Audit of Shared Services Canada s Information Technology Asset Management

Similar documents
Table of Contents. Executive Summary Introduction... 5

Audit of the Management of Projects within Employment and Social Development Canada

Final review report Review of corporate accommodation Public Works and Government Services Canada Office of Audit and Evaluation March 31, 2016

Management Response and Action Plan

Audit of the Integrated Services Function at Selected Research Centres

Government-wide: Controls Over Disposal of IT Assets

Management Accountability Framework

Final Report Audit of the Management of the Government of Canada Pension Modernization Project. Office of Audit and Evaluation

PROTECTED A. Follow-up on Internal Audit: MWAV ISSC Pre-publication copy not for external distribution Proposed Final January 2014 PROTECTED A

Internal Audit of Compensation and Benefits

Final Audit Report. Audit of Information Technology (IT) Planning. June Canada

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

Follow-up Audit of the CNSC Performance Measurement and Reporting Frameworks, November 2011

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Audit of Staffing and Classification

System Under Development Review of the Departmental Financial Management System Renewal Project

Audit of Public Participation and Consultation Activities. The Audit and Evaluation Branch

This report can be found on CNSC s website at:

The Many Faces of Project Management

Audit Report. Audit of Contracting and Procurement Activities

Final Report Audit of the Configuration Management Processes Across PWGSC. Office of Audit and Evaluation.

Review of the management of data quality in the My Government of Canada Human Resources system. Office of Audit and Evaluation

Director s Draft Report

ON THE INFORMATION MANAGEMENT AND INFORMATION TECHNOLOGY GOVERNANCE. Audit Services Division. September 2008

The SAM Optimization Model. Control. Optimize. Grow SAM SOFTWARE ASSET MANAGEMENT

Audit of Information Management. Internal Audit Report

Final Audit Report. IT Client Services - Application Development and Maintenance Process

Audit of Core Management Controls. Internal Audit Sector

The Corporation of the City of London Building Permit Review Internal Audit Report

REPORT 2014/115 INTERNAL AUDIT DIVISION. Audit of information and communications technology management at the United Nations Office at Geneva

Performance Measurement Audit

Audit of the Initiation Phase of the New Bridge for the St. Lawrence Corridor (NBSLC) Project

Audit of Entity Level Controls

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Business Continuity Planning. Prepared by: Audit and Assurance Services Branch

Audit of the Management Control Framework (MCF) Spectrum Telecommunication Program (S/TP) Final Report. Audit and Evaluation Branch.

Audit and Advisory Services Integrity, Innovation and Quality

Audit of Governance and Controls for Reliable Reporting of Civilian Personnel Data. September (CRS)

INFORMATION ASSURANCE DIRECTORATE

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Audit of Departmental Security

Review of Information Technology Service Delivery. The Audit and Evaluation Branch

Balancing Risk While Enhancing Controls

Procurement and Contracting Operations Audit

Audit of Travel and Hospitality

Final Audit Report. Follow-up Audit of Emergency Preparedness and Response. March Canada

Enterprise Content Management Solution Planning Presentation to IM Aware March 16, 2018

Follow-up on Internal Audit: MT Material Deployed in Afghanistan Final November 2011

Transportation Contributed Assets Review January 28, 2015

Audit Report. Audit of Spectrum Application Modernization - Commercial Software Implementation

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

DoD Business Transformation and Environmental Liabilities Recognition, Valuation and Reporting

Corporate Risk Management Audit

INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING

Audit of Policy on Internal Control Implementation (Phase 1)

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

Monetary Appraisal of Acquisitions

Integrated Business Planning Audit

Follow-up of the Financial Management Audit NCR

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Audit of the Movable Cultural Property Program

Review of Work Force Adjustments. The Audit and Evaluation Branch

Horizontal audit of the Public Services and Procurement Canada investigation management accountability framework

Audit of Corporate Information Management

Audit of Human Resources Planning

ARCHIVED Audit of Risk Management

Audit of the Delegation of Authorities for Select Human Resources Processes

Corporate ITAM Directive

Treasury Board Policies for Investment Planning and the Management of Projects Lessons Learned & Status

Main points Background Our audit objective and conclusions Managing for results key findings...243

REQUEST FOR MANAGEMENT DECISION AUDIT INFORMATION TECHNOLOGY ORGANIZATIONAL EFFECTIVENESS ENTERPRISE CUSTOMER OPERATIONS

Audit of Civilian Human Resources Management System (HRMS(Civ)) Application Access Rights

ARCHIVED Audit of the Financial Management Control Framework IT Purchases

Open Government Implementation Plan (OGIP)

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Article from: CompAct. April 2013 Issue No. 47

DESK-TOP COMPLIANCE REVIEW

AUDIT UN WOMEN TRAVEL MANAGEMENT FUNCTION. Report No Issue Date: 15 May 2015

Service Alberta Systems to Manage a Comprehensive Inventory of IT Applications

Management Accountability Framework (MAF) Overview

POSSE System Review. January 30, Office of the City Auditor 1200, Scotia Place, Tower Jasper Avenue Edmonton, Alberta T5J 3R8

