Report on the State of Aging IT Across the Government of Canada

Report on the State of Aging IT Across the Government of Canada

Table of Contents

1.0 Executive Summary

The federal government relies heavily on information technology (IT) systems to deliver programs and services to Canadians. Some of these systems are quite new, whereas others have been in use for over 30 years. Although these older systems are functioning well, many consist of legacy applications based on dated software, relying on technical expertise that is increasingly scarce and supported by old infrastructure that is becoming increasingly more expensive to operate. As a result, these systems are considered to be at risk of not being able to provide sustained, robust and secure availability. Collectively, these systems are referred to as aging IT.

In spring 2010, the Auditor General examined five major government entities1 in order to determine whether they had adequately identified and managed the risks related to their aging IT systems. The audit also examined whether the Treasury Board of Canada Secretariat, and specifically its Chief Information Officer Branch (CIOB), had provided direction or leadership in developing government-wide responses to address these aging IT risks.

The resulting report noted that, although all five organizations had met the expectations for identifying the risks associated with aging IT, there were critical gaps in the way these entities were managing the risks. As such, the report made specific recommendations for strengthening these processes.

From a government-wide perspective, the report found that aging IT had not been formally identified as an area of risk by CIOB. Although it was aware that the aging of IT systems was an issue, the report found that it had not set a strategic direction nor formulated a plan to address these issues at a government-wide level.

In response to this finding, CIOB committed to two deliverables:

  • An assessment of the state of IT systems across the Government of Canada, identifying the systems that present a material risk; and
  • A plan that sets the strategic direction for the government to mitigate the risks identified in the assessment.

This report addresses the first deliverable of the Secretariat's response to the Auditor General's audit, highlighting the findings of an assessment conducted with 98 departments2 between July and December 2010.

For the assessment, CIOB requested that these 98 organizations provide an inventory of their systems (including an identification of those deemed to be mission-critical), conduct risk assessments against these systems, and report on their plans to address the identified risks. In total, 66 departments provided their inventories, 50 conducted risk assessments, and 48 departments reported on their results and plans, all of which provided CIOB with sufficient data to fairly represent the overall state of IT systems across the Government of Canada.

Departmental inventories revealed the following:

  • There are over 16,000 distinct systems supporting the delivery of departmental mandates, 2,100 of which are deemed to be mission-critical. Of these mission-critical systems, a good number are considered to be at risk because of aging; and
  • Of these aging systems that are considered high-risk, 130 directly support service delivery to Canadians or to Canadian businesses.

The high-risk, mission-critical systems are maintained within 24 of the inventoried departments. Funding requests to modernize IT assets within these organizations can be summarized as follows:

  • 11 departments indicated confirmed funding of $1,278,685,110, covering most of the high-risk, mission-critical systems identified;
  • 7 departments indicated required funding of $102,186,000 for a small subset of high-risk, mission-critical systems identified, but did not indicate that the funding was confirmed; and
  • 10 departments did not indicate the costs or funding required for the remaining high-risk, mission-critical systems identified.

Although the CIOB's assessment was not conducted with the rigour of an audit, the findings support the Auditor General's conclusions and suggest that the Auditor General's observations can be applied across government, specifically:

  • Most federal entities have not been formally and systematically assessing their risks related to aging IT assets;
  • Lack of confirmed action plans, funding sources and funding options for some high-risk, mission-critical systems suggest that senior management may not be able to fully assess the risks resulting from aging IT systems;
  • Departments lack funded, multi-year IT investment plans that balance mandatory and discretionary investments to sustain existing IT assets and to address changing business needs; and
  • The practice of department-wide applications portfolio management needs to be established or strengthened in most federal entities.

Although many of the systems at risk are program-specific and can be addressed only by the organizations responsible for their delivery, the inventory confirms that many organizations have made similar investments in IT assets to address common needs. Although few of these common areas have surfaced as high-risk, mission-critical systems, there are a number that have been identified as medium-risk. These systems present opportunities for organizations to collaborate strategically and leverage existing and planned investments to focus on consolidating systems that support the same business need. This strategy will allow departments to reallocate funds to their departmental-specific systems.

Furthermore, the responses from the federal entities indicate that IT sustainability is not embedded in departmental investment management processes. When departments make the initial decision to invest in IT, they may not be fully equipped for the future financial commitments and other resource requirements to sustain the value of the original investment. This has occurred even in high-performing IT organizations such as the Canada Revenue Agency, which sought additional funding from the fiscal framework for its 10-year systems renewal program. This demonstrates that sustainability over the very long term can be challenging despite years of careful planning and investing.

The Policy on Investment Planning—Assets and Acquired Services introduced in 2009 requires deputy heads to ensure that their investment plans take into account the life-cycle costs of assets and acquired services from within their reference levels. For IT systems, this will require additional IT direction, policy support and guidance from CIOB, enabling departments to align their IT strategies and plans to the Government of Canada's overall strategy for IT modernization, one of the key outcomes of the work done to date on aging IT.

Finally, the information collected to prepare this report, along with targeted consultations and a review of existing IT policy instruments, will inform the next component of the Treasury Board of Canada Secretariat's response to the Auditor General's report on aging IT.

2.0 Introduction

2.1 Office of the Auditor General's Audit

The Government of Canada is highly dependent on IT, not only for delivering programs and services to Canadians, but for its own administration as well. Like other assets, IT systems, infrastructure and equipment have a limited lifespan and must be renewed or replaced over time to ensure that they continue to be effective in enabling the program or service they support.

The lifespan of any given IT asset will vary and is not exclusively measured by time. Significant shifts in how the government needs to operate, changes in technology, and changes in costs can individually or collectively cause an IT asset to age or "rust out."

The range of issues resulting from aging IT includes the risk and impact of partial or total failure, the risk and impact of inaccurate results, the cost and impact of inflexibility, and the impact of rising maintenance costs.

In Chapter 1 of the Office of the Auditor General's spring 2010 report to Parliament, the Auditor General examined whether five federal entities3 had adequately examined and managed the risks relating to aging IT systems and whether the Chief Information Officer Branch (CIOB) of the Treasury Board of Canada Secretariat had provided direction or leadership in developing government-wide responses to aging IT risks.

In broad terms, the Auditor General noted five concerns:

  • Departmental management practices for assessing, monitoring and addressing risks from aging IT need to be strengthened;
  • Departments need funded, multi-year strategies to address current and future risks from aging IT;
  • CIOB needs to better understand the Government of Canada–wide risk posed by aging IT and develop appropriate strategies for the Government of Canada as a whole;
  • There is a need for strategic direction for IT investment and risk management in the Government of Canada; and
  • Departments lacked the ability to acquire the necessary funds to address their aging IT risks on their own.

Specific recommendations were made to four of the five departmental entities, as well as to the Secretariat (see Table 1). All entities agreed with the recommendations.

The report did not include any specific recommendations for the Canada Revenue Agency (CRA) because, as reported in the December 2008 Auditor General's audit report on managing IT investments, the CRA had already started to make improvements in its management of such investments. The CRA has since completed its inventory of IT systems (including an assessment of their sustainability and associated risk) and has finished developing its strategic investment plan. This resulted in the CRA's 10-year remedial program noted by the Auditor General in the aging IT chapter.

Table 1 summarizes the recommendations from the Auditor General's spring 2010 report.

Table 1. Recommendations on Managing IT Investments From the 2010 Spring Report of the Auditor General of Canada
Risk management
  • (Departments) should use a department-wide portfolio management approach to ensure that they focus on current and planned IT investments that best contribute to meeting their business objectives, with an acceptable degree of risk and at a reasonable cost.
  • (Departments) should develop a multi-year IT investment plan that presents a balanced mix of mandatory, sustaining and discretionary investments that they require to sustain existing systems and improve service delivery.
Risk monitoring
  • (Departments) should develop an action plan for each significant aging IT risk. The plan should include specific strategies, key activities, deliverables and timelines to manage these risks. These entities should report progress regularly to senior management.
Funding strategy
  • (Departments) should identify an appropriate funding strategy. The funding strategy should present investment options, or scenarios that take into account what source of funding would most likely be available in the five-year planning period.
Risk identification and management by the Treasury Board of Canada Secretariat
  • The Chief Information Officer Branch (CIOB) of the Treasury Board of Canada Secretariat should exercise its central leadership role by collecting and analyzing relevant information to assess the state of aging IT systems across government. CIOB should prepare a report on its assessment and the related cost estimates for the government as a whole. In consultation with deputy heads, it should also develop a plan that will set IT strategic directions for the government to mitigate risks associated with aging IT systems on a sustainable basis.

