Security and Administrative Services April 2014 Table of Contents 1. Background... 3 2. Audit Objective, Scope

More information

Audit of the Data Center Consolidation Initiative at NARA. OIG Draft Audit Report No. 12-09. May 10, 2012

Audit of the Data Center Consolidation Initiative at NARA. OIG Draft Audit Report No. 12-09. May 10, 2012 Audit of the Data Center Consolidation Initiative at NARA OIG Draft Audit Report No. 12-09 May 10, 2012 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit

More information

Sound Transit Internal Audit Report - No. 2014-3

Sound Transit Internal Audit Report - No. 2014-3 Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

Courts Administration Service (CAS) Audit of Integrated Risk Management

Courts Administration Service (CAS) Audit of Integrated Risk Management Courts Administration Service (CAS) Audit of Integrated Risk Management Original signed by JULY 21, 2015 MR. DANIEL GOSSELIN CHIEF ADMINISTRATOR DATE TABLE OF CONTENTS 1 EXECUTIVE SUMMARY... 3 1.1 Background...

More information

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview 1/1 Table of Contents 1. Introduction...3 2. Executive Summary...4 3. Program Definition...5 3.1. Program

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Economic Development Programs. Prepared by:

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Economic Development Programs. Prepared by: Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Economic Development Programs Prepared by: Audit and Assurance Services Branch Project No. 13-44 February 2014 TABLE OF

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

MEMORANDUM FOR CHIEF FINANCIAL OFFICERS. Update on the Financial Management Line of Business and the Financial Systems Integration Office

MEMORANDUM FOR CHIEF FINANCIAL OFFICERS. Update on the Financial Management Line of Business and the Financial Systems Integration Office EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 December 16, 2005 MEMORANDUM FOR CHIEF FINANCIAL OFFICERS FROM: SUBJECT: Linda M. Combs, Controller Update on the

More information

Office of the Chief Information Officer

Office of the Chief Information Officer Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Water and Wastewater Infrastructure Prepared by: Audit and Assurance Services Branch Project # 12-10 February 2013 TABLE

More information

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY

More information

Audit of Contracting Processes

Audit of Contracting Processes Audit of Contracting Processes Recommended by the Audit Committee for approval by the President on Approved by the President on June 5, 2013 1 Table of Contents Executive Summary....1 1. Introduction...3

More information

Audit of Integrated Human Resources Planning

Audit of Integrated Human Resources Planning Audit of Integrated Human Resources Planning Office of Audit and Evaluation Final Report January 2012 The AAFC Audit Committee recommended this audit report for approval by the Deputy Minister on January

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report

Aboriginal Affairs and Northern Development Canada. Internal Audit Report Aboriginal Affairs and Northern Development Canada Internal Audit Report Management Practices Audit of the Human Resources and Workplace Services Branch Prepared by: Audit and Assurance Services Branch

More information

Using PRINCE2 and MSP Together

Using PRINCE2 and MSP Together Using PRINCE2 and MSP Together Andy Murray, Director, Outperform White Paper October 2010 2 Using PRINCE2 and MSP Together Contents 1 Purpose of this White Paper 3 2 Project and programme management context

More information

Financial and Cash Management Task Force. Strategic Business Plan

Financial and Cash Management Task Force. Strategic Business Plan Financial and Cash Management Task Force January 30, 2009 Table Of Contents 1 Executive Summary... 4 2 Introduction... 6 2.1 External Reports on Project Aspire... 7 2.1.1 Council on Efficient Government

More information

Audit of Departmental Performance Measurement

Audit of Departmental Performance Measurement Audit of Departmental Performance Measurement WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch February 2012 Table of Contents 1.0 Executive Summary 1 2.0 Statement of Assurance 1 3.0

More information

GAO DATA CENTER CONSOLIDATION. Strengthened Oversight Needed to Achieve Cost Savings Goal. Report to Congressional Requesters

GAO DATA CENTER CONSOLIDATION. Strengthened Oversight Needed to Achieve Cost Savings Goal. Report to Congressional Requesters GAO United States Government Accountability Office Report to Congressional Requesters April 2013 DATA CENTER CONSOLIDATION Strengthened Oversight Needed to Achieve Cost Savings Goal GAO-13-378 April 2013

More information

Audit of Contract Management Practices in the Common Administrative Services Directorate (CASD)

Audit of Contract Management Practices in the Common Administrative Services Directorate (CASD) Audit of Contract Management Practices in the Common Administrative Services Directorate (CASD) AUDIT REPORT Prepared for NSERC (Natural Sciences and Engineering Research Council) and SSHRC (Social Science

