• Previous page
• Next page

Expectation (a): Financial Management - The Board must assure itself that the Agency has and follows the appropriate control framework for the management of its financial resources.

Assessment Criteria

• Evidence of sound management of financial authorities provided by Parliament
• Processes and internal controls are in place to report on administered activities accurately, completely, and in a timely manner
• Evidence of innovation

Information Considered by the Board

In March 2011, the Corporate Audit and Evaluation Branch (CAEB) conducted an audit of the Financial Administration Act (FAA) accountabilities for Agency activities. The audit concluded that CRA employees with delegated authorities understood their associated responsibilities and acknowledged the existence and importance of personal accountability.

The Agency has developed a resource management strategy to address key operational pressures. This strategy will help in prioritizing funding pressures as the Agency implements the deficit reduction action plan strategy.

The Agency has taken steps to strengthen the underpinnings of the Agency's financial management system. For example, both the Management Group Learning Program and the Executive Cadre Learning Program include a financial management component to ensure that new managers are aware of key financial management issues, policies, and practices. The Agency has also finalized new procedures requiring the Commissioner and the Chief Financial Officer (CFO) to attest in the Statement of Management Responsibility for the annual audited financial statements.

Board’s Assessment

The Board observed that the Agency's high standard of financial management has been maintained and demonstrated in its management and monitoring of recent initiatives which impact the CRA's financial situation.

Board’s Rating: Strong

Expectation (e): Information Technology (Investments) - The Board must assure itself that the Agency adequately plans and invests in its IT assets to ensure they support the achievement of its business goals.

Assessment Criteria

• IT investments are integrated into the Agency's business plans
• Workforce supports IT operations
• IT investments are managed to ensure business requirements are met
• IT service delivery meets clients expectations
• Performance tracking information is used to improve performance
• Evidence of innovation

Information Considered by the Board

The CRA's Infrastructure Investment Plan (IIP) functions to govern the planning processes that guide investment choices and establish strategic priorities. Through the development and implementation of IT architecture roadmaps, the Agency ensures that identified priorities are appropriately aligned with emerging IT industry trends. Areas that have generated attention include e-services, enterprise content management, and collaboration.

Over the past year the CRA has continued to maintain high levels of service availability for the multiple national CRA and CBSA key applications. Service availability metrics for the CRA's critical applications in 2010-2011 indicates that all service level objectives were met.

In comparison to industry best practices, the CRA's IT performance reporting tools have achieved a high level of maturity and have continued to provide senior management with a holistic view of CRAIT performance.

Board’s Assessment

The Board considered that areas of particular strength include the IT architecture roadmaps and the ITHR management model. An area of focus for the next year will be ensuring that the Agency has the skill set required to manage an outsourced IT service.

Board’s Rating: Strong

Expectation (f): Information Technology (Security) - The Board must assure itself that the Agency adequately manages and safeguards its IT assets to ensure they support the achievement of its business goals.

Assessment Criteria

• IT Business Continuity Plans are maintained and tested
• Security provisions are in place to protect the Agency and Shared Services Canada
• The service management regime is in place for infrastructure provided by Shared Services Canada
• Plans are in place for managing IT applications and infrastructure
• Evidence of innovation

Information Considered by the Board

Information Technology continuity is comprised of two programs at the CRA, the Business Continuity Program (BCP) and the Disaster Recovery Plan Program (DPR). For the 2011 calendar year there were no events that required BCPs to be activated. That being said, the IT Security and Continuity Division (ITSC) continually reviews and updates BCPs. The CRA's IT Security Strategy also ensures that CRA data, information assets, and IT infrastructure continue to be protected from both current and future threats.

The Agency is working with Shared Service Canada (SSC) as a partner in supporting the CRA's mandate and mission. Material changes will be planned in concert with CRA on the basis of business cases that are agreed upon by both organizations. This will ensure that the review processes of both organizations are respected and that they provide the necessary assurance that neither entity will be placed at risk, thus creating the necessary success factors of a healthy and sustainable partnership.

The Agency recognizes the importance of maintaining feasible sustainability programs for infrastructure maintenance and development. The Application Sustainability Program (ASP) is the primary driver that mitigates risks with older applications. The program includes an annual assessment of IT applications and applications that are dependant on obsolete technology that will require upgrading to current CRA standard technologies. The largest sustainability issue within the high risk group is the use of Integrated Data Management System (IDMS). The Agency continues to work on converting applications using the relational data base management technology, known as DB2, which is consistent with the direction taken by most of the IT industry.

Board’s Assessment

Overall, the Board observed that the Agency has strong processes and protocols in place to manage IT security. While the Agency has taken prudent steps to manage the emerging relationship with Shared Services Canada, this is a significant development in the IT security environment that will require sustained attention to reach maturity. Moving forward, the Board will continue to work closely with senior management in this area over the course of the coming year.

Board’s Rating: Acceptable

Expectation (g): Information Management (Structured) - The Board must assure itself that the Agency has measures in place to appropriately manage its structured information.

Assessment Criteria

• Structured information effectively supports program delivery, planning and design
• Measures are in place to meet legislative requirements for the management of structured information
• Mechanisms are in place for governance and risk management of structured information
• Evidence of innovation

Information Considered by the Board

The structured information at the CRA is gathered from CRA operational systems and organized to support program and activity monitoring through query and reporting solutions. In terms of controls, most are built into the systems to capture and process the information and are rigorously designed to ensure that the quality of the information meets program delivery needs. The Agency's IM Strategy, adopted in 2010, included few activities related to structured information. This was primarily the result of having well established processes and practices in place to manage this type of information. However, it has been recognized that the CRA can do more on a whole-of-Agency basis, especially in relation to sharing data and solutions.

The Agency has implemented stringent controls for the capture, use and protection of taxpayer information in accordance with the applicable provisions in the program legislation. These controls include policy instruments governing information use and disclosure, standardized processes and clauses for the development of written collaborative arrangements, and an automated solution - the National Information Exchange Registry - for the tracking of information exchanges between the CRA and external clients and partners.

Oversight of the Agency's IM program, priorities and plans is provided through an IM governance structure which includes an Assistant Commissioner level steering committee and supporting Director General level committees. All committees include representation from branches with responsibilities for delivering aspects of the IM program as well as select program and corporate branches and regions. Cross-Agency participation ensures program areas have an opportunity to influence IM plans and activities. The IM governance is also supported through linkages to the Agency's corporate committees.

Board’s Assessment

The Agency’s policies and practices in IM of structured taxpayer data are mature and continue to be strengthened through a rigorous governance framework.

Board’s Rating: Strong

Expectation (h): Information Management (Unstructured) - The Board must assure itself that the Agency has measures in place to appropriately manage its unstructured information.

Assessment Criteria

• Direction and tools are provided to employees to manage unstructured information
• Management of unstructured information meets legislative requirements and supports decision-making
• Mechanisms are in place for governance and risk management of unstructured information
• Evidence of innovation

Information Considered by the Board

The IM Strategy was approved by the Agency Management Committee in 2010 and covers a three-year period, from April 1, 2010 to March 31, 2013. Given the strength of structured data, the IM strategy principally addresses the Agency’s unstructured data, particularly corporate documents and emails.

The focus areas for this period were Recordkeeping, Information Quality and Horizontality (particularly in the areas of data management and Web content management), Education and Awareness, and IM Program Alignment and Integration. The largest investments are for the Recordkeeping activities. The Strategy established six (6) objectives to be achieved during the period, three of which relate to Recordkeeping and one each to the remaining three focus areas. After one year of implementation, the CRA has made solid progress on all objectives. However, it was accepted that a fully mature IM program for unstructured corporate information at the CRA will take time.

In terms of assessing the outcomes of implemented IM initiatives to date, the majority of initiatives and activities currently underway are foundational in nature. Focus is concentrated on the planning and preparation for larger-scale changes in Agency and employee IM practices that will occur in future years.

Board’s Assessment

While results in these activities are positive, the Board concluded that it is too early to fully assess the impacts in terms of improving the management of unstructured information within the Agency. The Board agreed that the Agency has achieved some significant results in the area of IM awareness - which is the first step to changing the IM culture.

Board’s Rating: Opportunity for Improvement

• Previous page
• Next page

Date modified:

2012-09-12