Management of Resources

Source URL

https://www.canada.ca/en/revenue-agency/corporate/about-canada-revenue-agency-cra/management-accountability-cra/board-management-oversight-framework-table-contents/board-management-oversight-framework-management-resources.html

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

Management of Resources

Expectation (a): The Board must assure itself that the Agency has and follows the appropriate control framework for the management of its financial resources
Related Key Questions
Evidence
Sources of Evidence
  • Does the Agency appropriately manage its finances according to the authorities provided by Parliament?
  • The Board receives a resource management report on a quarterly and annual basis. In addition, period reports are provided to senior management for periods 5, 8, and 10.
  • The report facilitates the effective management of resources by providing detailed information on the CRA’s: operations (regional and HQ branch perspectives), forecasts, financial status, and historical comparisons, as well as a strategic commentary on the Agency's resource investment strategy.
  • The preparation of the report includes a multi-dimensional corporate oversight challenge function [at the branch/regional level with AC sign-off and at the Agency level by the corporate centre with the chief financial officer‘s (CFO) sign-off to ensure the accuracy and completeness of the information and to support the Agency's commitments to transparency and accountability.
  • The report includes an assurance by the CFO that the CRA is managing its finances according to the authorities provided by Parliament.
  • In 2008-2009, the CRA took steps to document and validate the design and effectiveness of its internal controls over financial reporting (ICOFR) by launching a project aimed at certifying key ICOFR, starting with the 2011-2012 financial statements.
    • The certification will include the effectiveness of ICOFR in detecting or preventing significant misstatements due to non-compliant/unauthorized transactions.
  • In 2008, the CRA provided provincial and territorial deputy ministers of finance with one Canadian Institute of Chartered Accountants (CICA) Handbook Section 5970 report covering all key controls over financial reporting on the corporation income tax program (T2) under federal-provincial tax collection agreements (TCAs).
    • The report on T2 controls, including the auditor's report, should be distributed to provincial/territorial governments in the spring of 2009. The report includes information on controls that helps ensure that the recording and reporting of transactions are consistent with the terms of the TCAs.
  • As part of the Federal Accountability Act Action Plan, the Government of Canada made a commitment to strengthen TB financial management policies. TBS has announced a plan to move to six core policies. As of January, 1, 2009, only one has come into effect.
  • Quarterly Resource Management Reports (Financials)
  • Quarterly Performance Reports
  • AR (includes audited financial statements)
  • RIMC
  • Internal audits and evaluations
  • Auditor General reports
  • Minutes of Board Resources Committee
  • Minutes of Board Audit Committee
  • Audit Committee Charter
  • Does the Agency appropriately manage its finances according to the authorities provided by Parliament? cont.
  • Under section 30 of the Canada Revenue Agency Act, the CRA is subject to TBS financial management policy. As such, the CRA has performed a strategic review of the approved and draft policies to determine the impact of the new TBS policies and has identified the following next steps:
    • Development of a CRA Financial Management Framework;
    • Development of core CRA policies corresponding to the new TB policies; and
    • Revision of supporting CRA policy instruments as necessary.
  • For fiscal 2007-2008, the CRA received an unqualified OAG opinion on its audited financial statements for both the Agency and administered activities for the year.
  • The CRA continues to strengthen and develop financial management capacity by enhancing efforts for recruitment, retention, and training strategies for staff including:
    • Launch of the Financial Officers Apprenticeship Program (FIAP) (pending senior management approval), with the objective of building a talent pool of specialized finance officers to meet the current and future business needs of the CRA;
    • Within the FIAP, developmental opportunities will be provided to candidates to allow them to acquire new skills and competencies and allow for career progression; and
    • Formal training courses and hands-on experience, along with mentoring and networking opportunities and the promise of career advancement, will be made available to the participants.
Management Performance Measures


Does the Agency appropriately manage its finances according to the authorities provided by Parliament?
  • For the Round VI (2008-2009) MAF assessment, the CRA received a rating of “Strong” for its financial management capacity. The Agency earned this rating for the emphasis it places on training, development, succession planning, and the existence of a position dedicated to the management and development of the financial management community.
