Board of Management Oversight Framework - Assessment of Performance 2010-2011

Strong

The Agency demonstrates a rigorous, systematic approach to resource management that supports the effective achievement of priorities and program results.

Clear and effective management policies governing Agency resources exist and are well communicated throughout the organization.

Appropriate investment decisions with respect to the Agency's procurement, real property, accommodations, moveable assets, and information technology are based on rigorous cost/benefit analyses.

Sound financial controls exist and compliance is regularly monitored and reported to senior management. Non‑compliance is acted upon.

A project management framework exists, including documented accountabilities, as well as decision‑making, monitoring, and reporting processes.

Acceptable

Agency resource management infrastructure and practices support the achievement of priorities and program results.

Management policies governing Agency resources exist and are communicated throughout the organization.

Investment decisions with respect to the Agency's procurement, real property, accommodations, moveable assets, and information technology are sometimes based on cost/benefit analyses.

Sound financial controls exist and compliance is sometimes monitored and reported to senior management; non‑compliance is sometimes acted upon.

A project management framework exists, including documented accountabilities and decision‑making processes.

Opportunity For Improvement

Improvements are needed for resource management infrastructure and practices. Achievement of priorities and program results may be at risk.

Management policies governing Agency resources exist but are not well communicated in the organization.

Cost/benefit analyses are seldom performed in investment decisions with respect to the Agency's procurement, real property, accommodations, moveable assets, and information technology.

Some financial controls exist but compliance is seldom monitored or reported to senior management. Non‑compliance is not acted upon.

A project management framework is being developed.

Attention Required

Achievement of priorities and program results are at risk due to serious deficiencies in resource management.

Significant gaps exist in management policies governing Agency resources.

Little analysis informs investment decisions with respect to the Agency's procurement, real property, accommodations, moveable assets, and information technology.

Significant gaps in financial controls exist. No monitoring for compliance occurs.

Significant projects are not managed in a systematic way.

Expectation (a): Financial Management – The Board must assure itself that the Agency has and follows the appropriate control framework for the management of its financial resources.

Overview

Sound management of the financial authorities provided by Parliament is based on a functional budget allocation model. Updated multi‑year budget allocations are issued quarterly. They include changes in funding resulting from new Treasury Board submissions, Resource and Investment Management Committee (RIMC) recommendations, Agency Management Committee (AMC), and workload transfers. A quarterly resource management report is provided to the Board. The CRA Annual Report to Parliament tabled by the Minister of National Revenue includes financial statements which are audited by the Auditor General and reviewed and approved by the Board. Financial management capacity is continually strengthened through recruitment, retention, and training strategies.

Key Questions

1. Does the Agency demonstrate sound management of the financial authorities provided by Parliament?

Financial Administration Monitoring Framework

The Finance and Administration Branch (FAB) established and maintains a Financial Administration (FA) Monitoring Framework for Agency activities to make sure that accounting information is accurate, complete, and timely.

The Financial Monitoring Controls Audit — Operating Expenses Final Report concluded that, overall, monitoring activities are carried out by financial staff in a manner consistent with the FAB Monitoring Framework. However, the audit did recommend that improvements be made in the monitoring processes related to invoice documents and payments.

FAB has developed action plans to address the audit findings, with consideration given to balancing risk and cost. The implementation of the recommendation is progressing according to plan, and the recommendation is expected to be fully implemented by December 31, 2011. The Corporate Audit and Evaluation Branch (CAEB) will follow up on the progress of the action plan as part of their established follow‑up procedures.

The CRA continues to demonstrate its commitment to sound management of financial authorities through the progress achieved against its plan for assessing the design and effectiveness of internal controls over financial reporting, as required under the Treasury Board's new Policy on Internal Controls.

The Agency has put in place a financial management framework along with five core policies, four of which flow from the TB financial management policy suite. The five financial policies are:

Policy on Financial Management Governance
Policy on Internal Financial Control
Policy on Stewardship of Financial Management Systems
Policy on Financial Resource Management, Information, and Reporting
Policy on Financial Administration

The CRA has many other policy instruments that support the core policies. This year, the CRA Directive on Financial Monitoring for Administered Activities and the Travel Directive numbered among those newly drafted or reviewed.

The CRA's sound management of the financial authorities provided by Parliament is also demonstrated through the opinions IT receives on its audited financial statements for both agency and administered activities. For example:

In its management letter, further to its audit of the 2009‑2010 financial statements, the Office of the Auditor General (OAG) of Canada reported only four issues. Management has developed action plans to address the issues. Progress against these action plans is followed up annually either as part of the Corporate Audit and Evaluation follow‑up process or through internal monitoring activities performed within FAB.

In April 2010, the Financial Administration Act — Agency Activities Audit began assessing the Agency's practices in administering and exercising delegated financial authorities under the Act. The audit will be tabled with the Board in March 2011.

On April 6, 2010, the Multiple Spending Authority (MSA) was introduced. The MSA provides the CRA with automated system spending controls and the flexibility to ensure expenditures are captured by authority in the financial system of record. This facilitates the new CRA capital vote that became effective April 1, 2010.

To facilitate the implementation of the capital vote, training was delivered in September and November 2010, targeting budget managers and financial officers across the Agency to assist them in having a better understanding of the capital vote policy and how to manage their capital vote resources. Tools were developed that assist budget managers in simplifying and ensuring a more accurate determination of capital budget requirements and were incorporated in the procurement and project management processes.

Results of Year‑End Actual Expenditures

Results of year‑end actual expenditures compared to the annual expenditures plan at the second quarter are as follows:

In 2009‑2010, the Agency's year‑end flexibility represented 3.7% of the approved authority.
2010‑2011 marks the sixth year of measuring performance accountability based on the 5% variance threshold. At the end of 2009‑2010, all the major functions were within 5% of their second quarter annual expenditure plans. IT is expected that the situation will be similar in 2010‑2011.

Resource Management

The Board receives a resource management report every quarter. The report is intended to help with the effective management of resources by providing detailed information on the Agency's use of financial resources, including variance explanations, forecasts, historical comparisons and, where appropriate, recommendations on how significant variances and/or emerging funding pressures should be addressed in the context of the Agency's broader resource management strategy.

As a result of cost containment measures announced in the 2010 federal budget, a resource management strategy was developed for 2010‑2011 and future years to address key operational requirements. Shortly after the new strategic agenda was approved in the summer of 2010, an internal review exercise was launched. This review will allow the Agency to be better positioned to meet its key operational pressures.

The change to exception‑based quarterly performance reporting allows the Agency's executive to focus on key performance information. The revised format follows performance throughout the year and highlights quarterly shifts along the process continuum. For example, the first quarter report provides added detail about service, since this period covers the income tax and benefit filing season.

Key indicators are included to provide a sense of the overall health of the organization, while performance indicators discuss operational effectiveness across the organization. Notable performance is highlighted to focus the reader on issues that may require management attention, all in a concise four‑page format.

Sources of Evidence

Capital Vote Overview (presentation prepared for training sessions)
Tools developed: Asset Verification Form and the Asset Under Construction (AUC) Decision Tree
2009‑2010 Year‑End Resource Management Report
Quarterly resource management reports
Spring 2010 Banking Day
Quarterly performance reports

2. Does the CRA have the appropriate processes and internal controls to ensure that tax assessed and collected on behalf of the provinces and territories is reported accurately, completely, and in a timely manner?

Financial Management Controls

In 2010‑2011, the CRA continued to strengthen financial management controls and reporting through new functionality introduced as part of the Corporate Administrative System (CAS) Sustainability Project.

Since the introduction of the Policy on Internal Controls (PIC), the CRA has issued two section 5970 reports to provincial and territorial finance ministries:

The design and implementation (DI) of certain controls over T2 financial reporting as of March 31, 2007 (issued January 2008); and
the DI of all controls over T2 financial reporting as of November 30, 2008 (issued December 2009).

Over the past year, the Agency has completed its section 5970 T1 readiness assessment to prepare for the OAG's audit of our description of the design and implementation of certain controls over T1 financial reporting as of November 30, 2010. The CRA is working with the OAG to prepare the final report to the provinces and territories to be issued in June 2011.

For the CEO/CFO certification of the Statement of Management Responsibility, the Agency has completed 80% of internal controls related to Agency activities (that is, CAS and entity level controls) over financial reporting. A draft of the revised Statement of Management Responsibility and Annex will be presented to the Audit Committee in June 2011, and the final version will be presented as part of the 2010‑2011 audited financial statements.

A submission to the Treasury Board of Canada Secretariat for the 2010‑2011 and future years impact of the Provincial Sales Tax Administration Reform (PSTAR) initiative was approved by Treasury Board in December 2010.

Internal Policy Controls

An update on the CRA's compliance with the Policy on Internal Controls was provided to the Audit Committee on CEO/CFO certification at the December 7, 2010, committee meeting.

TBS feedback regarding the CRA's compliance with the Policy on Internal Controls will be available in the fall of 2011.

The CRA has completed the design and implementation testing for the internal controls over financial reporting for Agency activities.

The Office of the Auditor General's (OAG) Reports

The OAG external audit of the design and implementation of T1 controls over financial reporting under the tax collection agreements as of November 30, 2010, was approximately 60% complete, and the draft report should be available in March/April 2011.

The OAG provided an unqualified opinion for the latest Statement of Income and Capital Taxes Payable to the Provinces and Territories in Respect of the 2008 and Prior Taxation Years.

In relation to management plans that address items raised by the OAG in their management letter, the CRA's progress against these actions plans is followed up annually either as part of the Corporate Audit and Evaluation follow‑up process or through internal monitoring activities performed within FAB.

The Agency has recently named a new chief financial officer (CFO) using (CFO) an external selection process.

Sources of Evidence

December 7 Audit Committee presentation
Committee meeting minutes
Feedback from TBS about the CRA's first revised statement of management responsibility and annex (at this time FAB does not know in what format this feedback will be provided)
Completion of the revised Statement of Management Responsibility by July 2011 is on schedule
Auditor's report
Effective management action plans on issues raised by the OAG
Management letters and management action plans
OAG Auditor's Report (we have a copy on file of the OAG auditor's report to the Minister of Finance if required as evidence)
Action plans issued for all items. OAG Management Letter on TCA — Reviewed by the Audit Committee at the September 2010 meeting

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong The Board is concerned, in light of the recent CFO transition, that the Agency establish a sound succession plan with a sufficient number of candidates possessing the required designation.	Strong
Next Steps	None indicated.	Finalize CEO/ CFO certification. Complete assessment of T1 financial reporting using S3416 standard, which has recently replaced S5970. Continue to build financial management strength to aid in succession planning.

Expectation (b): Project Management – The Board must assure itself that investment decisions are reflective of corporate priorities, that approved projects are appropriately managed, and that future funding pressures are identified.

Overview

The Board approved the Project Management Policy in 2006. The Resource and Investment Management Committee (RIMC) is mandated to make sure that all resource and investment decisions are fully integrated with, and support, Agency direction and strategies outlined in the corporate business plan. Agency projects with life‑cycle costs of more than $20 million are approved by the Board, and Major Project Investment Dashboards are provided quarterly. The CRA's annual strategic investment plan communicates to the Board the magnitude and nature of the investment challenges faced by the CRA, as well as the planned allocation of available investment funding over the next 10 years. The implementation of a capital vote in 2010‑2011 will, among other things, support the SIP by strengthening the Agency's capacity to monitor and control capital investments and assets.

Key Questions

1. Are Agency project‑related investment decisions reflective of corporate priorities and assured of secure funding?

The Strategic Investment Plan

The SIP, now in its second year, provides decision makers with information to manage the Agency's portfolio of major infrastructure investment projects, in a way that is both clearly integrated with the Agency's strategic themes and objectives, and consistent with the Treasury Board's Policy on Investment Planning.

Preparation of the SIP involves consideration of all possible funding strategies, including base funding, funding from the strategic investment reserve, and funding from the Treasury Board. In doing so, the Agency tries to optimize its funding mix and sustain its capacity to strategically reinvest its resources to protect the stability of its core businesses.

The SIP for 2010‑2011 to 2014‑2015 has reconfirmed that the existing portfolio of projects continues to align with the Agency's priorities. A limited number of new projects has also been selected to proceed, thereby preserving a level of flexibility in the coming years.

