Canadian Flag Transport Canada / Transports Canada Government of Canada
Common menu bar (access key: M)
 Français  Contact Us  Help  Search  Canada Site
 Home  About us  Media room  Environment  Emergencies
 Air  Marine  Rail  Road  Major issues
Skip to specific page links (access key: 1)
  
Corporate Services
* CS Overview
* Organization
* Services
* Internal Audit Reports
* Departmental Evaluation Services
* Related Sites
* Contact Us
   
   

 

Skip all menus (access key: 2)
Transport Canada > Corporate Services > Audit & Advisory Services > IM/IT Strategic Planning Process Audit

Audit & Advisory Services - Banner

IM/IT Strategic Planning Process Audit

January 12, 2005

File number: 1577-03-016

Print Version |

executive summary

1. Introduction

2. Findings

3. Recommendations and Management Action Plan

Appendix A - 2003-2006 IM/IT Strategic Plan Excerpts

Appendix B - CobiT: Control Objectives for Information and Related Technology

Appendix C - New IM/IT Governance Structure

Top of the page

executive summary

Transport Canada Senior Management Executive Committee (TMX) approved Transport Canada’s first Information Management/Information Technology (IM/IT) Strategic Plan in April 2003 following extensive national consultations.

In December 2002, Transport Canada’s Audit and Advisory Services developed a risk-based IM/IT Audit Framework for the next three years. As a result of this framework, an audit of the process used to "Define a Strategic IM/IT Plan" was approved by the Audit and Review Committee, as part of the 2003/04 Annual Plan.

The audit objectives were to determine whether the strategic IM/IT planning process used to develop the 2003-2006 IM/IT Strategic Plan is well integrated with the departmental business planning process, to assess the effectiveness of the framework used to develop the Plan, and to assess the likelihood of the Plan being successful.

The audit was conducted during the months of August through December 2003 and found the IM/IT strategic planning process created understanding and collaboration from those consulted on the future direction of IM/IT in Transport Canada. The departmental IM/IT Strategic Plan is consistent with the organization’s long- and short-range plans and organization requirement. Many of the audit findings were known to senior management and work was started to address elements of strategic governance, integrated planning and stewardship. A new Business-IM/IT Council has been established under the direction of TMX resulting in a strengthened capacity to evaluate and make strategic IM/IT investment decisions.

At this time, there is no formal planning cycle to input and update to the IM/IT Strategic Plan, nor is the IM/IT planning cycle well integrated within the departmental planning cycle for resource allocation purposes. Although the 2003-2006 IM/IT Strategic Plan includes high-level goals, strategic objectives and projects designed to achieve the desired results, successful implementation of the Plan is, however, at risk due to the absence of measurable results, timelines and clearly defined accountabilities.

The IM/IT Planning Framework has resulted in the development of a planning process whose first product was the strategic plan, to be updated at regular intervals with concrete short-term goals. The Department should continue to improve the IM/IT Planning Framework for decision-making by ensuring that procedures and protocols are developed and formalized in the key areas of planning, decision-making and reporting. The Department should ensure that the roles, responsibilities as well as the procedures associated with IM/IT planning and governance are documented and communicated to all stakeholders. Finally, it will be vital to provide employees with updates on the overall direction and IM/IT implementation strategies aligned to business objectives.

Management Response

Management has reviewed and agrees with the recommendations.

Audit and Review Committee Decision

The audit report and the management action plan were presented to the Audit and Review Committee on January 12, 2005. The Committee approved the audit and the management action plan as presented.

Top of the page

1. Introduction

In December 2002, Transport Canada’s (TC) Audit and Advisory Services developed a risk-based Information Management/Information Technology (IM/IT) Audit Framework for the next three years. As a result of this framework, an audit of the process used to "Define a Strategic IM/IT Plan" was recommended as part of the audit plan for fiscal year (FY) 2003/04 and approved by the Audit and Review Committee.

The Department makes a significant investment in IM/IT each year. The Director General, Technology and Information Management Services Directorate, has direct control over 39.7 % of the overall IM/IT spending in TC. This accounted for $26.1 million of a total $65.8 million in FY 2002/2003 - excluding salaries and benefits. Given the current fiscal capacity, additional IM/IT funding will likely come from internal reallocations in the context of the departmental priorities and affordability. There are plans in place for departmental IM/IT funding to be allocated based on an approved IM/IT investment plan linked to the departmental IM/IT Strategic Plan.

1.1 Purpose of the Audit

The purpose of this management control audit was to determine the effectiveness of the process followed to develop the 2003-2006 IM/IT Strategic Plan. The audit was conducted during the months of August through December 2003.

