Public Accounts Committee on June 1st, 2010

Thank you, Mr. Chair.

Certainly, at CIOB we have in fact been aware of this issue and working on it over the last ten years in a variety of ways, and certainly, over the last year that I've been in my role, with a more sustained focus on a number of different facets.

What we have not done, and I do agree with the OAG's report, is that we have not yet come up with an aggregated view of this issue from a pan-government or pan-Canadian--

We work with the different CIOs and different departments constantly and continuously on many different issues. We do have a view of many different pressures, in both infrastructure and applications across the community...and a number of strategies to implement that. In fact, over the last three years we've been working through the MAF process to reinforce the necessity for the CIO in each department to have IT investment plans in accordance with the government policy on investment planning. In fact, in the last round of MAF, we specifically asked them to identify aging IT as a pressure.

What we have not yet done is we have not yet aggregated specifically the inventory of mission-critical systems across the government; prioritized them in some format; and/or aggregated the total investment that might be required once we really normalize what people mean by mission-critical, whether they are in fact key priorities of every department. That will take some time. It will take the time that we need to consult with the community, agree on what is a priority individually by department within their portfolios, and bring that back.

Well, Chair, we certainly would have expected, given the risks involved with aging IT across government, that there would have been a central location--the CIO branch is clearly the one that was indicated to have a government-wide strategy--and that they would have assessed what the priorities would be, what the coming funding pressures would be.

If we talk as well about changing systems to become more efficient, we can get into perhaps a long debate about this, but I really think there has to be some central direction given on that to departments, not leaving all the departments to do as they wish.

We clearly, based upon the responsibilities that have been set out for the chief information officer branch, would have expected that overall strategy and that information to be available.

It's $5 billion.

Thank you, Mr. Chair.

The $120 million expended over three years was to actually address some of the more critical infrastructure areas of the EI system. I think the $2 billion--you're right--is an aggregate of what's required for three departments to actually upgrade and refresh the infrastructure across the board. We have approximately $524 million of that identified for our department.

So I didn't think it was...I was not trying to brag; I was just trying to say that we have been demonstrating that we have an awareness that this needs to be done and that we have segregated funds to actually work on the improvement of our infrastructure environment. It was more to demonstrate that this was a known requirement within our department, that we were taking it very seriously, and that we have taken methodical steps to address the infrastructure issue.

Thank you, Chair.

Each department...and I'll perhaps mention CRA, because I think we noted in the report that they do this in quite a rigorous fashion. They go through and identify all of the improvements or changes that they think will be required over the next while; I think it's a five-year plan that CRA has, five- or ten-year plan. Then they go through a prioritization to see which ones are critical to the continued sustainability of their systems.

It's really a way to prioritize and to accord importance to the various changes that they see in their investment plan.

Thank you, Mr. Chair.

I will start, and then I will ask my colleague Ms. Charette to pick up.

One of the key elements that has been mentioned, and that Ms. Fraser has also mentioned, is that we have been working with departments to ensure that they do have investment plans. We may not have a list right now of all the mission-critical systems across the government, because there are currently very varying definitions of what is a mission-critical system. Each organization does really have the responsibility to do its own investment plan, and I think the Auditor General has just recognized that by saying that CRA has a very good planning process and priorities. HRSDC--each one of these organizations has to have their own plan, because they have a responsibility to deliver on their mandates and their priorities.

What we have not done is come up with a common set of definitions as to what is mission-critical. Can we start looking at them across the Government of Canada? That is what we are endeavouring to do and have committed to do. We have looked, obviously, at what are some of the key priorities per department, per mandate, and have been working very actively with those organizations when those mission-critical systems are identified.

So I do not want to leave the committee with the impression that we have not done anything, that we don't have a sense of what the risks are. But what we have been asked to do and what we have agreed to do is to come forward with a more systematized, coordinated approach, where the definitions are shared and where in fact we can look at what the overall picture is.

It is, and will still remain, the responsibility of each organization to do their investment planning and to do their portfolio management, because they are ultimately responsible for the delivery of their services.

I'll ask Ms. Charette to just pick up on the process we will then be following to make sure that we respond to the Auditor General's report.

Thank you, Secretary.

In fact, we will be launching very soon our work in order to develop the report, and the action plan, and the strategy that the OAG has asked us to move forward with and that we do agree is necessary. Between the period of June and December, we will be in fact conducting our own comprehensive survey of the departments across the federal government to make sure that we do get a complete inventory of mission-critical systems that is consistent to common definitions and that identifies the risks and the priorities that these departments believe these mission-critical systems are to them.

That will take us over the next six months. In December, we will then start to basically standardize and aggregate those findings so that by April we can come up with a really thorough and easy-to-understand government-wide assessment of what is mission-critical, how many are out there, what would be the overall investment required to address these, and how might we attack priorities given a situation where investment may well exceed the funds of any one department. We will be looking at that very carefully.

Then, for the next year, we will work with our CIOs across departments, who will be working with their own business stakeholders, to work out really what are the government-wide priorities that we can agree on and to focus in on what really has to be renewed, what can be consolidated or replaced, what can be sunsetted--because programs do evolve--so that by December 2011 we should have fundamentally finished our analysis, and we intend to wrap that up with a report on our recommended direction and our guidance to departments by April 2012.

I would also add that even though we have not come up with an aggregate view of certain, if you will, high-risk infrastructure, we have been working very closely with Public Works over the last eight months on a data centre strategy that involves really addressing the risk of this fundamental infrastructure across the government. We've in fact a mid-term strategy for data centres that looks at some of the more pressing data centre risks across the government, and we have a more long-term study under way, which will in fact be completed by the end of the calendar year, that will identify just what we can do moving forward on this fundamental infrastructure. We're also working with a number of other departments on different efforts on other, if you will, back-office systems and pressures, and we continue to work with departments in helping them adopt our policies so that they may assess the risk of their operational systems.

Thank you for that question.

We've looked at it from a portfolio perspective to ensure that we understand where the priorities lie and how we may address them. Although we've identified a $620-million spend, we know that we can prioritize that to the more pressing needs. We've been recognized for the portfolio approach, and we've taken measures to ensure that supporting technology is understood by the senior management of the RCMP and is factored into their planning and prioritization process.

If I may, Mr. Chair, we did not want the intent of putting forward the funding request to be the responsibility of the Treasury Board Secretariat, because the funding requests and the accountabilities for the expenditure of those funds do rest with each organization and the minister responsible for that. That's what we meant by that.

We can give direction, we are giving direction, and we are working with organizations. But on the specific requests for funding, for example, we worked very closely with the renewal of the pension systems that are with Public Works and Government Services, National Defence, and the RCMP. We as a secretariat worked very closely with those organizations to ensure that there was a coordinated approach, a common platform, and we did not end up with three disparate systems that could not communicate with each other.

We did that, but their specific requests for funding were each put forward by the respective ministers, because the delivery of those initiatives rests with those respective organizations. That's all we meant by that. We did not carry the funding requests, nor do we intend to carry those funding requests. We help shape, coordinate, and support. We play our challenge function and make sure that the funding requests are reasonable and the priorities are clear, but we do not carry the responsibility for taking those requests and for receiving the funds.

So that's all we meant by that. There is a divided responsibility, for obvious reasons, for the accountability for the expenditure of funds.

I am of the view that deputy heads, Mr. Chair, are in fact well aware of the management of their responsibilities. They have, as you've seen, investment plans--