Over the SIP's planning period, the following projects will be invited to proceed through the CRA's project oversight process:

T1 Renewal (renamed T1 Redesign)
Partnerships Information Returns Initiative
T3 Redesign
Back‑up Tape Encryption
Denial of Service Defence
Network Encryption
Enhanced National Audit Trail System

Together, these projects represent high‑ranking submissions from the two investment categories (primary tax systems, and secondary support or security initiatives). Balanced by affordability, these projects represent a range of costs, risks, duration, and purpose. They also cover a range of sustainability and enhancement benefits.

The current level of resources is not sufficient to fund all the investment proposals included in the SIP. Given this situation, the Agency was forced to prioritize the projects to be pursued.

Consequently, some very large and necessary projects (such as Info Dec, Business Number, and Individual Credit Determination System Renewal) will have to be delayed until funding can be made available. As a result of project interdependence, the full benefits of some projects being undertaken may not be felt until others can also be completed.

Sources of Evidence

Major project investment dashboards provided by the responsible assistant commissioners (project sponsors), along with financial data captured in the Corporate Administrative Systems, and periodic progress reports provided to the Resource and Investment Management Committee and the Agency Management Committee
Strategic Investment Plan: Major Projects and Infrastructure 2010‑2011 to 2014‑2015
Annual updates to the strategic investment plan — Major projects and infrastructure

2. Are the Agency's approved projects effectively managed in terms of time, scope, and cost?

Major Project Investment Dashboards

The following provides an assessment of the status of the five projects that were subject to Board oversight during 2010‑2011, based on the major project investment dashboards submitted to the Board in March 2010, June 2010, September 2010, and December 2010:

The Corporate Administrative System (CAS) Sustainability: The project has experienced challenges in delivering the originally approved scope within the approved project funding. The updated CAS Detailed Planning Report revealed that the costs associated with deploying releases four and five are significantly more than originally estimated. As a result, the scope of the project has been reduced and the release of deliverables four and five has been rescheduled for implementation in 2010‑2011 and 2011‑2012. Approval was granted for both the revised précis and the reschedule of releases four and five. The performance assessment for the second quarter of 2010‑2011: Schedule: Green; Scope: Green; and Cost: Green.

Integrated Revenue Collections (IRC) Phase I: The project has experienced unforeseen difficulties completing a key part of one of the deliverables (the performance measurement deliverable). To date, an assessment of the alternatives on how to deliver this solution has been completed and the project has selected an option which is being created and prototyped during the third and fourth quarters of fiscal year 2011‑2012. A production solution is expected for July 2012. The performance assessment for the second quarter of 2010‑2011: Schedule: Yellow; Scope: Green; and Cost: Green.

The Compliance Systems Redesign: The project costs are now within budget and the project has identified reductions in activities that eliminated the planned over‑expenditure in the first quarter without affecting the overall project deliverables. The performance assessment for the second quarter of 2010‑2011: Schedule: Green; Scope: Green; and Cost: Green.

The Provincial Sales Tax Administration Reform (PSTAR) project is proceeding within the revised schedule and the approved scope. Funding has been confirmed by the Treasury Board for incremental costs for HST program administration in December 2010. The project continues to be monitored closely, and an updated project précis will be submitted to the Board in March 2011. Schedule — Green; Scope — Green; and Cost — N/A.

The Corporate Tax Administration for Ontario (CTAO) project was effectively completed in 2009‑2010. The CTAO project was effectively managed with all deliverables provided on time and within budget. Overall, the project was able to return $17.0 million to the reserve upon completion. A final close‑out report outlining the overall accomplishments, financial results, and lessons learned was presented to the Board of Management at its December 2010 meeting.

Individual Identification Renewal (Ident): The project is proceeding within the approved schedule, scope, and budget, despite experiencing a risk of delays in the testing phase during the second quarter. Project plans are in place to address any possible schedule pressures, should they arise in the third or fourth quarter. The performance assessment for the second quarter of 2010‑2011: Schedule: Green; Scope: Green; Cost: Green.

Sources of Evidence

Reviewed by the Board:
Project précis (revised CAS Sustainability and PSTAR)
Major project investment dashboards
Close‑Out Report of the Corporate Tax Administration for Ontario — December 2010

3. What improvements were made in the last year to strengthen and/or promote effective project management practices at the Agency?

Improvements to Project Management Practices

The Agency strives to ensure that strategic initiatives are horizontally aligned, and that the relevant stakeholders have been consulted. The Agency continues to review its SIP methodology on an annual basis to ensure that project ranking, selection, and sequencing align with Agency goals and priorities and reflect lessons learned from previous years' planning exercises. For example:

A number of changes were made to the priority ranking model, including combining/adding certain categories of assessment, refining the definition of certain criteria, and modifying their respective weightings.
A dedicated efficiency fund was created, representing part of the strategic investment reserve (for example, 10%), to set aside only for high‑payback projects that offer concrete operational savings in funds to promote the replenishment of the strategic investment reserve.

The Agency enhanced the consultation process for strategic investment planning to ensure that senior management had the most complete information possible with which to make decisions. Consultations for the 2010‑2015 SIP included stakeholders such as the Enterprise Risk Management Team, subject‑matter experts in applications sustainability and information technology architecture, and a committee of senior executives from all branches and regions. Specific recommendations from these consultations resulted in the creation of two different priority lists: those projects addressing the Agency's core priorities of tax and benefits integrity and those projects supporting the Agency in the delivery of its mandate.

The Agency implemented changes to the major project investment dashboards to provide a history of key decisions made by the Board. Dashboards now show the status of the project in comparison to the schedule, scope, and cost approved in the original précis and list key risks being mitigated by the project sponsors.

An independent review was done in the fall of 2010 to assess whether the objectives of the Integrated Revenue Collections Phase I project have been achieved. Agency senior management has recognized the value of doing independent reviews at key decision points in the lifecycle of large projects and is exploring making such reviews a formal requirement for major projects.

The RIMC gating process, in place since 2008 for large CRA projects, is continuously being refined to ensure relevance and effectiveness, and is a mandatory requirement for any new projects as they progress through their lifecycle. This RIMC process requires that the Chief Risk Officer be consulted at each gate to provide guidance and advice on how the project is aligned to the Agency's key risks and how the specific project risks are described along with related mitigation plans.

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong	Strong
Next Steps	None indicated.	Continue to evolve project management gating process (using a risk‑based approach). CRA to adopt the Project Complexity and Risk Assessment tool, created by the Treasury Board of Canada Secretariat, as part of the 2011‑2012 to 2020‑2021 Strategic Investment Plan to assess project risks in the portfolio of investments.