1.2 Background

Transport Canada’s IM/IT Framework was endorsed by Senior Management Executive Committee (TMX) in 1994. It set the vision for an IM/IT environment to support program delivery. In June 2000, TMX accepted that the IM/IT organization strengthen its functional management role and establish direction to ensure that the department’s significant investments in IM/IT remain prudent.

In November 2000, TMX were briefed on progress and planned activities related to the implementation of the TC IM/IT Planning Framework [1]. Members approved the development of an IM/IT Strategic Plan and IM/IT Investment Plan, and requested that TC IM/IT Planning Framework be finalized and submitted to TMX for approval in the Spring 2001 timeframe.

In April 2003, TMX approved the first departmental IM/IT Strategic Plan following extensive national consultations. (See Appendix A for vision, goals and objectives, priorities and critical success factors).

1.3 Objectives and Scope

An audit of the process of developing a departmental IM/IT strategic plan was conducted to assess whether the process is properly controlled to ensure that the strategy developed is appropriate for TC. The audit focused on the elements of management that are required to achieve the intended result. Specifically, the audit objectives were to:

  1. Determine whether the IM/IT planning process is aligned with the TC business planning process;

  2. Assess the effectiveness of the framework used to develop the TC IM/IT Strategic Plan; and

  3. Assess the likelihood of the Plan being successful.

Critical success factors key to the realization of the Plan were examined, such as consistency with departmental strategic objectives, the project planning framework, and the capacity to shift resources among projects.

The scope included examining the current departmental business planning process, departmental IM/IT governance bodies, the IM/IT planning processes and procedures in three representative Directorates (Civil Aviation, Rail Safety, Technology and Information Management Services) and the processes that individual Groups and Regions use to interface with the departmental process. The audit did not consider Group or regional IM/IT planning processes in any depth.

1.4 Criteria

Based on the Information Systems Audit and Control Association (ISACA) Control Objectives for Information and Related Technology (COBIT) and associated audit framework, high-level control objectives were identified to assess the process used to develop an IM/IT Strategic Plan (see Appendix B). The following elements were assessed during the audit:

  1. Business requirements and IM/IT are aligned with the organization’s mission and goals to produce strategic and operational plans, updated at regular intervals, with concrete short-term goals.

  2. IM/IT planning is implemented with defined roles and responsibilities, communicated and aligned to business strategy so that planning results in effective direction and control.

  3. IM/IT investments are managed to ensure appropriate levels of funding and to control expenditure of allocated resources.

  4. IM/IT strategies and policies are communicated in clear terms so that the user community understands and accepts the business direction.

  5. Priorities are set in line with the operational plan, and sound project management techniques are used to deliver projects on time and on budget.

1.5 Methodology

The framework for assessing the effectiveness of IM/IT strategic planning process was based on a two-fold approach: 1) an assessment of the IM/IT planning process against best practices, and 2) an assessment of TC’s performance or effectiveness in carrying out its strategic planning responsibilities. The methodology used during the course of this audit included:

  • gaining an understanding of the business processes and the related IM/IT requirements;

  • a comparison of TC’s departmental IM/IT Plan and objectives against the TC Business Plan to confirm alignment;

  • a review of best practices (ISACA, Meta Group, Gartner Group, Treasury Board Secretariat) and comparison with three federal government departments and their IM/IT strategic planning frameworks (Health Canada, Justice Canada, and Human Resources Development Canada);

  • interviews and a focussed review of internal documentation e.g. Deloitte IM/IT governance study;

  • consultations on the IM/IT planning processes in three representative business areas and the processes that individual Groups/Regions use to interface with the departmental process; and

  • mapping the IM/IT planning process at the departmental level.
Top of the page

2. Findings

Although Transport Canada’s (TC) first IM/IT strategic planning process was not based on an established policy or procedure, it built commitment and created understanding in the business and IM/IT community on the future direction of IM/IT in the Department. A broad based consultation process was used to develop the 2003-2006 IM/IT Strategic Plan.

The Departmental Business Plan is the foundation for operational planning and performance reporting. The TC IM/IT Strategic Plan was developed in response to the business drivers articulated in the Business Plan. Through the TC IM/IT Strategic Plan, TC articulated its goals, strategic objectives and supporting projects guiding TC’s IM/IT work over the next three years; however it did not outline the specific outcomes, timelines or accountabilities that are expected by 2006.

The Senior Management Executive Committee (TMX) recognizes the strategic importance of IM/IT to the success of its business. A new Business-IM/IT Council was recently created under the direction of TMX, resulting in a strengthened capacity to evaluate and make strategic IM/IT investment decisions. At this time, there is no formal planning cycle to input and update the IM/IT Strategic Plan, nor is the IM/IT planning cycle well integrated within the departmental planning cycle for resource allocation and reporting purposes.