2.2 The Treasury Board of Canada Secretariat's Action Plan

In response to the Auditor General's findings, CIOB committed to work with departments to produce two deliverables:

  • An assessment of the state of IT systems across the Government of Canada, identifying the systems that present a material risk; and
  • A plan that sets the strategic direction for the government to mitigate the risks identified in the assessment.

This report is the first deliverable and is based on the analysis of information provided by departments.

2.3 The Treasury Board of Canada Secretariat's Methodology

In order to produce the assessment outlined in the first deliverable, CIOB, between July and December 2010, asked 98 departments4 to:

  • Provide an inventory of their IT systems, categorized into one of 19 pre-identified business objectives;
  • Conduct risk assessments on the IT systems that are most important in the delivery of their mandate (broader than mission-critical5);
  • Conduct risk assessments of IT infrastructure components;
  • Engage senior executives in a discussion of the risk assessments in relation to the corporate risk profile;
  • Integrate any risk-response decisions into the departmental investment plan as appropriate; and
  • Provide a report to CIOB outlining the results of these activities.

2.3.1 Methodology Principles

This methodology was designed to:

  • Introduce the practice of application portfolio management to organizations that did not have such an approach in place;
  • Provide tools to perform risk assessments for organizations that did not have any such tools; and
  • Promote senior management engagement in departments about the risks of aging IT to the delivery of programs and services that are important to the mandate of the organization.
Application Portfolio Management

Application portfolio management is the process of understanding an organization's inventory of systems (applications)6 categorized by the business function they serve and assessing the value and risk of those systems. Application portfolio management provides insight on duplication (i.e,. multiple systems serving the same business function), gaps in processes, and allocation of resources (based on a value–risk assessment).

There are numerous methodologies for implementing application portfolio management and, historically, it had not been considered necessary for the Government of Canada to have a standard methodology to be used by all organizations. Although some departments, including the CRA, had implemented some version of application portfolio management, others had no such approach in place.

In light of the significant work already accomplished by the CRA, CIOB leveraged its approach and, guided by the input and feedback from the 2010 audit entities and other departments, adapted it to accommodate the uneven understanding of application portfolio management across the government. This adaptation focused on the critical aspect of categorizing systems into the same set of business functions or business objectives to ensure reporting consistency from all departments.

The 19 pre-defined business objectives selected for use in the Secretariat's adaptation of application portfolio management were based on the Government of Canada Strategic Reference Model, with minor modifications to make them more easily understood by departments.

Risk Assessments

Because a number of risk assessment tools were already being used by some departments, CIOB allowed these departments to continue using existing tools and focused efforts on developing a standardized tool for those that did not already have one in place.

Research into the risk assessment tools revealed three basic "lenses" through which a system could be viewed:

  • The business lens;
  • The maintenance and operations lens; and
  • The architectural alignment lens.

By developing a set of questions for each of these three lenses, the Secretariat was able to establish a standardized methodology7 to help organizations reveal the information necessary to accurately assess their application risks.

Senior Management Engagement

Departments were asked to ensure that mission-critical systems assessed as high-risk had been discussed at senior management levels and that the risks had been integrated into the corporate risk profile and departmental investment plan as appropriate.

Departments were also asked to file a report with CIOB outlining the results of their inventory collection and classification, their risk assessments, and the decisions related to the corporate risk management plan and the corporate investment plan.

CIOB requested that these reports be signed by both the chief information officer (CIO) and the chief financial officer (CFO ). CFO signatures were requested as proxies for indicating whether the identified risks, action plans and funding strategies had been discussed at senior levels in the department. They were not asked to attest to the financial contents of the reports.8

Table 2. Summary of Key Findings
Assessment Requirements No. of Departments Key Findings
Inventory 66 16,000 systems (of which 12,000, or 75 per cent, are back office systems)
Risk assessment 50 4,300 systems with risk assessments
Mission-critical systems 47 2,100 systems identified as mission-critical
At risk due to aging 24 553 total systems identified at risk (varying between high, medium, low and undefined)
Investment plans 24 24 departments reported all mission-critical, high-risk systems, for which funding in the order of $1,278,685,110 had been identified, while $102,186,000 is deemed required but not necessarily identified:9
  • 11 departments indicated confirmed funding for mission-critical, high-risk systems identified;
  • 7 departments indicated required funding for high-risk, mission-critical systems; and
  • 10 departments did not indicate any costs or funding for their identified high-risk, mission-critical systems.
Summary reports of findings and plans 48 (reports submitted) 34 were signed by the CFOs

3.0 Assessment

3.1 Inventory

Sixty-six of the invited 98 departments provided inventory information. Only one of the invited agents of parliament, the Office of the Auditor General, provided inventory information.

All large and most medium-sized departments, as segmented for Management Accountability Framework (MAF) purposes, provided inventory information.

As a result, an inventory of over 16,000 systems of various sizes, complexity and risk across the 19 business objectives has been identified. Although this number should not be taken as an absolute inventory of systems in use in the federal government, there is confidence that most of the significant systems have been identified through the assessment.

The inventory information provided by departments for most systems consists only of its name and the assigned business objective. There was little time allocated toward analyzing all of the systems listed in each business objective in great detail, as that will be a focus of the next phase.

A list of the systems by business objective can be found in Appendix A.

3.1.1 Observations

Departments are separately investing to address Government of Canada–wide business needs

Though not necessarily identified as a high risk, individual departments are procuring, developing and implementing single-instance solutions of back office operations, such as the human resources (HR) management and the financial management business objectives, rather than leveraging a common solution across the enterprise. For example, a subset of 54 surveyed departments revealed that there are nearly 800 systems implemented to address HR management and as many as 500 different systems related to financial management.

Although several of the HR systems could be categorized as "core systems," nearly 700 of them have been developed and tailored independently to perform specialized HR services such as performance management, leave management, shift scheduling and labour relations management.

In the area of financial systems, there is a mix of core departmental financial administration as well as line-of-business financial systems such as cashiering (various forms).

Back office systems

Approximately 12,000 of the reported 16,000 systems address administrative functions, suggesting that, in the aggregate, total IT spending on systems could be rebalanced between program delivery and administration. For line-of-business systems, it was noted that, in some cases, a few departments accounted for all of the identified systems in a few business objectives. For example, five departments alone account for the nearly 200 systems that have been identified as related to the business objective of movement of people. Likewise, eight departments identified over 250 systems related to the business objective of health care provision.

3.2 Risk Assessments

Of the 66 departments that provided their inventory information, 50 indicated that they had conducted a total of over 4,300 risk assessments. Some departments indicated that they had conducted risk assessments on their entire inventory; others focused on mission-critical systems. Forty-seven departments identified a total of over 2,100 mission-critical systems, 553 of which were identified as being at risk due to aging.

3.2.1 High-Risk, Mission-Critical Systems

Of the mission-critical systems that were identified as high-risk because of aging, all are significant because of the functions they perform in delivering services to Canadians. The top four business objectives were as follows:

  • Legislative and regulatory compliance, supported by the majority of systems;
  • Provide funds, supported by 18 systems;
  • Safety for Canadians, supported by 15 systems; and
  • Financial management, supported by 11 systems, with 2 being "core" financial management systems and the others considered as business-specific.

3.2.2 Medium-Risk, Mission-Critical Systems

Of the systems were identified as medium-risk by 18 organizations, the top 4 business objectives were as follows:

  • Legislative and regulatory compliance, supported by the majority of systems;
  • Provide funds, supported by 37 systems;
  • Safety for Canadians, supported by 15 systems; and
  • Information management services, supported by 12 systems.

3.2.3 Other Risks

Eighty systems were identified as being at low-risk.

Fifty-four additional systems were identified as being at risk, but departments did not indicate the level of risk, nor did they indicate a time frame within which a risk assessment would be performed.

A few departments reported that they did not have any mission-critical systems that were at risk.

3.3 Departmental Risk Management, Action Plans and Investment Plans

The funding plans to modernize IT assets at the 24 departments reporting a total of 228 mission-critical, high-risk systems can be summarized as follows:

  • 11 departments indicated confirmed funding of $1,278,685,110 for the mission-critical, high-risk systems identified. CRA accounts for $655,750,000, and National Defence accounts for $515,547,000;
  • 7 departments indicated required funding of $102,186,000 for high-risk, mission-critical systems but did not indicate that funding was confirmed; and
  • 10 departments did not indicate any costs or funding for their identified high-risk, mission-critical systems.

As noted in the Auditor General's report, the CRA launched a 10-year investment plan that includes a comprehensive Application Sustainability Program. Between departmental reference level allocations and funding from the fiscal framework, the CRA has a funded investment stream of approximately $655 million over 10 years.

Human Resources and Skills Development Canada (HR) has identified aging IT as one of its top five corporate risks, raising visibility with the department's management board. HR's action plan in response to recommendation 1.7110 in the Auditor General's report states that it will complete its 2012–15 IT investment plan and associated funding strategy by October 2011. The department's management board has already approved five key projects aimed at renewing and modernizing the department's aging infrastructure.

3.4 Departmental Summary Reports of Findings and Plans

Departments were asked to provide a report outlining the results of their inventory collection and classification, their risk assessments, and the decisions related to the corporate risk management plan and the corporate investment plan.

It was requested that these reports be signed by both the CIO and the CFO as indications that the identified risks, action plans and funding strategies had been discussed at senior levels in the department. CFOs were not asked to attest to the financial contents of the reports.

Of the 66 departments that provided their inventory, 48 departments filed some form of report, 34 of which were signed by departmental CFOs.

4.0 Findings

As a result of this assessment, CIOB found the following:

  • Many departments have been taking action to address their IT applications portfolios and the associated risks. For example, after agreeing to amalgamate Parole Board of Canada IT services into Correctional Services Canada, the latter set and achieved its target of reducing systems by 50 per cent by March 31, 2010;
  • Many CIOs have started IT architecture programs and are strengthening programs to reduce complexity and costs and increase responsiveness to business needs;
  • Some departments had a good understanding of their applications inventories prior to the request from CIOB but, for many, this was the first time they had collected an inventory and, for most, it was the first time they had categorized their systems by the business function they supported;
  • Prior to the request from CIOB, most departments did not have processes or tools in place to systematically assess the level of risk their key systems presented to the overall risk profile of the departments. For many organizations, it was evident that a department-wide approach to understanding the risk from aging IT was not well developed;
  • Of the 98 departments that were asked for information, the lowest response rate was from small departments (as segmented for MAF purposes). The aging IT risks in this community need further assessment; and
  • Overall, the quality of the reports filed ranged from very well done, demonstrating a thorough understanding and comprehensive review, to reports from some organizations that did not fully understand the value and importance of assessing and managing the risks from aging IT or that had not yet implemented processes that reflected that they did.

4.1 Sustainability Challenge

The challenge for departments is to establish ongoing sustainable practices, including funding streams, that prevent departments from reaching critical points, such as what we see today in CRA and HR, where remedial plans of up to 10 years are required. Conversely, newer organizations such as the Canadian Food Inspection Agency have the opportunity to embed sustainability into their processes now to prepare for the eventual renewal of their IT assets.

For some departments, the sustainability challenge is bigger and more complex because of their constantly evolving business environment and priorities. This could be said for the Canada Border Services Agency, HR (Employment Insurance and Canada Pension Plan), CRA (tax and benefits), as well as Health Canada and Canadian Food Inspection Agency (health and food safety).

CRA was the most advanced and was already well aware of the sustainability challenge of its IT systems. The CRA had established the Application Sustainability Program that was referred to in the spring 2010 Auditor General's report.11

5.0 Overall Conclusions

Although the CIOB assessment was not conducted with the rigour of an audit, the findings support the Auditor General's conclusions and suggest that the Auditor General's observations can be applied across government, specifically:

  • Most federal entities have not been formally and systematically assessing their risks related to aging IT assets;
  • Lack of confirmed action plans, funding sources and funding options for some high-risk, mission-critical systems suggest that senior management in these organizations may not be fully aware of the risks resulting from aging IT systems or may not have risk mitigation as a priority;
  • Departments lack funded, multi-year investment plans that balance mandatory and discretionary investments to sustain existing IT assets and address evolving business needs; and
  • The practice of department-wide portfolio management needs to be established or strengthened in most federal entities.

The inventory provided by departments, even in its raw form, also confirms what we already believed to be the case: many organizations have invested in IT assets to address the same or similar needs. Although few of these common areas have surfaced as high-risk, mission-critical systems, there are a number that have been identified as having a medium risk. These systems present opportunities for organizations to collaborate strategically and leverage existing and planned investments to focus on consolidating systems that support the same business need.

