Skip to content Skip to institutional links

Common menu bar links

Management Accountability Framework

ARCHIVED - MAF Assessment: Canada Revenue Agency - 2008

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

* An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act.

This document provides a Treasury Board Secretariat assessment of the department's performance against specific areas of management only. It does not present an assessment of management quality beyond these areas of management, nor does it reflect the level of effort a department may be making towards improving the quality of its management. The MAF assessments use standardized language to ensure consistent descriptions and characterizations. This assessment may not reflect the latest information available. Some departments and agencies have provided updated information in the form of a management response. Where management responses have been prepared, the link to the response is posted below the assessment.

Context

This year’s observations by the Treasury Board Portfolio (TBP) related to the Canada Revenue Agency (CRA) are generally positive. In total, for the 11 areas of management against which CRA was assessed, it received seven “strong”, three “acceptable”, one “opportunity for improvement”, and no “attention required” ratings. In four areas of management, the ratings have improved since last year’s assessment, but in one area, the rating has declined due to continued concerns related to certain aspects of access to information and privacy.

Given CRA's legislative authorities, TBP did not assess ten areas of management in this round 6 of the Management Accountability Framework (MAF). CRA self-assessed nine areas as part of its Board of Management Oversight Framework assessment (BoMOF). One area of management was deemed "Not Applicable".

In 2007, CRA was one of 17 organizations which conducted a comprehensive Strategic Review of its programs and spending. Over the course of 2008, CRA kept TBS up to-date on the progress in the implementation of its strategic review savings proposals.

Overall, the Secretariat recognizes CRA’s performance management record, as demonstrated by the fact that CRA has not received ratings below "acceptable" for the last two years. CRA should be recognized for its work in improving management performance since last assessment, including:

Effective Management of Security and Business Continuity- CRA has maintained its strong rating because the Agency's security program serves as a model for other departments and is considered a best practice. CRA demonstrates strong commitment to continuously improving its security program and proactively managing security risks.
Quality of Performance Reporting– CRA's rating increased from “acceptable” to “strong” as the Agency demonstrated credible and reliable performance reporting, systematically tracking planned and actual performance.
Utility of the Corporate Performance Framework– CRA has received an improved rating since last year’s assessment (from “acceptable” to “strong”) as a result of progress with the Agency’s Management Resources and Results Structure (MRRS). In addition, it is recognized that CRA continually uses performance information for decision-making, reflective of results-based management.

There are areas, however, where CRA should continue to make progress, including:

Effectiveness of Financial Management and Control - while CRA has addressed some compliance concerns related to the Canada Child Tax Benefit and Goods & Services Tax/Harmonized Sales Tax Rebate programs, as identified in last year's assessment, minor concerns were raised with respect to e-procurement activities in this round, resulting in an aggregate assessment of 'acceptable.'
Effectiveness of Information Management, for which this year’s assessment declined from “acceptable” to “opportunity for improvement”. It should be noted though that this rating is equal to the government-wide ranking for departments and agencies assessed this year on this area of management. While CRA is effectively guarding personal information of Canadians, it could make further progress in facilitating public access to federal government information in order to ensure that the Agency fully meets its obligations under the Access to Information Act and the Privacy Act. CRA is encouraged to comprehensively describe in the Info Source all information under its control in accordance with the TBP requirements.

1. Values-based Leadership and Organizational Culture

Highlights	Opportunities
	Given Canada Revenue Agency's legislative authorities, CRA will not be providing input for this Area of Management for the MAF Round VI. CRA's Board of Management will assess the agency via the Board of Management Oversight Framework.
Recommendations

