Opening Statement to the Standing Committee on Public Accounts

Aging Information Technology Systems

(Chapter 1—2010 Spring Report of the Auditor General)

1 June 2010

Sheila Fraser, FCA
Auditor General of Canada

Mr. Chairman, thank you for this opportunity to discuss the results of our audit of aging information technology systems. Joining me at the table is Nancy Cheng, the Assistant Auditor General responsible for this audit.

The federal government relies on information technology systems to deliver programs and services to Canadians. Many of these systems are aging, and several are at risk of breaking down.

While systems are currently working, a breakdown could have severe consequences. At worst, some government programs and services could no longer be delivered to Canadians.

The renewal and modernization of IT systems can take many years and significant investments that must be planned and budgeted for over the long term.

As part of this audit we looked at five government entities with the largest IT expenditures to determine whether they have adequately identified and managed the risks related to aging IT systems. The audit also examined whether the Chief Information Officer Branch of the Treasury Board of Canada Secretariat has determined if aging IT systems is an area of importance to the government as a whole and the extent to which it has provided direction or leadership in developing government-wide responses to address the related risks.

We looked at three major systems that deliver essential services to Canadians—the Employment Insurance Program, the Personal Income Tax and Benefits Return administration system, and the Standard Payment System. We also surveyed 40 chief information officers of departments and agencies in the federal government that accounted for more than 95 percent of spending on IT. The survey of CIOs indicated that aging IT was a significant risk.

The five organizations we audited have all identified aging IT systems as a major risk. They have taken some steps but most of them have not gone far enough to manage that risk. Organizations need to manage their IT systems as a portfolio and prioritize investment projects according to risk and impact on program delivery. They also need to prepare a multi-year investment plan and a funding strategy to meet the investment requirements.

The funding requirements to address aging IT risks can be significant. Three of the five organizations that have developed multi-year investment plans—CRA, HRSDC, and the RCMP—have identified significant shortfalls in the funding available to modernize their critical information systems and technology infrastructure. These organizations alone have estimated the funding shortfall at $2 billion.

We found that the Chief Information Officer Branch of the Treasury Board of Canada Secretariat has been aware that aging IT poses significant government-wide risks for over a decade. However, it has not formally identified the issue as an area of importance for the government. Furthermore, it has not established or implemented government-wide strategic directions to address the issue. We recommended that the Chief Information Officer should prepare a report on the state of aging IT systems across government and develop a plan to address it.

Mr. Chair, PWGSC shared with us a copy of its management action plan. If fully implemented, the plan should address the concerns that we raised in our report.

The Committee may want to ask the Chief Information Officer what she intends to do about this issue.

That concludes my opening remarks and we would be pleased to answer any questions that members of this Committee may have.