Horizontal Internal Audit of Information Management in large and small departments

Why this is important

“In the ever-accelerating information landscape, the responsibility for creating and preserving records has become a real challenge.”^{Footnote 2} Recent studies report that 4.4 billion terabytes of digital data were created over the last year, and 90 per cent of the world’s data was created in the last two years.^{Footnote 3} Information is an essential component of effective management across organizations and becomes a valuable asset when managed appropriately.^{Footnote 4} As a result, IM has evolved from traditional recordkeeping activities to include strategies (for example, business integration) that recognize information as a strategic asset and enhance support to operations with, for example, data-driven decision making, increased transparency and facilitated collaboration. IM can be defined as a discipline that directs and supports effective and efficient management of information in an organization, from planning and systems development to disposal or long-term preservation.^{Footnote 5} The focus of IM is the ability of organizations to capture, manage, preserve, store and deliver the right information to the right people at the right time.^{Footnote 6}

The amount of information across government is significant, and it is critical that departments and agencies manage it efficiently and effectively in order to leverage its true value in support of program and service delivery, while respecting security and privacy requirements. The availability of high-quality, authoritative information to decision makers also fosters informed decision making and facilitates accountability, transparency and collaboration. Application of sound IM practices further preserves and ensures access to information and records for the benefit of present and future generations.^{Footnote 7}

The Government of Canada (GC) vision for IM aims for information to be safeguarded as a public trust and managed as a strategic asset to maximize its value in the service of Canadians.^{Footnote 8} Integrating IM considerations into all aspects of government business enables information to be used and recognized as a valuable asset.^{Footnote 9} For example, as the GC increasingly uses information technologies, integrating IM requirements with technology planning ensures that digital information is accessible, shareable and useable over time and through technological change.^{Footnote 10}

Government priorities reflect a commitment to openness and transparency^{Footnote 11} and a strong focus on results. Open data initiatives are being accelerated and expanded in order to make government data available digitally, enabling Canadians to easily access and use it. Tracking and reporting on the progress of commitments, supported by performance measurement, ensures that clear accountability has been established and enables reporting on the results that government has achieved for Canadians. Given the definition, focus and objectives of IM described above, sound practices across government are the foundation to fulfilling these commitments and priorities to Canadians. The existence of governance and monitoring frameworks over IM, government-wide and within departments, is key to ensuring that the benefits of sound IM practices are realized across government.

Key findings

The Treasury Board of Canada Secretariat (the Secretariat) communicated the strategic direction for IM through the GC IM Strategy and the IM policy suite. Although the GC IM Strategy and IM policy instruments were outdated, efforts are underway to update them to reflect the current environment and associated risks. Most departments had developed operational-level plans, and all departments had adopted IM policies, which aligned with the Secretariat’s strategic direction for the GC. However, some departmental plans were missing key elements of the Secretariat’s IM planning guidance that establish a foundation for accountability, monitoring and reporting. In addition, policies and supporting instruments in most departments were not updated as required.

Monitoring and reporting frameworks, including comprehensive performance measurement, set the foundation for organizations to assess achievement of IM objectives and overall compliance with policies. Current monitoring and reporting activities by the Secretariat and most departments provided a limited assessment of IM achievements and compliance, focusing primarily on implementation of specific initiatives and compliance with the Directive on Recordkeeping. While this is important, comprehensive performance measures have not been developed by the Secretariat or most departments to assess what impact government-wide and departmental efforts are having on achievement of established IM objectives and overall policy compliance. Monitoring and reporting based on comprehensive performance information is necessary to identify areas where government-wide and departmental efforts need to be adjusted, and to develop, prioritize and allocate resources to action plans for achieving IM objectives and overall compliance with policies.

The Secretariat has established IM committees to support governance government-wide; departments have also established committees to support IM. However, if more comprehensive performance information were to become available, it could be presented to committees and enhance their ability to govern IM activities that support achievement of IM objectives. There are also opportunities to improve the management of committee operations both government-wide and within departments to ensure that roles, responsibilities and accountabilities are defined, up to date and fulfilled. Committee operations (for example, senior management engagement, frequency and focus of IM discussions, sound due diligence) can set the tone for a culture that highlights the importance of IM.

In order for government programs and services to provide convenient access to relevant, reliable, comprehensive and timely information,^{Footnote 12} information needs to be recognized and managed as a valuable and strategic asset that supports outcomes, operational needs and accountabilities. In order for this to occur, it requires commitment and engagement by all employees across government and support from IM functional specialists. The Secretariat has conducted various activities to engage with the IM community, and most departments have undertaken activities to promote IM. However, the Secretariat and departments indicated that it is still a challenge for IM to receive priority among competing priorities for other programs. As such, there are opportunities to develop and implement strategies to promote and engage more broadly government-wide on IM, increase the level of adoption of IM responsibilities, and integrate IM more fully into government policies, programs, services and initiatives.

Departments also noted challenges in recognizing IM as a profession, impacting their ability to recruit competent, skilled and trained IM functional specialists. However, few departments noted that they had undertaken human resource planning activities to identify and determine how to meet departmental needs. In addition, initiatives to support the people and capacity goals included in the 2008 GC IM Strategy, including IM competency profiles and a professional certification program, were never finalized or fully implemented. Additional efforts to identify, support and promote the IM functional specialist as a profession could enable departments to plan human resource activities (for example, recruitment, training) to meet their current and long-term needs, and to support achievement of IM objectives going forward.

The departmental findings were similar between large and small departments.

Conclusion

Overall, IM governance frameworks were in place government-wide and within departments; however, there are opportunities to further strengthen some elements. In addition, monitoring frameworks need to be improved to assess and adjust strategies and plans to ensure that the benefits of sound IM practices are realized.

The Secretariat and departments had established key elements of an IM governance framework. The strategic direction was established and communicated through the GC IM Strategy and supported by departmental operational plans. Direction was further translated into specific requirements and responsibilities in policy instruments at the government and department levels. Committees were established government-wide and within departments to discuss IM issues, and activities were undertaken to engage and promote the IM community. However, some opportunities were identified to update the GC IM Strategy and policy instruments, strengthen committee operations and ensure that committees are provided with the information required to fulfill their role in governance. The audit noted that some work in these areas was already initiated. There were also opportunities identified to further promote the IM functional specialist and engage the broader government community in IM responsibilities and activities. Collectively, these improvements could renew the commitment and priority for IM across government and support achievement of government priorities going forward.

While some monitoring activities were in place, the audit found that the monitoring frameworks for IM need to be strengthened. Measures to assess policy compliance largely focused on the Directive on Recordkeeping rather than the overall Policy on Information Management, and were reported through Management Accountability Framework assessments. In addition, there was a lack of comprehensive performance measures to establish expectations for, or assess progress toward, achievement of established IM objectives in the GC IM Strategy or in departmental operational plans. Monitoring activities and action plans, where developed, focused on implementation of specific IM initiatives rather than providing a comprehensive assessment of their impact toward IM achievements. Without monitoring comprehensive performance information, it is difficult to assess compliance with the suite of Treasury Board policy requirements, the impact that government-wide efforts have on the effectiveness of IM practices, whether the anticipated benefits are being realized and where or how strategies and plans should be adjusted to achieve established IM objectives.

Audit objective and scope

The objective of this audit was to determine whether governance frameworks and monitoring frameworks over IM are in place^{Footnote 29} government-wide and within departments.

The scope of this audit included the IM governance and monitoring frameworks in place as at March 31, 2015. Key elements of these frameworks were expected to align with Treasury Board policy instruments, including definitions of roles and responsibilities, accountability structures, policies, plans, tools, systems, human resources planning, and monitoring and reporting. However, the audit also acknowledged initiatives and improvements that were in progress or implemented after this date, where applicable.

The scope of the audit also provided an opportunity to assess the progress on elements of IM governance that were highlighted as opportunities for improvements in the audit findings of the 2011 OCG Horizontal Internal Audit of Electronic Recordkeeping in Large Departments and Agencies and the Horizontal Internal Audit of Electronic Recordkeeping in Small Departments and Agencies. The OCG Horizontal Internal Audit of Information Technology (IT) Security, which examines the governance frameworks over IT security in place in departments and government-wide, was recently completed in 2016. Any overlapping risk elements with respect to IM governance frameworks were therefore removed from the scope of this audit.

Appendix C provides a list of the departments and lead agencies examined in the audit; Appendix D provides a list of the lines of enquiry and the related audit criteria used to achieve the audit objective.

Finding 1: strategic direction for IM

Strategic direction establishes the course of action that leads to the achievement of objectives. It can take many forms, including strategies, plans and policy instruments. The Secretariat is responsible for leading the government-wide pursuit of excellence in the management of information for Canada,^{Footnote 31} including the strategic direction. The Secretariat is also responsible for developing and promoting, in consultation with federal government departments, a program and framework for the management of information, along with policy instruments and best practices that achieve the goals and expected results of the Policy on Information Management.^{Footnote 32}

The audit determined whether a government-wide IM strategy, including objectives and priorities, was developed and implemented to support GC IM requirements and change initiatives. It also examined departmental plans to achieve government-wide and departmental IM objectives. Developing a strategy and associated plans facilitates agreement on key issues and what it will take to address them, builds cooperation and commitment to implement identified strategies and priorities, and establishes the desired outcomes as a basis to oversee its implementation.

The audit also determined whether policy instruments were developed and communicated to support IM government-wide. Establishing policies defines the responsibilities and requirements for departments, agencies and employees deemed necessary to achieve established objectives.

The 2008 GC IM Strategy included objectives and priorities to achieve the IM vision; however, it has not been renewed since it was launched.

The Secretariat launched the GC IM Strategy in June 2008. The strategy “establishes key enterprise IM objectives, defines specific priorities, and engages resources from across the IM community to work collaboratively on strategic initiatives that address the identified IM problems and root causes, and contribute to the achievement of the GC IM Vision.”^{Footnote 33}

The GC IM Strategy has not been renewed since it was launched; instead, it was extended in light of unforeseen changes in the strategic landscape (for example, the Deficit Reduction Action Plan). The Committee on Information Management in Business served as the primary governance body for IM government-wide, and subcommittees were established to drive implementation of each IM strategy objective. During the period in which the GC IM Strategy was extended, most of these subcommittees were terminated. With limited resources, focus shifted toward common IM solutions for the GC as a whole rather than updating the strategy.

Since 2008, government priorities (for example, openness, transparency, focus on results, engaging Canadians)^{Footnote 34} and the vision for the workforce (for example, high-performing, open and networked environment, engaging citizens and partners) have evolved.^{Footnote 35} In addition, expectations for access to information internally and externally have increased. Reviewing and assessing the GC IM Strategy in the context of an evolving strategic landscape, including GC priorities and expectations going forward, would ensure that strategic goals and operational initiatives (IM requirements and change initiatives) continue to keep pace.

In 2015, a consultation process was used to develop a document on lessons learned for the GC IM Strategy. This set the foundation for a renewed GC IM Strategy. Consultations have begun within the IM community and committees. An updated strategy could improve alignment of IM objectives, priorities and initiatives at the operational level to better meet the needs of government programs and services.

Most departments established plans to support GC IM initiatives, but some plans were missing key elements to support accountability.

While the Secretariat is responsible for developing a program and framework for the management of information,^{Footnote 36} deputy heads are responsible for establishing a departmental program or strategy for the improvement of the management of information.^{Footnote 37} Operational plans outline the steps, activities and initiatives to be taken to achieve the identified broad departmental IM objectives and priorities, which should align with those of the GC IM Strategy. Most departments had operational plans that considered government-wide and departmental IM initiatives. Most departments also considered IM-related risks in their departmental planning processes.^{Footnote 38} The audit noted that some departmental operational plans were missing key elements of an IM plan outlined in the Secretariat’s IM guidelines,^{Footnote 39} such as who is responsible, resource allocation, performance measures, and monitoring and reporting schedules. This information is the foundation for translating strategic direction into specific actions for which those responsible can be held accountable.

Government-wide policy instruments were developed and communicated to support IM; updates will be made as part of the Secretariat’s Policy Reset Initiative.

The Treasury Board has established the Policy Framework for Information and Technology. The supporting Policy on Information Management was released under this framework in 2007 and updated with minor changes in April 2012.^{Footnote 40} In 2013, it was reviewed again, five years after the policy first came into effect. The results of the Secretariat’s review indicated that adjustments were required to ensure the policy remained relevant. However, it was recommended that updates be considered in the broader context of what is now referred to as the Policy Reset Initiative.

There were two supporting directives that existed at the time of the Secretariat’s IM policy review in 2013: the Directive on Information Management Roles and Responsibilities, and the Directive on Recordkeeping. The Directive on Information Management Roles and Responsibilities was not included as part of this review because the Secretariat recognized that changes would be required with the anticipated release of the Directive on Open Government. The Directive on Recordkeeping was not required to be included as part of this review process because it was released in 2009 and did not meet the five-year mark from its effective date. Secretariat analysts indicated that the directive was not reviewed in 2014, as there was an implementation extension granted to departments until 2015. In 2015, the Policy Reset Initiative began, under which the Policy on Information Management and its supporting policy instruments are being reviewed and updated. Some departments also indicated that they have had the opportunity to provide feedback on policies and supporting instruments.

Policies and supporting instruments are available to all government employees on the Secretariat’s website and the GCpedia site for IM. The Secretariat also communicates policy instruments to key stakeholders through IM committees, learning events, participation in communities of practice forums, and regular departmental meetings. In addition, the Secretariat established a generic mailbox where departments can submit requests for advice and guidance on IM policy instruments. As part of the audit, departments confirmed that multiple channels were used to communicate policy instruments. However, some suggestions were made to improve communication, including direct communication with IM managers, senior managers and all employees to reinforce their responsibilities and improve timeliness of communication government-wide.

Policy instruments were developed and communicated to support IM within departments; however, most departments indicated that these were not updated as required.

All departments included in the audit had IM policies; some developed departmental IM policies while others had adopted the Treasury Board policies. Similar to the Secretariat, all departments made policy instruments available to employees through internal websites. Most departments also supplemented the availability of policies with communication through other means, including committees, newsletters and emails. Some departments also referenced training and awareness sessions to increase employee awareness of IM responsibilities. Most departments indicated that policies and supporting instruments were not updated as required. Reviewing and updating policies on a periodic basis ensures that requirements and responsibilities are clearly defined and aligned to comply with the Treasury Board IM policy suite, and to respond to the evolving operating environment and risks within each department. Reasons for not updating departmental policies included resources that were prioritized to support other activities, the Directive on Open Government became effective during the scope period and departments had not yet had the opportunity to update their policies, and departmental policies reflected the previous focus on recordkeeping.

The release of updated Treasury Board IM policies will be an opportune time for departments to review, align and update their departmental policies and supporting instruments. This will ensure that government and departmental IM responsibilities and requirements appropriately reflect and address changes in risks and the operating environment.

Finding 2: IM monitoring

Monitoring frameworks provide the means to oversee and adjust, as necessary, strategies, plans and processes to ensure that the benefits of sound IM practices are realized. Performance measures and targets are a necessary component of the monitoring framework in order to define and provide the information necessary to make these assessments and decisions.

The Secretariat is responsible for monitoring compliance with the Policy on Information Management and achievement of expected results.^{Footnote 41} Deputy heads are also responsible for monitoring adherence to this policy and for ensuring that appropriate remedial action is taken to address any deficiencies within their departments.^{Footnote 42} The audit examined whether monitoring frameworks were in place, government-wide and within departments, to ensure achievement of IM goals, objectives, and policy compliance.

The Secretariat’s IM monitoring and reporting activities, including performance measurement, did not provide a comprehensive assessment of IM achievements or compliance.

The 2008 GC IM Strategy included strategic goals and objectives, and the Committee on Information Management in Business endorsed a decision to validate and measure the work undertaken in support of these objectives. However, the strategic goals and objectives were not associated with specific performance measures to evaluate the success toward their achievement. Performance measures to assess compliance with the Policy on Information Management and the Directive on Information Management Roles and Responsibilities have not been developed. The Secretariat developed a Recordkeeping Assessment Tool for departments to self-assess their level of compliance with the Directive on Recordkeeping. While this tool provides information to assess compliance with the Directive on Recordkeeping, the Secretariat does not have a comprehensive performance framework to assess government-wide compliance for IM. A comprehensive performance measurement framework provides the foundation to monitor the implementation of strategies, policies and initiatives; progress toward achieving objectives; and compliance with policy. Secretariat analysts indicated that performance measurement is being explored as part of the strategy renewal process.

Because comprehensive performance measures were not established, the monitoring and reporting activities provided a limited assessment of the state of IM government-wide. The focus of monitoring the GC IM Strategy was the status of implementation for specific initiatives (for example, GCDOCS and recordkeeping). The primary formal IM monitoring and reporting tool used by the Secretariat to monitor policy compliance and implementation across government was the Management Accountability Framework.^{Footnote 43} Under this framework, IM is combined with information technology management as a core area of management that all participating organizations self-assess annually.^{Footnote 44} However, prior to the 2014 to 2015 fiscal year, it had been three years since IM was included in the Management Accountability Framework assessments while the methodology was being revised. Secretariat analysts indicated that, during this period, some departments were not as focused on achieving IM goals. In addition, without previous performance information as a baseline, it is difficult to assess progress toward achieving government-wide IM objectives, goals and policy compliance.

In the 2014 to 2015 fiscal year, IM was reintroduced to the assessment, and its coverage reflected the extent to which performance measures have been developed. Specifically, it covered two of the 12 deputy head responsibilities in the Policy on Information Management, the full scope of the Directive on Recordkeeping by incorporating results of the Recordkeeping Assessment Tool, and two of the four IM-specific responsibilities from the Standard on Email Management. The Secretariat produced a government-wide report in addition to providing each organization with its respective results.

Secretariat analysts reviewed departmental Management Accountability Framework assessments in the 2014 to 2015 fiscal year and identified inconsistencies between this information and the information reported in the Recordkeeping Assessment Tool. The analysts indicated that the inconsistencies may have occurred because the Management Accountability Framework and Recordkeeping Assessment Tool assessments are sometimes completed by different areas within departments and/or without appropriate consultations to ensure that interpretation of maturity levels is consistent. The analysts prepared discrepancy reports for each department, identifying the actions required to adjust the discrepancies, and tracked and monitored them for progress.

Monitoring and reporting activities, including performance measurement, provided a limited view in most departments of the state of IM in their organizations.

Deputy heads are responsible for measuring and reporting on a departmental program or strategy for the improvement of the management of information.^{Footnote 45} The maturity of performance measurement, monitoring and reporting within departments generally reflected what was being conducted by the Secretariat. Although most departments had operational IM plans, the audit noted that some departments were missing performance measures and associated monitoring and reporting schedules. Monitoring in most departments focused on the status of implementation for specific initiatives rather than the achievement of IM objectives or desired outcomes. However, the audit noted good practices in one department, which developed a performance measurement framework as the foundation to monitor and report on IM performance. Its IM Strategic Plan identifies the expected results as well as performance indicators for each of its strategic objectives for the coming year. Throughout the year, results are monitored and reported against the expected results. At the operational level, planned initiatives to support the IM Strategic Plan have also defined expected results and are monitored and reported in a similar fashion, in addition to identifying the potential risks to successful implementation and achievement of results. This type of performance information and monitoring enables departments to assess and make necessary adjustments to plans and processes to ensure that the expected results and desired outcomes are achieved.

Most departments indicated that the primary means to monitor and report on IM policy compliance was completing the annual self-assessments for the Management Accountability Framework required by the Secretariat, or periodically using the Recordkeeping Assessment Tool. As noted above, the Management Accountability Framework does not assess the entire IM policy suite. While the Recordkeeping Assessment Tool is comprehensive to fulfill monitoring responsibilities included in the Directive on Recordkeeping,^{Footnote 46} departments have not developed a more comprehensive framework, including performance measures, to monitor and report on overall compliance. Some departments noted that limited human resources impact their ability to implement a robust performance measurement and monitoring framework at this time.

Monitoring and reporting activities based on a comprehensive performance measurement framework would provide an assessment of the current state of IM within departments and government-wide. This information could be used to prioritize areas of improvement, develop action plans, identify those responsible, facilitate allocation of scarce resources, and continue to monitor results.

When compliance gaps were identified, action plans were generally not developed, implemented or monitored to ensure that identified weaknesses were being addressed.

Action plans should be developed, implemented and monitored to address gaps in performance or compliance identified through monitoring activities. Given that monitoring and reporting activities, government-wide and within departments, did not include comprehensive performance information, adjustments may not be considered or made to ensure achievement of objectives. With respect to the GC IM Strategy, the Secretariat developed an action plan to assist small departments with implementing the Directive on Recordkeeping. From a departmental perspective, some departments developed action plans to address gaps identified as a result of monitoring and reporting on the implementation of their IM operation plans or specific initiatives.

Management Accountability Framework assessments provide individual organizations with observations by the Secretariat on where performance meets expectations on the specific performance indicators that are reviewed, and where there may be opportunities to improve. Deputy heads and departmental managers can use these assessments to understand the management capacity that exists in their organizations and to identify the areas that may require attention so they can implement any necessary changes within their organizations.^{Footnote 47} The Recordkeeping Assessment Tool results, a primary focus of the Management Accountability Framework, could also be used similarly. However, the Secretariat had not developed an action plan to address the IM challenges identified in the Government-Wide Management Accountability Framework report for the 2014 to 2015 fiscal year. Most departments had not developed action plans to address the areas that may require attention in their individual departmental Management Accountability Framework report.

The audit noted that developing action plans to address identified gaps is not integrated into these formal assessment processes. Secretariat analysts indicated that they hold informal engagement meetings with individual departments to follow up on areas of non-compliance and to discuss IM issues. They also indicated that it is difficult to convince decision makers of the importance of IM relative to other programs because of its intangible nature. This may impact the level of investment in and commitment to IM improvements.

Developing and implementing action plans to address IM compliance gaps allows organizations to prioritize required actions, determine and allocate the necessary resources, and provide a baseline to continue to monitor progress and adjust plans as necessary. For example, one department analyzed the gaps identified in the results of the Recordkeeping Assessment Tool and included the necessary actions to address the deficiencies in its operational plan. As a result, the department saw a significant improvement in its self-assessed score. The practice of developing action plans to address compliance gaps for the Directive on Recordkeeping could be applied to overall compliance with IM policies and achievement of objectives.

Finding 3: committees supporting IM

Governance is a process through which organizations set strategic directions, allocate resources, define and assign responsibilities, assess risks, and establish internal controls to help achieve outcomes consistent with established objectives. When governance has been clearly articulated, it increases the likelihood that objectives will be achieved. One of the expected results of the Policy on Information Management is that governance structures, mechanisms and resources are in place to ensure the continuous and effective management of information. The audit examined whether governance and accountability structures were in place to support IM government-wide. The primary focus was on the role committees played in IM governance, including whether they were established and functioned to support achievement of IM objectives and initiatives.

Committees were in place to support IM government-wide and within departments.

The Secretariat established various committees to support governance of IM government-wide. For each committee, the Terms of Reference defined and documented the mandate, roles, and responsibilities. All departments had established committees with Terms of Reference where IM issues could be discussed. A governance structure with defined roles, responsibilities and accountabilities supports consistent, efficient and authoritative decision making and direction for IM across government.

There are opportunities to improve both government-wide and departmental committee operations and their role in governance of IM activities.

Periodic reviews and assessments of governance structures and bodies ensure that roles, responsibilities and accountabilities are defined, up to date, and fulfilled efficiently and effectively. An appropriate review considers factors such as the mandate, roles and responsibilities, membership (that is, breadth of skills, authority for decision making), meeting frequency, member attendance, due diligence, and the focus of discussions relative to the Terms of Reference. The audit noted that some government-wide and departmental committee terms of reference had not been reviewed and updated periodically to reflect the needs of the current operating environment. In addition, implementation of a comprehensive performance measurement framework, along with remedial action plans could enhance government-wide and department-level committee oversight of IM strategies, operational plans, and policy implementation and compliance. Performance information could be presented to committees and used to monitor, reassess and adjust strategic direction in a timely manner to support achievement of IM objectives. This also aligns with GC priorities and trends toward data-driven, i.e., evidence-based, decision making.

The audit reviewed the government-wide IM committee structures, shown in Appendix E, and noted that there were four separate reporting lines to the GC Chief Information Officer for discussion of IM-related issues. The GC Chief Information Officer chaired all four of these assistant deputy minister–level committees. The audit also noted duplication in membership and similarities in topics that were being discussed by the four committees. Subsequent to the audit scope, the Secretariat established the GC-wide Information Management Council, which consolidated three of the governance bodies at the assistant deputy minister level for IM. The Chief Information Officer Council still remains for consultation purposes, and the intention for the Information Management Council is to support an integrated approach to government-wide direction and decision making for IM-related issues.

From the departmental perspective, although all departments had established committees where IM issues could be discussed, the structure and focus of these committees varied. One department had established dedicated committees and working groups focused specifically on IM, and some departments raised IM issues through established committees with broader mandates. However, most departments used a combination of both structures. Some departments indicated that it was difficult to establish IM as a priority through their existing governance structures relative to other programs, policies and initiatives, such as information technology. Reasons noted included the level of senior management engagement and scope of the committees’ mandates. This may indicate that the importance and priority for IM has not been recognized, and that level of attention given to IM could be increased.

