Thank you, Mr. Chair.
We thank you for this opportunity to discuss the results of our audit of aging information technology systems. As you mentioned, I am joined today by Nancy Cheng, Assistant Auditor General, who is responsible for this audit.
The federal government relies on information technology systems to deliver programs and services to Canadians. Many of these systems are aging and several are at risk of breaking down. While systems are currently working, a breakdown could have severe consequences. At worst, some government programs and services could no longer be delivered to Canadians. The renewal and modernization of IT systems can take many years as well as significant investments that must be planned and budgeted for over the long term.
As part of this audit we looked at five government entities with the largest information technology expenditures to determine whether they have adequately identified and managed the risks related to aging IT systems. The audit also examined whether the Chief Information Officer Branch of the Treasury Board of Canada Secretariat has determined if aging information technology systems is an area of importance to the government as a whole and the extent to which it has provided direction or leadership in developing government-wide responses to address the related risks.
We looked at three major systems that deliver essential services to Canadians—the employment insurance program, the personal income tax and benefits return administration system, and the standard payment system. We also surveyed 40 chief information officers of departments and agencies in the federal government that accounted for more than 95% of spending on information technology. The survey of CIOs indicated that aging information technology was a significant risk.
The five organizations we audited have all identified aging IT systems as a major risk. They have taken some steps but most of them have not gone far enough to manage that risk. Organizations need to manage their IT systems as a portfolio and prioritize investment projects according to risk and impact on program delivery. They also need to prepare a multi-year investment plan and a funding strategy to meet the investment requirements.
The funding requirements to address aging IT risks can be significant. Three of the five organizations that have developed multi-year investments plans, that being the Canada Revenue Agency, HRSDC, and the RCMP, have identified significant shortfalls in the funding available to modernize their critical information systems and technology infrastructure. These organizations alone have estimated the funding shortfall at $2 billion.
We found that the chief information officer branch of the Treasury Board of Canada Secretariat has been aware that aging IT poses significant government-wide risks for over a decade; however, it has not formally identified the issue as an area of importance for the government. Furthermore, it has not established or implemented government-wide strategic directions to address the issue. We recommended that the chief information officer prepare a report on the state of aging IT systems across government and develop a plan to address it.
Mr. Chair, PWGSC and HRSDC have shared with us a copy of their management action plan. If fully implemented, these plans should address the concerns that we raised in our report. As well, the committee may wish to ask the chief information officer what she intends to do about this issue.
Mr. Chair, this concludes my opening remarks. We would be pleased to answer any questions that committee members may have.
Thank you.