FINAL INTERNAL AUDIT REPORT. To: Steve Allen Managing Director, Finance. Project Document Control and Management Systems. (Conclusion: Audit Closed)

Transcription

1 FINAL INTERNAL AUDIT REPORT To: Steve Allen Managing Director, Finance Project Document Control and Management Systems (Conclusion: Audit Closed) Ref: 20 September 2013 Fieldwork started 11 July 2013 Fieldwork completed 9 September 2013 Draft report issued 19 September 2013 Clive Walker Director of Internal Audit TfL RESTRICTED

2 TfL RESTRICTED Page 2

3 CONTENTS SECTION PAGE DISTRIBUTION LIST 4 EXECUTIVE SUMMARY 5 STATUS OF AGREED ACTIONS 7 TfL RESTRICTED Page 3

4 DISTRIBUTION LIST This report was sent to Steve Allen, Managing Director, Finance, by Clive Walker, Director of Internal Audit, and copied to: Eastaugh Richard Flanders Steve Townsend Simon Trowbridge Wayne Fitzgerald Philip Hewson Andrew Quincey Sarah Atkins Richard Bevins Patrice Whyte Nigel Blore Andrea Clarke David Goldstone Howard Carter Robert Brent Head of TfL PMO, LU Head of Central Finance & Planning, LU Chief Information Officer, Finance Director of Projects and Programmes, TfL IM Senior Quality, Assurance & Risk Analyst Head of Commercial ICT, Group Procurement Director, Commercial, Group Procurement, Finance Commercial Director, Rail & Underground Head of Information Governance, General Counsel as Key Risk Representative Head of Group Insurance Director of TfL Legal Chief Finance Officer General Counsel KPMG TfL RESTRICTED Page 4

5 EXECUTIVE SUMMARY Objective In the absence of a single consistent document management process or framework, TfL was vulnerable to the risk of losing valuable information and knowledge. The audit reviewed the document management systems and processes for project management documents held by TfL, including use of collaborative software, in order to ensure that the governance, processes and controls were adequate for supporting projects to complete on time, and within budget. Document management systems and controls are also vital in supporting effective contract management for delivery of objectives. Scope The audit covered the following areas: Organisation and governance of project document management controls and systems The procurement of document management systems The existence of and compliance with document management processes Security, archiving and retrieval of project documents Classification systems Summary of findings Our Interim Audit Report d 6 January 2012 entitled Project Document Control and Management Systems identified six significant issues resulting in twelve management actions: There was no overall strategy, policy and ownership of document management in TfL. Although Information Governance is for ensuring that TfL complies with legal, regulatory and best practice requirements which apply to the management of information and records, each Project Management Office (PMO) has its own project management methodology, and there is no process in place to provide such assurance. No central contract or framework agreement was in place for the procurement of document management systems in TfL. Consequently TfL cannot be assured that it is getting value for money from its suppliers. The purchase and ongoing costs for document management systems was not transparent due to the way in which such systems are procured. TfL RESTRICTED Page 5

6 As a result of TfL not having an enterprise wide document management system in place, business units were using a number of different, incompatible document management systems for project work, some of which are no longer supported by TfL IM. No clear processes were in place regarding ongoing responsibility for, authorised access to, and maintenance of data held on document management systems, once project teams have disbanded at project close. As existing document management systems no longer receive support from TfL IM, SharePoint was increasingly being promoted by TfL IM as the document management system of choice. However, it was not clear whether SharePoint is actually a suitable replacement system for TfL projects because of its limitations, such as its inability to store CAD drawings and poor integration. We have now completed a follow-up audit which has confirmed that all the management actions have been satisfactorily addressed. This audit is now closed. TfL RESTRICTED Page 6

7 STATUS OF AGREED ACTIONS 1. New project management methodology will be in place across all areas of the business. Part of that Project Management Framework will specify minimum document management standards across all TfL projects. Eastaugh March 2013 New project management methodology has been launched as Pathway and is being actively promoted by PMO across the whole of TfL. This includes a number of roadshows, internal press releases and the publication of the Pathway Handbooks. Minimum document management standards are included in the Pathway Handbook Manage the Project, Programme or Delivery Portfolio. TfL RESTRICTED Page 7

8 2. The PMO will work in collaboration with Information Governance to develop the minimum project document management standard which will be incorporated into the Project Management Framework. These standards will be consistent with TfL s existing Information and Records Management policy and strategy. Richard Bevins March 2013 The Pathway Handbook Manage the Project, Programme or Delivery Portfolio includes standards for retention of documents and security standards. In addition Reference Document RO594 Document Management for Pathway references Requirement for Disposal of Hard Copies and Naming Standards. 3. Access to project document management standards will be provided via the Project Management Framework SharePoint portal to facilitate communication to project teams. March 2013 Pathway SharePoint site has been launched and widely publicised on Source. TfL RESTRICTED Page 8

9 4. In consultation with the Head of TfL PMO, Information Governance will ensure that mechanisms are in place to support project teams in complying with associated legal, regulatory, and best practice requirements regarding information governance. Richard Bevins/ Eastaugh December 2012 Pathway file plan will provide consistency in naming and filing of documents across projects thereby safeguarding documents that may be needed to make or defend claims. It also assists in dealing with FOI inquiries. Pathway provides guidance on compliance with DPA requirements. There are also a number of actions taken to promote best practice in information governance. These include configuration of Livelink to automatically flag documents for review after 7 years and for deletion after 10 years. There is also guidance available for security classification, e- mail use, version control and document scanning. TfL RESTRICTED Page 9

10 5. The new Project Management methodology will advise project teams use the TfL Enterprise EDRMS procurement framework to ensure an integrated approach is used to manage project documentation. Steve Townsend/ Carole Barlow/ Philip Hewson March 2013 Pathway Methodology includes instructions for selecting appropriate Document Management System. 6. Through the new project management methodology, the Head of TfL PMO will make recommendations to project teams in respect of individual projects, to ensure that resources for document control are assessed to enable TfL to efficiently and effectively manage document control across project teams. This will be set out in the Project Management Framework. Eastaugh March 2013 The Document Control Checklist provides guidance on resource allocation for document control in projects. 7. TfL IM in collaboration with ICT procurement will ensure that mechanisms are put in place so that there is a clear audit trail of all costs associated in maintaining existing document management systems and advise the Head of TfL PMO accordingly. Steve Townsend/ Philip Hewson June 2012 A mechanism has been put in place that provides details of costs associated with maintaining existing document management systems. TfL RESTRICTED Page 10

11 8. Once the new project management methodology and document management standard is in place, an approach to the transition of any residual project data to alternative systems at project close will be determined, and notified to all Project s. The approach will include an assessment of associated costs. Steve Townsend July 2013 An approach to the transition of any residual project data to alternative systems at project close has been determined, and notified to all Project s. The approach includes an assessment of associated costs. 9. The Head of TfL PMO will in collaboration with Information Governance develop ways of addressing data costs following project closure, and identify data for disposal to reduce costs. This will include the creation of disposal rules for project documentation as established in the Project Management Framework. Richard Bevins June 2012 Disposal rules have been set out in the Pathway Methodology as a means of reducing the data costs. TfL RESTRICTED Page 11

12 10. The Head of TfL PMO will in collaboration with Information Governance develop a project document classification system as a subset of the TfL Information classification system. This will be set out in the Project Management Framework when implemented. Richard Bevins June 2012 TfL File Plan has been developed and agreed as a system of classification for TfL Information. 11. The Head of TfL PMO in collaboration with TfL IM will recommend an approach to manage access to, and ongoing maintenance and eventual disposal of project management documents at project close. This recommendation will include identifying responsibility for the management of such legacy documentation and advising in relation to any business change required to allow the recommendation to be implemented. Once agreed, this will be set out in the Project Management Framework. Steve Townsend June 2012 Recommendation made, and agreed, identifying responsibility and business change required for action to be implemented. It should be noted that one of the business changes required included an additional resource that was subsequently removed under Project Horizon. This may be reviewed as part of a future audit. TfL RESTRICTED Page 12

13 12. The Head of TfL PMO and TfL IM will publish the agreed strategy regarding use of the preferred solution for project document management. Steve Townsend April 2012 Document Management Strategy was published in June TfL RESTRICTED Page 13