2. Utility of the Corporate Performance Framework

Strong

Highlights	Opportunities
2.1 PAA Consistency: Strong The Strategic Outcome(s) is/are (a) clear outcome statement(s) that can be understood within and outside the department as a benefit to Canadians. 2.2 Measurability: Acceptable An adequate Program Activity Architecture has been developed with some issues to be resolved. 2.3 Quality: An adequate and complete performance measurement framework is in place; however some minor issues still need to be resolved.	Some concern remains related to a number of programs that are heavily activity focused. The organization should continue to refine its Performance Measurement Framework (PMF) to bring it in line with the standards set out in the MRRS Instructions. The organization should also ensure that actual data for the indicators in its PMF are being collected and analyzed to gain insights into program performance and to validate the indicators.
Recommendations

Highlights

Opportunities

2.1 PAA Consistency: Strong

The Strategic Outcome(s) is/are (a) clear outcome statement(s) that can be understood within and outside the department as a benefit to Canadians.

2.2 Measurability: Acceptable

An adequate Program Activity Architecture has been developed with some issues to be resolved.

2.3 Quality:

An adequate and complete performance measurement framework is in place; however some minor issues still need to be resolved.

Some concern remains related to a number of programs that are heavily activity focused.
The organization should continue to refine its Performance Measurement Framework (PMF) to bring it in line with the standards set out in the MRRS Instructions. The organization should also ensure that actual data for the indicators in its PMF are being collected and analyzed to gain insights into program performance and to validate the indicators.

Recommendations

3. Effectiveness of the Corporate Management Structure

Strong

Highlights	Opportunities
3.1 Business Plan: Strong Organization's corporate business plan is well aligned to corporate priorities. 3.2 Governance Structure: Strong Management oversight of the organization's program activities is clearly evident.
Recommendations

Highlights

Opportunities

3.1 Business Plan: Strong

Organization's corporate business plan is well aligned to corporate priorities.

3.2 Governance Structure: Strong

Management oversight of the organization's program activities is clearly evident.

Recommendations

4. Effectiveness of Extra-organizational Contribution

Strong

Highlights	Opportunities
4.2 Participation in Priority Initiatives: Strong The organization shows strength in its participation in priority interdepartmental initiatives. The organization's commitments to the initiatives are clear, measurable, and consistent with its role, and internal management structures have been established. CRA was assessed with regards to its participation in the Web of Rules and Public Service Renewal initiatives.	CRA is encouraged to continue its efforts to renew its workforce and reduce its rules, reporting and administrative processes.
Recommendations

Highlights

Opportunities

4.2 Participation in Priority Initiatives: Strong

The organization shows strength in its participation in priority interdepartmental initiatives.
The organization's commitments to the initiatives are clear, measurable, and consistent with its role, and internal management structures have been established.

CRA was assessed with regards to its participation in the Web of Rules and Public Service Renewal initiatives.

CRA is encouraged to continue its efforts to renew its workforce and reduce its rules, reporting and administrative processes.

Recommendations

5. Quality of Analysis in TB Submissions

Acceptable

Highlights	Opportunities
5.1 Supporting Information: Acceptable Organization has the capacity to respond effectively to most TBS feedback. 5.2 Analysis: Acceptable Business cases may have comprehensive information and demonstrate good analysis. 5.4 Quality control: Acceptable Generally rigorous and effective quality control process is in place and is usually followed for TB submissions.
Recommendations

Highlights

Opportunities

5.1 Supporting Information: Acceptable

Organization has the capacity to respond effectively to most TBS feedback.

5.2 Analysis: Acceptable

Business cases may have comprehensive information and demonstrate good analysis.

5.4 Quality control: Acceptable

Generally rigorous and effective quality control process is in place and is usually followed for TB submissions.