6.0 Next Steps

To address the second deliverable of the Secretariat's response to the Auditor General's audit, CIOB's next step is to deliver a government-wide IT strategic direction for the renewal, ongoing management and sustainment of IT systems for the Government of Canada over the next decade. The modernization strategy, which will be tabled in spring 2012, balances the requirements of departments to fund the renewal of their aging mission-critical IT systems with the additional requirement to sustain and renew administrative IT systems in the back office.

As noted earlier in this report, a full 75 per cent of all systems are dedicated to these back office systems, whereas only 25 per cent are department-specific systems. In addition, all high-risk, mission-critical systems identified by departments are department-specific, i.e., they are not part of the back office. Given the current pressures on departmental budgets arising as a result of spending review, departments would be unable to fund renewal across both their department-specific and their back office system portfolios. The Government of Canada's large, diverse and aging IT applications portfolio, combined with increasing budgetary pressure, has been the catalyst for a new IT strategy, one that balances these competing pressures while mitigating the risk of aging IT, and one that will attenuate the funding impact of IT systems renewal across the Government of Canada.

6.1 From a Government of Canada–Wide Investment Planning Perspective

Opportunities for leveraging existing or planned investments in the back office are already evident in the areas of HR and finance. Other back office opportunities are also present in departments that have implemented similar business processes and those that share related IT renewal challenges (e.g., grants and contributions or case management solutions for small departments).

The IT modernization strategy calls for the standardization and consolidation of administrative IT systems in the back office across the Government of Canada as the principal means of freeing up existing departmental IT resources so that these may be redirected to the renewal of departmental aging mission-critical systems, consistent with departmental plans. This plan, called the Government of Canada's Strategy for IT Modernization, has been in development over the past fiscal year and has been informed as a result of the work on aging IT, the work on transition of IT infrastructure services to Shared Services Canada, and the work done by CIOB with departmental tiger teams on application portfolios over the past spring and summer. In addition to tabling the Government of Canada's Strategy for IT Modernization, CIOB will, over this fiscal year, be updating its policy suite in order to accompany this strategy along with the necessary policy instruments and supporting guidance. These instruments will guide departments in the following:

  • Addressing the renewal and ongoing ever-greening for mission-critical IT systems, including maturing their applications portfolio management processes to include conducting annual systematic risk assessments and optimizing their IT management practices;
  • Making the findings visible so that they can be appropriately considered by senior management in determining the organizational risk management and investment plans and in setting their IT investment priorities;
  • Migrating to a renewed suite of standardized back office systems, operated through a cluster delivery model, wherein larger departments will become cluster leaders and others will become cluster participants; and
  • Planning for, implementing and managing new systems implementations according to a more defined information management and IT architectural and standards framework and for improving decision making for new IT investments by ensuring that future costs for ever-greening are included in business cases.

Appendix A: Business Objectives Summary

The following is a breakdown of the Government of Canada inventory as classified by departments into one of the 19 pre-determined business objectives. See Appendix D for a description of the business objectives.

Business Objectives Total Number of Departments
* Although almost 20 per cent of the total reported inventory is “undefined,” confidence is high that departments have reported and categorized their most significant systems.
Acquisition services 135 18
Communications services 613 43
Financial management 502 53
Health care provision 255 8
Human resources management 776 54
Information management services 3,039 58
Information technology services 2,372 49
Justice 9 4
Legal services 42 16
Legislative and regulatory compliance 1,098 41
Management and oversight services 729 37
Material services 426 21
National security and defence 367 11
Movement of people 195 5
Provide funds 335 19
Real property 255 24
Safety for Canadians 776 16
Science and research 812 17
Travel and other administrative services 240 27
Undefined* 3,189 13
Total 16,165 N/A

Appendix B: Views of the Inventory

Figure 1. Total Applications by Business Objective
Figure 1. Total Applications by Business Objective. Text version below:
Figure 1. Total Applications by Business Objective - Text version
Business Objectives Total Number of Departments
Acquisition Services (135) 135 18
Communications Services (613) 613 43
Financial Management (502) 502 53
Health Care Provision (255) 255 8
Human Resource Management (776) 776 54
Information Management Services (3039) 3,039 58
Information Technology Services (2372) 2,372 49
Justice (9) 9 4
Legal Services (42) 42 16
Legislative and Regulatory Compliance (1098) 1,098 41
Management and Oversight Services (729) 729 37
Material Services (426) 426 21
Movement of People (367) 367 5
National Security and Defence (195) 195 11
Provide Funds (335) 335 19
Real Property (255) 255 24
Safety for Canadians (776) 776 16
Science & Research (812) 812 17
Travel and Other Administrative Services (240) 240 27
Undefined (3189) 3189 13
Total 16165 534
Figure 2. Funding Status of Mission-Critical, High-Risk Applications
Figure 2. Funding Status of Mission-Critical, High-Risk Applications. Text version below:
Figure 2. Funding Status of Mission-Critical, High-Risk Applications - Text version
FundingStatus Previous Fiscal  2011/12 2012/13 2013/14 2014/15 Beyond 2014/15 Fiscal Undefined Total
Confirmed $66,586,097 $106,048,013 $146,627,000 $177,823,000 $197,920,000 $516,381,000 $67,300,000 $1,278,685,110.00
Undetermined / Unfunded $0.00 $11,588,000 $4,685,000 $3,327,000 $3,010,000 $2,930,000 $76,646,000 $102,186,000.00
Total $1,380,871,110.00

Appendix C: The Treasury Board of Canada Secretariat’s Risk Assessment Tool

Departments were asked to assess the health of their IT systems by considering the following questions:

Business Risk Assessment
Business functions
  1. How well does the application/system support the business program delivery?
Data quality
  1. What is the quality of the data/results produced by the application/system?
Timeliness
  1. Does the application/system produce the results in the time frames required by the business?
Reliability
  1. How reliable is the application/system?
Business changes
  1. How adaptable is the application/system to enhancements resulting from business changes?
Business continuity plan
  1. How prepared is the organization in the event of a catastrophic failure of this application/system?
Strategic business alignment
  1. How well is the application/system positioned to meet the future strategic business needs of the department / Government of Canada?

Maintenance and Operations Risk Assessment
Availability
  1. How much support is required to meet availability commitments?
Responsiveness
  1. How much support is required to meet response commitments?
Break or fix
  1. Are mean time to repair (MTTR) commitments being met?
Business changes
  1. How difficult is it to incorporate business changes?
Technical maintenance and support costs
  1. What is the trend of your maintenance costs over the last five years (or more)?
Availability of technical skills
  1. How available are the skill sets to support the application/system?
Contracted resources
  1. How dependent is this application/system on contracted resources?

Architectural Risk Assessment
Technology viability
  1. How up to date are the key technology products used in this application?
Government of Canada alignment
  1. To what degree is this application aligned with Government of Canada strategic directions and standards?
Application architecture
  1. To what extent does the application/system align with the departmental application architecture?
Data architecture
  1. To what extent does the application/system align with the departmental data architecture?
Technology alignment
  1. To what extent does the application/system align with the technology architecture?
Security architecture
  1. To what extent does the application/system align with the departmental security architecture?

Appendix D: Description of Business Objectives

Business Objective Description
Acquisition services Systems or applications assisting the acquisition of goods and services in a transparent and fair process
Communications services Systems or applications assisting in communication to Canadians and within departments
Financial management Systems or applications assisting in the stewardship of government financial resources
Health care provision Systems or applications that assist in delivering and tracking health care management
Human resource management Systems or applications assisting in the stewardship of government human resources
Information management services Systems or applications assisting in the stewardship of government information resources
Information technology services Systems or applications assisting in the deployment of the government’s information resources
Justice Systems or applications designed to deliver justice to Canadians
Legal services Systems or applications assisting in the delivery of legal services for different program fields
Legislative and regulatory compliance Systems or applications that monitor for compliance to legislations and regulations to uphold Canadian laws
Management and oversight services Systems or applications assisting in management or oversight of government programs
Material services Systems or applications assisting the deployment and stewardship of government resources and assets
Movement of people Systems or applications designed to track the movement of visitors and Canadians
National security and defence Systems or applications designed to guard Canadians against terrorists or foreign threat
Provide funds Systems or applications that distribute money to Canadians
Real property Systems or applications assisting stewardship and administration of government real properties
Safety for Canadians Systems or applications designed to forewarn and protect Canadians
Science and research Systems or applications dedicated to advancing science and research
Travel and other administrative services Systems or applications assisting government employees delivering program services

Page details

Date modified: