Government Operations Committee on Oct. 20th, 2009

Good afternoon, Madam Chair.

Thank you for inviting us to appear before your committee to discuss the Treasury Board Secretariat’s role in providing guidance and oversight to institutions on the management of large IT projects.

Allow me to introduce myself. My name is Corinne Charette. I’m the Chief Information Officer of the Government of Canada. As you know, I am responsible for setting direction and policies and standards for Information Technology and Information Management as well as Security, Privacy and Access to Information in the government. I’ve been on the job since last May. I bring to the table over 30 years of experience in the private and public sectors.

My role includes supporting the government in its commitment to continue improving public service management and to ensure value for money for taxpayers.

With me today is Val Wutti, the executive director of the IT project review and oversight division at the Treasury Board Secretariat.

In November 2006, the Auditor General examined the management of large IT projects and issued her recommendations on the overall management of these projects. Since then, I'm pleased to say that we have acted on those recommendations. We have implemented a series of measures that strengthen our challenge and oversight functions to ensure that departments' IT projects succeed.

Before going into detail, let's discuss what constitutes an IT project. It's an important point. There are essentially two types. First, there is the kind that deals with basic infrastructure such as data centres or telecommunications networks that computer systems rely upon. Infrastructure projects usually involve the purchasing of the equipment, computers, software, other devices, and telecommunications facilities and services.

The second type of IT project is at least as complex as the first. In this type, IT is used to create a system that is going to be actively in use by any department or agency in support of their program. These projects typically change business processes or implement new legislative requirements in order to improve delivery of government programs. They support programs such as processing tax returns, issuing employment insurance cheques, protecting our borders, etc. These are application systems in support of government programs.

The Auditor General focused on this latter type of project in the 2006 report.

The Secretariat has similarly focussed on strengthening the management of these large IT projects. We are talking mainly about this type of project.

We have published a new Policy on the Management of Projects in 2007 and are progressively implementing it. We have also developed tools and guidance documents which the community is already using. These tools will help departments improve the management of their projects. The government is a very large organization with accountability for program delivery resting with deputy ministers.

The Treasury Board Policy on the Management of Projects reinforces deputy ministers’ responsibility for monitoring adherence to this policy within their organization and taking action when compliance issues arise. In the case of IT projects, each department has a delegated project authority and is only required to go to Treasury Board to seek approval for projects that are higher than that authority.

When the rollout of the new policy on the management of projects is complete in April 2011, we expect that Treasury Board ministers will see fewer projects requiring their approval. There are two reasons for this. Currently, most delegated project authorities are based on the dollar value of the project. We are moving to an approach that considers the department’s capacity to manage projects and the risk and complexity of a proposed project. Only projects that are riskier and more complex than the department’s capacity to manage them or projects that require amendments to what had previously been approved will require Treasury Board approval.

We are also challenging departments to reduce the size of their projects to help reduce the risk. Instead of having one large project that takes many years to complete, we are encouraging departments to break them up into fewer, smaller projects that deliver value for the investment faster. This will result in smaller, lower-risk projects that are more likely to be successful. This approach would also help departments make better informed decisions on the implementation of the overall project based on outcomes to date. They would also allow deputies to stop investing further if the outcomes are not satisfactory. Clearly, we are steering departments away from an all-or-nothing approach to IT projects.

Once a department has received Treasury Board approval, the secretariat expects that departments will apply the appropriate project management and oversight processes, as prescribed by the policy and related instruments. This is not to suggest that TBS takes a hands-off approach. In fact, the secretariat continues to monitor higher-risk, more complex IT projects. We have taken additional steps to guide organizations and to ensure, or contribute to, the success of their IT projects.

In particular, we have improved templates and guidance and expectations for preparing business cases and for preparing project charters and management plans. We have created an executive dashboard that highlights the five key performance indicators of a project: cost, schedule, risk, scope, and issues.

Last, we have established an independent review program to help project executives gain useful insights at key points or gates in their projects. This will allow them to make appropriate course corrections, including terminating projects if they no longer meet the expected outcomes.

The use of these products is not mandatory, but they guide deputy heads in managing the implementation and risks of their projects, within the spirit of Public Service renewal, by reducing the “web of rules”, by providing appropriate guidance and tools and by establishing clear accountabilities on management practices.

Deputy heads are accountable for ensuring that IT projects contribute to program outcomes and support the government’s objectives.

The Treasury Board continues to work closely with departments by providing the advice they need to make sound management decisions. Departments are aware of available IT project management guidance and tools. This is reinforced regularly through our meetings with the community of CIOs. Their adoption remains a departmental responsibility and decision. However, we are very pleased to see that even though the policy will be fully deployed in April 2011, many departments have anticipated it and have already taken up a lot of these practices.

In closing, in cases of higher-risk, more complex IT projects, the secretariat closely monitors progress and performance and continues to work with departments in optimizing ultimate project outcomes.

Madam Chair, this concludes my opening remarks. I would be very pleased to answer any questions.

Thank you, Madam Chair.

There are two questions: what has changed, and what are we doing differently going forward?

First, in terms of what has changed, Secure Channel was originally conceived as a project going back to roughly 1999-2000. Nine years later, 2009, many things have indeed changed, both on the technology front and the experience front, in terms of understanding of the broad IM/IT community in Canada, and in fact worldwide, in terms of IM/IT, cyber security, and so on. Within government, certainly our policies, management frameworks, and oversight have also changed.

First of all, let me say from a policy perspective that in 2007 we came out with the enhanced project management framework policy, which I think is a key step in equipping the government going forward to be more effective and a better manager of large and complex IT projects--and IT projects across government are bound to be large.

I mentioned a couple of strategies in my opening remarks, but I would stress them again. Whereas Secure Channel was targeted as one large project, going forward in our new project management framework we are stressing the segmentation of large projects into what we call a program of discrete and independent projects that can be launched, followed, and monitored independently. They can individually contribute benefits that can be followed, if successful, by different projects that can continue to build on their initial success and continue to refine, expand, or roll out the solution further. So that's an important step forward.

Over the last 10 years, I think projects have become very large for many reasons, and this is true with my experience in the private sector as well in government. The demand for IM/IT is quite strong. Departments, in fact all organizations, rely on services, so there is always a requirement for more automated support. Nevertheless, it is the challenge of the IM/IT organizations across government, and Treasury Board is working actively with them to properly segment these programs into manageable projects. Each one will come up with a business case that will allow for the evaluation of success. Clear project charters on these individual projects will indicate roles, responsibilities, and the governance that the departments and their deputies are going to exercise. As well, project gating stages at regular intervals will report on status, success, or any issues that might arise and allow for corrective action, including such things as bringing in independent project reviewers to get a different heads-up and so on.

The project management framework has gone a long way to help, and I think will, over the next number of years, contribute significantly to improving project outcomes. That is the number one element that we are proposing to do differently.

In terms of general guidance to the community of CIOs that I have provided and will continue to provide going forward, we are being very careful not to be too ambitious with unproven approaches. We are pushing the community to work initially with smaller projects that can pilot outcomes. Once these approaches are tested, then we can build sound business cases that reflect better cost because a pilot has come back with some results, and we can better plan for future rollouts given that it's not as abstract a problem.

Certainly our guidance is to decompose programs into projects, pilot approaches, to conduct rigorous business cases, monitor a lot more closely and regularly, and in this way improve outcomes.

Certainly. We are working very hard to avoid, if not eliminate, being in such situations.

We don't want projects that are larger than necessary. For a number of reasons, some projects are large. The key is to know when a project can be broken up into phases that generate profit. There are sometimes more opportunities to do that in one program than in others.

An initial project is the pilot project. If a new and unproved approach is being tested, before committing the government to a major investment, clearly, in some approaches, particularly for information technologies, the technology and the products change month by month, if not day by day.

Since the project started, in 1999 or 2000, these are pretty up to date figures that reflect the cost of development, the prototype phase that took place right at the beginning, and the costs of using the service from 2004 to the end of 2009.

In the history of Secure Channel, the Voie de communication protégée, business cases have been prepared. In her comments, the Auditor General says that they were not exhaustive enough. The purpose of the new policy is to strengthen current and future analyses. Certainly the direction that is supported in all departments and agencies is to prepare business cases according to the most complete and most widely used standards.

No, excuse me, I expressed myself badly. We have a template, tools that now lay out the suggested, recommended way of preparing business cases. Yes, the new policy includes those tools, and they have been created and are available.

I don't think, I know that for the use of the existing service we have the costs of the existing services as they have been used since 2006, absolutely. We know how the money is allocated among the departments and agencies, and the support they are given.

Madam Chair, that's an excellent suggestion. Yes, we have a template and we'd be more than happy to submit it. Absolutely.