![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
![]() |
![]() |
|
![]()
|
![]() |
IM/IT Strategic Planning Process AuditJanuary 12, 2005 File number: 1577-03-016 | Print Version | 3. Recommendations and Management Action Plan Appendix A - 2003-2006 IM/IT Strategic Plan Excerpts Appendix B - CobiT: Control Objectives for Information and Related Technology Appendix C - New IM/IT Governance Structure executive summaryTransport Canada Senior Management Executive Committee (TMX) approved Transport Canada’s first Information Management/Information Technology (IM/IT) Strategic Plan in April 2003 following extensive national consultations. In December 2002, Transport Canada’s Audit and Advisory Services developed a risk-based IM/IT Audit Framework for the next three years. As a result of this framework, an audit of the process used to "Define a Strategic IM/IT Plan" was approved by the Audit and Review Committee, as part of the 2003/04 Annual Plan. The audit objectives were to determine whether the strategic IM/IT planning process used to develop the 2003-2006 IM/IT Strategic Plan is well integrated with the departmental business planning process, to assess the effectiveness of the framework used to develop the Plan, and to assess the likelihood of the Plan being successful. The audit was conducted during the months of August through December 2003 and found the IM/IT strategic planning process created understanding and collaboration from those consulted on the future direction of IM/IT in Transport Canada. The departmental IM/IT Strategic Plan is consistent with the organization’s long- and short-range plans and organization requirement. Many of the audit findings were known to senior management and work was started to address elements of strategic governance, integrated planning and stewardship. A new Business-IM/IT Council has been established under the direction of TMX resulting in a strengthened capacity to evaluate and make strategic IM/IT investment decisions. At this time, there is no formal planning cycle to input and update to the IM/IT Strategic Plan, nor is the IM/IT planning cycle well integrated within the departmental planning cycle for resource allocation purposes. Although the 2003-2006 IM/IT Strategic Plan includes high-level goals, strategic objectives and projects designed to achieve the desired results, successful implementation of the Plan is, however, at risk due to the absence of measurable results, timelines and clearly defined accountabilities. The IM/IT Planning Framework has resulted in the development of a planning process whose first product was the strategic plan, to be updated at regular intervals with concrete short-term goals. The Department should continue to improve the IM/IT Planning Framework for decision-making by ensuring that procedures and protocols are developed and formalized in the key areas of planning, decision-making and reporting. The Department should ensure that the roles, responsibilities as well as the procedures associated with IM/IT planning and governance are documented and communicated to all stakeholders. Finally, it will be vital to provide employees with updates on the overall direction and IM/IT implementation strategies aligned to business objectives. Management ResponseManagement has reviewed and agrees with the recommendations. Audit and Review Committee DecisionThe audit report and the management action plan were presented to the Audit and Review Committee on January 12, 2005. The Committee approved the audit and the management action plan as presented. 1. IntroductionIn December 2002, Transport Canada’s (TC) Audit and Advisory Services developed a risk-based Information Management/Information Technology (IM/IT) Audit Framework for the next three years. As a result of this framework, an audit of the process used to "Define a Strategic IM/IT Plan" was recommended as part of the audit plan for fiscal year (FY) 2003/04 and approved by the Audit and Review Committee. The Department makes a significant investment in IM/IT each year. The Director General, Technology and Information Management Services Directorate, has direct control over 39.7 % of the overall IM/IT spending in TC. This accounted for $26.1 million of a total $65.8 million in FY 2002/2003 - excluding salaries and benefits. Given the current fiscal capacity, additional IM/IT funding will likely come from internal reallocations in the context of the departmental priorities and affordability. There are plans in place for departmental IM/IT funding to be allocated based on an approved IM/IT investment plan linked to the departmental IM/IT Strategic Plan. 1.1 Purpose of the AuditThe purpose of this management control audit was to determine the effectiveness of the process followed to develop the 2003-2006 IM/IT Strategic Plan. The audit was conducted during the months of August through December 2003. 1.2 BackgroundTransport Canada’s IM/IT Framework was endorsed by Senior Management Executive Committee (TMX) in 1994. It set the vision for an IM/IT environment to support program delivery. In June 2000, TMX accepted that the IM/IT organization strengthen its functional management role and establish direction to ensure that the department’s significant investments in IM/IT remain prudent. In November 2000, TMX were briefed on progress and planned activities related to the implementation of the TC IM/IT Planning Framework [1]. Members approved the development of an IM/IT Strategic Plan and IM/IT Investment Plan, and requested that TC IM/IT Planning Framework be finalized and submitted to TMX for approval in the Spring 2001 timeframe. In April 2003, TMX approved the first departmental IM/IT Strategic Plan following extensive national consultations. (See Appendix A for vision, goals and objectives, priorities and critical success factors). 1.3 Objectives and ScopeAn audit of the process of developing a departmental IM/IT strategic plan was conducted to assess whether the process is properly controlled to ensure that the strategy developed is appropriate for TC. The audit focused on the elements of management that are required to achieve the intended result. Specifically, the audit objectives were to:
Critical success factors key to the realization of the Plan were examined, such as consistency with departmental strategic objectives, the project planning framework, and the capacity to shift resources among projects. The scope included examining the current departmental business planning process, departmental IM/IT governance bodies, the IM/IT planning processes and procedures in three representative Directorates (Civil Aviation, Rail Safety, Technology and Information Management Services) and the processes that individual Groups and Regions use to interface with the departmental process. The audit did not consider Group or regional IM/IT planning processes in any depth. 1.4 CriteriaBased on the Information Systems Audit and Control Association (ISACA) Control Objectives for Information and Related Technology (COBIT) and associated audit framework, high-level control objectives were identified to assess the process used to develop an IM/IT Strategic Plan (see Appendix B). The following elements were assessed during the audit:
1.5 MethodologyThe framework for assessing the effectiveness of IM/IT strategic planning process was based on a two-fold approach: 1) an assessment of the IM/IT planning process against best practices, and 2) an assessment of TC’s performance or effectiveness in carrying out its strategic planning responsibilities. The methodology used during the course of this audit included:
2. FindingsAlthough Transport Canada’s (TC) first IM/IT strategic planning process was not based on an established policy or procedure, it built commitment and created understanding in the business and IM/IT community on the future direction of IM/IT in the Department. A broad based consultation process was used to develop the 2003-2006 IM/IT Strategic Plan. The Departmental Business Plan is the foundation for operational planning and performance reporting. The TC IM/IT Strategic Plan was developed in response to the business drivers articulated in the Business Plan. Through the TC IM/IT Strategic Plan, TC articulated its goals, strategic objectives and supporting projects guiding TC’s IM/IT work over the next three years; however it did not outline the specific outcomes, timelines or accountabilities that are expected by 2006. The Senior Management Executive Committee (TMX) recognizes the strategic importance of IM/IT to the success of its business. A new Business-IM/IT Council was recently created under the direction of TMX, resulting in a strengthened capacity to evaluate and make strategic IM/IT investment decisions. At this time, there is no formal planning cycle to input and update the IM/IT Strategic Plan, nor is the IM/IT planning cycle well integrated within the departmental planning cycle for resource allocation and reporting purposes. 2.1 Strategic IM/IT GovernanceIn 1999, a Departmental Informatics Steering Committee (DISC) was established as a sub-committee of TMX to develop a vision, set priorities, and report to TMX on IM and IT expenditures and direction. Regular updates on approved initiatives were provided to DISC, some by presentation at major milestones, others 'secretarially’. In February 2002, members were provided an update on the work underway to develop and implement an integrated departmental IM/IT Strategic Plan. The former Departmental Informatics Steering Committee (composed of TMX members) did not have the appropriate technical representation in place for coordination of planning, architecture, and implementation activities for IM/IT. As well, the accountability framework did not have the required management controls to ensure adherence to the governance process. With the approval of the 2003-2006 IM/IT Strategic Plan in April 2003, TMX requested that the Director General, Technology and Information Management Services Directorate implement a new IM/IT governance structure for the overall management of IM/IT from a departmental perspective and develop an approach for a multi-year departmental IM/IT investment plan. At its inaugural meeting in November 2003, the new Business-IM/IT Council, consisting of TMX-nominated representatives at the Director General level, discussed the new IM/IT governance structure (see Appendix C). At the time of this audit, senior IM/IT and business managers were jointly reviewing the mandate and Terms of Reference for the Business IM/IT Council, the Business IM/IT Investment Committee and the IM/IT Architecture and Standards Committee. It is the role of IM/IT Business Council and sub-committee members to brief their management committees on deliberations, and to provide strong leadership on departmental IM/IT matters. Work is underway to approve a comprehensive formal description of IM/IT planning and governance. Information on the revised IM/IT planning processes, including linkages to the departmental business planning process and accountabilities, will be key to ensuring a consistent approach to governance. 2.2 Clear AccountabilityThe Assistant Deputy Minister (ADM) Corporate Services is well positioned to ensure that IM/IT is managed as an integrated effort. Linked to the departmental business, the Strategic Plan provides direction to support on-going internal business requirements as well as the government’s vision of service delivery. However, strategic outcomes (results) and costs for IM/IT have not been consistently documented or communicated in the Department, and in the absence of department-wide established mechanisms for IM/IT investment planning and management, it will be challenging to manage IM/IT as an integrated effort. 2.2.1 Strategic Direction and OutcomesA draft IM/IT Strategic Plan was provided in 2001 to the previous ADM Corporate Services for review prior to releasing it to stakeholders for comments. The draft presented was based on the results of workshops held in the National Capital Region and the Regions between February 2001 and April 2001. Additional workshops were held with clients and stakeholders in November 2002 to validate the draft plan and incorporate additional business context. In March 2003, the Strategic Plan was finalized, presentation and briefing packages were sent to designated contacts to ensure they briefed their TMX member on the IM/IT Strategic Plan 2003-2006 direction and next steps. The Plan was approved and communicated to all departmental employees in April 2003. Although the approach to develop the departmental IM/IT Strategic Plan involved extensive national consultations, there were many delays in obtaining buy-in. At the time, there was no established forum to allow business managers to vet and provide feedback. Additional consultations were necessary to ensure national buy-in, as some groups did not feel they were adequately represented in the initial consultations. The final result is a plan that is well aligned to departmental business, and it provides clear direction that supports on-going internal business requirements as well as the government’s vision of service delivery. IM/IT priorities were successfully identified in the consultations, and the "top seven" common department-wide IM/IT priorities were articulated in the Plan. Since service/business line specific priorities are not ranked, follow-up discussions have yet to be conducted to further assess and rank the relative value and importance of the initiatives - at a departmental level as opposed to group specific level. It is anticipated that these discussions would flow from a well-integrated business planning process. Milestones for achieving the results by 2006 are not clear due to the absence of measurable goals, timelines and accountabilities. With 29 IM/IT strategic objectives for 2003-2006, there is a risk that the number of strategic objectives may inhibit the capacity to maintain focus and achieve all objectives, and it may not be possible to complete all projects by 2006. Department-wide strategic outcomes require greater definition so that progress can be monitored over time. Outcomes must be defined in clear business terms or it is unlikely that they will be advanced by IM/IT investments. Typically, a strategic plan provides specific, measurable, achievable and relevant expected outcomes with explicit implementation targets and accountabilities. The lack of detailed expected outcomes in the departmental IM/IT Strategic Plan makes measuring progress and performance difficult. 2.2.2 Financial and Management InformationWhile the Department spends over $65 million on IM/IT operations and maintenance costs, the total annual expenditure on all IM/IT activities has not been estimated. Information on full life-cycle costs is becoming a requirement as increasing pressures to restrain or reduce government expenditures are leading to difficult choices among alternatives. The amount of investment necessary to sustain and enhance operations, combined with a trend toward limited financial resources, is compelling the Department to adopt a more integrated business planning and IM/IT investment approach. The IM/IT Strategic Plan does not identify the full costs to achieve the results by 2006. All managers should have information on all the costs they control or are accountable for. The Technology and Information Management Services Directorate (TIMSD) is overseeing and accounting for the projects that it funds. However, there is a need for complete information on what the Department has spent as a whole, and will be spending, to make IM/IT a reality. While a business case approach is used in TC (e.g. project approval documents) to approve IM/IT investments, interviewees indicated it was not consistently applied. It is almost impossible to challenge budgets objectively when most budgets are based on historical data and the expected results from spending the budgets is not described. Results-based Management Accountability Frameworks that are required for transfer payment programs provide a model for linking activities with results. Without such a framework, IM/IT statements of results are imprecise, and linkages among projects and good proxy measures often do not exist. Continuing operations require different types of information on costs: core, non-discretionary, discretionary, growth, and venture. The lack of reliable information on the cost of activities, and the associated benefits linked to business drivers, limit the ability of managers to weigh the costs and benefits of various alternatives and allocate resources in the most efficient and effective manner. 2.3 Rigorous StewardshipDeveloping modern management practices is one of TC’s key organizational priorities, with an emphasis on further advancing its approach to results-based management and reporting. Business planning needs to be strengthened and better integrated as a whole to include IM/IT, human resources and change management so that priorities, plans and targets are attained. Strategic and operational IM/IT plans including investment management (planning, tracking, oversight and evaluation) require clear definition and documentation so that alignment of results, plans, projects and staff is achieved. The development of an IM/IT management framework guided by the Business-IM/IT Council will provide the basis for the Department to determine the requirements of its operations, and to assess and report on its capabilities against established requirements, thus providing a solid basis for stewardship activities. 