Annual Report to Parliament 2014-2015
Internal Services
40,000
The CRA employs a worforce of over 40,000
Human Resources
The CRA maintains a highly skilled and experienced workforce of more than 40,000 people in communities from coast to coast. Through our official languages and diversity action plans, we have succeeded in making sure our people are representative of the diversity of Canadians they serve.
The Agency was recognized in Canada's Top 100 Employers project as one of the National Capital Region's Top Employers and one of Canada's Top Employers for Young People for 2014. The health of our organization was also highlighted in the positive results the CRA gave in the Public Service Employee Survey, which almost 83% of CRA employees completed.
Recruiting and professional development
The Agency is implementing strategies to maintain its high-performing workforce in order to meet current and future needs. For example, we created the Auditor Development Program, a three-year apprenticeship combining formal training with practical, on-the-job experience, which is gained through developmental work assignments. We also supported the Canada School of the Public Service in its new business model by providing our expertise and content derived from our Leadership Plus management training program.
Employment equity and diversity
Recognizing the diversity of its employee population contributes to our strength and integrity, the CRA is committed to achieving employment equity and to building and maintaining a strong and vibrant workforce representative of the Canadian population. Our representation levels for the four designated employment equity groups continued to surpass labour market availability (LMA1) in 2014.
| Designated Groups | CRA | LMA |
|---|---|---|
| Aboriginal peoples | 3.3% | 3.0% |
| Persons with disabilities | 7.2% | 4.6% |
| Visible minorities | 21.8% | 19.5% |
| Women | 61.0% | 59.0% |
Information Technology
The CRA's tax administration is supported by a sophisticated suite of information technology (IT) systems and applications, whose development and maintenance is guided by our IT Strategy. We contributed significantly to developing the Treasury Board Secretariat's 2014-2017 Government of Canada IT Plan, and collaborated with Shared Services Canada (SSC) to provide IT infrastructure services for both the CRA and the Canada Border Services Agency.
The Agency is collaborating with SSC on a wide range of initiatives such as email transformation, data centre consolidation, telecommunication services, including cost effective telephone services (Cut the Cord), cyber and IT security, workplace technology devices, and hosted contact centre services. We are also working with SSC to prepare an integrated staffing system to support the Agency's recruitment process, and on the renewal of our business intelligence infrastructure, tools, and processes to meet emerging needs.
A significant focus of our annual IT work involves working with SSC on preparing and testing the systems and infrastructure Canadians use during the tax filing season, based on the anticipated volumes of transactions.
In 2014-2015 we implemented a wide range of new digital services discussed in detail in the chapter, Assessment of returns and payment processing. Enhancing the CRA's suite of secure, digital services used by millions of taxpayers and benefit recipients contributes to broader Agency goals such as easing the compliance burden and making it easier for Canadians to receive their social benefits on time.
IT Security
The CRA's IT work is guided by our IT Security Strategy, under which we meet or exceed the security standards set by the Government of Canada. We also maintain a strong security position to protect taxpayer data from inappropriate access. The integrity and security of the information entrusted to us is supported by IT initiatives including our Data Loss Prevention project, our Identity and Access Management project, and our National Audit Trail System Modernization project. These projects complement measures in place to provide a secure digital environment so Canadians can find information and complete transactions with us, knowing appropriate safeguards are protecting confidential taxpayer information.
For example, the CRA uses specially configured Web servers for any business we do with taxpayers. We also securely store personal information on separate computer systems which are not directly accessible from the Internet. When transmitting personal information, we only allow access to our Web servers from Web browsers able to meet high security standards of encryption. This makes sure no one but the intended recipient can read transferred data. More information on how the CRA makes sure taxpayer information is secure is available at www.arc.gc.ca/securityx.
Integrity and security
Canadians trust the CRA to exercise the highest levels of integrity and security and to protect their personal information. We consider integrity and security in all activities, planning, and decision-making at the CRA. Our administration of Canada's tax and benefit system is based on integrity and security and every CRA employee has a duty to protect the privacy and confidentiality of Canadians' personal information. The CRA's computer systems are also designed to protect personal information. We have mechanisms in place to prevent, detect and mitigate any unauthorized access to our systems.
In an environment of rapidly evolving threats, we remain vigilant and continually try to improve our processes and systems to provide strong safeguards. Over the past year, several initiatives supported the Agency's integrity and security agenda:
- We included integrity measures in all executive performance agreements and completed advanced security screening for all executive positions. We also launched the Manager's toolbox on values, ethics, and integrity to support ongoing discussions and engagement with employees on questions of integrity and security.
- The CRA's employees are expected to act with integrity in everything they do. A new reporting mechanism was put in place to allow employees to challenge and report any wrongdoing they may observe in the course of their work. The CRA investigates when concerns are raised, to determine whether allegations of wrongdoing are founded.
