This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.
Response of Library and Archives Canada to the Round VI Management Accountability Framework Action Plan 2009-2010
The Government of Canada expectations for stewardship are to ensure that every institution has a "departmental control regime (assets, money, people, services, etc.)" that is "integrated and effective," and that its "underlying principles are clear to all staff."
Stewardship includes a large number of administrative, control and institutional planning functions. LAC undertakes to institute the required tools and mechanisms that will help it engage in integrated resource management and achieve the best possible outcomes. The institution will also ensure that sound management is taken up by all employees.
TBS uses no fewer than eight indicators to assess LAC's performance on stewardship. LAC's evaluation highlights excellence in efficient procurement, which benefits from a governance structure and a wide array of proactive measures aimed at improving its operational efficiency. Yet TBS recommends that LAC continue to improve descriptions of LAC's functions, programs, activities and information holdings, with finalizing investment plans and periodic independent reviews of management's financial practices. LAC should also be compliant with the Policy on Internal Audit.
|12. Effectiveness of information management||Acceptable
|13. Effectiveness of information technology management||Acceptable
|14. Effectiveness of asset management||Opportunity for improvement
|15. Effective project management||Acceptable
|16. Effective procurement||Strong
|17. Effectiveness of financial management and control||Opportunity for improvement
|18. Effectiveness of internal audit function||Opportunity for improvement
|19. Effective management of security and business continuity||Strong
Effectiveness of Information Management
LAC's internal information management (IM) function is in a unique position to adopt the outputs of the ADM Task Force on Recordkeeping initiatives. LAC should:
- Integrate IM requirements into planning, approval, management, operational and evaluation activities.
- Fully implement the IM strategy and monitor and report on progress.
- Ensure that all information relevant to the institution's functions, programs, activities and related information holdings is described in the Info Source publications.
- Include mechanisms to continuously evaluate and modify IM accountability in the corporate governance structure.
- Establish an internal IM strategy including timelines, resource estimates, risks and mechanisms to continuously evaluate and modify IM implementation.
- Review LAC's corporate governance and business processes to ensure effective representation of internal IM.
For Info Source publications LAC should:
- Review institution-specific Classes of Records to ensure that all descriptions in Info Source are comprehensive, complete, up-to-date, and comply with TBS requirements.
- Review institution-specific Classes of Records and replace with Standard Classes of Records where applicable.
- Develop and register personal information banks and classes of personal information to ensure that all personal information under the institution's control is appropriately described in accordance with the Privacy Act.
- Ensure the information on LAC in the Info Source publications and databases is updated, structured according to the TBS transition plan and completed by 2011.
Effectiveness of Information Technology Management
- Review and expand the responsibilities of the senior official for IT to include: contributing to setting government-wide directions in order to reduce complexity and duplication; enabling the adoption of common and shared services; promoting alignment and interoperability; and optimizing service delivery within the organization.
- Continue to strengthen the integrated set of processes and practices for governance, planning and benefits realization in order to monitor and oversee the delivery of business value from IT investments.
- Continue to strengthen the qualitative and quantitative set of Key Performance Indicators and techniques to assess performance that provide metrics to guide better decision making, increase performance levels and enable continuous improvement.
Effectiveness of Asset Management
- LAC should develop an up-to-date, integrated investment plan.
- Special purpose properties should be administered by program departments and progress in reviewing and realigning real property occupancies is encouraged.
- Resolve any issues related to the administration of special purpose real property in a timely manner.
Effective Project Management
- LAC could benefit from integrating project management practices at all levels (senior management to operational levels) to share best practices in project management horizontally between information technology project management, facility project management and other areas.
- LAC should consider improving the integration of project management systems and processes to enable a results-focussed, department-wide project governance and oversight.
Effectiveness of Financial Management and Control
- Ensure there are periodic independent reviews of management's financial practices.
Effectiveness of Internal Audit Function
The following comments were made as a follow-up to the evaluation:
- LAC must appoint a qualified Chief Audit Executive at a senior executive level reporting to the Deputy Head;
- LAC should prepare a complete multi-year Risk Based Audit Plan (RBAP) that would include a comprehensive identification of planned use of audit function resources;
- Documented processes to track management action plans as well as post-engagement follow-ups should be developed and presented to the Departmental Audit Committee (DAC) on a regular basis;
- An internal quality assurance and improvement program should be developed and implemented;
- LAC should increase its completion rate of planned engagements.