2.1 Strategic IM/IT Governance

In 1999, a Departmental Informatics Steering Committee (DISC) was established as a sub-committee of TMX to develop a vision, set priorities, and report to TMX on IM and IT expenditures and direction. Regular updates on approved initiatives were provided to DISC, some by presentation at major milestones, others 'secretarially’. In February 2002, members were provided an update on the work underway to develop and implement an integrated departmental IM/IT Strategic Plan. The former Departmental Informatics Steering Committee (composed of TMX members) did not have the appropriate technical representation in place for coordination of planning, architecture, and implementation activities for IM/IT. As well, the accountability framework did not have the required management controls to ensure adherence to the governance process.

With the approval of the 2003-2006 IM/IT Strategic Plan in April 2003, TMX requested that the Director General, Technology and Information Management Services Directorate implement a new IM/IT governance structure for the overall management of IM/IT from a departmental perspective and develop an approach for a multi-year departmental IM/IT investment plan. At its inaugural meeting in November 2003, the new Business-IM/IT Council, consisting of TMX-nominated representatives at the Director General level, discussed the new IM/IT governance structure (see Appendix C). At the time of this audit, senior IM/IT and business managers were jointly reviewing the mandate and Terms of Reference for the Business IM/IT Council, the Business IM/IT Investment Committee and the IM/IT Architecture and Standards Committee. It is the role of IM/IT Business Council and sub-committee members to brief their management committees on deliberations, and to provide strong leadership on departmental IM/IT matters.

Work is underway to approve a comprehensive formal description of IM/IT planning and governance. Information on the revised IM/IT planning processes, including linkages to the departmental business planning process and accountabilities, will be key to ensuring a consistent approach to governance.

2.2 Clear Accountability

The Assistant Deputy Minister (ADM) Corporate Services is well positioned to ensure that IM/IT is managed as an integrated effort. Linked to the departmental business, the Strategic Plan provides direction to support on-going internal business requirements as well as the government’s vision of service delivery. However, strategic outcomes (results) and costs for IM/IT have not been consistently documented or communicated in the Department, and in the absence of department-wide established mechanisms for IM/IT investment planning and management, it will be challenging to manage IM/IT as an integrated effort.

2.2.1 Strategic Direction and Outcomes

A draft IM/IT Strategic Plan was provided in 2001 to the previous ADM Corporate Services for review prior to releasing it to stakeholders for comments. The draft presented was based on the results of workshops held in the National Capital Region and the Regions between February 2001 and April 2001. Additional workshops were held with clients and stakeholders in November 2002 to validate the draft plan and incorporate additional business context. In March 2003, the Strategic Plan was finalized, presentation and briefing packages were sent to designated contacts to ensure they briefed their TMX member on the IM/IT Strategic Plan 2003-2006 direction and next steps. The Plan was approved and communicated to all departmental employees in April 2003.

Although the approach to develop the departmental IM/IT Strategic Plan involved extensive national consultations, there were many delays in obtaining buy-in. At the time, there was no established forum to allow business managers to vet and provide feedback. Additional consultations were necessary to ensure national buy-in, as some groups did not feel they were adequately represented in the initial consultations. The final result is a plan that is well aligned to departmental business, and it provides clear direction that supports on-going internal business requirements as well as the government’s vision of service delivery.

IM/IT priorities were successfully identified in the consultations, and the "top seven" common department-wide IM/IT priorities were articulated in the Plan. Since service/business line specific priorities are not ranked, follow-up discussions have yet to be conducted to further assess and rank the relative value and importance of the initiatives - at a departmental level as opposed to group specific level. It is anticipated that these discussions would flow from a well-integrated business planning process.

Milestones for achieving the results by 2006 are not clear due to the absence of measurable goals, timelines and accountabilities. With 29 IM/IT strategic objectives for 2003-2006, there is a risk that the number of strategic objectives may inhibit the capacity to maintain focus and achieve all objectives, and it may not be possible to complete all projects by 2006. Department-wide strategic outcomes require greater definition so that progress can be monitored over time. Outcomes must be defined in clear business terms or it is unlikely that they will be advanced by IM/IT investments. Typically, a strategic plan provides specific, measurable, achievable and relevant expected outcomes with explicit implementation targets and accountabilities. The lack of detailed expected outcomes in the departmental IM/IT Strategic Plan makes measuring progress and performance difficult.

2.2.2 Financial and Management Information

While the Department spends over $65 million on IM/IT operations and maintenance costs, the total annual expenditure on all IM/IT activities has not been estimated. Information on full life-cycle costs is becoming a requirement as increasing pressures to restrain or reduce government expenditures are leading to difficult choices among alternatives. The amount of investment necessary to sustain and enhance operations, combined with a trend toward limited financial resources, is compelling the Department to adopt a more integrated business planning and IM/IT investment approach. The IM/IT Strategic Plan does not identify the full costs to achieve the results by 2006. All managers should have information on all the costs they control or are accountable for. The Technology and Information Management Services Directorate (TIMSD) is overseeing and accounting for the projects that it funds. However, there is a need for complete information on what the Department has spent as a whole, and will be spending, to make IM/IT a reality.

