![]() |
![]() |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
![]() |
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
National Report
|
Internal Audit and Risk Management Services Director General: J.K. Martin Audit Director, IT: J.R. ClarkTeam Leaders: F. Gloade Audit Team: P. LePage D. Lefebvre M. Winterburn K. Rosolen K. Jevons C. Thomas
May 2001
|
TABLE OF CONTENTS
FINDINGS................................................................................................................................ 1
ACTION PLAN......................................................................................................................... 2
APPENDICES
APPENDIX a – oBJECTIVES
APPENDIX b – SCOPE
Background
By the year 2004, HRDC will offer Canadians the choice of receiving key services on the Internet and having employees use Internet technology for tools of work and communication. On behalf of HRDC’s GOL Coordination Office, the IARMS conducted a Risk Assessment as a requirement for Tier Two reporting for TBS in September 2000. Interviews were conducted with senior management at NHQ and four regions.
HRDC has assigned the responsibility of a coordinating body to oversee GOL activities. However, the GOL governance structure needs clarification on accountability, roles and responsibilities, at both the federal and departmental level. The GOL Coordination Office should assume the structure of a Project Office to assist in the development of a project charter, plan, funding strategy and modernization activities. Discussion on the federal GOL governance structure, legislative and security implications should be held with senior federal officials. TIER-1 deadlines for automated e-mail response and search engine are at risk of not being met because of the uncertainty around the changing infrastructure and the time required to implement the appropriate software. |
Findings
HRDC has limited resources to deliver GOL and with federal funding restraints the implementation of HRDC GOL is at risk.
Concerns were raised during our assessment in the areas of horizontal risks to deliver web technology federally as well as departmentally. Examples of horizontal risks were the lack of standardization around e-mail, search engines, clusters, portals, linkages and connectivity. Fragmented development of standards, separate silos and duplication of efforts were also noted as areas of risk.
There is no overall HRDC GOL charter that defines the governance structure, which includes, accountability, leadership, roles, responsibilities, organization and committee structure. Also, no one has been mandated to deliver a detailed project plan. The Coordination Office has not been directed to assume the structure of a Project Office that would establish a project charter to support the planning, monitoring and funding strategy. Legislative implications of e-business, such as electronic signature, require further examination. There is uncertainty around the protection of data, personal information, secure channel, privacy and access. Also, partnerships, ownership, content and funding need to be clarified. Federal jurisdiction agreements have not been worked out, nor have standards been defined.
HRDC has acknowledged that web based service delivery will have a direct impact upon how we deliver our business. However the organization needs to demonstrate how it will integrate GOL with its delivery vision and business modernization activities. Failure to do so could lead to inefficient use of web technology capabilities. Furthermore, a HR strategy to address the changing roles, training, skill sets and communications with employees is still in the early stages.
TIER-1 deadlines for automated e-mail response and search engine are at risk of not being met because of the uncertainty of the development life cycle (design requirements, development, testing and implementation). This is further complicated by changes currently underway to HRDC’s infrastructure that could impact upon both of the preceding deliverables.
ACTION PLAN
Observation 1
HRDC has limited resources to deliver GOL and with federal funding restraints the implementation of HRDC GOL is at risk.
Action
Actions at this time relate mostly to the development of the business cases for Tier Two. Other actions will be based on existing budgeting and planning processes.
Actions |
Schedule |
Status |
Responsible |
Recommendations to the Executive Management Committee |
December, 2000 |
Done |
J. Bimson |
Development of GOL implementation scenarios (including prioritization) for TB |
January, 2001 |
Done |
N. Smith |
Develop Business Case Framework |
May, 2001 |
In Progress |
N. Smith |
Pathfinder reporting to T.B. |
Quarterly 2000/01 and 2001/02 |
In Progress |
N. Smith |
Observation 2
Concerns were raised during our assessment in the areas of horizontal risks to deliver web technology federally as well as departmentally. Examples of horizontal risks were the lack of standardization around email, search engines, clusters, portals, linkages and connectivity. Fragmented development of standards, separate silos and duplication of efforts were also noted as areas of risk.
Action
Government wide horizontal issues were identified to TBS in the Tier II September report. Meanwhile, action is being initiated internally on horizontal issues specific to HRDC.
Actions |
Schedule |
Status |
Responsible |
Recommendations to the Executive Management Committee |
December, 2000 |
Done |
J. Bimson |
Setting up Cluster coordination function |
February, 2001 |
In Progress |
J. Bimson |
Observation 3
There is no overall HRDC GOL charter that defines the governance structure, which includes, accountability, leadership, roles, responsibilities, organization and committee structure. Also, no one has been mandated to deliver a detailed project plan. The Coordination Office has not been directed to assume the structure of a Project Office that would establish a project charter to support the planning, monitoring and funding strategy.
Action
The GOL office has begun to develop a Project Charter. This charter will then be submitted to the Executive Committees for approval. The GOL office has taken steps to improve its ability to pull together a project plan for GOL at HRDC, by staffing project-planning positions within the office.
Actions |
Schedule |
Status |
Responsible |
Development of Management Charter |
January, 2001 |
Done |
J. Bimson |
Recommendations to the Executive Management Committee on the Charter |
February, 2001 |
In Progress |
J. Bimson |
Project Management Staffing |
Ongoing |
In Progress |
J. Bimson |
Observation 4
Legislative implications of e-business, such as electronic signature, require further examination. There is uncertainty around the protection of data, personal information, secure channel, privacy and access. Also, partnerships, ownership, content and funding need to be clarified. Federal jurisdiction agreements have not been worked out, nor have standards been defined.