Effectiveness Management of Security and Business Continuity
- Pursue ongoing initiatives to continue improving the departmental security program, including communications and roll-out of the new security policy, development of sub-policies and chapters, and formalization of incident management procedures.
- Maintain ongoing efforts to achieve and sustain Management of Information Technology Security (MITS) compliance.
- Continue activities currently underway related to business continuity planning, including determining legal obligations and IT dependencies, and developing a crisis communications strategy. Sustaining management support at all levels will be key to ensuring adequate Business Continuity Plan (BCP) capacity across the organization.
LAC Action Plan:
LAC remains committed to its efforts to improve its Information Management, with a goal to provide an example of best practices within the Government of Canada. To this end, LAC proposes the following action items as part of its ongoing strategy to achieve strong stewardship of Information Management (IM).
- LAC identifies the Assistant Deputy Minister, Documentary Heritage Collection Sector, as its senior IM official accountable for IM within the department.
- In the second year of its formalized Integrated Operational Planning Process, the function of information management will be incorporated into all aspects of the planning, budgeting, approval and evaluation phases. As with other 'enabling sectors' (e.g., Human Resources, Finance, IT), IM will be prioritized as a business-critical component in the planning process.
- Following the approval of an IM strategy (February 2009), LAC is poised to begin the first phase of its IM implementation plan fiscal year. An Electronic Document and Records Management System (EDRMS) business analysis and pilot project is slated for development over this fiscal year. By virtue of the size and scope of EDRMS implementation across LAC, this is considered a multi-year initiative.
- Progress continues to be made in developing LAC's information architecture. Now aligned with the EDRMS, this work will produce a working draft architecture developed as part of the planning and piloting work scoped this year.
- Performance indicators for IM will be developed, and progress will be monitored via ongoing meetings of the internal IM committee; reporting to the Assistant Deputy Minister, Documentary Heritage Collection Sector.
As it moves to implement the Recordkeeping Directive, LAC will:
- Develop and pilot the following during 2009–2010 to ensure appropriate IM accountability:
- IM fully inserted into Integrating Planning Process and Senior Management accountabilities.
- Continued role of internal IM committee, to develop performance indicators, targets and methodology for internal IM.
- Implementation of the EDRMS, with reporting function to internal IM committee,
- Apply risk-based approaches to LAC's internal legacy.
- Undertake a series of IM awareness activities and products for LAC staff.
- An implementation plan has been developed to ensure a phased approach to put LAC's IM strategy into operation over several years.
- LAC is taking action to enhance its performance in the areas of Info Source :
- LAC will ensure that the information provided is coherent with its official publications, its website and communication products. Thus, the information in Info Source publications will be up-to-date with the institution's programs, initiatives and activities.
- LAC has undertaken a complete inventory of its personal information banks so as to describe them in Info Source (to be completed by June 2010).
- LAC will develop a control mechanism to ensure that no database containing personal information will be created without first having been described correctly (September 2008 to March 2010) and that a Privacy Impact Assessment Framework is in place by June 2010.
Information Technology Management
To enhance the effectiveness of information technology management, LAC commits to doing the following:
- Complete the IT strategic plan (2009-2012) to reflect IT strategies and priorities in order to enable LAC to deliver on its mandate. Implement the portfolio management approach through selection, prioritization methodology, monitoring and reporting. Develop partnerships with clients. Update the LAC governance structure and process (2008–2010).
- Through the integrated operational planning exercise, the IT function will provide expertise, guidance, and oversight for the IT related priorities selected by the committees.
- Develop the IT procurement policy and continue regular and consistent communication to LAC staff on IT procurement best practices.
- Continue to develop IT key performance indicators based on industry best practices such as control objectives for information and related technology, and the IT infrastructure library; LAC will also further develop its information technology services program and support processes (2008–2010).
- LAC is currently developing a comprehensive custody transfer plan for its special purpose facilities in line with TBS direction. The custody transfer plan will address the proposed approach and establish timelines for the transfer of custodial responsibilities. An implementation plan, which will address specific issues and requirements, will be prepared for March 2010.
- LAC is transitioning to the new policy on investment planning assets and acquired services, and will be initiating the development of an investment plan.
- LAC will be establishing institution-wide processes and governance for conducting the Organizational Project Management Capacity Assessment (OPMCA) and the Project Complexity and Risk Assessment (PCRA) in line with Project Management (PM) Policy.