According to the Policy on Information Management, deputy heads are responsible for ensuring that decisions and decision-making processes are documented to account for and support the continuity of operations, permit the reconstruction of evolution of policies and programs, and allow for independent evaluation, audit and review.^{Footnote 48} In some cases, there was an opportunity to improve government-wide and departmental committee documentation, including the comprehensiveness of the Terms of Reference (for example, including key elements such as frequency at which the Terms of Reference should be reviewed, frequency of meetings, responsibilities of members) and availability of meeting agendas and minutes. Sound due diligence to support committee operations fosters a culture that highlights the importance of IM.

Finding 4: IM promotion and engagement

Integrating IM considerations into all aspects of government business enables information to be used and recognized as a valuable asset^{Footnote 49} to support the outcomes of programs and services, as well as operational needs and accountabilities.^{Footnote 50} Deputy heads are responsible for ensuring that departmental programs and services integrate IM requirements into development, implementation, evaluation and reporting activities.^{Footnote 51} In addition, all employees are responsible for applying IM principles, standards and practices in the performance of their duties, and for documenting their activities and decisions. Expert services such as records, library and data management provide specialized IM support to departments.^{Footnote 52} As a result, promotion of and engagement in IM across government is required to realize the benefits that come from IM integration.

The 2008 IM Strategy defined the strategic goal for people and capacity as maintaining “a highly-skilled Government of Canada workforce that achieves information management outcomes by applying the appropriate information management policy instruments.”^{Footnote 53} The audit examined a number of areas that contribute to promoting and building the human resource capacity for implementing and integrating IM government-wide. First, the audit examined human resources planning for the IM functional community. This included activities implemented government-wide and within departments to strengthen and support those that provide expert services and specialized IM support to departments. Second, the audit considered strategies, such as communication mechanisms, training and awareness efforts, and the establishment of partnerships, to position IM as an enterprise-wide program and increase the likelihood that IM practices are adopted and integrated into day-to-day operations of all employees across government.

The Secretariat engaged the IM community through various activities.

The IM community is made up of experts across a variety of disciplines, including records, library and data management, which provide specialized IM support across government.^{Footnote 54} The Secretariat is responsible for promoting functional communities for the management of information and to develop and sustain IM specialist capacity and practices.^{Footnote 55} Professional development days, targeted at the management and operational levels within the IM community (IM Senior Officer Day and Recordkeeping Day), are held semi-annually. These activities provide an opportunity to bring employees from the wide variety of disciplines that provide specialized support for IM together to discuss and exchange best practices in recordkeeping. The Secretariat also engages with the IM community by leveraging social network platforms (GCpedia and GCconnex) and more directly through generic mailboxes and departmental engagement meetings. The Secretariat collaborated with other government departments on specific initiatives (for example, Library and Archives Canada for disposition and recordkeeping, Public Services and Procurement Canada for GCDOCS, the Canada School for Public Service for learning and development). In January 2015, the Secretariat launched the Excellence in IM Award, a recognition award for IM under the IM-IT Community Recognition Awards Program. This award celebrates outstanding work done within the IM community and builds on a history of IM community awards offered by Library and Archives Canada.

The Secretariat and departments face challenges in elevating the priority of IM as an integral element of government policies, programs, services and initiatives.

In order for government programs and services to provide convenient access to relevant, reliable, comprehensive and timely information,^{Footnote 56} information needs to be recognized and managed as a valuable asset that supports outcomes, operational needs and accountabilities. The 2008 GC IM Strategy was developed to support a vision for IM where information is safeguarded as a public trust and managed as a strategic asset to maximize its value in the service of Canadians. With government commitments and priorities focused on openness and transparency, there is a clear link to the importance of IM government-wide. However, based on interviews at the Secretariat and within departments, the audit noted that it is a challenge for IM to receive attention among competing priorities for other programs (for example, information technology). The prioritization of IM was a common reason for many of the observations made in this report under the findings for strategic direction, performance measurement and committees supporting IM. Interviews with Secretariat analysts also indicated that the intangible nature of IM and its benefits having not been quantified within the federal government contribute to these challenges. If information is not recognized or prioritized as a valuable asset, it impacts the likelihood that appropriate resources will be allocated and that sound IM practices will be adopted or integrated into operations. This may increase the implementation and reputational risks associated with government priorities for open government and increased transparency.

Although the Secretariat has engaged with the IM community, the audit noted that strategies could be improved to promote IM and engage the government community to increase the likelihood that information is recognized and managed as a valuable asset. For example, communication of the 2008 GC IM Strategy objectives, achievements and updates targeted the IM community. The 2008 GC IM Strategy did not include a communication plan that considered different audiences and different communication approaches to achieve communication objectives. Tailored communication approaches may increase awareness of IM strategies and initiatives, their significance, and how they relate to and impact all employees in addition to the IM community. A second example of a strategy that could be improved to promote IM and engage the government community is to build partnerships with business operations. Although the Secretariat collaborated with other government departments on specific IM initiatives, partnerships with other policy centres could be leveraged to integrate IM into other government-wide policies, procedures, initiatives, and training and development programs to increase the likelihood that employees will adopt sound IM practices in their day-to-day activities. Secretariat analysts indicated that this is being considered as part of the new strategy.

From a departmental perspective, most departmental IM functions had undertaken activities to promote IM, including newsletters, internal training and awareness programs, special IM clean-up days, publishing policies, tools and resources online. However, similar to the Secretariat, the audit noted that departmental strategies to ensure that IM requirements are adopted and integrated into departmental programs and services could be improved. For example, few departments indicated that IM-related training for all employees was mandatory or that IM objectives were included in performance agreements for all employees. In addition, while some departments indicated in interviews that they had developed partnerships with some other programs and services, there is an opportunity to further leverage these partnerships to embed IM in other program policies, procedures, initiatives, and training and development programs. Integrating IM requirements into the development, implementation, evaluation and reporting activities of departmental programs and services is a deputy head responsibility.^{Footnote 57} In order for this to occur, all employees need to apply IM principles, standards and practices in the performance of their duties. The IM function provides specialized support within departments to help deputy heads and employees in adopting and fulfilling these responsibilities.^{Footnote 58}

Recruiting qualified IM functional specialists is challenging, and efforts to develop and sustain the human resource capacity for IM government-wide and within departments were limited.

Access to competent, skilled and trained IM specialists is important to support the successful implementation of IM initiatives. Most departments noted that the availability of qualified candidates to fill IM specialist positions is limited. Some departments also noted challenges in recognizing IM as a profession (for example, difficulties defining an IM specialist, outdated competencies and associated classifications, unclear career progression, and availability of training programs to support advancement).

The Secretariat is responsible for developing competency and other professional standards for IM function specialists.^{Footnote 59} The 2008 IM Strategy included a number of initiatives to fulfill these responsibilities. For example, the Secretariat initiated the development of competency profiles based on the standards released by the Canadian General Standards Board in 2009. In addition, an IM Development and Certification Program was presented to the Committee on Information Management in Business in November 2009. However, none of these efforts were ever finalized, fully implemented or revisited in recent years, impacting the ability to staff current vacancies with qualified candidates and to conduct succession planning for future needs government-wide. In 2010, the People and Capacity Subcommittee (established to drive implementation of these outcomes) and the office responsible for these activities were dismantled. Secretariat analysts indicated that the new office has focused more on developing the information technology community (for example, developing generic job descriptions and an accelerated program to develop senior computer science employees into chief information officers). With a renewed strategy, there is an opportunity for the Secretariat to define what skill sets are needed to implement and integrate IM across government. This information is required in order to develop a curriculum that will build and sustain a human resource capacity to fulfill resource needs for IM specialists across government.

Despite most departments noting challenges recruiting IM personnel, only a few noted that they had undertaken human resources planning activities to identify and determine how to meet departmental needs. Two departments had undertaken human resource planning activities, documenting the overall human resources vision and direction and identifying the resources required based on planned activities and initiatives, including IM. Training and development activities to support IM specialists were based on these planned IM activities and initiatives. In the absence of Secretariat IM specialist competency profiles, another department was developing human resources plans for IM to identify the skills required to fill management and staff-level positions (for example, change management, client service, information analysts, digital specialists, facilitators). However, they indicated that current occupational groups (Administrative Services, Clerical and Regulatory) and training offered internally to federal government employees may not be sufficient to develop the required skills they have identified to fill management and staff-level positions.

Some departments noted that performance management agreements for IM specialists included IM-related objectives and their learning plans, including IM-related training. However, human resources planning activities, which identify and assess departmental needs relative to availability, provide a framework to highlight gaps in skills or composition of the IM function and develop strategies (for example, training and development opportunities, contracted resources) to fulfill those needs. This information could also be used to build the capacity and skills of the IM function to enable departments to meet their needs in the current operating environment, as well as future needs to achieve longer-term IM objectives.