Expectation (c): Asset Management – The Board must assure itself that accommodation needs and non‑IT assets with an individual value of more than $10K are well‑managed.

Overview

The CRA tracks and depreciates capital assets (greater than $10,000) through the Corporate Administrative Systems (CAS). Requirements for materiel are assessed and planned using a life‑cycle management approach. Assets (greater than $10,000) are reported in the Agency's financial statements and in the public accounts. Real property investments are identified annually in the Agency's Long‑Term Accommodation Investment Plan (LTAIP).

Key Questions

1. Does the Agency demonstrate administrative diligence in monitoring and reporting non‑IT assets with an individual value of more than $10,000?

Administrative Monitoring of Non‑IT Assets

The Agency demonstrates administrative diligence in monitoring and reporting non‑IT assets, excluding real property, with an individual value of more than $10,000 by:

tracking and depreciating capital assets through the Corporate Administrative Systems (CAS);
validating the existence and value of the Agency's assets as of March 31 through a year‑end certification process;
conducting bi‑annual reviews of all capital assets to make sure that the information in CAS is accurate;
conducting quarterly reviews of all new capital asset purchases to make sure that the information captured in the asset master record in CAS is complete and accurate;
reporting all capital assets (that is, those identified as having a purchase value of $10,000 or more) in the Agency's financial statements and in the public accounts, and;
carrying out monthly reviews of general ledger expense accounts to identify purchases over $10,000 that should have been captured as capital assets.

Additional measures effective April 2010 have been incorporated into the process of acquiring capital assets that make the use of a capital asset verification form mandatory for prescribed capital asset acquisitions at the onset of the process. This ensures administrative diligence in recording the asset master record in CAS.

All assets were fairly stated and accounted for at the end of fiscal year 2009‑2010.

Sources of Evidence

Finance and Administration manual chapters: Accounting for Capital Assets, Accounting for Capital Leases, Capital Asset Record Management Procedures (Acquisition Phase), and Fleet Management
Capital Asset Verification Form
Asset Under Construction classification tool
CAS Module 546 — Purchase Requisitions for Assets

2. Are real property investments based on long‑term accommodation plans that take account of business priorities, risks, and program needs?

Long‑Term Accommodation Investment Plan

The annual long‑term accommodation investment plan (LTAIP) sets out the strategic direction for planning and managing the CRA's accommodation portfolio and a national five‑year investment plan.

Real Property Investment Management Framework

The CRA's Real Property Investment Management Framework (Framework) makes sure that real property investments are based on long‑term accommodation plans that take account of business priorities, program needs, and an assessment of internal and external challenges and risks.

The framework requires that real property investments be:

guided by the national priorities established in the approved LTAIP;
submitted for project and funding approval using an investment analysis report;
ranked using an agreed‑to priority ranking system;
challenged and recommended by the National Investment Advisory Committee; and
approved by the Strategic Investment Board before allocation of funding.

The framework also requires that Strategic Investment Board‑approved projects be considered by the Resource and Investment Management Committee (RIMC) when the costs related to the CRA real property part of the project are expected to be more than $1 million in any fiscal year, and (RIMC/Agency Management Committee or Treasury Board approval has not already been obtained; or if there is a request for incremental funding from the Agency's Strategic Priorities Fund.

In 2010‑2011, the following strategies were identified to manage the Agency's real property risk and to promote greater space efficiency in the Agency's accommodations:

focus solely on non‑discretionary projects;
seek RIMC approval to reprofile funds from the current fiscal year to future year priority project pressures; and
pursue space optimization/efficiency projects where a sound business case exists.

In line with these strategies, in 2010‑2011, the Strategic Investment Board approved 27 major tenant projects (projects with CRA costs greater than $250K):

all of these projects were non‑discretionary;
investment analysis reports were prepared for each project and opportunities for space optimization and other efficiencies were assessed and challenged through the review and approval process;
as of the second quarter of 2010‑2011, all projects were on schedule and within budget; and
as of the second quarter of 2010‑2011, the real property function is projecting that $3.7 million will be reprofiled to future year priority pressures.

In light of the high cost of accommodations and facilities, the Agency is examining its space holdings to determine excess capacity, with the goal of becoming a more efficient user of space.

The following project description provides an example of how the strategies in the LTAIP have been implemented:

Montréal Call Centre Refit: This project was put forward by the Quebec Region through their Regional Accommodation Plan submission and identified as a planned project in the Agency's LTAIP. The project responds to the growth pressures of the Quebec Region Call Centre resulting from internal Agency initiatives. Five separate options were analyzed including: status quo, new space acquisition for part of the call centre, relocation of Canada Border Services Agency at CRA expense to free up space in the facility, new space acquisition to relocate the call centre, and space optimization to make better use of the existing space. Space optimization was the recommended option, since IT brought the Region's use of space in closer alignment with accommodation standards while meeting program requirements.

Sources of Evidence

Long‑Term Accommodation Investment Plan 2010‑11
National Investment Advisory Committee Charter
Strategic Investment Board Charter
Real Property Management Framework

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong	Strong
Next Steps	Board Resources Committee will discuss the scope of its responsibilities for asset management at a meeting scheduled for 2010‑2011.	Develop an asset management policy framework, including a real property and accommodation strategy.

Expectation (d): Procurement – The Board must assure itself that the Agency's procurement activities comply with legislative and policy requirements, and represent an effective and cost‑efficient means of acquiring necessary goods and services.

Overview

The CRA conducts procurement in a fair and cost‑effective manner in accordance with CRA policies, codes of conduct, and government obligations. The majority of CRA contracts are awarded through competitive processes. A quarterly contracting report is presented to the Board to help make sure that government obligations and CRA policies are adhered to. All information‑technology‑related and non‑information‑technology‑related contracts and non pre‑approved amendments over $1million are reviewed by assistant‑commissioner‑level committees, and periodic reports on contracting are sent to the Agency Management Committee. All contracts and cumulative amendments over $10,000 are available and listed in a quarterly proactive disclosure report posted on the CRA's Web site. At the CRA, contracting data is kept in the Agency's Corporate Administrative Systems (CAS). The CRA uses the CAS to collect contracting data for planning and reporting purposes. A 2008 internal audit stated that, overall, the e‑procurement and acquisition card process is in many ways an easier and more cost‑effective way for the Agency to procure low‑value, low‑risk goods and services. The audit also noted control deficiencies which have since been addressed through the introduction of a Web‑based e‑procurement tool and an acquisition card monitoring program.

Key Questions

1. Do procurement activities yield best value in return for amounts disbursed?

Procurement Activity

The first quarter of this fiscal year saw the issuing of a few high‑dollar‑value contracts mainly for computer hardware, as well as software maintenance and licensing. This has resulted in a notably larger year‑to‑date (YTD) spend for this fiscal year.

The transition of the CRA's catalogues to the Synergy e‑procurement tool was completed last fiscal year. The use of the Agency's e‑procurement catalogues, which are supported by a government acquisition card, results in significant savings. In accordance with Treasury Board of Canada Secretariat estimates, the cost associated with supporting these types of transactions is only 8% of the cost of using traditional procurement contracts such as local purchase orders. As of the second quarter of 2010‑2011, YTD e‑procurement represents 96.74% of the total number of transactions (96,571 total transactions for a dollar value of $220,624,674).

Procurement Audits

The recently implemented cyclical audit plan for procurement calls for a series of audits to be conducted over a number of years relying on key procurement information. These audits will provide management with assurance that procurement and financial controls are in place and working as intended. The first audit engagement (to examine the accountability framework) started in the fall of 2010. IT is anticipated that the results of this audit will be reported in the summer of 2011.

The Internal Audit Division will soon conduct a supplier audit, using the Agency's right to audit the books and records of selected IT suppliers to provide assurance that they abide by the terms and conditions of their contract(s) with the CRA. Contract compliance audits can be an important tool in risk mitigation. They can offer insight into control weaknesses and potential monetary losses, as well as contribute to making sure that the Agency gets the best value for goods and services received under a contract.

Quarterly Contracting Results

The second quarter, 2010‑2011, year‑to‑date non‑e‑procurement and non‑acquisition‑card purchases (contracts, call‑ups, task authorizations, Public Works and Government Services Canada (PWGSC), orders, and amendments) totalled $196 million. This is 88.9% of the second quarter, year‑to‑date business dollar volume (96,571 transactions with a dollar value of $220,624,674). The Agency's procurement expertise and resources focus on these transactions.

By focusing the use of the CRA's procurement officer activities on high‑dollar, high‑risk transactions (contracts), while automating low‑dollar, low‑risk transactions (e‑procurement), the Agency is ensuring best value in return for amounts disbursed.

In addition, 83 strategic sourcing arrangements (a commodity‑based approach that takes advantage of volumetrics) are in place and, as of the second quarter of 2010‑2011, represent 44.5% of total non‑e‑procurement and non‑acquisition‑card‑purchase transactions (3,148 transactions for a dollar value of $196,355,798). We also use standing offers put in place by PWGSC. Transactions under those offers represent 29.7% of that same total. In contrast, the number of arrangements last year was 71. However, the percentage of total transactions has not changed as of the second quarter.

After‑the‑fact contracts as a percentage of all contracting activities are down by 0.16% (from 0.20% to 0.04%).

Sole‑source contracts awarded as a percentage of all contracts awarded increased by 5% (up from 40% to 45%). For transparency, all sole‑source contracts over $25,000 are tabled with the Agency Management Committee.

Sources of Evidence

Quarterly contracting report — Fourth quarter of fiscal year 2009‑2010
Quarterly contracting report — Second quarter of fiscal year 2010‑2011

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong	Strong
Next Steps	None indicated.	CRA undertaking a review of current governance and oversight of procurement.

Expectation (e): Information Technology (Investments) – The Board must assure itself that the Agency adequately plans and invests in its IT assets to ensure they support the achievement of its business goals.

Overview

The Agency maintains high levels of service availability for the multiple national CRA and Canada Border Services Agency (CBSA) systems, while concurrently meeting the challenges faced in safeguarding our information technology (IT) assets from accidental or deliberate security threats.

In conjunction with the Resources and Investment Management Committee (RIMC), the Agency governs and manages IT investments to maintain value and transparency as well as service delivery excellence. The RIMC is mandated to make sure that all corporate resource and investment decisions are fully integrated with strategies outlined in the corporate business plan (CBP).

A comprehensive IT performance measurement framework is being developed and incorporates previous metric‑based and IT benchmarking processes. The multi‑year IT asset management approach must balance current and future needs as well as new Agency constraints in a period of government fiscal restraint.

The Board approved the CRAIT strategy in 2010. The strategy:

underlines how IT and IT investments support program implementation and internal business operations of the Agency. The purpose of the IT strategy is to align IT with the Agency's vision and business goals and to establish the overall goals and direction for the IT program at the CRA;
makes sure that the right technology and technology solutions are deployed at the right time and at the right level of cost‑efficiency and effectiveness; and
ensures alignment with, and supports, the strategies and priorities in the CBP.

Key Questions

1. Are investment decisions congruent with the IT Strategy and integrated into the Agency's business plans?

Integration Into Corporate Planning Processes

The work effort for corporate business planning, as well as the leadership for the CRAIT strategy and plan, are co‑located within the Information Technology Branch (ITB). Both planning cycles are integrated.

As the CRA's IT strategy continues to evolve, refinements will be made over time to make sure that the strategy continues to maximize the benefits not only for the CRA but also for clients, stakeholders, employees, and Canadians.

The Agency uses IT architecture roadmaps in the planning processes to guide investment choices and help set strategic priorities, while aligning with emerging Agency and IT industry trends. The trends let the ITB focus resources on key opportunities for reuse and horizontal integration, which can then be leveraged by business and infrastructure projects.

The net results of a strong enterprise architecture include the ability to:

Expedite results through increased IT responsiveness;
Maximize on investment returns by leveraging common IT services; and
Manage solution sustainability through the continuous evolution of the Agency's architectural roadmaps.

The Agency maintains a level of funding for IT that is consistent with the growth of the Agency operating budget. IT maintains a multi‑year asset management plan.

Within operations and projects, the ITB collaborates with other program areas (for example, bilateral meetings) to make sure that IT investment decisions meet shared objectives. In 2009‑2010, 26 client bilateral meetings were held with the branches.