Management performance will be demonstrated by trending the results of actual expenditures at year-end with the annual expenditures plan ( AEP) forecasted at the end of the second quarter. (see graph)
  • The 2007-2008 data will be used as the benchmark for analysis and performance discussion in subsequent BoMOF assessments.
In 2007-2008, the year-end expenditures were 0.3% of the AEP at second quarter.
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
  • New questions to be developed dealing with administered activities.
Acceptable
Opportunity for improvement
Attention required
Expectation (b): Project Management – Investment decisions are based on program priorities and affordability, and possible future liabilities are identified.
Related Key Questions
Evidence
Sources of Evidence
  • Does the Agency have an appropriate project management framework in place that includes policies, processes, and an explicit accountability framework that support effective decision-making oversight, monitoring, and review?
  • The Board approved the Project Management Policy in 2006.
  • The RIMC was created with a mandate to establish budget priorities and requirements according to the CBP, oversee the allocation and control of Agency financial resources, and oversee the management and progress of major investment projects.
  • The RIMC performs the corporate challenge function in assessing project proposals.
  • The RIMC Secretariat established the RIMC mandate, administrative procedures, and document guidelines, including the approval and monitoring processes for major investment projects in accordance with the CRA Project Management Policy.
  • The RIMC Secretariat facilitates awareness and understanding of the project approval process, accountability framework, and documentation requirements.
  • The RIMC Secretariat developed a reporting framework for the Board, the Capital Investment Project Portfolio Dashboard, that provides for quarterly reporting on project delivery performance (schedule, cost, and scope on four capital investment projects: Integrated Revenue Collections, Individual Identification Renewal, Corporate Tax Administration for Ontario (CTAO), and Compliance Systems Redesign).
    • Compliance Systems Redesign: The project is proceeding within the approved budget and scope. Due to a delay in the procurement of the Analytical Tool, it will be necessary to carry forward the associated funding from 2008-2009 to 2009-2010.
    • CTAO: The project is proceeding on schedule, and within the approved budget and scope. The anticipated lapse in 2008-2009 (currently estimated at $12.0 million) will be carried forward and made available for CTAO-related activities in 2009-2010.
    • Individual Identification Renewal: The project is proceeding on schedule, within the approved scope and budget.
    • Integrated Revenue Collections: The project is proceeding on schedule and within the approved scope. It is expected that the projected lapse of $1.1M will be returned to the Strategic Priorities Reserve at the end of 2008-2009. This will be confirmed in Q4.
  • Major strategic investment projects that have been reviewed by RIMC and received approval from AMC, and have lifecycle development costs that are expected to exceed the threshold of $20 million, continue to be referred to the Board for review and approval of the governance structure, the monitoring framework, and the planned expenditures.
  • Project Management Policy
  • RIMC/AMC reports, minutes
  • Procedure of Board Resource Committee
  • Capital Investment Project Portfolio Dashboard
  • RIMC Mandate, Administrative Procedures, and Documentation Guidelines
  • Portfolio Summary Dashboard
  • Minutes of Board Resources Committee
  • Does the Agency have an appropriate project management framework in place that includes policies, processes, and an explicit accountability framework that supports effective decision-making oversight, monitoring and review? cont.
  • Enhancements to the RIMC process continue to be made. The measured and methodical approach to project approval, planning, and execution (six “gates” instead of the current four) was introduced and approved by AMC in February 2008, and presented to the Board. This process will:
    • Ensure a clear understanding of the business “problem” or “opportunity” and the associated risks from a business perspective, before committing any resources;
    • Allow for better “up-front” planning and scoping, and thereby reduce the likelihood of cost and schedule over-runs;
    • Ensure that the objectives, expected outcomes, and success criteria are clearly articulated at the outset of the project; and
    • Confirm that the expected outcomes / benefits have been realized.
  • Do the Agency’s costing and reporting practices demonstrate effective management of project resources and project performance?
  • The Agency now benefits from the gated approach to project management, widely used in industry to ensure better planning, mitigate cost overruns, and schedule slippage and scope creep.
  • Commencing in 2008-2009, all RIMC projects in the execution phase were required to complete quarterly dashboards.