Recommendations

6. Quality and Use of Evaluation

Highlights	Opportunities

Recommendations

7. Quality Reporting to Parliament

Strong

Highlights	Opportunities
7.1 MRRS Basis: Acceptable Clear performance expectations in the RPP are all tracked and rigorously reported on in the DPR. The DPR consistently discusses any changes in resources and how they affected results. 7.2 Credible information: Strong DPR consistently provides independently verifiable evidence-based performance information. Information on the validity and credibility of data used is usually or always provided. 7.3 Context: Acceptable Comparisons used in the DPR are extensive and particularly effective. DPR is generally balanced – the report presents both positive and negative aspects of performance and substantiation or explanation is generally provided.	The agency demonstrates credible, reliable performance reporting and appears to systematically track planned and actual performance. Increased emphasis should be placed on linking each PA to the strategic outcome as well as increasing the discussion of benefits for Canadians.
Recommendations

Highlights

Opportunities

7.1 MRRS Basis: Acceptable

Clear performance expectations in the RPP are all tracked and rigorously reported on in the DPR.
The DPR consistently discusses any changes in resources and how they affected results.

7.2 Credible information: Strong

DPR consistently provides independently verifiable evidence-based performance information.
Information on the validity and credibility of data used is usually or always provided.

7.3 Context: Acceptable

Comparisons used in the DPR are extensive and particularly effective.
DPR is generally balanced – the report presents both positive and negative aspects of performance and substantiation or explanation is generally provided.

The agency demonstrates credible, reliable performance reporting and appears to systematically track planned and actual performance. Increased emphasis should be placed on linking each PA to the strategic outcome as well as increasing the discussion of benefits for Canadians.

Recommendations

8. Managing Organizational Change

Highlights	Opportunities

Recommendations

9. Effectiveness of Corporate Risk Management

Strong

Highlights	Opportunities
9.1 Engagement: Strong Senior management reviews the organization’s Risk Management approach on a regular basis – scanning the environment to anticipate changes. This takes place often during the three-year planning cycle. The organization has a common risk assessment approach that is adjusted and approved as required by senior management. Senior management ensures that the organization’s Risk Management approach is tailored to the specific needs of the organization and is adjusted as required. Senior management has reviewed/approved the Corporate Risk Profile within the past year. Senior management leads by example in this area. Accountability for key risks is assigned to senior management and performance is assessed. 9.2 Implementation: Strong The organization’s Risk Management approach is regularly communicated to staff and stakeholders in a variety of ways. The Corporate Risk Profile is systematically (horizontally and vertically) implemented into all operational levels across the organization. Risk Management guidance and tools that enable the organization’s risk management approach are made available to staff in a variety of ways. This is proactively communicated to staff. 9.3 Integration: Strong Risk information is routinely consulted in senior management decision-making. This is done systematically and explicitly. Risk information Risk Management principles are ingrained in planning and resource allocation decisions. Operational level risks are prioritized into key risks and are adjusted as required. Risk information and Risk Management principles are ingrained in senior management reporting. The organization makes course corrections on an ongoing basis based on Risk Management performance and new information. 9.4 Continuous Improvement: Strong Many relevant external sources are consulted during the development of the organization’s CRP. Comprehensive risk information was extensively gathered from internal sources of the organization for preparing the CRP. Corporate risks are consistently linked to the organization’s strategic outcomes and are adjusted as required. The CRP provides a reliable assessment of the quality of risk information used. The organization explicitly builds on past experience, better practice, and adjusts to fit any changes in management structures, priorities or strategic direction. The organization has implemented all recommendations provided during its last MAF assessment. The Canada Revenue Agency continued to demonstrate its commitment to developing a robust and tailored enterprise-wide risk management approach. CRA should be commended for its work to fully integrate the consideration of risk into business planning activities. The agency will continue its efforts to further advance its risk management approach during the upcoming year.	Over the past few years, CRA has developed several valuable tools and guidance, and is in the position to share these leading practices along with the lessons learned during the development of these products with other departments and agencies within the federal public service.
Recommendations

Highlights

Opportunities

9.1 Engagement: Strong

Senior management reviews the organization’s Risk Management approach on a regular basis – scanning the environment to anticipate changes. This takes place often during the three-year planning cycle.
The organization has a common risk assessment approach that is adjusted and approved as required by senior management.
Senior management ensures that the organization’s Risk Management approach is tailored to the specific needs of the organization and is adjusted as required.
Senior management has reviewed/approved the Corporate Risk Profile within the past year.
Senior management leads by example in this area.
Accountability for key risks is assigned to senior management and performance is assessed.