Sources of Evidence

CRA Information Technology Strategy and Plan 2010/11 to 2012/13
CRA's IT architectural roadmaps
Infrastructure Investment Plan (IIP)
Application Sustainability Plan (ASP)

2. What is the Agency doing to ensure that IT has skilled and competent employees necessary to support its IT operations?

ITBHR Management Regime

The ITB contributes to the development and implementation of the Agency's strategic workforce plan. In addition, IT regularly assesses and updates its workforce renewal activities to have a technology‑savvy and well‑trained workforce, which supports integrated planning and continuity of IT talent.

As of October 31, 2010, as a percentage of the total CRA workforce, the ITB accounts for 8.3% and the total IT staff across the Agency (CS only) accounts for 9% of CRA employees.

To attract and retain the highest quality recruits, and to address the current and future needs of the ITB, the ITB continues to enhance the External Recruitment Program and continues to promote the ITB as a challenging and rewarding work environment.

Retirement of key resources will see the continued loss of expertise on CRA legacy technologies that make up our core applications and data infrastructure. This may lead to increased dependence on, and costs of, outsourced resources. Succession planning and knowledge transfer will make sure that the skills and dedication of the CRAIT workforce will continue to be fundamental to the successful delivery of CRA's programs and services.

The ITB continues to maximize the value IT realizes from internal resources by effectively staffing through internal promotions, transfers, and opportunities. A focus on talent management and succession planning will ensure continued retention and recruitment of skilled employees.

The ITB continues to advance competency‑based HR management through the development, application, and enhancement of such programs as Observe and Attest and Voluntary Assessment. The ITB also makes sure that timely reviews and revisions to existing job competency profiles are done and that the development of new ones is designed as needed.

Sources of Evidence

Human Resources Program roadmaps
CRA Information Technology Strategy and Plan 2010/11 to 2012/13
Senior Technical Resource Succession Plan
Executive Succession Planning Document
career roadmaps

3. Does the Agency ensure IT investments are well‑managed to maintain value and transparency while ensuring the capacity to meet current and future business requirements?

Investment Instruments

Both the Infrastructure Investment Plan (IIP) and Applications Sustainability Plan (ASP) are instruments developed and implemented to make sure that aging infrastructure investments are well managed.

The ITB secretariat supporting the management of IT decisions is integrated across IT‑related committees in the ITB. To respond to current and future requirements, the Secretariat makes sure that a reliable information flow between corporate committees and senior management.

The continued evolution of horizontal IT governance ensures investment decisions maintain value and transparency, through the Architecture Steering Committee, Solutions Major Project Review Committee (MPRC), and Data & Technology Infrastructure Management (DTIM).

The provisioning in business units of innovative and flexible IT‑enabled systems is governed to balance local needs for automation and longer‑term sustainability with respect to Agency IT infrastructure (through the Local Applications Registry).

Examples of investment instruments maintaining value and transparency are: the Strategic Investment Plan; the (IIP; the ASP; the Local Solutions Environment; and the Portfolio Management of Application Maintenance.

Sources of Evidence

Infrastructure Investment Plan (IIP)
Application Sustainability Plan (ASP)
Strategic Investment Plan
Local Solutions Environment
Portfolio Management of Application Maintenance
Minutes from committee meetings
architecture roadmaps

4. Are client expectations met by delivering excellence in IT service delivery?

Meeting Client Expectations

Due to changes in legislation, the ITB continues to implement new requirements within required time frames and major systems availability continues to meet needs. Indicators and benchmarks continue to demonstrate that information technology is well‑managed and delivering the intended benefits to clients. Where performance necessitates further improvement, action plans have been conceived and implemented.

Incidents are managed by severity level to achieve and maintain excellence in the quality of service.

An ITB work orders audit was done in 2010‑2011. The objective of this audit was to provide assurance that an effective ITB organizational structure and key controls are in place to make sure that established goals and objectives for the ITB work order process are met. The draft final report (Commissioner Draft) will be tabled for approval by the Management Audit and Evaluation Committee (MAEC). Subsequently, the final report will be tabled with the Audit Committee of the Board for review.

Service Availability Metrics

Service availability metrics for CRA and CBSA critical applications (April to September 2010) are as follows:

CRA Web site – Target 99.0% Actual 100%
CRA My Account – Target 95% Actual 99.91%
CRAT4 NETFILE – Target 95% Actual 99.87%
CRAT1 NETFILE – Target 95% Actual 99.87%
CRA E File‑on‑Line (EOL) – Target 95% Actual 99.87%
CRA E File‑on‑Line (EOL) Plus – Target 95% Actual 95%
CBSA Accelerated Commercial Release Operations Support System (ACROSS) – Target 96.50% Actual 99.10%
CBSA Customs Commercial Systems (CCS) – Target 95% Actual 99.58%
CBSA Passenger Information systems (PAXIS) – Target 95% Actual 99.77%
CBSA Integrated Primary Inspection Line (IPIL) – Target 95% Actual 99.77%

Electronic Services

As Canadians choose to make greater and more diverse use of the Internet, the demand for online service options continues to evolve. Recognizing this changing technological landscape, the ITB has continued to enhance the Agency's online service options enabling more Canadians to conduct their tax affairs with the CRA electronically and on a self‑service basis. The Electronic Service Strategy is in alignment with the overarching Service Strategy.

In the fall of 2009, the CRA introduced a new online feature called My Payment. This service lets individuals and businesses make payments electronically through a secure link with participating Canadian financial institutions that offer Interac Online. In 2009‑2010, there were 4,597,032 successful log‑ins, which accounted for a 19.5% increase over 2008‑2009 results.

This year, the CRA continued to enhance My Business Account by increasing the capacity for taxpayers requiring assistance to connect directly with enquires agents from the My Business Account profile. In 2009‑2010, there were 794,318 successful log‑ins, which accounted for a 126% increase over 2008‑2009 results.

In 2009‑2010, the percentage of T1 individual returns filed electronically accounted for 57.9% compared with 55.8% in 2008‑2009. The percentage of T2 returns filed electronically accounted for 28.25% in 2009‑2010 compared with 21.5% in 2008‑2009.