While a business case approach is used in TC (e.g. project approval documents) to approve IM/IT investments, interviewees indicated it was not consistently applied. It is almost impossible to challenge budgets objectively when most budgets are based on historical data and the expected results from spending the budgets is not described. Results-based Management Accountability Frameworks that are required for transfer payment programs provide a model for linking activities with results. Without such a framework, IM/IT statements of results are imprecise, and linkages among projects and good proxy measures often do not exist. Continuing operations require different types of information on costs: core, non-discretionary, discretionary, growth, and venture. The lack of reliable information on the cost of activities, and the associated benefits linked to business drivers, limit the ability of managers to weigh the costs and benefits of various alternatives and allocate resources in the most efficient and effective manner.

2.3 Rigorous Stewardship

Developing modern management practices is one of TC’s key organizational priorities, with an emphasis on further advancing its approach to results-based management and reporting. Business planning needs to be strengthened and better integrated as a whole to include IM/IT, human resources and change management so that priorities, plans and targets are attained. Strategic and operational IM/IT plans including investment management (planning, tracking, oversight and evaluation) require clear definition and documentation so that alignment of results, plans, projects and staff is achieved. The development of an IM/IT management framework guided by the Business-IM/IT Council will provide the basis for the Department to determine the requirements of its operations, and to assess and report on its capabilities against established requirements, thus providing a solid basis for stewardship activities.

2.3.1 Business Planning Cycle

In November 2000, TMX members requested that the IM/IT planning/investment be integrated into the current TC Business Planning Process, and that processes be implemented for establishing investment priorities and initiatives.

Service Line Plans [2] (SLPs) have continued to evolve since the process was introduced two years ago, and now constitute the core planning document. SLPs for 2003/04 have built on what has been done in past years, taking into account changes in the environment and new government initiatives or policies, and progress in performance measurement. Government On-Line (GOL) and IM/IT projects were integrated into the SLP exercise in FY 2003/04 in order to allow for the identification of implications and on-going O&M costs associated with projects. Information is used to meet departmental, Treasury Board and parliamentary requirements: the Report on Plans and Priorities, the Departmental Performance Report, the department’s business plan, and as the basis for the initial budget delegation and mid-year review each year. While SLPs are coordinated by the Headquarters Assistant Deputy Ministers, their development requires national consultations with Regional Directors and Regional Directors General, and the involvement of functional advisors (financial, human resources, IM/IT).

The 2003-2006 IM/IT Strategic Plan is the foundation that will guide TC’s IM/IT work over the next three years. It supports the TC Business Plan 2001-2004, and Straight Ahead: the Vision for Transportation in Canada. There are other IM/IT strategic plans within groups and/or programs, e.g. GOL. The inter-relationship and hierarchy of these plans require further synchronization to ensure alignment and prioritization of action plans.

2.3.2 Roles and Responsibilities

A formal, documented departmental IM/IT management framework does not presently exist. Interviewees indicated some uncertainty with respect to the accountabilities of Groups and Regions for strategic planning. In the future, the IM/IT relationship to the new Management Accountability Framework will have to be clarified.

A TC policy on business planning has not been developed or communicated to give managers a good understanding of the key information of strategic planning, operational planning and capital investment planning. Work is underway to renew the planning, reporting and accountability structure to better link and align planning, management, decision-making, accountability and performance.

2.3.3 IM/IT Investment Planning

TIMSD conducted consultations at large during the development of the IM/IT Strategic Plan to ensure broad representation on the business perspective of the various groups across the department. The current structure within the department consists of four business lines and 17 service lines. There is no process to communicate future changes in business unit strategy; thus, there is a risk that plans may not be updated or revised when necessary, e.g. changing priorities, unforeseen issues, new resource proposals, and progress in performance measurement.

There is inadequate integration of IM/IT planning at the strategic and operational levels with business planning, financial planning and resource allocation processes. It is not clear how the IM/IT planning process links to the departmental process. In the absence of a formal IM/IT planning cycle integrated within departmental planning, information on projects is presented in different ways, making it difficult to assess and evaluate, prioritize, and recommend priorities and funding levels. In addition, the ability to refine and assess progress of projects and plans on a continuous improvement basis is jeopardized.

2.3.4 Risk Assessment and Monitoring

Critical success factors that could impact the successful implementation of the IM/IT Strategic Plan were identified during consultations. However, a formal risk-management framework has not been implemented to address significant challenges, including long-term financing. IM/IT involves substantial investments requiring that decision-makers have adequate information on risks to permit project adjustments and evaluation at all phases. A formal and documented risk assessment helps program management in identifying risks, analyzing the probability of their occurrence and developing monitoring strategies to minimize them. Without active monitoring, there is a risk that initiatives could flounder. Information on risks and results is necessary to act upon deviations from plans, and to make informed decisions; e.g. to make trade-offs in priorities, and to report with confidence on performance results achieved.