  • In addition to the established reporting requirements, a set series of default conditions in the quarterly dashboards have been set to trigger additional reporting if the project has demonstrated slippage to cost, schedule, or scope. As an example, these conditions include situations where expenditures have gone outside of the plan for a set period of time. This allows for more timely oversight, addressing significant problem areas as they are detected, rather than just at scheduled intervals.
  • Projects are required to develop a benefits measurement plan in order to measure the benefits of the project once it is complete.
  • RIMC mandate, Administrative Procedures and Documentation Guidelines.
Management Performance Measures
Do the Agency’s costing and reporting practices demonstrate effective management of project resources and project performance?
  • The enhancements to the RIMC process now require projects to have more refined cost estimates. Decisions/approvals are made on projects or their respective components that have +/- 15% accuracy on costs. For those that only have +/- 50%, funds are not allocated but simply earmarked pending refinement of the estimates to the +/- 15%. This provides greater certainty around project expenditures and results in more rigorous funding control.
  • Management performance will be demonstrated by trending the results of project portfolio adherence to approved scope, schedule, and budget.
    • Reporting to begin in 2009-2010
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
  • At a future meeting, the Board Resource Committee will discuss the scope of its responsibilities for asset management.
Acceptable
Opportunity for improvement
Attention required
Expectation (c): Asset Management – Real property strategy to address current and future accommodation needs; methodology for tracking and divesting moveable assets with individual value of more than $10K.
Related Key Questions
Evidence
Sources of Evidence
  • Is appropriate long-term capital planning and long-term investment planning in place?
  • Requirements for materiel are assessed and planned using a life-cycle management approach.
  • Capital assets (greater than $10K) are tracked and depreciated through the Corporate Administrative Systems (CAS).
  • The CRA has a five-year fleet capital replacement plan.
  • A thorough review and analysis of existing fleet management policy instruments is nearing completion. Stakeholder consultation is underway, and it is anticipated that revised policy instruments will be in place within six months.
  • Nationally, the Long-Term Accommodation Investment Plan (LTAIP) sets out the strategic direction for the planning and management of CRA's accommodation portfolio in an annually updated five-year investment plan.
  • Regional accommodation plans provide key input to the LTAIP on operational influences on real property services.
  • Materiel Management Life Cycle Policy and supporting policy instruments
  • LTAIP
  • Regional accommodation plans
  • Fleet plan, policy, and supporting policy instruments
  • Is there an appropriate real property management framework in place for leasees?
  • Since 2000-2001 the real property function has operated under the Real Property Management Framework that sets out a governance structure and investment-planning process.
  • RIMC has acknowledged that the Real Property Management Framework is consistent with the principles set out in the Agency’s Project Management Policy.
  • The Real Property Strategic Investment Board provides accountability and an audit trail for real property investments.
  • CRA and Public Works and Government Services (PWGSC) operate under a real property services agreement, approved in 2007, which ensures continuity of PWGSC expertise and CRA's ability to exercise its legislated authority.
  • CRA uses the PWGSC Occupancy Accommodation System Report to ensure that the accommodation costs and space usage are controlled and respect CRA standards, and that the national inventory is complete and accurate.
  • An internal audit of the Real Property function was conducted in 2008, then presented to and approved by the MAEC Committee on January 23, 2009. The “Management Framework of Real Property Audit Report” will be presented to the Board in March.
  • Real Property Management Framework
  • LTAIP
  • Real Property Services Agreement with PWGSC
  • Internal audits and evaluations
  • Is there an appropriate materiel management framework in place?
  • Since 1999, the materiel management function has operated in accordance with the Materiel Management Program Framework Policy that was approved by the Board (BoM Decision 99.5).
  • The AC of the Finance and Administration (F&A) Branch is responsible for all aspects of materiel management.
  • Materiel Management Lifecycle Policy and supporting policy instruments
  • Internal Audit Reports
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Acceptable
  • Strategic Investment Plan is still under development.
  • A formalized multi-year strategic investment plan (three– to five– year planning horizon) process is currently in development. Implementation is expected in 2009-2010.
Acceptable
Opportunity for improvement
Attention required
Expectation (d): A contracting policy in place that meets the Board’s fiduciary requirements and that day-to-day operations respect the provisions of the policy and a cost-effective procurement process that ensures that goods and services requirements are met.