- Mechanisms are in place to monitor employee accesses to taxpayer information and we continued to advance the modernization project to enhance our ability to make sure taxpayer information is accessed and used only for its intended purposes.
- We continued to evolve the Identity and Access Management program, which will improve internal controls over system access, compliance, and enforcement of Agency security policies and standards.
- We implemented procedures to help protect portable storage devices containing Agency information from unauthorized disclosure or infection from malicious software.
- With the Canada Border Services Agency and SSC, we established a working group to standardize rules and processes for managing system access involving CRA data stored on SSC infrastructure.
- We provided a mandatory online security course for all employees. We also produced security "KnowHow" videos and published quarterly security bulletins and newsletters, which were made available to all employees on the CRA intranet. We conducted security awareness activities to emphasize to employees their responsibilities concerning cybersecurity and the protection of information.
- We automated the Personnel Security Screening renewal process. This automation will increase the compliance levels and make sure all CRA employees have valid and appropriate screening levels.
Access to information and privacy
Canadian taxpayers have the right to privacy and can expect us to protect and manage the confidentiality of their personal and financial information in accordance with the laws we administer, such as the Income Tax Act, the Excise Tax Act, the Excise Act, 2001, and the Privacy Act. Only employees who need taxpayer information to administer programs and legislation are given access to it. Taxpayers who feel their right to privacy and confidentiality has not been respected can file a complaint through the CRA's Service Complaint process (www.cra.gc.ca/complaintsxi). Further recourse is available through the Privacy Commissioner of Canada.
The CRA's Chief Privacy Officer oversees privacy management and makes sure accountabilities, responsibilities, and activities related to privacy are reinforced and communicated across the CRA. All employees in all parts of the organization share the responsibility for managing privacy. Key goals and accountability for achieving them are assigned to specific areas within the CRA under the oversight of the Chief Privacy Officer. The goals and initiatives are linked to requirements of the Treasury Board Secretariat. The Chief Privacy Officer briefs senior management at least twice a year on the state of privacy management at the CRA.
The CRA historically ranks in the top three government departments for the number of access to information requests it receives and pages it processes. We received 5,539 requests and processed 1,942,868 pages in 2014-2015.
In its 2013 audit of the CRA's privacy management framework, the Office of the Privacy Commissioner recommended the CRA complete and approve privacy impact assessments before implementing any new program or initiative involving potential privacy risks to taxpayer information. In response, the CRA created a risk-based privacy impact assessment plan to align with its program alignment architecture. The plan, which is renewed and updated as necessary, now includes 40 assessments.
The CRA has developed a plan to enhance controls within the CRA's Access to Information and Privacy (ATIP) operations. Enhancements focus on three broad areas: operational processes, communications and training, and accountabilities. Many of these activities have already been implemented, including role-specific training and mandatory security training for ATIP employees, strengthened quality assurance, and additional protocols for processing a request. The CRA also initiated a third-party independent review of its access to information and privacy management frameworks which took place in the last quarter of 2014-2015. The findings were positive, and observations included: ATIP policies and procedures are up to date, well-communicated, and implemented; password policies are in place; the ATIP redaction system has a strong audit function; and there is a strong culture of communications, support, and coaching. Recommendations from the review build on these existing strengths and will be implemented over the next 12 to 24 months.
| Program | 2014-15 Main Estimates |
2014-15 Total Authorities |
2014-15 Planned1 |
2014-15 Actual2 |
2014-15 Difference (Planned minus Actual) |
|---|---|---|---|---|---|
| Internal Services | 831,697,636 | 1,062,875,800 | 807,287,820 | 940,711,586 | (133,423,766)3 |
| Program | 2014-15 Planned1 |
2014-15 Actual2 |
2014-15 Difference (Planned minus Actual) |
|---|---|---|---|
| Internal Services | 7,700 | 7,765 | (65) |
Table Notes
1. Planned spending excludes severance payments, parental benefits, vacation credits, the one-time transition payment for implementing the pay-in-arrears model, and the carry-forward of unused funds from 2013-2014 under the CRA's two-year spending authority. This funding is received during the fiscal year and is included only in actual spending.
2. Modified cash basis, based on Parliamentary appropriations used. See Parliamentary appropriations for an explanation of how actual spending relates to results in the CRA Financial Statements – Agency Activities.
3. Increase primarily due to spending on major investment projects, workload transfers from other programs for information technology work, and initiatives announced as part of the 2014 federal budget.
Footnote
1. The LMA for the Aboriginal peoples, visible minorities, and women is from the 2011 National Household Survey. The LMA for the persons with disabilities is from the 2012 Canadian Survey on Disability.
Page details
- Date modified: