Management of Resources

• Previous page
• Next page

Expectation a): Financial Management – The Board must assure itself that the Agency has and follows the appropriate control framework for the management of its financial resources.

Assessment Criteria

• Sound management of financial authorities provided by Parliament is demonstrated
• Processes and controls are in place to report on administered activities accurately, completely, and in a timely manner

Information Considered by the Board

The Agency's control framework consists of oversight functions provided by three main bodies: the Treasury Board Secretariat (TBS), the Board of Management, and the Office of the Auditor General (OAG). Each year, the Agency prepares audited financial statements that are included in the Annual Report to Parliament.

The Board of Management receives a resource management dashboard every quarter. The dashboard is intended to facilitate the effective management of resources by providing detailed information on the Agency's utilization of financial resources.

The Statement of Income and Capital Taxes Payable to the Provinces and Territories (the TCA Statement) is the joint responsibility of the CRA and the Department of Finance and is audited by the OAG. The OAG has completed its audit of the TCA Statement for 2010 and the Auditor General issued an unmodified (clean) opinion on September 5, 2012.

In addition to the OAG Financial and TCA statement audits, and in accordance with the Treasury Board Policy on Internal Control, the CRA has an ongoing program to conduct Internal Control over Financial Reporting assessments for TCA related programs which are audited by the OAG. OAG audit results and CRA action plans are reported to provincial and territorial governments. This provides independent audit-level assurance that the controls at the CRA that support the administration and reporting of provincial and territorial income tax revenue are properly designed to mitigate key risks and operate effectively.

Board’s Assessment

The Board observed that the Agency's high standard of financial management has been maintained and demonstrated in its management and monitoring of CRA's financial situation.

Expectation (b): Project Management – The Board must assure itself that investment decisions are reflective of corporate priorities, that approved projects are appropriately managed, and that future funding pressures are identified.

Assessment Criteria

• Project-related investment decisions are aligned with corporate priorities and assured of secure funding
• Effective management of scope, cost, and timelines of approved projects

Information Considered by the Board

This year the Strategic Investment Plan (SIP) adapted the project complexity and risk assessment tool (PCRA) to allow the Agency to assess projects based on seven complexity factors, the status of the project in the project management lifecycle, and the estimated cost of the project.

A review of the portfolio of existing projects confirmed they supported the Agency's current priorities and strategic direction.

The CRA changed the approval process for Resource Investment Management Committee (RIMC)-monitored projects by using a risk-based approach in its project management gating process. The changes optimize the RIMC approval process, while allowing RIMC and AMC to continue to meet their mandates with respect to RIMC-monitored projects.

The Agency has adopted the systematic use of Independent Third Party Reviews (ITPR), which is in line with the Treasury Board Secretariat policy and practices, as a source of validation and control to assist in project oversight. All projects requiring Board of Management oversight and projects affecting multiple functional areas within the CRA now require at least one ITPR during the life of the project. Any project with prolonged performance issues will also be subject to an ITPR to determine overall project condition and to ensure risks/issues are being adequately mitigated.

Board’s Assessment

The Board feels that the Agency has made good progress in this area. The use of ITPR has been an important improvement and its ongoing application will be essential to a continued strong rating.

Expectation (e): Information Technology (Investments) – The Board must assure itself that the Agency adequately plans and invests in its IT assets to ensure they support the achievement of its business goals.

Assessment Criteria

• Investment decisions are congruent with IT Strategy
• Integration of IT investment in Agency's business plans
• Agency ensures it has skilled and competent employees necessary to support its IT operations
• IT Investments are well-managed to maintain value, transparency and capacity to meet current and future business requirements is ensured
• IT service delivery met client expectations
• Performance information is tracked and used to improve performance
• SSC-CRA IT governance framework ensures that IT interests are supported in the achievement of CRA business goals

Information Considered by the Board

The Agency develops its IT Strategy and Plan concurrently with the corporate business plan (CBP) to ensure alignment of information technology investment and business priorities.

The Agency's three-year IT strategic workforce plan, IT Apprenticeship Program (ITAP), and Recruit External Candidates (REX) program help to ensure that the CRA has skilled, competent employees to support IT operations.

The CRA's Information Technology Asset Investment Plan (IT-AIP) ensures that IT investments are well-managed to maintain value and transparency and meet current and future business requirements. The Agency's Resource Investment Management Committee (RIMC) and the Customs Border Services Agency's Information, Science and Technology Branch approve the plan. The Agency's 2012-2013 IT-AIP is monitored through the SSC-CRA Governance Framework.

Defined service level objectives for the multiple national CRA and CBSA key applications are monitored to ensure the stability of the IT infrastructure and to meet client expectations. In 2012-2013, as in previous years, service availability of the CRA's critical applications exceeded service level objectives, even while business volumes increased.