Sources of Evidence

Third‑party benchmarks
Performance Information Quarterly Report (PIQR)
Technology Infrastructure Quarterly Report (TIQR)
CRAIT Strategy and Plan 2010/11 to 2012/13
Follow‑Up of Internal Audit Reports Report

5. How is performance tracking to the measurement framework and is the Agency using this information to improve performance?

IT Performance Measurement

A comprehensive IT performance measurement framework is being developed in conjunction with stakeholders. The Agency is reporting the performance and benchmarking information in Board updates, Agency Management Committee discussions, and IT governance processes such as bi‑lateral meetings.

Performance information is being captured by the business application portfolio. The information is populated and managed in the Solutions Applications Catalogue—a key instrument in administering IT‑enabled capabilities in program areas.

Dedicated ITFunding

The ITB is a designated custodian for a number of dedicated funding envelopes (namely the Application Sustainability Program (ASP) and the Information Technology Infrastructure Investment Plan (IIP) and is responsible for making sure that the funding in these envelopes is prioritized to address the most critical IT projects. If there are non‑discretionary funding needs that cannot be absorbed by the funding provided, the ITB has the responsibility to tell the Finance and Administration Branch (FAB), to show that a prioritization exercise has been done, and to work jointly with FAB on funding options.

Financial flexibility is maintained during project implementation by the gated project approval process, which is designed to make sure that the Agency is directing its resources to those initiatives that provide the greatest benefit to the organization. This oversight framework is managed by senior management committees that monitor investment projects and Treasury Board‑funded initiatives.

The objective of Improving Project Governance, Gating and Estimating is to put governance in place that ensures more transparent and explicit management of project risks for major IT projects. In the early stages of projects, the goal is to make sure that project work is broken down into feasible pieces that deliver incremental value to the Agency as they are delivered, and to make sure that executives in business and IT are in agreement as to the risks that are being taken and the mitigation strategy being used. At the later stages in development, the goal of improved governance is to make sure that all planning issues concerning requirements, scheduling, and cost estimating is assessed before construction begins on each element of any project, and that any outstanding risks are documented, understood, and mitigated.

To address the Board's concern, critical projects that pertain to the development of IT solutions are the subject of ranking and planning as part of the Strategic Investment Plan led by FAB. In this process, the ITB is responsible for identifying the projects that fall in their areas of responsibility for consideration by FAB and the AMC.

Benchmarking

The Agency's management regime, which includes third‑party benchmarking, makes sure that the Government of Canada's investments are well managed. The CRA's results are:

ITB has undertaken specific peer benchmarking exercises to demonstrate its strengths and its areas for improvement in applications and IT infrastructure management.
Overall benchmarking results have been favourable and continue to prove our successes and performance.
Periodic benchmarking lets the CRA improve and identify areas for increased focus and action plans.

The ITB has undertaken the following benchmarking exercises:

2002/2003 Distributed Computing Environment Benchmark
2008 Application Maintenance Benchmark
2008 Re‑evaluation of mainframe replacement and Update Plans
2009 Distributed Computing Environment Benchmark
2010 DTIM Infrastructure Services Benchmark

In relation to third‑party benchmarking, the CRA contracted Grant Westcott to perform a review of its Technology Infrastructure Services. The intent of the review was for Grant to use his extensive IT background to compare the CRA's practices to those of the banks. As an outcome of the review, Grant identified that in general CRA is well positioned with respect to IT best practices. He also suggested recommendations for improvements that the CRA could make, which have been implemented in the Canadian banking sector. In almost all cases these initiatives resulted in real net cost savings and increased security/control and systems stability, while allowing for increased organizational flexibility.

As a result of its benchmarking and audit activities, the ITB has developed 13 action plans to help improve performance.

Using industry best practice and periodic benchmarking as a guide, the CRA has developed potential measures and indicators that over time will measure efficiency, effectiveness, innovation, transparency, and risk for the IT program at the CRA.

As the IT performance measurement framework matures, these measurements and areas of focus will evolve and will be reviewed each year to ensure continued alignment to the business direction of the Agency.

Sources of Evidence

IT performance measurement presentation
Performance Project Charter
Various presentations
Infrastructure Investment Plan
Application Sustainability Plan
Performance Information Quarterly Report (PIQR)
Technology Infrastructure Quarterly Report (TIQR)
CRAIT Strategy and Plan 2010/11 to 2012/13
Solutions Applications Catalogue
Monthly project dashboards
Grant Westcott infrastructure review

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong	Strong
Next Steps	The Board is concerned, given the current fiscal climate, about the Agency's ability to secure incremental funding for critical IT projects. Addressed.

Expectation (f): Information Technology (Security) – The Board must assure itself that the Agency adequately manages and safeguards its IT assets to ensure they support the achievement of its business goals.

Overview

Business continuity plans (BCPs) have been used for the continuity of service during significant events below the disaster level. Site BCPs and pandemic BCPs are completed and maintained for critical services for all areas in the Information Technology Branch (ITB). Baseline threat and risk assessments (TRAs) are completed for the mainframe, intranet backbone, Security Perimeter‑ Public Access Zone/DMZ & Firewall, Corporate Administrative System (CAS), and the Distributed Computing Environment.

Key Questions

1. Are IT disaster and business continuity plans in place and up to date, and have they been tested?

Disaster Plans andBCPs

BCP exercises are conducted at least once a year to so that management is well prepared to identify new gaps and improve BCP plans. The most recent Workforce Outage BCP exercise held at the Branch Executive Committee and with various ITB directorate management teams identified the need to increase the coverage of critical services. As a result, BCPs have been updated accordingly. In addition, IT was noted that strategies such as teleworking may be put in place if the seasonal influenza virus becomes a threat.

The Security Directorate of the Finance and Administration Branch (FAB) and the ITB work co‑operatively to ensure compliance with the Treasury Board of Canada Secretariat's (TBS) security standard, Management of IT Security (MITS), in completing TRAs, BCPs, and disaster recovery plans (DRPs). The Agency is continuously improving the security posture of the CRA's technology infrastructure to ensure the continued integrity of data assets and electronic processing. Plans are in place for managing the maintenance, development, and/or replacement applications and infrastructure.

During the earthquake of 2010, site BCPs for critical services for all areas in the ITB and DRPs for the CRA's data centres were executed with success. No gaps or issues were identified.

Follow‑Up on Internal Audit

The IT Continuity Planning Follow‑Up Internal Audit Report concluded that, overall, the ITB has made significant progress in response to the 2004 recommendations to make sure that IT service availability remains as stable as possible even during a major disaster or outage.

The audit identified some areas for improvement that are being addressed including:

continuing to make sure that disaster recovery exercise results are reported to senior Agency management;
enhancing identification of DRP requirements;
developing a common and complete list of TRAs;
maintaining (DRPs for the CRA's data centres and making sure that exercises are done at least once per year; and
developing and testing the risk mitigation strategy to enable mainframe services to failover from DCH to DCSL.

Sources of Evidence

Corporate risk inventory
Disaster recovery plans
Business continuity plans
BEC, BCP exercise documentation
MITS Platform TRAs's
Disaster recovery exercise results are now being published in the PIQR as of the second quarter of 2010‑11

2. Are appropriate security provisions in place to mitigate intrusions and inappropriate access?

CRA IT Security Strategy

The CRAIT Security Strategy is in place so that CRA data and information assets, including IT infrastructure, continue to be protected from all current and future threats, both internal and external, to maintain their integrity, thereby assuring Canadians' confidence in the CRA. Among other things, this strategy will be used to validate and prioritize proposed IT security initiatives on an ongoing basis.

The strategy provides a multi‑year roadmap for the delivery of the IT parts of the Agency's Security Program. The intent of the strategy is to “stay ahead of the curve” and be innovative and proactive to impending changes in the business environment.

The CRA remains engaged in a pathfinder initiative with the Government of Canada's Cyber Authentication Strategy. The CRA is an active participant in all phases of the ongoing work around the various requests for proposal (RFPs) and feasibility estimates, and IT remains engaged within the governance structure.

The CRA's Credential Management Service provides the opportunity to accelerate development of new secure online services in a more cost‑effective manner.

Service Tracking

The ITB tracks events that are not part of the standard operation of a service and that cause, or may cause, an interruption to, or a reduction in, the quality of service. Incidents are categorized as critical, full‑service outage; high, partial‑service outage; medium, outage‑degraded service or partners environment issue; and low, isolated / cosmetic issue.

The incident management goal is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service and availability are maintained. Incidents by priority level for 2009 –2010, are as follows:

Critical – 132
High – 162
Medium – 1,995
Low – 71,083
Total opened — 80,077
Total closed — 59,973

The total number of opened incidents for fiscal 2009–2010 is in line with incidents recorded in previous years. For example, over the last three years annual ticket creation has ranged from 76,404 in 2007–2008 to 79,587 in 2008‑2009.

Sources of Evidence

Secure Channel — Executive Summary
CRAIT Security Strategy 2010–2013
RIMC reports

3. Does the Agency have in place feasible plans for managing the maintenance/development and sustainability of applications and infrastructure?

Management of Applications and Infrastructure

The Agency assures itself of a sustainable capacity of expertise in both applications and infrastructure and regularly seeks third‑party benchmarking as evidence that execution is efficient and effective.

The ITB oversees the continuity of capacity for both maintenance and development, and optimizes the plans to ensure sustainability.

The CRA contributes its best IT practices to Government of Canada (GoC) technology sustainability initiatives.

The Application Sustainability Program (ASP) was started to mitigate the risks associated with older applications and facilities on an ongoing basis. The program includes: a set of assessment processes applied annually to all applications, a multi‑year plan to fund the redesign of priority applications, and a governance framework for the management of this risk.

The ASP Assessment process triages all enterprise applications annually, on the basis of high, medium, and low sustainability risk, and recommends corrective actions.

The largest sustainability issue within the high‑risk group is currently the use of the Integrated Date Management System (IDMS). The Agency's plan is to convert the applications that are technology (DB2)‑consistent with the direction taken by most of the IT industry.

Planning

The Agency's ASP Team is continuing to work with TBS and federal departments to share processes and lessons learned to create a GoC sustainability framework.

A multi‑year asset management plan has been created to highlight the investments the CRA will need to make over the course of the next 10 years. The goal is to preserve the CRA's current IT investment, and to make sure that the CRA has the technical infrastructure required to continue to meet its business objectives in the future.

Data Centre Move

To safeguard data services, the CRA has partnered with Public Works and Government Services Canada and the Bank of Canada on the execution of the Data Centre Co‑Location (DCCL) Initiative. This tri‑lateral arrangement has resulted in the award of a CRA services contract with Bell Canada. Bell will build a new facility in Gatineau, Quebec, that will support CRA and CBSA long‑term availability, business continuity, security, and growth requirements. The contract is for 15 years with two 5‑year options. The new site will house both public and private sector clients.

According to the contract terms, Bell Canada is to have the new facility available for use by January 2013. The CRA move from DCH to the new facility is scheduled between July 1, 2013, and December 31, 2013.

The three government partner organizations have signed a memorandum of understanding that describes the terms, principles, and governance within which the three organizations will work together to make sure that the site and the provisioning of services meet our shared expectations.

IBM's Geographically Dispersed Parallel SYSPLEX (GDPS) product was implemented in the summer of 2010. The GDPS product is a state‑of‑the art business continuity solution that is being implemented to mitigate the risk of further service outages related to DCH.

Government IT Audit

In the spring of 2010, the Office of the Auditor General (OAG) conducted an audit on aging information technology systems. The OAG looked at five major organizations, including the CRA. The Agency fared very well in the audit showing that its Application Sustainability Program was effectively addressing the risk of aging systems across the organization. No recommendations were made for the CRA.

Sources of Evidence

Human Resources Program roadmaps
CRAIT Strategy and Plan 2010/11 to 2012/13
Unix Environment Benchmark and Assessment
Host Environment Benchmark and Assessment
Application Sustainability Program (ASP) — September 2010
Solutions Applications Catalogue
DCCL Procurement Process and Timeliness
Annual reports of progress to the (RIMC)
ASP Governance Framework
ASP Risk Assessment Framework
Annual application and risk assessment surveys
Individual Project Life Cycle: Gating Process
IT Infrastructure Investment Plan (IT‑(IIP)
Asset Management Plan
Data centre test results

Board's Assessment and Related Comments


	2009‑2010	2010‑2011
Board's Assessment and Related Comments	Strong	Strong
Next Steps	None indicated.	Communications Security Establishment Canada ( CSEC) will be invited to test and assess the Agency's security systems.

Page details

Date modified:: 2016-02-25