Presentation to ISACA Ottawa Valley Chapter Richard Brisebois, Principal November 9, 2010.

Slides:



Advertisements
Similar presentations
Building blocks for adopting Performance Budgeting in Canada Bruce Stacey – Executive Director Results Based Management Treasury Board Secretariat, Canada.
Advertisements

Course: e-Governance Project Lifecycle Day 1
CFO Model December 2007 Bill Matthews A/Executive Director Government Accounting and Policy Office of the Comptroller General.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept
Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.
Evaluation in the Government of Canada
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
“Partnering to Make IT Happen” Welcome to the EMF Symposium February 23, 1999 Enhancing Alignment of IM/IT with Business Chief Information Officer Branch.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.
IS Audit Function Knowledge
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of the Auditor General of Canada The State of Program Evaluation in the Canadian Federal Government Glenn Wheeler Director, Results Measurement.
The CPA Profession Chapter 2.
Resource Allocation in Canada Evaluation, Accountability and Control Brian Pagan Expenditure Operations and Estimates Treasury Board of Canada Secretariat.
Trinidad & Tobago Corporate Governance Code 2013
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
The Role of Central Agencies
C OMMISSIONER OF THE E NVIRONMENT AND S USTAINABLE D EVELOPMENT T ACKLING C LIMATE C HANGE AT H OME AND A BROAD – F ROM AN A UDITOR ’ S P ERSPECTIVE CCIC-CAIDP.
Welcome to the Board! (and did we mention your Fiduciary Responsibility?)
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
DAS: State Controller's Division1January 2010 Department of Administrative Services State Controller’s Division Updated January, 2010.
When surviving is not enough: Positioning your library to thrive in a commercial context. Australian Government Solicitor Library and Knowledge Services.
Internal Control in a Financial Statement Audit
Certificate IV in Project Management Introduction to Project Management Course Number Qualification Code BSB41507.
City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
Board of Directors and Governance
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Expenditure Management Information System GTEC October 2004 emis RDIMS
Office of the Auditor General of Canada Auditing Transfer Payment Programs Office of the Auditor General of Canada Ronnie Campbell, CMA Assistant Auditor.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Reallocation in the budget process Strategic Reviews around the world Cutting Tools: How to Cut Risks, consequences, sustainability Practical Considerations.
Findings by the Auditor General of Canada on: Information Technology Security in the Federal Government 6th Privacy & Security Workshop Toronto, November.
1 PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE OVERVIEW OF THE NDPW PRESENTED BY THE TOP MANAGEMENT COMMITTEE 26 MAY 2004.
Title of Presentation in Verdana Bold Managing the Government Agenda Priorities and Planning Presentation Canada School of Public Service August 1, 2007.
Kathy Corbiere Service Delivery and Performance Commission
1 Developing Management Capacity, HR Planning and Learning for the S&T Community Lynne McHale Presented at CSPS and PSHRMAC Conference February 17, 2006.
Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”
Audit of predetermined objectives PFMA Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the.
Regulation Inside Government: Reducing Administrative Burden Issues and Approaches Case Study: Canada OECD Workshop Mexico City – March 14-15, 2006 Gilles.
Chapter 8 Auditing in an E-commerce Environment
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Performance Budgeting in the Government of Canada: Transitioning from Surplus to Deficit Reduction Presented to: The Peterson-Pew Commission's International.
UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.
Real Property Branch December Real Property - History Key Facts & Figures Main Activities Current Challenges Strategic Priorities Real Property.
RESOURCES AND CORPORATE DEVELOPMENT SCRUTINY COMMITTEE Tuesday 17 th June 2003 RESOURCES DIRECTORATE Julie Alderson Executive Director Resources.
Shared Services and Third Party Assurance: Panel May 19, 2016.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Key to an Effective Red Book Shop JUAN R PEREZ, CHIEF OF AUDITS COUNTY OF SAN DIEGO MARCH 9, 2016.
Illinois Office of the Comptroller Financial Training Workshop 2016.
Cowlitz County, WA Accounting Function Review
Session objectives After completing this session you will:
UIF ANNUAL REPORT PRESENTATION FOR 2004/05
The Role of Departments in the Implementation of the Government Agenda Concepts and Realities FMI Professional Development Day - June 7, 2016.
UIF ANNUAL REPORT 2005/06 PRESENTATION TO THE PORTFOLIO COMMITTEE
IT Professional Perspective IT Strategy, Policy and Governance
OFFICE OF THE AUDITOR GENERAL, NEPAL
Welcome from the GWAFP and MAAFP
Overview of the Machinery of Government
WHAT TO EXPECT: A CROWN CORPORATION’S GUIDE TO A SPECIAL EXAMINATION
Briefing to the Portfolio Committee on Police Audit outcomes of the Police portfolio for the financial year 13 October 2015.
Presentation transcript:

Presentation to ISACA Ottawa Valley Chapter Richard Brisebois, Principal November 9, 2010

Agenda Background about the OAG Audit objective Scope of the audit CIO Survey results Main findings 1

Mandate The Auditor General Act sets out the duties of the Auditor General and the Commissioner of the Environment and Sustainable Development as they relate to auditing and monitoring of federal departments and agencies. 2

Work of the the OAG – Four product Lines v Attest audit of financial statements - Government of Canada (Public Accounts) v Attest audits of financial statements - Crowns v Performance audits - departments and agencies v Special examinations – Crowns 3

Budget and People Main estimates $85.1 Million Approximately 635 people (FTE) Approximately half of professional staff comprise accountants Other professional staff include: - - Engineers - Scientists - Sociologists - Economists - Lawyers - Geologists - Other professionals Approximately 200 people in the Audit Services Group 4

Objective of the Aging IT performance audit To determine whether selected government entities had adequately identified and were managing the risks related to aging IT systems 5

6

Scope and approach Examined the Chief Information Officer Branch of TBS Reviewed five organizations  Canada Revenue Agency  Public Works and Government Services Canada  Human Resources and Skills Development Canada  Royal Canadian Mounted Police  Citizenship and Immigration Canada Reviewed three critical systems  HRSDC - Employment Insurance Program  CRA - Personal Income Tax (T1)  PWGSC – Standard Payment System Conducted a CIO Survey 7

Definition of Aging IT Systems “Aging information technology (IT) systems refers not only to a system’s age in years but also to issues that affect its sustainability over the long term, such as the availability of software and hardware support and of people with the necessary knowledge and skills to service these systems. The term also relates to a system’s ability to adequately support changing business needs or emerging technologies, such as 24/7 online availability.” 8

Major Factors Driving the Modernization of Aging IT Systems Skills shortage Vendor support Regulatory compliance Maintenance costs Access to data Meeting client expectations Security Green IT initiatives Disaster recovery 9

CIO Survey 40 government entities included in the Treasury Board of Canada Secretariat's Chief Information Officer Council 10

Audit Findings – Departments and Agencies Organizations have all identified significant risks related to aging IT systems Aging IT risk management need improvement Monitoring of aging IT risks is incomplete Departmental investment plans need to be supported by a funding strategy 11

Organizations Assessed against Key Criteria 12

Organizations have all identified significant risks related to aging IT systems All five entities audited considered Aging IT as a significant risk Five of the six entities included it in their corporate risk profiles They stated that if these risks are not addressed in a timely manner, they may not have the capacity to meet current and future business needs 13

Aging IT risk management need improvement CRA and RCMP have both completed departmental multi-year investment plan that defines and prioritizes ongoing and future investments HRSDC has a Long—Term Capital Plan but projects are not prioritized and a portfolio view is missing PWGSC and CIC are further behind and don’t have a departmental multi-year investment plan or a portfolio view 14

Monitoring of aging IT risks is incomplete Only CRA fully met this criteria  CRA Management Committee and Resource Investment Management Committee review all risks and investments projects regularly  There is an action plan for each risk that outlines specific strategies, key activities, deliverables and timelines 15

Departmental investment plans need to be supported by a funding strategy Significant funding is likely to be needed across government to renew aging systems The shortfall is estimated at a total of $2 billion in three entities 16

Audit Findings TBS-CIOB Chief Information Officer Branch CIOB is aware that aging of IT systems is an issue The aging of IT system has not formally identified as an area of importance for the government There is a need to formulate IT strategic directions or a plan to address these issues on a government-wide level. 17

Recommendation – Risk Management Departments should use a department-wide portfolio management approach to ensure that they focus on current and planned IT investments that best contribute to meeting their business objectives, with an acceptable degree of risk and at a reasonable cost. Departments should develop a multi-year IT investment plan that presents a balanced mix of mandatory, sustaining, and discretionary investments that they require to both sustain existing systems and to improve service delivery. 18

Recommendation – Risk Monitoring Departments should develop an action plan for each significant aging IT risk. The plans should include specific strategies, key activities, deliverables, and timelines to manage these risks. These entities should report progress regularly to senior management. 19

Recommendation – Funding Strategy Departments should identify an appropriate funding strategy. The funding strategy should present investment options, or scenarios that take into account what source of funding would most likely be available in the five-year planning period. 20

Recommendation - TBS The Chief Information Officer Branch (CIOB) of the Treasury Board of Canada Secretariat should exercise its central leadership role by collecting and analyzing relevant information to assess the state of aging IT systems across government. The CIOB should prepare a report on its assessment and the related cost estimates for the government as a whole. In consultation with deputy heads, it should also develop a plan that will set the IT strategic directions for the government to mitigate risks associated with aging IT systems on a sustainable basis. 21

Questions/Thank You Richard Brisebois, CGA, CISA Office of the Auditor General of Canada Tel: (613) Fax: (613) Sparks Street Ottawa, Ontario, Canada K1A 0G6 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.