2.3.5 Managing IM/IT Investments

The procedures related to IM/IT planning, including the investment plan, are not yet finalized to ensure appropriate levels of funding and to control expenditure of allocated resources. Stakeholders need to understand what information the IM/IT Business Council requires to screen, rank and select projects. With IM/IT and GOL investments, action plans exist to enable senior managers to assess the status of initiatives and report on progress of the overall Plan. However, the value proposition on most investments is not always expressed or measured, making it more difficult to assess if the organization is realizing the business benefits of information technology.

Work is underway to illustrate the value of the IM/IT and GOL investments to date, linking these to TC’s priorities as part of the annual project selection and prioritization and approval process. At the departmental level, officials need reports on the achievement of performance objectives against targets by measuring service delivery (performance indicators). This information will make it possible to assess overall performance against policies and priorities, manage overall risk and identify opportunities for efficiencies.

2.3.6 Project Tracking/Oversight and Evaluation

There is no established mechanism to monitor and report on performance against the IM/IT Strategic Plan and the results of strategies for realizing the future IM/IT direction. As well, there are no clear criteria for assessing whether to cancel, modify, continue or accelerate a project. This would include confirmation of the relevance of the business case and prior environmental scan, possibly leading to investments not connected to business priorities, and a consequential use of resources on a low-priority project. These resources could otherwise be redeployed to a high-priority project. Assessment criteria should be accompanied by uniform IM/IT project information reporting requirements in order to provide IM/IT governance with the information it needs to support its decisions and recommendations.

There is no formal post-implementation review process in place to ensure that business needs are achieved by individual projects and systems. Potential benefits from "lessons learned" may not be carried forward to subsequent projects. Mid-course review and adjustments that assess progress and reallocate remaining resources to higher priorities provide greater returns on investments. If an appropriate evaluation framework is not established, this may result in lost opportunities to learn from project issues and gaps.

Top of the page

3. Recommendations and Management Action Plan

The Department should ensure that the roles, responsibilities, accountabilities and the procedures associated with the IM/IT planning and governance process are documented and communicated to all stakeholders. The Department is continuing to improve and strengthen the IM/IT planning and governance process by ensuring that processes and procedures are developed and formalized in the key areas of planning, tracking and oversight, and evaluation.

3.1 It is recommended that the Director General (DG), Technology and Information Management Services Directorate (AFM):

Recommendations

Management Action Plan with Expected Completion Date

3.1.1 Obtain approval-in-principle from the Business-IM/IT Council for departmental IM/IT:

  • management directions and frameworks, and

  • annual planning deliverables and processes.

Agree. The Business IM/IT Council functions as a liaison between Transport Canada and the Transport Canada Senior Management Executive Committee (TMX) through the ADM Corporate Services. The Council, as a departmental governance body, will establish sound IM/IT principles and guidelines and recommend IM/IT investments in support of program requirements, approve IM/IT standards and architecture (including security), and ensure integrated IM/IT project planning, all in support of program delivery. Monthly meetings are scheduled to seek approval-in-principle for IM/IT direction and supporting governance frameworks. Secretarial approvals and meetings are more frequent depending on topic.

The Business IM/IT Council will recommend to TMX through the ADM Corporate Services, strategic plans including investment priorities, technology approaches, use of resources, etc. that have received the support of the department’s business groups, regions, and headquarters (HQ). This is to completed through the existing planning/project approval process cycle. In doing so, the Council ensures the involvement, commitment, and acceptance of responsibility for the success of critical IM/IT related investments from across the Department.

3.1.2 Finalize and implement an IM/IT Planning Framework for approval by the Business-IM/IT Council. It would include:

  • the principles governing IM/IT planning;

  • annual IM/IT Planning process components (steps) linking to the TC business planning cycle;

  • processes for communication of plans and updates; and

  • project planning, tracking/ oversight and evaluation processes.

Agree. An IM/IT governance framework has been established which includes the business focused Business IM/IT Council, Business IM/IT Investment Committee and the IM/IT Architectures and Standards Committee. Discussions at these forums have resulted in the development of an IM/IT planning framework which includes project selection criteria and ensures continued communications and collaborative involvement of business, Finance and IM/IT planners.

A more integrative IM/IT planning and governance framework will be completed in line with the development of an integrated departmental business planning process headed by the DG Finance and Administration, and supported by the DG Human Resources and DG Technology and Information Management Services Directorate. This work will result in clear identification of the steps, roles and responsibilities, communications activities and project tracking/evaluations to implement this integrated departmental planning process. This is expected to be completed in FY 2005/2006.