The Agency engaged Gartner Inc. in developing an IT Performance Framework that supports the Agency Performance Indicator initiative. Other internal reporting mechanisms include the Performance Indicators Quarterly Report (PIQR), Technology Infrastructure Quarterly Report (TIQR), and the Project Dashboard. The reports will be evolving in 2013-2014 to reflect the CRA-SSC relationship.

The Agency is defining executive-level key performance indicators (KPI) that can be used to measure the value that IT brings to the achievement of CRA business objectives, to assess CRA's current state relative to its peers, to identify and document key industry trends and best practices, and to develop a standardized reporting framework (dashboard) for communicating IT KPI performance over time. The SSC/CRA Governance Framework will provide a foundation for managing the CRA infrastructure and enhancing the SSC/CRA relationship.

Board’s Assessment

The Board observed that improvements continue to be made to the Information Technology Performance Measurement Framework.

Expectation (f): Information Technology (Security) – The Board must assure itself that the Agency adequately manages and safeguards its IT assets to ensure they support the achievement of its business goals.

Assessment Criteria

• IT disaster and business continuity plans are in place, updated and tested
• Security provisions are in place to protect the Agency and Shared Services Canada (SSC)
• Governance Framework clearly defines roles and responsibilities for IT security between CRA and SSC
• Plans in place for managing the maintenance/development and sustainability of IT applications and infrastructure

Information Considered by the Board

To ensure that the Agency adequately manages and safeguards its IT assets, ITB has in place the Business Continuity (BC) program, the Disaster Recovery (DR) Planning Program and the Risk Management (RM) Program to deliver effective disaster recovery and business continuity plans. Annual BC and DR exercises are conducted to improve planning and to identify gaps and potential issues without affecting production systems. In addition, the Finance and Administration Branch's Security Directorate works in collaboration with ITB to ensure compliance with Treasury Board of Canada Secretariat's (TBS) security standard in completing the Business Continutity Plans, RMs and DR plans.

With the creation of Shared Services Canada (SSC), the Agency continues to publish its security roadmap and uses SSC IT Architecture roadmaps to plan and guide investment choices and to help set strategic priorities for security provisions. The Agency worked in collaboration with SSC and expanded the overall CRA-SSC Governance Framework which ensures that the governance, oversight, service and performance expectations of CRA and SSC properly reflect Agency requirements for physical personnel and information security.

The SSC-CRA Relationship Assessment Framework was also established to measure the performance of its infrastructure service provider. This framework is used to evaluate SSC-CRA program service delivery, the protection of CRA information, and long term sustainability and the alignment of CRA business strategies.

Board’s Assessment

Overall, the Board observed that the Agency continues to have strong processes and protocols in place to manage IT security. While the transition to SSC and the development of a governance framework have progressed well, sustained attention to the CRA-SSC relationship is required in order to mitigate any potential security risks to the CRA.

Expectation (h): Information Management (Unstructured) – The Board must assure itself that the Agency has measures in place to appropriately manage its unstructured information.

Assessment Criteria

• Direction and tools are provided to employees to manage unstructured information
• Management of unstructured information meets legislative requirements and supports decision-making
• Mechanisms are in place for governance and risk management of unstructured information

Information Considered by the Board

The CRA Information Management Strategy 2013-2014 to 2015-2016 was developed to continue to build on the base established by the first strategy, and received the Board of Management's approval in March 2013. The CRA has an established suite of Information Management (IM) policies, as well as a full complement of awareness products and other guidance material on the most common aspects of managing unstructured information. The Agency continues to address gaps and to refresh IM products.

To meet legislative and policy requirements for record keeping, the Agency has existing Records Disposition Authorities (RDA) in place with Library and Archives Canada. The RDAs delegate the authority to the CRA to dispose of information, and explain the retention requirements for information holdings. In 2012-2013, the Agency decided on a Managed Service approach for the storage of its significant volumes of paper records. The current IM Strategy includes initiatives and activities that lay the foundation for establishing similar practices for managing electronic documents.

During 2012-2013, the Agency continued its work towards electronic document management solutions for both taxpayer information and internal documents.

Oversight of the Agency's IM program, priorities and plans is provided through an IM governance structure which includes two senior level committees. The committees include representation from branches with responsibilities for delivering aspects of the IM program, as well as select program and corporate branches and regions. Across-Agency participation ensures that all areas have an opportunity to influence IM plans and activities.

IM governance is also supported through linkages to the Agency's corporate committees and the Board of Management. The Agency Management Committee and the Board provide oversight on major IM program deliverables.

Board’s Assessment

The Board observed that it will be many years before the Agency reaches its objective in managing unstructured information. This is an issue across government and not unique to the Agency, as all departments face similar challenges. The Agency should continue to align with government-wide direction regarding the management of unstructured information.

• Previous page
• Next page