2.3.1 Business Planning CycleIn November 2000, TMX members requested that the IM/IT planning/investment be integrated into the current TC Business Planning Process, and that processes be implemented for establishing investment priorities and initiatives. Service Line Plans [2] (SLPs) have continued to evolve since the process was introduced two years ago, and now constitute the core planning document. SLPs for 2003/04 have built on what has been done in past years, taking into account changes in the environment and new government initiatives or policies, and progress in performance measurement. Government On-Line (GOL) and IM/IT projects were integrated into the SLP exercise in FY 2003/04 in order to allow for the identification of implications and on-going O&M costs associated with projects. Information is used to meet departmental, Treasury Board and parliamentary requirements: the Report on Plans and Priorities, the Departmental Performance Report, the department’s business plan, and as the basis for the initial budget delegation and mid-year review each year. While SLPs are coordinated by the Headquarters Assistant Deputy Ministers, their development requires national consultations with Regional Directors and Regional Directors General, and the involvement of functional advisors (financial, human resources, IM/IT). The 2003-2006 IM/IT Strategic Plan is the foundation that will guide TC’s IM/IT work over the next three years. It supports the TC Business Plan 2001-2004, and Straight Ahead: the Vision for Transportation in Canada. There are other IM/IT strategic plans within groups and/or programs, e.g. GOL. The inter-relationship and hierarchy of these plans require further synchronization to ensure alignment and prioritization of action plans. 2.3.2 Roles and ResponsibilitiesA formal, documented departmental IM/IT management framework does not presently exist. Interviewees indicated some uncertainty with respect to the accountabilities of Groups and Regions for strategic planning. In the future, the IM/IT relationship to the new Management Accountability Framework will have to be clarified. A TC policy on business planning has not been developed or communicated to give managers a good understanding of the key information of strategic planning, operational planning and capital investment planning. Work is underway to renew the planning, reporting and accountability structure to better link and align planning, management, decision-making, accountability and performance. 2.3.3 IM/IT Investment PlanningTIMSD conducted consultations at large during the development of the IM/IT Strategic Plan to ensure broad representation on the business perspective of the various groups across the department. The current structure within the department consists of four business lines and 17 service lines. There is no process to communicate future changes in business unit strategy; thus, there is a risk that plans may not be updated or revised when necessary, e.g. changing priorities, unforeseen issues, new resource proposals, and progress in performance measurement. There is inadequate integration of IM/IT planning at the strategic and operational levels with business planning, financial planning and resource allocation processes. It is not clear how the IM/IT planning process links to the departmental process. In the absence of a formal IM/IT planning cycle integrated within departmental planning, information on projects is presented in different ways, making it difficult to assess and evaluate, prioritize, and recommend priorities and funding levels. In addition, the ability to refine and assess progress of projects and plans on a continuous improvement basis is jeopardized. 2.3.4 Risk Assessment and MonitoringCritical success factors that could impact the successful implementation of the IM/IT Strategic Plan were identified during consultations. However, a formal risk-management framework has not been implemented to address significant challenges, including long-term financing. IM/IT involves substantial investments requiring that decision-makers have adequate information on risks to permit project adjustments and evaluation at all phases. A formal and documented risk assessment helps program management in identifying risks, analyzing the probability of their occurrence and developing monitoring strategies to minimize them. Without active monitoring, there is a risk that initiatives could flounder. Information on risks and results is necessary to act upon deviations from plans, and to make informed decisions; e.g. to make trade-offs in priorities, and to report with confidence on performance results achieved. 2.3.5 Managing IM/IT InvestmentsThe procedures related to IM/IT planning, including the investment plan, are not yet finalized to ensure appropriate levels of funding and to control expenditure of allocated resources. Stakeholders need to understand what information the IM/IT Business Council requires to screen, rank and select projects. With IM/IT and GOL investments, action plans exist to enable senior managers to assess the status of initiatives and report on progress of the overall Plan. However, the value proposition on most investments is not always expressed or measured, making it more difficult to assess if the organization is realizing the business benefits of information technology. Work is underway to illustrate the value of the IM/IT and GOL investments to date, linking these to TC’s priorities as part of the annual project selection and prioritization and approval process. At the departmental level, officials need reports on the achievement of performance objectives against targets by measuring service delivery (performance indicators). This information will make it possible to assess overall performance against policies and priorities, manage overall risk and identify opportunities for efficiencies. 