Mangement response and action plan: Audit of Information Technology Systems Development at the Public Health Agency of Canada and Health Canada
Download the alternative format (PDF format, 78 Kb, 3 pages)
Recommendation 1
The Chief Information Officer should develop a management framework that documents:
- accountabilities for IT system development;
- the extent of the accountabilities that are delegated; and
- reporting requirements for these delegations.
Since IT development may occur in all branches, the CIO should share this CIO-approved management framework with the Executive Committees of both PHAC and HC, and clients to ensure their compliance with the framework.
Management response and planned actions | Deliverable | Completion date | Responsibility |
---|---|---|---|
CSB will develop a management framework, leveraging pre-defined CIO accountabilities and delegation authorities found in new TBS policies. The framework will include all system development methodologies currently in place within HC and PHAC. CSB will communicate the new framework to ensure branches are aware of their responsibilities when applications and systems are developed outside of IMSD. CSB will leverage existing HC and PHAC governance to ensure that project gating decisions take architecture review into consideration. |
CIO-approved Management Framework Communications Plan |
June 2020 | CSB/IMSD CSB/BREAD CSB/CFOB PHAC/OSPP |
Management agrees with the recommendation.
Recommendation 2
The Chief Information Officer should define the key process controls for the “Agile” methodology.
Management response and planned actions | Deliverable | Completion date | Responsibility |
---|---|---|---|
CSB will clarify and refine the process controls related to the “Agile” methodology. | System Development Life Cycle (SDLC) Checklist for Agile methodology Communications Plan |
September 2020 | CSB/IMSD |
Management agrees with the recommendation.
Recommendation 3
The Chief Information Officer should implement mandatory quality assurance processes that provides oversight and reporting to all parties who have been delegated accountability for the implementation of mandatory systems development controls. This includes business requirements, options analysis, User Acceptance Testing, and IT Security.
Management response and planned actions | Deliverable | Completion date | Responsibility |
---|---|---|---|
CSB will implement mandatory risk-based quality assurance (QA) processes with tools and processes in place to ensure that the right artefacts are created at the right time in the SDLC, and that they support the successful delivery of a quality application, regardless of who is responsible for system development. | SDLC Compliance checklist for Waterfall and Agile methodologies | June 2020 | CSB/IMSD |
Communications Plan | October 2020 | CSB/IMSD | |
Draft QA Process Document | December 2020 | CSB/IMSD | |
CIO-approved QA Process | May 2021 | CSB/IMSD |
Management agrees with the recommendation.
Recommendation 4
The Chief Information Officer should raise SGBA+ awareness and consider where SGBA+ considerations may be applicable in the process of designing IT-enabled business solutions.
Management response and planned actions | Deliverable | Completion date | Responsibility |
---|---|---|---|
CSB will enhance SGBA+ awareness. | Awareness Sessions | April 2021 | CSB/IMSD |
Management agrees with the recommendation.
Page details
- Date modified: