Corporate Management and Direction

Expected Result - Demonstrate excellence in the provision of internal services

Deliver high standards of IT systems availability, reliability and sustainability

In support of program delivery, in 2004-2005, our IT function implemented numerous releases for tax, benefits, customs, appeals and charities systems. Once again, high levels of availability were achieved, meeting service level targets for the multiple national systems critical to the delivery of services to the Canadian public.

An asset management plan is now in place to provide for the ongoing renewal of our distributed infrastructure.

In 2004-2005, we received a Government Technology Exhibition and Conference (GTEC) gold medal for the Service Availability Improvements project. Other GTEC gold medals for IT excellence included the Collaborative Senior Portal and the Secure Channel Project.

Meet current and future business needs using appropriate IT solutions

Our IT function continues to support more than 300 applications that are critical to the delivery of services to Canadians. For example, the IT function undertook the following:

• started the implementation of the Managed Distributed Environment to reduce the number of computing assets requiring maintenance;
• supported a computing environment in more than 450 staffed CRA and CBSA locations, including data centres processing 1.7 million transactions per hour, seven mainframe computers, and approximately 2,000 servers for some 54,000 employees (including the CBSA);
• provided systems security protection and responded to security events;
• implemented the self-service functionality within the Corporate Administrative System (CAS); and
• prepared the preliminary infrastructure for a corporate decision-support solution, the Agency Data Warehouse--a key component of our collections and compliance business transformation visions.

Enhance internal service standards for client-focused service

Internal service standards are used to assist senior management in managing our business with more precision. In 2004-2005, our finance and administration function developed and published a suite of national internal service and operational standards for several key areas, including accounts payable, contracting, forms, personnel security screening and travel claims processing. Meanwhile, our legal services function acknowledged most requests for legal opinion within two days. Work is still required, however, to develop service standards for other key internal service delivery areas. Many internal service standards and targets are included in our Performance Measurement Program System. Quarterly reporting against service standards facilitates improved CRA business management.

Protect confidentiality of client information, and strengthen key security policies and practices

The success of the CRA's relationship with Canadians is based to a considerable extent on trust. We believe that confidentiality, respect, honesty and fairness are key factors in maintaining that trust. Our annual survey for 2004 ¹ (see Figure 38) found that 81% of Canadians agreed that “the information that Canadians provide to the CRA is treated confidentially.”

Figure 38 The CRA Maintains Public Trust

The CRA takes very seriously its obligations to protect taxpayer confidentiality and makes every effort to safeguard the security and confidentiality of client information. We work with lead agencies within the Government of Canada, specifically the RCMP and the Communications Security Establishment.

The CRA recognizes that maintaining the security of our facilities and our information systems is an ongoing process. In 2004-2005, we revised many aspects of our security program in order to further enhance the protection of our facilities and information systems. For example, we revised our policies governing physical and information security. As part of the National Facilities Security Review, we rated the security of our facilities against a risk assessment scorecard. The results were published in a report, which concluded that 136 of our 139 facilities were “satisfactory in most respects” or above. Based on this review, the CRA invested $1.5 million in significant upgrades to facilities security including closed circuit television technology, exterior motion sensing, access card upgrades, and strengthening to doors, windows and fencing, as well as other safeguard measures.

In 2004-2005, the number of break-ins to CRA premises declined significantly from the previous year. We believe that at no time was client information jeopardized.

To protect against external and internal threats to our systems, the CRA launched an IT security modernization program to examine and update electronic security capabilities. Work is underway in such domains as encryption, intrusion defence, public key infrastructure, and consolidated user administration. As well, the Privileged User Risk Management program and standard was introduced in 2004-2005 to improve access controls to CRA information systems and limit or reduce the risks associated with privileged user accounts. To determine and react to vulnerabilities, we conduct Threat and Risk Assessments on all of our line of business applications. As a result of conducting over 225 of these assessments in 2004-2005, we believe our security measures safeguard the confidentiality of client information, though the need to enhance security never ends.

In February 2005, the Office of the Auditor General issued an audit report, entitled “Managing Government: Financial Information”, which examined internal financial control systems. In this report, the Auditor General expressed concerns about the CRA's financial systems controls and identified some weaknesses. In response to the Auditor General's concerns, we developed Agency-wide system access profile catalogues and conducted a review of how system access profiles are administered. Plans were made for the development of position-based employee system access, with implementation in 2005-2006. Many other safeguards are in place to ensure that client information is protected.

A comprehensive Security Training and Awareness Program Strategy was implemented to increase employee awareness and knowledge of security issues and policies, with over 9,000 employees receiving training last year. In addition, we developed emergency communications guidelines.

The CRA believes that confidentiality of client information is well protected across the Agency, however, we continue to work to further enhance our facilities and systems in order to protect the confidentiality of client information.

Respond to requests for information within legislated time requirements

The CRA demonstrated its transparency to Canadians by complying with the Access to Information Act. The Information Commissioner of Canada's annual review gave the CRA an “A” grade. This exceeded our internal performance target, and marked an improvement from the “B” grade received last year. We were awarded the highest attainable grade, signifying ideal compliance.

From 2004 to 2005, we experienced an increase of approximately 12% in the number of Access to Information Act requests and approximately 7% in the number of Privacy Act requests received. This year, we responded to about 94% of access to information requests and about 92% of privacy requests within the timeframes required by the two Acts. Overall, we exceeded our 90% internal performance target.

¹ See footnote on page 28 for further information regarding the CRA's Annual Survey.

Date modified:

2005-10-26