Action
The GOL office has recommended that the Program and Policy Committee within HRDC take leadership on these issues. Departmental efforts will include identifying those legal limitations that are within departmental control for change and those that are government-wide. Review of the internal issues will be ongoing and dealt with on a case-by-case basis.
Partnership and ownership issues may be a contributor to the complexities of achieving cultural change. Key steps to addressing these issues include a clear strategic plan, marketing and communications, an HR strategy and continued education and training.
Actions |
Schedule |
Status |
Responsible |
Recommendations to the Executive Management Committee recommending that Program Policy Committee takes leadership of issues |
January, 2001 |
Done |
J. Bimson |
Observation 5
HRDC has acknowledged that web based service delivery will have a direct impact upon how we deliver our business. However, the organization still needs to demonstrate how it will integrate GOL with its delivery vision and business modernization activities. Failure to do so could lead to inefficient use of web technology capabilities. Furthermore, a HR strategy to address the changing roles, training, skill sets and communications with employees is still in the early stages.
Action
The GOL office has recruited a regional task team to look at the impacts at the front-end and provide issues and recommendations. The first report from this team will be available soon and recommendations will be considered.
The Human Resource Committee has agreed to take on the leadership of the development of a comprehensive HR Strategy including GOL impacts within a larger context (i.e. UCS, aging workforce, etc.).
Actions |
Schedule |
Status |
Responsible |
Regional Assessment Report(s) |
December, 2000 |
Done |
J. Bimson |
GOL office first response to regional assessment |
February, 2001 |
In Progress |
N. Smith |
Observation 6
TIER-1 deadlines for automated e-mail response and search engine are at risk of not being met because of the uncertainty of the development life cycle (design requirements, development, testing and implementation). This is further complicated by changes currently underway to HRDC’s infrastructure that could impact upon both of the preceding deliverables.
Action
HRDC established and implemented a framework within which the Tier One requirements, including Common, Look and Feel, could be met. This process was resource intensive and weighed heavily in terms of coordination, consultation, negotiation and monitoring requirements. While the HRDC approach must be acknowledged as onerous, it has proven successful in meeting the basic Tier One deliverables, with associated costs for this fiscal year being risk managed. The experience gained from meeting these deadlines successfully, though with difficulty, has provided lessons, which will be, studied to ensure more effective management of HRDC’s electronic service delivery channels in the future.
Actions |
Schedule |
Status |
Responsible |
Tier One Reporting |
December, 2000 |
Done |
R. Macdonald |
Monitoring quality of web sites and compliance to standards |
February, 2001 |
In Progress |
R. Macdonald |
APPENDIX A
OBJECTIVES
The audit’s objective is to provide management with an opinion on their compliance with generally accepted GOL practices and control frameworks relative to the following functions:
· Management Framework - Accountability, Leadership, Planning, Organization, Control, Communication and Performance Indicators
· Human Resources Management
· Project Management
· Asset Management
· Computer Operations
· Network Management
· Vendor Relations
· Infrastructure
· Security
· Clients
This review will also conduct an audit of the GOL Project to advise the DM, HRDC, SADM - SDN and the ADM, Systems as to the:
· efficiency, economy and effectiveness of managerial policies, practices and controls
· compliance of these policies, practices and controls with legislative and other authorities including those of HRDC
· adequacy of, and compliance with, managerial and operational controls to ensure the completeness, accuracy and authenticity of data processed
· quality of service delivery
· adequacy of, and compliance with, HRDC’s systems and procedures
· risks and potential problems with current practices
APPENDIX B
SCOPE
The scope of this GOL audit, will include a review of:
· Management Support Functions, specifically to:
– project management – PLC, project office, TBS/Systems approval, clarified accountabilities
– client involvement
– problem management
– business lines
– internal control
– procurement
– risk management
– change management, management of change
– utilization reporting and control
– communication strategy
– prioritization
– performance indicators - customer satisfaction, resourcing
· Tier One – On-Line Presence
– department and program brochures
– access to key legal and regulatory summaries
– e-mail support (acknowledgement receipt)
– basic personalization
– basic search – user friendly
– access to key forms
– basic content management
· Tier Two – Electronic Service Delivery
– brand recognition
– electronic commerce
– electronic payments/EDI
– secure transaction
– supply chain management
– customer support
– collaboration
– on-line communications
– E-form transactions
– enhanced content management
– integration with GoC portal
– upgrade features
– integrated information
– advanced personalization
– E-mail customer service
– advanced search
· Tier Three
– consulting Canadians
– seamless citizen centric accessibility
– leading edge technologies
– procurement support
– customer relationship management
– inter jurisdictional information and/or transactions
– advanced:
– customization
– personalization
– marketing and selling
– customer service
– search
– on-line communications
– collaboration
· Bandwidth
· Scalability
· Architecture (topology, hardware, consolidation)
· Directories, messaging, portal, and architecture
· Business Systems - application development, testing, reference tools, publishing
· Security
· Training
· Quality Service Levels
· Inter departmental clustering
· Brand Recognition
· Common Look and Feel
· Easy Navigation
· Transactions
· Information Exchange
· Real Time Processing
· Convergence
· Service Transformation
· Channel Exploration/Development/Exploitation
· Self Service Modeling/Cyber Models
· US/Canada messaging interoperability trial
Last modified : 2004-03-15 | top | Important Notices |