Public Accounts Committee on March 10th, 2016

Thank you.

Mr. Chair, thank you for this opportunity to discuss our fall 2015 report on information technology shared services. Joining me at the table is Martin Dompierre, the principal who was responsible for the audit.

This audit examined whether Shared Services Canada had made progress in implementing key elements of its transformation plan and maintained the operations of existing services.

Specifically, the audit focused on Shared Services Canada's objectives of improving services, enhancing IT security and generating savings.

We also looked at how the Treasury Board of Canada Secretariat assisted and provided governance and leadership on the strategic vision for Shared Services Canada and how it fits into the government IT landscape.

As part of the audit, we consulted seven federal government departments and agencies to get an understanding of how they viewed their collaboration with Shared Services Canada.

Our 2010 audit report on aging information technology systems indicated that the federal government infrastructure was aging and at risk of breaking down. In turn, this could affect the government's ability to deliver some essential services to Canadians. The report recommended that a plan be developed for the government as a whole to mitigate risks associated with aging IT systems on a sustainable basis.

In August 2011, the government announced the creation of Shared Services Canada as a new department to manage and transform the IT infrastructure of 43 individual departments, including servers, data centres, human resources, and IT budgets. The IT infrastructure included 485 data centres, 50 networks, and about 23,400 services.

In 2013, Shared Services Canada developed a seven-year transformation plan to consolidate, standardize, and modernize the Government of Canada email, data centres, and network services. Shared Services Canada committed to maintain and improve the level of IT services and security during the transformation.

Overall, we found that there were weaknesses in Shared Services Canada's implementation of government IT shared services to date, specifically in managing service expectations with its partners and in measuring and tracking progress on transformation initiatives and savings.

For example, we found that Shared Services Canada did not set clear and concrete expectations with its partner departments in providing IT infrastructure service to support their services and applications. As a result, it could not show if and how it was maintaining or improving services.

This finding is important because Shared Services Canada needs to understand whether its services meet its partners' needs. As the recipients of these services, Shared Services Canada's partner departments need to have confidence that the levels of IT service they receive from Shared Services Canada adequately support their ability to deliver services to Canadians.

In addition, we found that Shared Services Canada rarely established expectations or provided sufficient information to partners on core elements of security. This is important, because Shared Services Canada plays an important role in implementing Government of Canada security policies, directives, standards, and guidelines to ensure the security of government IT shared services. As the government's IT infrastructure service provider, it's important that the department collaborate with partners to manage security threats, risks, and incidents to help protect the government's critical IT-related assets, information, and services.

Finally, we found that Shared Services Canada did not have consistent financial practices to accurately demonstrate that it was generating savings. For example, there was no standard costing methodology in place to determine savings, and there were incomplete baselines to measure total savings generated. This finding matters, because Shared Services Canada spends about $1.9 billion each year to deliver IT services to partners, invest in projects, and fund its operations.

As this audit is a mid-transition review of the department's progress in implementing key elements of the government's IT transformation, our recommendations provide concrete opportunities to look at what has been done so far and to identify needed adjustments. Our report makes eight recommendations to Shared Services Canada and one to the Treasury Board of Canada Secretariat. Both entities have agreed with our recommendations.

Mr. Chair, this concludes my opening remarks. We would be pleased to answer any questions the committee may have.

Thank you.

Thank you, Mr. Chair.

Good afternoon.

I am Ron Parker. I was appointed president of Shared Services Canada in July 2015.

I am accompanied today by my colleagues John Glowacki, chief operating officer, and Manon Fillion, director general of finance, to discuss the Auditor General's report that was tabled in Parliament on February 2 and to take your questions and comments.

But first, I would like to briefly outline SSC's history and mandate.

SSC was created to modernize information technology infrastructure services to ensure a secure and reliable platform for the delivery of digital services to Canadians.

This followed, as Mr. Ferguson noted, the Auditor General's report of 2010, which drew attention to the aging systems of the Government of Canada and the risk those systems were of breaking down and jeopardizing services to Canadians. Shared Services was created to standardize, consolidate, and re-engineer the federal IT infrastructure into a single shared IT enterprise. The department aims to deliver one email system; consolidated data centres; a reliable and secure telecommunications network; and 24-7-365 protection against cyber threats across the 43 departments, 50 siloed networks, some 400 data centres, and 23,000 servers.

This year the Auditor General has noted limited progress in the key elements of Shared Services Canada's transformation program. This report recommends that the department develop a strategy to meet partner legacy and transformation service needs; develop agreements with partners setting out service expectations and reporting commitments; provide partners with more information on IT security, protocols, guidelines, and standards; and prioritize, allocate, and report on funding commitments and realized savings.

Shared Services Canada accepts these findings. They are timely, and they echo the feedback I have received from partners, stakeholders and staff.

In fact, the department has made tangible progress on each of the recommendations. That said, some aspects of the AG's report deserve comment.

Shared Services Canada's service management strategy has already been finalized and shared with our partners. We've established service level expectations in five priority areas: email, mobile devices, video conferencing, application hosting, and the Government of Canada-wide area network services. Service level expectations cover such areas as service hours, service availability, and the time to restore services.