More information

Role and Skill Descriptions. For An ITIL Implementation Project

Role and Skill Descriptions. For An ITIL Implementation Project Role and Skill Descriptions For An ITIL Implementation Project The following skill traits were identified as fairly typical of those needed to execute many of the key activities identified: Customer Relationship

More information

Information Technology Governance Overview and Charter

Information Technology Governance Overview and Charter Information Technology Governance Overview and Charter Prepared by: Project #: Date submitted Document version: IT Governance Charter v03.05.2012 1.0 48.0 - Page 1 of 34 Document History Version Date Author

More information

Final Report. 2013-709 Audit of Vendor Performance and Corrective Measures. September 18, 2014. Office of Audit and Evaluation

Final Report. 2013-709 Audit of Vendor Performance and Corrective Measures. September 18, 2014. Office of Audit and Evaluation 2013-709 Audit of Vendor Performance and Corrective Measures September 18, 2014 Office of Audit and Evaluation TABLE OF CONTENTS MAIN POINTS... i INTRODUCTION... 1 FOCUS OF THE AUDIT... 7 STATEMENT OF

More information

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL. Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms

More information

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)

More information

Major IT Projects: Continue Expanding Oversight and Strengthen Accountability

Major IT Projects: Continue Expanding Oversight and Strengthen Accountability Secretary of State Audit Report Jeanne P. Atkins, Secretary of State Gary Blackmer, Director, Audits Division Major IT Projects: Continue Expanding Oversight and Strengthen Accountability Summary Information

More information

A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER

A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER Alan G. Hevesi COMPTROLLER NEW YORK CITY SCHOOL CONSTRUCTION AUTHORITY IMPLEMENTATION OF THE ENTERPRISE RESOURCE PLANNING SYSTEM 2002-N-6

More information

Introduction to the ITS Project Management Methodology

Introduction to the ITS Project Management Methodology Introduction to the ITS Project Management Methodology In September 1999 the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER) produced a report entitled Major Computer

More information

INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation

INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation Treasury Board Secretariat: Mel Thompson : Catherine Ella, P Eng, PMP Speakers Mel Thompson is the Principal Analyst

More information

The State of North Dakota. proudly submits to the NASCIO Awards Committee. Governor s Office Executive Order 2011-20

The State of North Dakota. proudly submits to the NASCIO Awards Committee. Governor s Office Executive Order 2011-20 The State of North Dakota proudly submits to the NASCIO Awards Committee Governor s Office Executive Order 2011-20 in the Enterprise IT Management Initiatives category B. Executive Summary One of the strengths

More information

Industry Services Quality Management System

Industry Services Quality Management System Industry Services Quality Management System Canadian Grain Commission Audit & Evaluation Services Final report March, 2012 Table of contents 1.0 Executive summary...2 Authority for audit... 2 Background...

More information

CITY OF VAUGHAN EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 17, 2015

CITY OF VAUGHAN EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 17, 2015 EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 17, 2015 Item 3, Report No. 5, of the Finance, Administration and Audit Committee, which was adopted without amendment by the Council of the City of Vaughan

More information

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review October 2013 The purpose of this document is to share lessons learned to support agencies to better identify

More information

Appendix A-2 Generic Job Titles for respective categories

Appendix A-2 Generic Job Titles for respective categories Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide

More information

ADVISORY MEMORANDUM REPORT ON DEVELOPMENT OF THE LOAN MONITORING SYSTEM ADVISORY REPORT NUMBER A1-03 FEBRUARY 23, 2001

ADVISORY MEMORANDUM REPORT ON DEVELOPMENT OF THE LOAN MONITORING SYSTEM ADVISORY REPORT NUMBER A1-03 FEBRUARY 23, 2001 ADVISORY MEMORANDUM REPORT ON DEVELOPMENT OF THE LOAN MONITORING SYSTEM ADVISORY REPORT NUMBER A1-03 FEBRUARY 23, 2001 This report may contain proprietary information subject to the provisions of 18 USC

More information

Contract and Vendor Management Guide

Contract and Vendor Management Guide Contents 1. Guidelines for managing contracts and vendors... 2 1.1. Purpose and scope... 2 1.2. Introduction... 2 2. Contract and Vendor Management 2.1. Levels of management/segmentation... 3 2.2. Supplier

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Office of the Superintendent of Financial Institutions. Internal Audit Report on Regulation Sector: Private Pension Plans Division

Office of the Superintendent of Financial Institutions. Internal Audit Report on Regulation Sector: Private Pension Plans Division Office of the Superintendent of Financial Institutions Internal Audit Report on Regulation Sector: Private Pension Plans Division Table of Contents 1. Background... 3 2. Audit Objective, Scope and Approach...