Related Key Questions
Evidence
Sources of Evidence
  • Is Agency oversight of procurement and contracting effective in ensuring the transparency and integrity of those functions?
  • The CRA conducts procurement in a fair, open, transparent, and cost effective manner and in accordance with CRA policies, codes of conduct, and government obligations such as Canada's trade agreements, comprehensive land claim agreements, and the Government of Canada's contract reporting requirements.
  • All information technology (IT)-related contracts over $1million dollars are reviewed by the IT Procurement Strategy Committee, an AC-level committee.
  • All non-IT contracts over $1million are reviewed by the F&A Branch Management Committee, chaired by the Agency’s CFO.
  • AMC is sent periodic reports on contracting and is briefed on all contracts estimated at over $1million.
  • Procurement policy and supporting policy instruments
  • CRA Contracts Directive
  • Internal audits and evaluations
  • Are the Agency’s end-to-end procurement processes cost-effective?
  • The use of the Agency's e-procurement catalogues, which are supported by a government acquisition card, results in significant savings. At the CRA, e-procurement and acquisition card transactions represent 93% of total business transaction volume.
  • In accordance with TBS estimates, the cost associated with supporting these types of transactions is only 8% of the cost of using traditional procurement contracts such as local purchase orders.
  • Non e-procurement and non-acquisition card purchases (that is, contracts and other arrangements) total $414 million and represent 88.5% of total business dollar volume. The Agency's procurement expertise and resources focus on these transactions.
  • Fifty-nine strategic sourcing arrangements (a commodity-based approach that takes advantage of volumetrics) are currently in place and represent 39% of total business transaction volume.
  • A 2008 internal audit confirmed the cost-effectiveness of e-procurement and acquisition card purchasing processes. The action plans based on the audit's recommendations are complete or on track. For example, “Synergy”, a Web-based e-procurement tool, was implemented in January 2009.
  • Use of e-procurement, acquisition cards, contracts and other arrangements
  • Strategic contracting arrangements
  • Internal audits and evaluations
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
  • Additional rigour is embedded in new CRA procurement software.

Acceptable
Opportunity for improvement
Attention required
Expectation (e): The Board must assure itself that the Agency has and follows the appropriate control framework for the management of information technology.
Related Key Questions
Evidence
Sources of Evidence
  • Are we managing information technology risks well? Are adequate business continuity plans in place to mitigate the effects of a processing interruption?
  • The Information Technology Branch (ITB) conducts ongoing risk assessments of projects, and operational issues.
  • ITB participates in the Corporate Risk Identification and prioritization process. While only certain IT risks are managed at the corporate level, a more extensive list of risks is managed at the ITB levelt
  • During the ongoing process of completing threat and risk assessments (TRAs), business continuity plans (BCP), and disaster recovery plans (DRP), the ability of current and planned safeguards (to eliminate, lower or mitigate risks) is analyzed to determine if the safeguards are adequate or if additional security is necessary.
  • Site BCPs and Pandemic BCPs are completed and maintained for critical services for all areas in ITB. DRPs for CRA's data centres are maintained and exercises are conducted at least once per year.
  • Baseline TRAs are completed for the mainframe, Intranet backbone, Security Perimeter – Public Access Zone (PAZ) / DMZ & Firewall, Corporate Admin System, and the Distributed Computing Environment. Other TRAs are completed or updated as part of regular operations and project management.
  • The Security Directorate of F&A and IT Security Services work co-operatively to ensure compliance with TBS's Security Standard (MITS) in completion of TRAs, BCPs, and DRPs.
  • Corporate, ITB, and Project Risk Inventories
  • CRA IT Strategy
  • IT Service availability (Quarterly Report)
  • Post-mortems after each BCP and DRP exercise and response
  • Annual Summary Report
  • Five Year Roadmap for BCP/DCR (Data Centre Recovery) Exercises (Fiscal Years 2007 to 2013)
  • BCPs/DRPs
  • Exercises to test the DRPs
  • Complete baseline TRAs
  • Computing network scans
  • Collection of computer infrastructure log information
  • Are we managing information technology risks well? Are adequate business continuity plans in place to mitigate the effects of a processing interruption?
  • The Information Technology Branch (ITB) conducts ongoing risk assessments of projects, and operational issues.
  • ITB participates in the Corporate Risk Identification and prioritization process. While only certain IT risks are managed at the corporate level, a more extensive list of risks is managed at the ITB levelt
  • During the ongoing process of completing threat and risk assessments (TRAs), business continuity plans (BCP), and disaster recovery plans (DRP), the ability of current and planned safeguards (to eliminate, lower or mitigate risks) is analyzed to determine if the safeguards are adequate or if additional security is necessary.
  • Site BCPs and Pandemic BCPs are completed and maintained for critical services for all areas in ITB. DRPs for CRA's data centres are maintained and exercises are conducted at least once per year.
  • Baseline TRAs are completed for the mainframe, Intranet backbone, Security Perimeter – Public Access Zone (PAZ) / DMZ & Firewall, Corporate Admin System, and the Distributed Computing Environment. Other TRAs are completed or updated as part of regular operations and project management.
  • The Security Directorate of F&A and IT Security Services work co-operatively to ensure compliance with TBS's Security Standard (MITS) in completion of TRAs, BCPs, and DRPs.
  • Corporate, ITB, and Project Risk Inventories
  • CRA IT Strategy
  • IT Service availability (Quarterly Report)
  • Post-mortems after each BCP and DRP exercise and response
  • Annual Summary Report
  • Five Year Roadmap for BCP/DCR (Data Centre Recovery) Exercises (Fiscal Years 2007 to 2013)
  • BCPs/DRPs
  • Exercises to test the DRPs
  • Complete baseline TRAs
  • Computing network scans
  • Collection of computer infrastructure log information
  • How does the Agency ensure that IT investments are managed to ensure value?
  • IT multi-year investments/business cases are presented to RIMC to assist in sound decision making in the context of the strategic investment plan.
  • ITB Priorities Committee reviews IT investments and establishes priorities within ITB.
  • Major Project Review Committee (MPRC):
    • MPRC was established to provide a succinct project status report and to provide senior executive decision-making, guidance, and recommendations for high-profile projects and portfolios;
    • Executive Team selects projects and portfolios to be presented at MPRC during a quarterly review and/or as required;
    • MPRC decision-making authority includes the ability to examine, question, and provide recommendations on all aspects related to the project or portfolio being presented. This includes escalating or resolving issues impacting capabilities to deliver on time, within budget, and with agreed-upon functionality to eliminate or reduce project risks; and
    • Risk is reviewed from a joint IT and business perspective through reporting against receipt of requirements, IT architecture solutions, and deployment of resources.
  • RIMC (records of decision)
  • IT Strategy
  • Major Project Review Committee minutes
  • Architecture Steering Committee (records of decision)
  • Branch Forward Schedule for Change
  • Solutions Application Catalogue
  • Solutions Configuration Items
  • Solutions Costing Model
  • How does the Agency ensure that IT investments are managed to ensure value? cont.
  • The Architecture Steering Committee (ASC) oversees and guides the Agency’s Architecture Steering Program to ensure compliance with strategic directions including:
    • Review and identify the scope of the Architecture Program;
    • Identify the linkages between Architecture activities;
    • Develop Architecture roadmaps and outlooks to guide project decision making by identifying opportunities for development of common or shared IT services and solutions;
    • Define Architecture Program priorities and assignment of key architecture project plans on a regular basis;
    • Review the Branch’s Constituent Architecture project plans on a regular basis; and
    • Approve mitigation plans tabled during the escalation of architectural issues.
  • The ITB Quality Program is directed at continuous improvement and alignment of performance measures, project and risk management, development and maintenance practices, and quality controls in order to improve our ability to meet clients' needs.
  • IT investment decisions are also guided through the Local Solutions Governance Framework.
  • The Application Sustainability program has been launched as a significant multi-year program to guide IT investment decisions in strategic improvements to applications that are deemed to be at risk from a sustainability perspective.
  • The Long Term Capacity Plan (LTCP) is an extension of the Asset Management Plan (AMP). The AMP provides a three-year view of the central budget IT expenditures for hardware, software, and services. The LTCP establishes and maintains a 10-year strategic view of major capital expenditures planned within ITB. These planned expenditures are reviewed annually by the Technology Infrastructure Advisory Committee (TIAC) to validate alignment with the architectural direction and business requirements.
    • The items in the LTCP are significant expenditures that are cyclical in nature and based upon the asset lifecycle management. They require additional funding as the central budget does not maintain this level of funding on an annual basis.
    • Partnerships with other departments and Agency (Data Centre Consolidation).
  • Solutions Measurement Program
  • Solutions Sustainability Assessment
  • Local Solutions Governance Framework
  • Local Application Repository
  • Best Practices
  • CRA DCE Strategy
  • Distributed Services Directorate (DSD) Project Management Office
  • DTIM Project Life Cycle
  • Internal Audits
  • OAG Audits
  • Canadian Revenue Agency Summary Presentation Application Support Benchmark Presented to CRA May 2008 (Gartner)
  • LTCP
  • Asset Management Plan
  • Periodic Reviews by Industry Analysts
  • Business Cases
  • How does the Agency ensure that IT investments are managed to ensure value? cont.
  • periodic reviews by industry analysts are performed to ensure that we are applying best practices in the management of our IT investments. We leverage third parties (Gartner) who deal with similar sizes and types of organizations as the Agency to validate our practices and offer feedback on how to improve them.
  • Is the level of corporate engagement in IT management (senior executive accountability, corporate and IT governance, IT planning) sufficient?
  • The AC & chief information officer (CIO) of ITB reports directly to the commissioner. The CIO provides clear and consistent direction, guidance and authority over IT initiatives and activities throughout the Agency.
  • The AC/CIO sits on many of the Agency governance committees. IT representation on the various corporate committees helps facilitate the appropriate governance to ensure standards and processes are in place for consistency of design, development, implementation, operation and maintenance of IT solutions and services across the CRA.
  • Bilaterals are held between Headquarters branches and the ITB, and regional ACs engage directly with the ITB through participation at the various corporate committees, particularly the Operations Committee, and yearly through the Functional Tables meetings.
  • The ITB chairs the TIAC meeting which includes business representatives from every Branch and Region. TIAC is responsible for the prioritization of IT infrastructure–related initiatives. Working within the parameters set by the Agency, this Committee:
    • Reviews, endorses, and approves infrastructure projects and investments;
    • Drives strategic and operational changes required within the Agency to implement the Managed Distributed Environment Program; and
    • Acts as a change agent to leverage the IT investment in the delivery of the Agency’s services.
  • ITB works closely with Headquarters branches and regions to improve governance over local IT initiatives in order to leverage local innovation, while ensuring diligent application of security and privacy policies and continued alignment between local needs, national application, and overall IT strategy.
  • ITB provides functional direction in the implementation of IT programs and projects in support of the CRA mandate.
  • AMC/RIMC/SDC/OPC terms of reference/decisions
  • Board of Management – Resources Committee
  • TIAC decisions/minutes
  • CRA IT Strategy
Management Performance Measures
Are we managing information technology risks well? Are adequate business continuity plans in place to mitigate the effects of a processing interruption?
  • CRA Web Applications were down for a total of 90H:34M as at Q2:
    • Fifteen – Severity 1 Disruptions for 81H:31M; and
    • Three – Severity 2 Disruptions for 9H:03M
How does the Agency ensure that IT investments are managed to ensure value?
  • Observances from the Application Support Benchmark Report indicate:
    • Staff productivity for CRA is 21% higher than comparable tax organizations;
    • Compared to other industries, CRA relies on reliable and conservative technology, lower software/hardware costs, and the predominant use of employees rather than contractors; and
  • CRA’s lower cost is a result of their higher productivity and lower cost/FTE compared to other tax organizations.
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
  • Active partnerships with other government departments are required, in order to help mitigate risks.
  • Disaggregate management expectations with respect to management of information technology to all separate ratings of component elements.
  • Consider separating the discussion on business continuity from that on the long-term strategic risks for IT .
Acceptable
Opportunity for improvement
Attention required


Report a problem or mistake on this page

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified:
2010-02-19