9.2 Implementation: Strong

The organization’s Risk Management approach is regularly communicated to staff and stakeholders in a variety of ways.
The Corporate Risk Profile is systematically (horizontally and vertically) implemented into all operational levels across the organization.
Risk Management guidance and tools that enable the organization’s risk management approach are made available to staff in a variety of ways. This is proactively communicated to staff.

9.3 Integration: Strong

Risk information is routinely consulted in senior management decision-making. This is done systematically and explicitly.
Risk information Risk Management principles are ingrained in planning and resource allocation decisions.
Operational level risks are prioritized into key risks and are adjusted as required.
Risk information and Risk Management principles are ingrained in senior management reporting.
The organization makes course corrections on an ongoing basis based on Risk Management performance and new information.

9.4 Continuous Improvement: Strong

Many relevant external sources are consulted during the development of the organization’s CRP.
Comprehensive risk information was extensively gathered from internal sources of the organization for preparing the CRP.
Corporate risks are consistently linked to the organization’s strategic outcomes and are adjusted as required.
The CRP provides a reliable assessment of the quality of risk information used.
The organization explicitly builds on past experience, better practice, and adjusts to fit any changes in management structures, priorities or strategic direction.
The organization has implemented all recommendations provided during its last MAF assessment.

The Canada Revenue Agency continued to demonstrate its commitment to developing a robust and tailored enterprise-wide risk management approach. CRA should be commended for its work to fully integrate the consideration of risk into business planning activities. The agency will continue its efforts to further advance its risk management approach during the upcoming year.

Over the past few years, CRA has developed several valuable tools and guidance, and is in the position to share these leading practices along with the lessons learned during the development of these products with other departments and agencies within the federal public service.

Recommendations

10. Extent to which the Workplace is Fair, Enabling, Healthy and Safe

Highlights	Opportunities
10.1 Fair: This section is based on the assessment submitted by this separate employer to TBP. 10.2 Enabling: Organization demonstrates a generally adequate linguistic capacity to provide personal and central services and supervision in both official languages. Work instruments, electronic systems and communication tools are generally available in both official languages. 10.3 Healthy and safe: This section is based on the assessment submitted by this separate employer to TBP.
Recommendations

Highlights

Opportunities

10.1 Fair:

This section is based on the assessment submitted by this separate employer to TBP.

10.2 Enabling:

Organization demonstrates a generally adequate linguistic capacity to provide personal and central services and supervision in both official languages.
Work instruments, electronic systems and communication tools are generally available in both official languages.

10.3 Healthy and safe:

This section is based on the assessment submitted by this separate employer to TBP.

Recommendations

11. Extent to which the Workforce is Productive, Principled, Sustainable and Adaptable

Highlights	Opportunities
11.2 Principled: The Official Languages portion of this evaluation has been made by CPSA. Adequate linguistic capacity is generally in place as shown by the majority of incumbents of bilingual positions who meet the language requirements of their position. Communications with and services to the public in both official languages are generally available. Employees consider that they generally can communicate in the official language of their choice within their organization and work instruments, electronic systems and communications in both official languages are generally available.
Recommendations

Highlights

Opportunities

11.2 Principled:

The Official Languages portion of this evaluation has been made by CPSA.
Adequate linguistic capacity is generally in place as shown by the majority of incumbents of bilingual positions who meet the language requirements of their position.
Communications with and services to the public in both official languages are generally available.
Employees consider that they generally can communicate in the official language of their choice within their organization and work instruments, electronic systems and communications in both official languages are generally available.

Recommendations

12. Effectiveness of Information Management

Opportunity for Improvement

Highlights	Opportunities
12.1 Governance: Strong IM accountabilities, roles, and responsibilities are formally established throughout the organization. IM requirements are fully integrated as a part of the approval, development, implementation, evaluation, and reporting of departmental policies, programs, services, and projects and mechanism are in place to continuously evaluate and modify the requirements. IM is fully represented in the corporate-wide governance structure and in the corporate-wide governance or approval committee(s). Extensive participation is evident in GC-wide approaches and initiatives related to developing, implementing, sharing, and leveraging IM policies and practices. 12.2 Strategy: Acceptable A current and active IM strategy identifies support to business priorities and operations, information needs and accountabilities, IM policy considerations and is partially integrated with other corporate strategies, plans and planning cycles. An IM strategy implementation plan, including some timelines and resources, is underway and some achievements to date are identified. An IM awareness campaign or strategy is underway and all staff and executives are informed of their IM roles, responsibilities and accountabilities, and most have attended awareness/training sessions. 12.3 Privacy Act: Opportunity for Improvement Organization submitted an Annual Report to Parliament but did not address all of the mandatory reporting requirements. Significant collections of personal information under the control of the organization have not been appropriately identified or described in accordance with the Privacy Act. 12.4 Access to Information Act: Opportunity for Improvement A significant number of institution-specific Classes of Records do not meet Treasury Board Secretariat requirements. A significant number of the organization's functions, programs, activities and related information holdings have not been appropriately identified or described in its 2008 Chapter of Info Source: Sources of Federal Government Information. This information is a requirement of the Access to Information Act to facilitate public access to federal government information.	Organization is encouraged to continue sharing best practices in order to strengthen IM across the enterprise. Finalize the IM strategy to ensure support to the business strategy. Develop and register Personal Information Banks and/or Classes of Personal Information to ensure all personal information under institution's control is appropriately described in accordance with Privacy Act. Review institution-specific Classes of Records to ensure that all descriptions in Info Source are comprehensive, complete, up-to-date, and comply with Treasury Board Secretariat requirements. Ensure that all information relevant to the institution's functions, programs, activities and related information holdings is described in Info Source.
Recommendations
Continue to improve descriptions of CRA's functions, programs, activities and information holdings, including descriptions of its personal information collections.

Highlights

Opportunities

12.1 Governance: Strong

IM accountabilities, roles, and responsibilities are formally established throughout the organization.
IM requirements are fully integrated as a part of the approval, development, implementation, evaluation, and reporting of departmental policies, programs, services, and projects and mechanism are in place to continuously evaluate and modify the requirements.
IM is fully represented in the corporate-wide governance structure and in the corporate-wide governance or approval committee(s).
Extensive participation is evident in GC-wide approaches and initiatives related to developing, implementing, sharing, and leveraging IM policies and practices.

12.2 Strategy: Acceptable

A current and active IM strategy identifies support to business priorities and operations, information needs and accountabilities, IM policy considerations and is partially integrated with other corporate strategies, plans and planning cycles.
An IM strategy implementation plan, including some timelines and resources, is underway and some achievements to date are identified.
An IM awareness campaign or strategy is underway and all staff and executives are informed of their IM roles, responsibilities and accountabilities, and most have attended awareness/training sessions.

12.3 Privacy Act: Opportunity for Improvement

Organization submitted an Annual Report to Parliament but did not address all of the mandatory reporting requirements.
Significant collections of personal information under the control of the organization have not been appropriately identified or described in accordance with the Privacy Act.

12.4 Access to Information Act: Opportunity for Improvement

A significant number of institution-specific Classes of Records do not meet Treasury Board Secretariat requirements.
A significant number of the organization's functions, programs, activities and related information holdings have not been appropriately identified or described in its 2008 Chapter of Info Source: Sources of Federal Government Information. This information is a requirement of the Access to Information Act to facilitate public access to federal government information.

Organization is encouraged to continue sharing best practices in order to strengthen IM across the enterprise.
Finalize the IM strategy to ensure support to the business strategy.
Develop and register Personal Information Banks and/or Classes of Personal Information to ensure all personal information under institution's control is appropriately described in accordance with Privacy Act.
Review institution-specific Classes of Records to ensure that all descriptions in Info Source are comprehensive, complete, up-to-date, and comply with Treasury Board Secretariat requirements.
Ensure that all information relevant to the institution's functions, programs, activities and related information holdings is described in Info Source.

Recommendations

Continue to improve descriptions of CRA's functions, programs, activities and information holdings, including descriptions of its personal information collections.

13. Effectiveness of Information Technology Management

Strong

Highlights	Opportunities
13.1 Leadership: Strong The senior official has responsibility and accountability for the full scope of information technology responsibilities and ensures that information technology supports organizational outcomes. Organization actively participates and demonstrates leadership in setting government-wide directions for information technology. 13.2 Planning: Strong A comprehensive information technology plan is in place and it aligns with the government-wide directions for information technology and with departmental business needs. Information technology management position is held by a highly engaged senior official designated within the corporate governance structure and related planning processes. 13.3 Value: Strong Organization analyzes and plans for the appropriate use of information technology shared services to an optimal extent. Organization demonstrates management commitment to service costing, asset management, performance measurement and reporting to ensure value delivery.	Commended for its progress and encouraged to share its integrated set of processes and practices for governance, planning and benefits realization in order to monitor and oversee the delivery of business value from IT investments. Commended for its progress and encouraged to share its qualitative and quantitative set of Key Performance Indicators and techniques to assess performance that provide metrics to guide better decision making, increase performance levels and enable continuous improvement.
Recommendations

Highlights

Opportunities

13.1 Leadership: Strong

The senior official has responsibility and accountability for the full scope of information technology responsibilities and ensures that information technology supports organizational outcomes.
Organization actively participates and demonstrates leadership in setting government-wide directions for information technology.

13.2 Planning: Strong

A comprehensive information technology plan is in place and it aligns with the government-wide directions for information technology and with departmental business needs.
Information technology management position is held by a highly engaged senior official designated within the corporate governance structure and related planning processes.

13.3 Value: Strong

Organization analyzes and plans for the appropriate use of information technology shared services to an optimal extent.
Organization demonstrates management commitment to service costing, asset management, performance measurement and reporting to ensure value delivery.

Commended for its progress and encouraged to share its integrated set of processes and practices for governance, planning and benefits realization in order to monitor and oversee the delivery of business value from IT investments.
Commended for its progress and encouraged to share its qualitative and quantitative set of Key Performance Indicators and techniques to assess performance that provide metrics to guide better decision making, increase performance levels and enable continuous improvement.

Recommendations

14. Effectiveness of Asset Management

Highlights	Opportunities
	Canada Revenue Agency is not subject to the Treasury Board Policies governing investment planning, real property management and materiel management. CRA's Board of Management conducted a self-assessment using its Management Oversight Framework.
Recommendations

15. Effective Project Management

Highlights	Opportunities

Recommendations

16. Effective Procurement

Highlights	Opportunities

Recommendations

17. Effectiveness of Financial Management and Control

Acceptable

Highlights

Opportunities

17.1 Authorities and Policies: Acceptable

Audit report results show evidence of deficiencies that are of some concern.
Departmental procedures, tools, training and support for those individuals delegated with Section 34 authority show evidence of solid financial management practices.
Departmental processes for classification of moneys, internal controls for receiving and recording money and depositing money show evidence of solid financial management practices.
Departmental processes for informing those delegated with Section 33 authority of their responsibilities and dealing with requests for payments that are problematic show evidence of solid financial management practices.
Departmental processes to provide individuals delegated Section 33 authority with the information necessary to assess and approve specific transactions and to assess the adequacy of Section 34 account verification show evidence of solid financial management practices.
The reporting of external user fee information meets or nearly meets the requirements of the reporting guidelines.

17.2 Public Accounts Reporting: Strong

Few Central Financial Management Reporting System (CFMRS) coding errors.
Few significant errors found during the course of the OAG Public Accounts audit.
Ninety to 96% (Grade A) of Public Accounts reporting plates submitted on time.

17.3 Management Capacity: Strong

A significant amount of training is provided for the financial management organization.
All, or almost all, FIs and management team members in the financial management organization have current, approved learning plans.
Many processes in support of a sound succession plan for key positions are in place.
Positions, the duties of which are being performed by an individual indeterminately appointed to that position, comprise a reasonable proportion of the FI segment of the financial management organization.
Positions, the duties of which are being performed by an individual indeterminately appointed to that position, comprise a reasonable proportion of the positions on the management team of the financial management organization.
There is a position (or positions) established in the financial management organization that is dedicated to community management and development.
There is an acceptable functional relationship between the CFO/SFO and FI positions that exist outside the financial management organization. *This row is only applicable where the department or agency indicates there are FI positions outside the financial management organization.

17.4 Financial Statements: Acceptable

Several known financial internal control weaknesses remain unremedied.
The organization received an ‘unqualified audit opinion' with respect to its financial statements.

17.5 Internal Reporting: Strong

The internal financial reporting package is accompanied by a comprehensive discussion and analysis.
The internal financial reporting package is presented to senior management eight to nine times per year.
The internal financial reporting package is presented to senior management less than one month after period end.
The process for reviewing information before it is presented to senior management to ensure no material errors or omissions is well established.
The scope of the internal financial reporting package is comprehensive.

17.6 Other Initiatives: Acceptable

Evidence of some initial measures taken towards implementing the Guide to Costing.

While the agency maintained its overall rating as Acceptable, its financial management and control decreased while the quality and timeliness of its trial balance, its financial management practices and quality of its financial reporting increased.

Recommendations

18. Effectiveness of Internal Audit Function

Highlights	Opportunities

Recommendations

19. Effective Management of Security and Business Continuity

Strong

Highlights

Opportunities

19.1 Departmental Security Program: Strong

Organization's security program is fully developed and sustainable, and comprises all key policy elements.
Organization demonstrates leadership and contributes to the government-wide security program.
Organization's security strategy is completely aligned and integrated with its corporate priorities and business plan.

19.2 Management of IT Security (MITS): Acceptable

Organization has achieved the three priority objectives that form the foundation for Management of Information Technology Security (MITS) and complies with most MITS requirements.
No significant deficiencies in meeting key MITS requirements.

19.3 Business Continuity Planning (BCP): Strong

Organization has a fully developed and sustainable ability to provide for the continuity of critical business operations and services.
Completed and approved plans are in place for Pandemic and Information Management / Information Technology emergency preparedness.

Pursue ongoing initiatives to continue improving the agency security program, including evolution of the agency security management framework, and activities related to compliance monitoring and risk management.
Complete activities required to address minor deficiencies in MITS compliance (i.e., ensuring security clearances for all personnel with privileged access to critical systems and incorporation of automated incident detection tools in high-risk systems).
Continue roll-out of the Emergency Management Program Strategy to strengthen the agency’s resilience to continually adapt to changing risks and maintain continuity of critical services in the presence of disruptions.
Continue to participate in government-wide security initiatives and to share best practices.

Recommendations

20. Citizen-focused Service

Acceptable

Highlights

Opportunities

20.1 Management Engagement – Service and CLF: Strong

There is routine monitoring by senior management to ensure that the requirements of CLF 2.0 are being met institution-wide; this information is used to make timely and proactive decisions or course correction.

20.3 Official Languages: Acceptable

Analysis of the Annual Review on OL shows the institution is generally able to meet its obligations.
Audits reveal few shortcomings in active offer and service delivery in both OL.
In general, the institution has adequate resources to serve the public in both OL.
Small number of complaints deemed founded by the Commissioner of Official Languages.

TBS encourages CRA to make information on its major consultations available on the Canada site and take client feedback into account in the implementation of its policies, programs, services and initiatives.
TBS encourages CRA to continue to improve the quality and availability of services in both official languages.

Recommendations

21. Alignment of Accountability Instruments

Highlights	Opportunities

Recommendations