Audit of Project Management at Health Canada

July 2025

Final Report: Executive Summary and Management Response and Action Plan

Prepared by the Office of Audit and Evaluation
Health Canada

Note: The complete audit report is available upon request. Please send an email to oae-bae@phac-aspc.gc.ca.

On this page

• Executive summary
  • Engagement objective
  • Engagement scope
  • What we found
• Management Response and Action Plan
  • Recommendation 1
  • Recommendation 2
  • Recommendation 3

Executive summary

Engagement objective

The objective of this audit was to assess whether Health Canada (the Department) had developed and implemented an effective project management framework that is working as intended to promote effective and efficient project management, and to enable the realization of expected project benefits.

Engagement scope

This audit assessed the Departmental Project Management Framework (DPMF) and a selection of Health Canada (HC) projects, including those with corporate oversight and smaller projects managed by branches. The audit reviewed processes in place during the 2022-23 and 2023-24 fiscal years, but also included projects initiated in prior fiscal years.

The audit scope did not include investment planning, nor the Solutions Fund, as these areas were reviewed recently. The audit included real property and information technology (IT) project management under the DPMF but excluded the software development life cycle.

What we found

The audit found that Health Canada's DPMF is aligned with all relevant policies, guidelines, and industry best practices. Additionally, risks are formally identified and tracked at the project level across HC. There is formalized and centralized monitoring of projects that are at Tiers 2, 3, and 4. However, there is no centralized oversight for Tier 1 projects. The audit also found that risks are not tracked at a departmental level across projects. Furthermore, materiality is the main factor considered in assessing project complexity. The audit makes three recommendations to improve project management in the Department.

Management Response and Action Plan

Recommendation 1

The ADM of the Chief Financial Officer Branch (CFOB) should establish a departmental process to distinguish between projects and activities, as well as develop a departmental process to identify, assess, and manage interdependencies between projects.

Management response and planned management action

Management agrees with this recommendation.

1. Assess and update the current processes used by the Digital Transformation Branch (DTB) and CFOB to distinguish between IT projects and activities, ensuring that projects are properly identified and integrated into HC's project life cycle.
2. The Investment and Project Management Division (IPMD) to review each branch's IT plans to ensure accurate classification of projects vs. activities.
3. IPMD to adjust the investment planning exercise to accept Gate 0 proposals on a quarterly basis rather than at any time during the year, to facilitate the identification of interdependencies between projects for discussion at the Executive Committee – Finance, Investment Planning and Transformation (EC-FIPT).

Deliverables

1. Update DPMF to clarify definition of a project vs. activity and develop supporting guidance documentation.
   1. Expected completion date: April 1, 2025
   2. Office of Primary Interest (OPI): CFOB, Policy Team
2. IPMD to meet with each branch and DTB to review their IT Plans on an annual basis to ensure accurate classification of projects vs. activities is identified at the onset of the planning process.
   1. Expected completion date: April 1, 2025
   2. OPI: CFOB, Departmental Project Management Office (DPMO), and Investment Planning Team (IP Team)
3. Implement the quarterly intake process and create an internal process for IPMD to assess potential project interdependencies.
   1. Expected completion date: March 31, 2026
   2. OPI: CFOB, IP Team

Recommendation 2

The ADM of the CFOB should ensure that project governance evaluates and addresses key risk factors to project success and ensure that decisions align with accepted risk tolerances, including considerations for non-financial risk metrics.

Management response and planned management action

Management agrees with this recommendation.

1. Create a centralized risk repository for all project risks.
2. Maintain a list of key project risk factors, reviewed and updated (as appropriate) on an annual basis.

Deliverables

1. Update quarterly dashboard reporting to provide a consolidated view of risks.
   1. Expected completion date: March 31, 2026
   2. OPI: CFOB
2. Provide strategic updates on project risks to EC.
   1. Expected completion date: March 31, 2026
   2. OPI: CFOB

Recommendation 3

The ADM of CFOB should ensure that there is appropriate departmental oversight of Tier 1 projects to ensure that they are compliant with the HC project management framework, and to ensure that expected outcomes and benefits are monitored.

Management response and planned management action

Management agrees with this recommendation.

1. Projects under $1 million (U1M) are centrally governed through PRC and are required to track project costs through Internal Order (IO) codes
2. Update and create training and guidance for benefits realization

Deliverables

1. Updated Departmental Project Management Framework (DPMF) to reflect change to U1M project governance.
   1. Expected completion date: April 1, 2025
   2. OPI: CFOB, Policy Team
2. Updated PRC Terms of Reference that capture new responsibilities.
   1. Expected completion date: June 30, 2025
   2. OPI: CFOB, DPMO and Policy Team
3. Guidance Document for Benefits Realization and monitoring.
   1. Expected completion date: March 31, 2026
   2. OPI: CFOB, Policy Team
4. Create a new category of projects under $250K in the DPMF with streamlined administrative requirements and branch-level governance.
   1. Expected completion date: April 1, 2025
   2. OPI: CFOB, Policy Team