Regarding the email transformation initiative, the challenges in migrating email systems vary by department. Readiness to migrate also varies by department. As such, the costs of migration differ by department, and additional costs may be incurred. Migrations were also put on hold in November 2015 while the vendor addressed the system's stability and capacity issues.

Finally, regarding security, as noted in the Auditor General's report, it's important to remark that the Auditor General did not test the effectiveness of our security controls. Rather, as he's just said, he focused on the communications with partners and whether security's roles and responsibilities were adequately documented.

SSC's transformation plan represents an unprecedented exercise in orchestration and synchronization. As we move forward, we are placing increased emphasis on client service, sound financial management and ensuring accountability.

We also face some challenges.

At the enterprise level, work is proceeding more slowly than anticipated. The complexity of the challenges has caused some delays, and some procurements are taking longer than planned. In addition, the capacity of industry to meet our requirements varies, and we have important funding pressures arising, in part, from stronger than forecast demand growth.

To address these issues, we are focusing on a three-pronged approach.

First, our staff are our priority. They are our strongest asset. Their support, commitment, and drive are a very precious commodity, like gold. I want to recognize the Herculean work to remake the delivery of IT infrastructure services supporting all types of services to Canadians. They should be very proud.

First, at Shared Services Canada, service excellence is part of the DNA of our staff, and we must make it easier for people to deliver the services through providing new tools, new processes. This, of course, is a major concern for our customers as well. Improving customer satisfaction is key to Shared Services' success, and is key, at the same time, to improving staff morale. We will strengthen service delivery through new service strategies and the standardization of processes.

Second, the department will update the transformation plan in fall 2016, with the participation of Shared Services Canada's employees, customer organizations, central agencies, and outside experts. We want a conversation about the scope, pace of implementation initiatives, and the cost of the plan, while ensuring that the legacy systems continue to deliver programs and services to Canadians.

Third, we recognize that some legacy infrastructure will remain operational longer than we'd originally anticipated. We will therefore continue to reinforce the legacy infrastructure to prevent outages in the delivery of services to Canadians.

In conclusion, I want to stress that since its creation, Shared Services Canada has made progress in modernizing government-wide IT systems.

We are moving forward with renewed vigour, while absorbing the lessons learned over the last four years, along with the recommendations for ongoing audit and evaluation work.

Ultimately, the IT services SSC provides are an integral part of a vision of a 21st century public service. They complement the Government of Canada's commitment to improve digital services to all Canadians.

Thank you.

Thank you, Mr. Chair. I'm pleased to be here to speak about the role of the chief information officer branch in providing governance and strategic leadership for the transformation of government IT services.

With me today is Jennifer Dawson, deputy chief information officer, who will help me respond to any questions.

The role of the chief information officer branch in the Treasury Board Secretariat is to provide strategic leadership and policy direction for information technology, information management and cyber security.

We do this with guidance from departmental deputy heads and input from chief information officers as well as other stakeholders. The Auditor General, during his review of the information technology of Shared Services, said it is important that SSC have more support in the form of strategic guidance from TBS to help it achieve its mandate.

He recommended that the Treasury Board Secretariat, Chief Information Officer Branch put into effect an IT strategic plan for the Government of Canada.

Mr. Chair, we agree with the recommendation and have committed to completing an IT strategic plan by March 31, 2016.

We've also promised to help departments and agencies implement the plan. Accordingly, we have fully reviewed business and technology trends, as well as industry best practices, to determine what changes are needed as a result of advances in information technology, the experience of other jurisdictions, and recent operational developments within the Government of Canada.

As part of our review, the chief information officer branch has consulted broadly with the government's IT community to understand their service and technology needs.

We have also consulted with our internal policy centres to ensure that the IT strategic plan meets Canadians' expectations for the security of information. Our consultations are now complete, and we are on our way to having the strategic plan completed by the end of the month. Following this, TBS will ensure approval of the plan.

This plan will provide a strategic vision for IT in the Government of Canada. It will give SSC and other departments direction and priorities for enhancing IT management, security and service delivery. It will also help the broader government IT community, as they develop and coordinate their own plans and activities.

Going forward, TBS will help departments and agencies implement a strategic plan by providing communications, guidance, and oversight.

Mr. Chair, as you can see, much work has been done to address the Auditor General's recommendations. We will continue to work with Shared Services Canada to provide governance and strategic leadership to help it achieve its mandate.

Thank you for your time today. I would be pleased to answer any questions from the committee.

The plan will be completed in the written format by March 31. After that we will be seeking approval for it.

The secretary of the Treasury Board will be approving the plan.

The plan will help set priorities. First of all, it will establish and list what the priorities are. For example, the priorities are enterprise systems we want to develop for the Government of Canada. Having said that, and articulated that in the plan, there's an example of where going forward we have governance committees that will ensure the priorities are being met and worked on by Shared Services Canada. It's in that context that it will help Shared Services Canada.