2.3.6 Project Tracking/Oversight and EvaluationThere is no established mechanism to monitor and report on performance against the IM/IT Strategic Plan and the results of strategies for realizing the future IM/IT direction. As well, there are no clear criteria for assessing whether to cancel, modify, continue or accelerate a project. This would include confirmation of the relevance of the business case and prior environmental scan, possibly leading to investments not connected to business priorities, and a consequential use of resources on a low-priority project. These resources could otherwise be redeployed to a high-priority project. Assessment criteria should be accompanied by uniform IM/IT project information reporting requirements in order to provide IM/IT governance with the information it needs to support its decisions and recommendations. There is no formal post-implementation review process in place to ensure that business needs are achieved by individual projects and systems. Potential benefits from "lessons learned" may not be carried forward to subsequent projects. Mid-course review and adjustments that assess progress and reallocate remaining resources to higher priorities provide greater returns on investments. If an appropriate evaluation framework is not established, this may result in lost opportunities to learn from project issues and gaps. 3. Recommendations and Management Action PlanThe Department should ensure that the roles, responsibilities, accountabilities and the procedures associated with the IM/IT planning and governance process are documented and communicated to all stakeholders. The Department is continuing to improve and strengthen the IM/IT planning and governance process by ensuring that processes and procedures are developed and formalized in the key areas of planning, tracking and oversight, and evaluation. 3.1 It is recommended that the Director General (DG), Technology and Information Management Services Directorate (AFM):
3.2 It is recommended that the Director General, Technology and Information Management Services Directorate (AFM) and the Director General, Finance and Administration (AFT):
Appendix A - 2003-2006 IM/IT Strategic Plan ExcerptsThe IM/IT Vision for Transport Canada in 2006Transport Canada will have the IM/IT systems, policies and technologies required to do business electronically with clients and employees in a smooth, affordable and secure manner that enhances business efficiency and client and employee satisfaction. IM/IT Goals and ObjectivesThe Transport Canada IM/IT strategy and direction is founded on achieving the proposed IM/IT vision for the department through the pursuit of five long-term IM/IT goals. Each goal is expressed as a broad statement of an end state or desired environment. The goals are intended to be long-term and stable and support business priorities. In line with each of the five departmental IM/IT goals, the following sets out specific IM/IT objectives to be achieved for the planning horizon of 2003-2006.
Common Department-Wide IM/IT PrioritiesThe IM/IT priorities, needs and opportunities of TC service lines suggest the following "top seven" common department-wide IM/IT priorities:
In managing internal processes, work will ensure that IM/IT investments are well coordinated and that implementation of projects/initiatives is managed effectively in accordance with the principles of the Treasury Board’s Enhanced Management Framework. A departmental IM/IT framework will help guide IM/IT standards and policies and to define the architecture of departmental IM/IT systems. Critical Success FactorsThe following factors are seen as critical for the successful implementation of the Transport Canada IM/IT Strategic Plan:
Other critical success factors - measures of success for the IM/IT Strategic Plan - will include:
Appendix B - CobiT: Control Objectives for Information and Related TechnologyCobiT (1996) classifies IM/IT processes into four domains. These four domains are (1) planning and organization, (2) acquisition and implementation, (3) delivery and support and (4) monitoring. The following illustrates various control procedures that relate to the strategic planning process.
Appendix c - new IM/IT governance structureApproved by the Business IM-IT Council in April 2004 Legend
|
![]() |
![]() |
|||||||
|
Transport Canada |
Pacific Region |
Prairie & Northern Region |
Ontario Region |
Quebec Region |
Atlantic Region |
About us |
Our offices |
Organization and senior management |
Departmental publications |
Programs and services |
Acts |
Regulations |
[More...] |
Media room |
Advisories |
Contacts |
e-news |
News releases |
Photo gallery | Reference centre |
Speeches |
[More...] |
Emergencies |
Emergencies and crises |
Emergency preparedness |
Security |
Transport of dangerous goods |
[More...] |
Air |
Our offices |
Passengers |
Pilots |
Flight instructors |
Maintenance technicians |
Commercial airlines |
Security |
Transport of dangerous goods |
[More...] |
Marine |
Our offices |
Small commercial vessels |
Large commercial vessels |
Pleasure craft |
Marine security |
Marine infrastructure |
Transport of dangerous goods |
[More...] |
Rail |
Our offices |
Safety at railway crossings |
Rail infrastructure |
Transport of dangerous goods |
[More...] |