Industry Canada Site - Home
Industry Canada | Industrie Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > The Department — Publications > Corporate Publications

Institutional links

Programs and Services

By Subject
By Organization
By Industrial Sector
A-Z Index

Resources For

Businesses
Consumers

The Department

Our Ministers and Secretary of State
About Us
Media Room
Publications
Corporate Publications
Catalogue of Published Materials
Special Reports
Newsletters
Publishing Toolbox
What's New
FAQs
Site Map
Proactive Disclosure

Audit of Industry Canada's
Year 2000 Readiness
March 1999

Executive Summary

Background

The Audit and Evaluation Branch (AEB) led an audit of Industry Canada's Year 2000 readiness in early 1999 to provide assurance to senior management that Industry Canada has taken all possible measures to be Year 2000 ready. To complete the audit seven criteria were assessed.

Findings

The Year 2000 project at Industry Canada is well advanced. Over the past several years significant progress has been made to achieve Year 2000 readiness at Industry Canada. To fully achieve Year 2000 readiness, more work is planned for completion by the end of the first quarter of 1999-2000.

To assess the work to be completed in the first quarter of 1999-2000, we recommend that a follow-up audit be conducted in the second quarter of 1999-2000.

A summary audit assessment against each of the seven audit criteria is provided below:

Criterion 1: Is the management control framework sufficient to adequately manage and monitor Year 2000 readiness?

The management control framework is sufficient to manage the Year 2000 project in the Department. A Year 2000 Project Office was established two years ago. Full-time staff in the Project Office provide guidance, awareness and quality assurance. In addition, progress toward departmental readiness is monitored and is reported to senior management monthly.

It is essential that the functions of quality assurance and monitoring continue to be high priorities for the Project Office. This will ensure key steps are completed to support Year 2000 readiness for all that have not signed off at December 31, 1998 such as: critical systems; high impact, small-scale applications; branches; and regions.

Criterion 2: Is the list of critical systems complete?

Overall, auditors agreed that the 41 "critical systems" identified by the working group and senior management is complete. However, some applications labelled as 'high impact, small-scale application', such as the National Graduate Register and the Virtual Distributed Laboratory, were not included in the critical systems list. They have now been recognized as significant and are being managed like critical systems.

Criterion 3: Are critical systems Year 2000 ready?

Documentation adequately supported readiness conclusions drawn for the selected three critical systems, two branches and two regions signed off by December 31, 1998. The work necessary to achieve readiness for selected systems not signed off December 31, 1998 is being completed and documented. More work is required to demonstrate due diligence. Although the work of Year 2000 readiness of many systems was substantially finished at the time of this review, outstanding tasks are being monitored by the Project Office to ensure these are completed.

Any statements of Year 2000 readiness or compliance shown on the web site or other documents to clients, should be reviewed by Legal Services for potential exposures to liability.

Criterion 4: Are all assets affected by Year 2000 identified?

The majority of assets affected by Year 2000 have been identified. However, applications are still being added to the list. To minimize risk, the Project Office is also developing a separate list of internal dependencies and external interfaces linked to the applications that have been included in the inventories of critical systems, branches and regions. This addition list is deemed necessary to monitor that the critical, supporting infrastructure, upon which the applications depend, are Year 2000 ready. The Project Office is planning to identify and monitor internal dependencies and external interfaces in the next phase of the project. This will provide additional assurance that the systems are fully supported.

Criterion 5: Have test plans been adequately planned and executed?

Test results for the critical systems selected that had signed off December 31, 1998 were documented. Strategies and test cases identified in the Year 2000 compliance kit were followed. Exceptions to the test strategies were noted and explained for such systems as the Integrated Financial and Materiel System (IFMS) and the Emergency Telecom Line Load Control System (LLC). These exceptions should be considered when contingency plans are prepared.

The Project Office should continue to assess the adequacy and completeness of testing each critical system and high impact, small-scale application not signed off at December 31, 1998.

Criterion 6: Have contingency plans been prepared for critical systems?

Although some contingency plans have been identified for critical systems, they have not been completely developed, nor have the full impacts of failure been assessed. A process for preparing contingency plans is being developed. Specific procedures and responsibilities to address various stages of failure, as well as escalation procedures, have yet to be identified. Contingency plans are required for all critical functions since failures could occur even though conversion was done appropriately and was tested. Such failures could significantly disrupt the delivery of key services.

Criterion 7: Have due diligence requirements been met?

Applications selected for audit that were signed off at December 31, 1998 have met the requirements for due diligence. In each case documentation supports the inventory assessed, approach taken and testing completed.

For systems not signed off at December 31, 1998, more documentation will be required to demonstrate due diligence. The Project Office is regularly monitoring progress informally and formally through the completion of monthly status reports. The status of readiness for critical systems; high impact, small-scale applications; branches and regions is assessed using a quality assurance process. Regular reports are provided to senior management informally and formally through presentations at senior management committees. At these presentations, high risks are highlighted.

Management Action Taken

Action was taken to implement the recommendations (see Follow-up Audit).

Adobe Acrobat Version (PDF - 59KB - 16 pages)

Note: to read the PDF version, you need Adobe Acrobat Reader on your system. If the Adobe download site is not accessible to you, you can download Acrobat Reader from an accessible page. If the accessibility of PDF is a concern, you can have the file converted to HTML or ASCII text by using one of the access services provide by Adobe.

Date Modified: 2007-09-14
Return to
Top of page
Important Notices