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

The overall aim for this project is To improve the way that the University currently manages its research publications data

The overall aim for this project is To improve the way that the University currently manages its research publications data Project Plan Overview of Project 1. Background The I-WIRE project will develop a workflow and toolset, integrated into a portal environment, for the submission, indexing, and re-purposing of research outputs

More information

OE PROJECT CHARTER TEMPLATE

OE PROJECT CHARTER TEMPLATE PROJECT : PREPARED BY: DATE (MM/DD/YYYY): Project Name Typically the Project Manager Project Charter Last Modified Date PROJECT CHARTER VERSION HISTORY VERSION DATE (MM/DD/YYYY) COMMENTS (DRAFT, SIGNED,

More information

CalPERS Budget Policy

CalPERS Budget Policy California Public Employees Retirement System Agenda Item 6a Attachment 2 Page 1 of 6 CalPERS Budget Policy Purpose This document sets forth the budget policy (Policy) to ensure CalPERS budgeting practices

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Department of Human Resources

Department of Human Resources Workforce Services Workforce Policy and Planning Department Management/ Human Resource Information Systems Employee Relations Employment Compensation and Workforce Analysis Employee Benefits Organizational

More information

CIVIL SERVICE COMMISSION STRATEGIC FRAMEWORK 2012-2016

CIVIL SERVICE COMMISSION STRATEGIC FRAMEWORK 2012-2016 CIVIL SERVICE COMMISSION STRATEGIC FRAMEWORK 2012-2016 THE CIVIL SERVICE COMMISSION We are established by statute to provide assurance that civil servants are selected on merit on the basis of fair and

More information

Understand why, when and how-to to formally close a project

Understand why, when and how-to to formally close a project Project Closure Purpose: Understand why, when and how-to to formally close a project Audience: Project managers, project sponsors, team members and other key stakeholders Learning Objectives: Describe

More information

U.S. Department of Education Federal Student Aid

U.S. Department of Education Federal Student Aid U.S. Department of Education Federal Student Aid Lifecycle Management Methodology Stage Gate Review Process Description Version 1.3 06/30/2015 Final DOCUMENT NUMBER: FSA_TOQA_PROC_STGRW.NA_001 Lifecycle

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

Audit of Mobile Telecommunication Devices

Audit of Mobile Telecommunication Devices Recommended by the Departmental Audit Committee for approval by the President on September 12, 2012 Approved by the CNSC President on November 13, 2012 e-doc: 3927102 Table of Contents Executive Summary...

More information

ITIL Roles Descriptions

ITIL Roles Descriptions ITIL Roles s Role Process Liaison Incident Analyst Operations Assurance Analyst Infrastructure Solution Architect Problem Manager Problem Owner Change Manager Change Owner CAB Member Release Analyst Test

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS AND EVALUATIONS Department of Veterans Affairs Audit of Office of Information Technology s Strategic Human Capital Management October 29, 2012 11-00324-20

More information

Minnesota Health Insurance Exchange (MNHIX)

Minnesota Health Insurance Exchange (MNHIX) Minnesota Health Insurance Exchange (MNHIX) 1.2 Plan September 21st, 2012 Version: FINAL v.1.0 11/9/2012 2:58 PM Page 1 of 87 T A B L E O F C O N T E N T S 1 Introduction to the Plan... 12 2 Integration

More information

Department of Administration Portfolio Management System 1.3 June 30, 2010

Department of Administration Portfolio Management System 1.3 June 30, 2010 E 06/ 30/ 2010 EX AM PL 1. 3 06/ 28/ 2010 06/ 24/ 2010 06/ 23/ 2010 06/ 15/ 2010 06/ 18/ 2010 Portfolio System 1.3 June 30, 2010 Contents Section 1. Project Overview... 1 1.1 Project Description... 1 1.2

More information

GOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW

GOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW GOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW October 2010 Closing the Gap Between Vision and Reality: Strengthening Accountability, Adaptability and Continuous Improvement in Alberta s Child

More information

<name of project> Software Project Management Plan

<name of project> Software Project Management Plan The document in this file is adapted from the IEEE standards for Software Project Management Plans, 1058-1998, which conforms to the requirements of ISO standard 12207 Software Life Cycle Processes. Tailor

More information

Business Plan 2014-2015

Business Plan 2014-2015 Business Plan 2014-2015 Table of Contents RHRA Corporate Overview Profile 1 Vision, Mission, Mandate and Values 1 Strategic Priorities and Business Planning Overview 2 Fiscal Year 2014-15 Activities and

More information

The City of Calgary, 2009 PSC Operational Review Final Report

The City of Calgary, 2009 PSC Operational Review Final Report 1. The City of Calgary, 2009 PSC Operational Review Final Report Prepared by Framework Partners Inc. & Emergency Services Consulting International April 20, 2010 Table of Contents Executive Summary...

More information

Business Logistics Specialist Position Description

Business Logistics Specialist Position Description Specialist Position Description March 23, 2015 MIT Specialist Position Description March 23, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level

More information

PRIVY COUNCIL OFFICE. Audit of Compensation (Pay and Benefits) Final Report

PRIVY COUNCIL OFFICE. Audit of Compensation (Pay and Benefits) Final Report PRIVY COUNCIL OFFICE Audit of Compensation (Pay and Benefits) Audit and Evaluation Division Final Report February 4, 2011 Table of Contents Executive Summary... i Statement of Assurance...iii 1.0 Introduction...

More information

Position Summary Goals and Worker Activities 40% A. Manage the Data Center Planning and Operations Section.

Position Summary Goals and Worker Activities 40% A. Manage the Data Center Planning and Operations Section. Position Description Department of Administration, Division of Enterprise Technology Management Information Chief - 13530 Data Center Planning and Operations Section Chief Bureau of Infrastructure Support

More information

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit Consumer Financial Protection Bureau September 2012 September 28, 2012 MEMORANDUM TO: FROM: SUBJECT:

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

IT Service Management. The Role of Service Request Management

IT Service Management. The Role of Service Request Management RL Consulting IT Service Management The Role of Service Request Management Prepared by: Rick Leopoldi June 1, 2007 Copyright 2001-2007. All rights reserved. Duplication of this document or extraction of

More information

Trust Board Report. Review of the effectiveness of the IM&T Committee

Trust Board Report. Review of the effectiveness of the IM&T Committee 1. Introduction Trust Board Report Review of the effectiveness of the The meets every eight weeks, with a specific responsibility for governance, strategic direction, approval and direction of developments

More information

IT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness

IT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness AUDITOR GENERAL S REPORT ACTION REQUIRED IT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness Date: September 18, 2013 To: From: Wards: Audit Committee Auditor General All Reference

More information

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL AUDIT SERVICES June 30, 2016 Control Number ED-OIG/A04O0014 James W. Runcie Chief Operating Officer Federal Student Aid U.S. Department

More information

Oversight of Information Technology Projects. Information Technology Audit

Oversight of Information Technology Projects. Information Technology Audit O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Oversight of Information Technology Projects Information Technology Audit May 29, 2009 Report 09-19 FINANCIAL

More information

NCBS HUMAN RESOURCES EXPERT COACH TERMS OF REFERENCE. National Capacity Building Secretariat. 2. BTC Change co-manager. Signature.

NCBS HUMAN RESOURCES EXPERT COACH TERMS OF REFERENCE. National Capacity Building Secretariat. 2. BTC Change co-manager. Signature. NCBS HUMAN RESOURCES EXPERT COACH TERMS OF REFERENCE Position Type Organization Partner organization Duration Type of contract Human Resources Expert Coach Consultancy contract National Capacity Building

More information

December 2014 Report No. 15-017. An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission

December 2014 Report No. 15-017. An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission John Keel, CPA State Auditor An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission Report No. 15-017 An Audit Report on The Telecommunications

More information

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process Department of Homeland Security Office of Inspector General Review of U.S. Coast Guard Enterprise Architecture Implementation Process OIG-09-93 July 2009 Contents/Abbreviations Executive Summary...1 Background...2

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

Financial transactions sometimes lacked proper signing authorities;

Financial transactions sometimes lacked proper signing authorities; STRENGTHENING FINANCIAL MANAGEMENT IN THE GOVERNMENT OF NUNAVUT DEPARTMENT OF FINANCE MARCH 2007 Introduction For a number of years the Auditor General of Canada has commented on the need for improved

More information

Office of Audits and Evaluations Report No. AUD-13-007. The FDIC s Controls over Business Unit- Led Application Development Activities

Office of Audits and Evaluations Report No. AUD-13-007. The FDIC s Controls over Business Unit- Led Application Development Activities Office of Audits and Evaluations Report No. AUD-13-007 The FDIC s Controls over Business Unit- Led Application Development Activities September 2013 Executive Summary The FDIC s Controls over Business

More information

System/Data Requirements Definition Analysis and Design

System/Data Requirements Definition Analysis and Design EXECUTIVE SUMMARY This document provides an overview of the Systems Development Life-Cycle (SDLC) process of the U.S. House of Representatives. The SDLC process consists of seven tailored phases that help

More information