3.1.3 Communicate accountabilities for IM/IT governance. This would include:

  • the mandate and structure of TC IM/IT governance, including leadership expectations;

  • the respective national, regional and functional roles and accountabilities of key organizational groups; and

  • priority-setting, resource allocation, spending and reporting responsibilities.

Agree. The governance model for IM/IT is in place and will continue to evolve to meet departmental requirements in line with an integrated business planning process.

To date the Terms of Reference for the Business IM/IT Council, Business IM/IT Investment Committee and the IM/IT Architectures and Standards Committee have been approved and these forums are in place to support improved management of departmental IM/IT.

By 2005/2006, HQ and Regional roles and accountabilities of the various management forums will be integrated into the IM/IT governance model. A communications plan for the "as-is" IM/IT governance model is underway and will be vetted through the Business IM/IT Council by April 2005.

Corporate Services Human Resources, Finance and IM/IT advisors will figure prominently in terms of advising their respective portfolios on the IM/IT governance accountabilities, assisting in priority setting and reporting responsibilities.

3.1.4 Develop an effective communication program to ensure the understanding of policy, guidelines and accountabilities for IM/IT planning and governance with TC.

Agree. This item is similar to 3.1.3 above.

Aside from the newly formed Business IM/IT Council, the Business IM/IT Investment Committee and the IM/IT Architectures and Standards Committee, existing forums such as the IM/IT Management Board, HQ/Regional Management Committees, TC Orientation and Management Programs and WEB bulletins/ sites are used to support a common understanding of IM/IT across TC. The IT/IM communications program will continue to be developed/enhanced in 2005/2006 and will be aligned with the Management Accountability Framework action plan covering all required elements.

3.1.5 Meet periodically, but at least annually, with business line sponsors to discuss the direction of IM/IT and review opportunities, and set measurable outcomes based on expectations of the clients.

Agree. Initial planning sessions/workshops have been completed and additional sessions will be scheduled with business line managers in response to the call letter initiating the departmental planning process. Periodic discussions with business line managers are and will continue to be conducted under the guidance of the Business IM/IT Council in support of IM/IT related initiatives. The information captured from these discussions will drive the IM/IT investments, which once funded will have specific measures of outcome, which the project managers will be asked to report on.

Corporate Services Human Resources, Finance and IM/IT advisors will figure prominently in terms of consulting with their respective portfolios on their business priorities and key outcome as well as advising them on IM/IT direction and opportunities.

3.1.6 Establish annual IM/IT investment plans containing:

  • a set of clear expected outcomes in meaningful, measurable and time-limited terms;

  • strategies to meet the outcomes, identifying approaches and costs;

  • a means of tracking selected funded projects;

  • project baselines that remain constant so that the projects can easily be tracked and reported on until they are completed; and

  • an evaluation of results.

Agree. The development of an initial departmental IM/IT investment plan is targeted for late 2004/early 2005. A more formalized plan will result from the introduction of an integrated departmental business planning process expected in 2005/2006. The following will result from a more integrated departmental business planning process:

  • A clear set of IM/IT investments.

  • Measurement criteria for success, tracking and reporting will be developed under the direction of the Business IM/IT Council.

  • Results against establish measures will be assessed over the progress of the funded IM/IT initiative.

  • Corporate Services HR, Finance and IM/IT advisors will figure prominently in terms of establishing IM/IT plans for their respective portfolios and rolling these plans up into a departmental IM/IT plan with investment recommendations.

3.1.7 Report annually to TMX on IM/IT plans and strategic priorities, including updates from all Groups and Regions.

Agree. In support of the departmental business planning process initiated early in the year, a list of IM/IT initiatives will be vetted through a common governance approach and presented to TMX through the ADM, Corporate Services for funding approval. The information presented to TMX to help guide their funding decisions, will include priorities as they align to departmental and government wide priorities (including Expenditure Review) and impacts of funding/not funding the initiatives. A return later in the year to TMX to provide updates on IM/IT investments and results against established measures would be the precursor to presenting any request to fund new initiatives.

3.1.8 Issue annual updates on the IM/IT strategic direction. A brief overview (5 pages max.) in plain language would cover the following:

  • 4-8 strategic directions;

  • 3-5 specific measurable goals expressed in business terms; and

  • initiatives under each goal, including expected results, activities, timeline, status, cost, performance measures, and accountability.

Agree. This suggested format will provide a guide to follow in terms of presenting annual IM/IT updates as per 3.1.7 above.

The Business IM/IT Council would determine, in line with the departmental business planning cycle, whether a separate session on strategic direction - apart from those sessions supporting investment funding is warranted.

Corporate Services Human Resources, Finance and IM/IT advisors will figure prominently in terms of consulting with their respective portfolios on their results achieved based on benefits described in business cases supporting funded initiatives.

3.2 It is recommended that the Director General, Technology and Information Management Services Directorate (AFM) and the Director General, Finance and Administration (AFT):

Recommendation

Management Action Plan with Expected Completion Date

3.2.1 Report to TMX on an integrated IM/IT planning process including the relationship and steps linking to TC’s Business and Financial Planning process.

Agree. Once a departmental integrated planning process is developed in fiscal year 2005/2006, it will include IM/IT, Human Resources and Financial Planning frameworks which will be aligned with departmental program priorities. The IM/IT planning framework will include the required steps to completion including the necessary action items to integrate with the departmental planning process.
Top of the page

Appendix A - 2003-2006 IM/IT Strategic Plan Excerpts

The IM/IT Vision for Transport Canada in 2006

Transport Canada will have the IM/IT systems, policies and technologies required to do business electronically with clients and employees in a smooth, affordable and secure manner that enhances business efficiency and client and employee satisfaction.

IM/IT Goals and Objectives

The Transport Canada IM/IT strategy and direction is founded on achieving the proposed IM/IT vision for the department through the pursuit of five long-term IM/IT goals. Each goal is expressed as a broad statement of an end state or desired environment. The goals are intended to be long-term and stable and support business priorities.

Vision

In line with each of the five departmental IM/IT goals, the following sets out specific IM/IT objectives to be achieved for the planning horizon of 2003-2006.

Goal

Description

IM/IT Strategic Objectives 2003 - 2006

1

Accessing, Managing and Storing Information
  • 1.1 Develop a corporate non-technology focused knowledge sharing and management policy framework and implement in each business line. This will build on the work completed on the TC IM Policy.

  • 1.2 Establish a common departmental information-sharing environment based on common technologies, common applications and common database structures to support information and knowledge sharing.

2

IT Infrastructure Renewal
  • 2.1 Establish a common application and database development environment across the department that facilitates sharing, re-use and repeatability of process.

  • 2.2 Establish and maintain a modern office productivity and communication environment on an enterprise basis that is common to all business lines and aligned with best commercial practices.

  • 2.3 Establish and maintain a mixed thin/fat client application architecture arrangement based on service line preferences and service level agreements.

  • 2.4 Establish and maintain a modern integrated network infrastructure that provides for connectivity, regardless of location or time, for all departmental employees and accommodates the transfer of any information, internal and external to the department.

  • 2.5 Establish and maintain a secure electronic information environment for the conduct of all departmental business regardless of format.

  • 2.6 Establish and maintain security threat assessments.

  • 2.7 Protect personal privacy in all departmental electronic information systems, in keeping with all required laws, statutes and policies.

  • 2.8 Implement a department-wide process to collect, analyze and rapidly disseminate security incident information and early warnings.

  • 2.9 Establish and maintain an ever-greening program for replacing departmental IM/IT components on an enterprise basis, such that no technology is ever more than 36 months old.

  • 2.10 Evolve IM/IT business processes and enable them with automated tools for capacity, asset, configuration and service management.

3

Business Enabling IM/IT Services
  • 3.1 Establish and promote departmental safety and awareness services on-line via an easy-to-navigate single point of contact web portal.

  • 3.2 Establish and support the conduct of transport inspections and audits via an easy-to-navigate, single point of contact web portal.

  • 3.3 Establish and support the issuing and renewing of departmental documents via an easy-to-navigate, single point of contact web portal.

  • 3.4 Establish and support the development and evolution of transport regulations and standards via an easy-to-navigate, single point of contact, web portal.

  • 3.5 Establish and support program delivery across all transport modals via an easy to navigate, single point of contact web portal.

  • 3.6 Establish and support internal administrative efficiencies via the appropriate use of Intranet and Internet web technology.

  • 3.7 Establish and support payment on-line via the appropriate use of Intranet, extranet and Internet web technologies.

  • 3.8 Provide specialized tools for inspectors and mobile workers.

  • 3.9 Provide specialized safety management tools.

4

Governance
  • 4.1 Maintain and evolve the Transport Canada IM/IT Framework that supports and assists sound IM/IT governance and investment management and ensures viability of the department’s long-term IM/IT posture.

  • 4.2 Evolve performance management framework and apply to all IM/IT service elements (e.g. departmental applications).

  • 4.3 Establish Total Cost of Ownership schemas for all elements of the department’s IM/IT infrastructure.

5

People
  • 5.1 Establish and maintain an enterprise-based IM/IT training schema.

  • 5.2 Establish and maintain a TIMSD training schema that provides for 40% of the CS group across the department maintaining one or more recognized commercial IM/IT qualifications appropriate to the department’s infrastructure. The needs of the business lines must be recognized.

  • 5.3 Establish on-line and computer-based IM/IT training with commercial and federal government providers to support CS and other business lines in the department in maintaining and improving individual IM/IT skills, regardless of location or time.

  • 5.4 Reduce dependency on consultants by hiring more full-time employees.

Common Department-Wide IM/IT Priorities

The IM/IT priorities, needs and opportunities of TC service lines suggest the following "top seven" common department-wide IM/IT priorities:

  • Information integration - including the consolidation of existing information systems;

  • Business Information Intelligence -- including tools for information access, analysis, and reporting of financial and non-financial information;

  • Document and Information Management - including tools for addressing all document/information life-cycle stages;

  • Security - electronic signature, authentication, privacy, and encryption of documents, information and electronic communications;

  • Internal Service Improvement - specialty information systems, such as Geographic Information Systems (GIS) and Wireless/Mobile worker applications;

  • Government Online - initiatives that provide electronic information, transactional and collaborative capabilities to external stakeholders; and

  • communications - an evolved infrastructure providing speed of access for mobile/remote usage.

In managing internal processes, work will ensure that IM/IT investments are well coordinated and that implementation of projects/initiatives is managed effectively in accordance with the principles of the Treasury Board’s Enhanced Management Framework. A departmental IM/IT framework will help guide IM/IT standards and policies and to define the architecture of departmental IM/IT systems.

Critical Success Factors

The following factors are seen as critical for the successful implementation of the Transport Canada IM/IT Strategic Plan:

  1. Full recognition and support for a minimum IM/IT investment funding envelope to address IM/IT initiatives and operational costs during the period FY 2003-2006 to implement the corporate IM/IT strategy.

  2. A commitment by senior management in each business line to the corporate IM/IT Strategic Plan and its implementation.

  3. A transparent process to identify all IM/IT investments with full life-cycle costing, including provision of adequate resources to address the IM/IT infrastructure impact.

  4. An agreed-upon listing of initiatives against each goal and supporting objectives, with a clear understanding of funding, project management resources and leadership responsibility for every initiative.

  5. A clear identification of IM/IT projects that are, or are not, an integral component of the IM/IT Strategic Plan.

  6. A clear understanding of which services will be optimized or re-engineered for secure electronic service delivery, and how they will individually and collectively contribute to the GOL and IM/IT visions and targets.

  7. The maintenance of a manageable project portfolio by only tracking projects above an agreed-upon amount.

Other critical success factors - measures of success for the IM/IT Strategic Plan - will include:

  • Alignment of IM/IT with business needs and values - in the opinion of users;

  • Integrated and department-wide orientation to IM/IT with common guidance and oversight;

  • Focused approach to IM/IT versus scattering or re-active efforts;

  • IM/IT seen as fundamental resource and enabler to achieving Transport Canada’s business management and program delivery.
Top of the page

Appendix B - CobiT: Control Objectives for Information and Related Technology

CobiT (1996) classifies IM/IT processes into four domains. These four domains are (1) planning and organization, (2) acquisition and implementation, (3) delivery and support and (4) monitoring. The following illustrates various control procedures that relate to the strategic planning process.

Areas

Criteria

High-level Control Objective

Planning and Organization (PO) Domain:
Strategic IT Plan

P01: Define a strategic IM/IT plan

Align business requirements and IT opportunities with the organization’s mission and goals to produce strategic and operational plans, updated at regular intervals, with concrete short-term goals.

Organization and Relationships

P04: Define the IM/IT organization and relationships

Deliver IM/IT services with defined roles and responsibilities, communicated and aligned to business strategy resulting in effective direction and control.

IT Investment

P05: Manage the IM/IT investment

Manage the investment through a periodic investment and operational budget established and approved by the organization.

Communication of Direction

P06: Communicate management aims and direction

Communicate IM/IT strategies and policies in clear terms so that the user community understands and accepts the business direction.

Risk Assessment

P09: Assess risks

Engage in risk identification, measurement and action plans to ensure risks are mitigated on an ongoing basis.

Managing Projects

P10: Project management

Set priorities in line with the operational plan to deliver projects on time and on budget using sound project management techniques.

Monitoring and Evaluation (M) Domain:
Process Monitoring

M1: Monitor the process

Report on the achievement of performance objectives against targets by measuring service delivery (performance indicators) and acting upon deviations from the plan.
Top of the page

Appendix c - new IM/IT governance structure

New IM/IT governance structure

Approved by the Business IM-IT Council in April 2004

Legend

IM/IT: Information Management/Information Technology
TMX: Transport Canada Senior Management Executive Committee
MC: Management Committee
P&D: Programs and Divestiture
CS: Corporate Services
TIMSD: Technology and Information Management Services Directorate Management Committee
Last updated: 2006 02 10 Top of Page Important Notices