- LAC will continue developing its project management discipline and portfolio management discipline. The IT branch has made progress towards the implementation of the TBS policy on the management of projects by delivering the following via its intranet website to all project managers at LAC: PM tools, templates, guidelines, and plans.
- LAC will develop tools, templates, guidelines, conduct information sessions and presentations, and communicate via its intranet website (2008–2010). The IT Project Management Office (PMO) conducted multiple information sessions and presentations to IT project managers, business project managers, and to LAC Management Forum. The project management framework has been in production and communicated throughout LAC to all managers. The IT PMO is promoting and communicating project management best practices.
- LAC will thoroughly continue to verify compliance with mandatory standing offers and use procurement trends to improve processes and identity cost saving opportunities.
- To demonstrate continuous improvement, LAC will revamp its intranet website, develop new decision making tools for managers/staff and improve reporting capabilities, and introduce a new quality control function for the review of proposed solicitations prior to public release.
Financial Management and Control
- LAC will strengthen financial management documentation and procedures respecting interdepartmental settlements.
- Strengthen financial management documentation, procedures and training in respecting the Treasury Board Account Verification policy (Section 34).
- Improve procedures and documentation on Section 33 roles and responsibilities.
- Undertake an internal audit of its accounting and compliance functions.
Internal Audit Function
One member of the external Departmental Audit Committee (DAC) was appointed in April 2009 and the other two members should be appointed in September 2009. In order to improve its internal audit function, LAC is committing to the following actions:
- LAC will finalize the process to appoint a qualified Chief Audit Executive at a senior executive level reporting to the Deputy Head;
- Annual work plan 2009–2010 will be submitted to the DAC for approval at the first meeting planned for fall 2009 and a copy will be provided to Office of the Comptroller General (OCG);
- The RBAP (risk-based audit plan) will be submitted to the first DAC meeting for recommendation and will then be approved by the Deputy Head;
- The RBAP will include a comprehensive identification of planned use of audit function resources;
- LAC will put in place a follow-up mechanism in order to identify the missions that are completed and the ones that are reported as well as the related rationale for reporting;
- LAC will increase the completion rate of planned engagements based on its RBAP;
- LAC will develop and implement an internal Quality and Improvement Program by end of 2009–2010 fiscal year;
- LAC will develop a process to track management action plan and will report to DAC on a regular basis;
- LAC will increase the internal audit function resources to meet the requirements of its RBAP;
- The TBS Internal Audit Policy Implementation Plan was approved by the Deputy Head and will be presented to the DAC at the first meeting planned for fall 2009.
Security and Business Continuity
- Security awareness and improving the security of the collection will continue to be a priority for 2009–2010. An annual work plan will be submitted to the Security and Disaster Management Committee (SDMC) to guide the continuous improvement of the organization's security program (September 2009). SDMC will submit a report annually to the Management Board against the work plan. (March 2010)
- Revisions, as required, to the LAC security policy to align with the new Government Security Policy (Fall 2009).
- Develop maintenance, testing and monitoring of Business Continuity Plan program activities.
- Revised the LAC Business Continuity Plan to include provisions for pandemic influenza, and will draft user-friendly tools for November 2009.
- A Crisis and Emergency Communications plan is completed, and will include a revised security awareness strategy (January 2010).
- Security training: A formal Business Continuity Plan training course will be developed to ensure that LAC meets a minimum standard. (March 2010)
- Security awareness: A one-hour training session will be developed by security for new employees. Starting September 2009, sessions will be given on a weekly basis.
- Incident management: Internal investigation procedures will be developed and personnel trained within LAC by March 2010.
- LAC constantly reviews its critical services to the Government of Canada (GC) and will advise TBS should it deem that LAC does provide GC critical services.
- LAC has provided security awareness sessions to specific groups and continues to provide such service. To address specific deficiencies, the work plan will include the following actions:
- LAC's security policy was released in October 2008. A security awareness strategy will also accompany the policy in October 2009.
- LAC has included the threat and risk assessment process as part of their project management process for new projects.
- LAC is still committed to implement a certification and accreditation process to ensure the accountability of senior management for their systems.
- LAC is going to label any storage media that is classified as secret level or higher starting June 2009.
- A better mechanism for managing administration rights will be implemented by fall 2009. Control of group memberships will be improved (in conjuction with identity management).
Previous | Table of Contents | Next