ITIL Intermediate Lifecycle Stream:

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Internal Oversight Division. Audit Report. Audit of Asset Management

Technology Roadmap Status

AUDITOR GENERAL S REPORT

Treasury Board Policy on Results

Property Management & Accountability (PM&A)

IT Strategic Plan. Executive Summary. Introduction

Fraud Risk Review at the Canada. Revenue Agency. Presented to the Financial Management Institute Ottawa November 28, 2013

A Report and Estimating Tool for K-12 School Districts California District Case Study

December 2015 THE STATUS OF GOVERNMENT S GENERAL COMPUTING CONTROLS:

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED

Quality Management System

REPORT 2015/171 INTERNAL AUDIT DIVISION. Audit of the implementation of the interface between Umoja and Galileo

Audit of the Process Monitoring Framework. Sept 23, 2011 Version1rsion 1September 23, 2011

Procurement Performance Review

Quality Management System

AUDIT REPORT NOVEMBER

Audit of Procurement Practices

Audit of Cultural Industries Branch

Transcription:

Audit of Shared Services Canada s Information Technology Asset Management Audit Report June 2017 Period of Examination from September 1, 2014, to September 30, 2015

TABLE OF CONTENTS Executive Summary... 1 What we examined... 1 Why it is important... 1 What we found... 1 Background... 2 Objective... 3 Scope... 3 Methodology... 3 Statement of Assurance... 3 Detailed Findings and Recommendations... 4 Shared Services Canada s Information Technology Asset Management Governance Structure... 4 Processes for the Lifecycle Management of Information Technology Assets... 5 Information to Support the Lifecycle Management of Information Technology Assets... 6 Monitoring of the Management of Information Technology Assets... 8 Conclusion...10 Management Response...11 Annex A: Audit Criteria...12 Annex B: Acronyms...13

Executive Summary What we examined The objective of the audit was to provide assurance on the adequacy of information technology (IT) asset management at Shared Services Canada (SSC) and to ensure compliance with government policies and SSC procedures. The scope of the audit included SSC s IT asset management (ITAM) processes, tools and controls including the application of these processes, tools and controls from September 1, 2014, to September 30, 2015. Why it is important IT lifecycle management is the effective and efficient management of IT assets from the identification of requirements to the disposal of the asset. IT assets include software, hardware, major projects and acquired services. ITAM depends on robust processes with tools to automate manual processes. The Treasury Board (TB) Policy Framework for the Management of Assets and Acquired Services set the tone for the management of assets and to help ensure that the conduct of these activities provided value for money and demonstrated sound stewardship in program delivery. The complexity, speed, scale and concurrency of key transformation initiatives could lead to unforeseen implementation and operational obstacles that could affect overall success of the transformation and ongoing service delivery which further emphasizes the importance of having well established ITAM processes and controls. What we found We found that SSC developed a draft Framework for SSC Material Inventory and Disposal Management (Framework) and that the draft Framework and instruments were in line with applicable requirements as set out in the TB Policy Framework for the Management of Assets and Acquired Services and the TB Policy on Management of Materiel. The Framework and its instruments had not been approved or communicated. In the absence of an approved and communicated materiel management framework, we found insufficient communication regarding roles and responsibilities and the centralization of the ITAM function. We identified several issues with the processes and controls that impacted SSC s ability to provide assurance that all enterprise assets (hardware and software) were being adequately managed. We found gaps in the accuracy and sufficiency of the information available to support and monitor the management of IT assets. There were inconsistencies in the identification of what information was required for the lifecycle management of IT assets and the controls in place to ensure the required information was captured in the appropriate tracking tool. We found no systematic monitoring taking place in relation to the overall management of IT assets at SSC. Patrice Prud homme Chief Audit and Evaluation Executive Shared Services Canada 1

Background 1. Shared Services Canada (SSC) was established on August 4, 2011, to modernize how the federal government manages its information technology (IT) infrastructure in order to better support the delivery of programs and services to Canadians. The IT infrastructure supporting government programs and services was aging, vulnerable to security risks and inefficient. 2. The Treasury Board (TB) Policy Framework for the Management of Assets and Acquired Services set the tone for the management of assets and helped ensure that the conduct of these activities provided value for money and demonstrated sound stewardship in program delivery. The complexity, speed, scale and concurrency of key transformation initiatives could lead to unforeseen implementation and operational obstacles that could affect overall success of the transformation and ongoing service delivery which further emphasizes the importance of having well established IT asset management (ITAM) processes and controls. 3. This audit was approved by the President of SSC after being recommended by the Departmental Audit and Evaluation Committee as part of the 2014 2017 Risk-based Audit and 2014 2019 Evaluation Plan. SSC s senior management also identified concerns around the lack of documented and communicated roles and responsibilities for ITAM, the risks associated with the transfer of legacy assets and not having timely, sufficient and accurate information on all of SSC s IT assets. 4. IT lifecycle management is the effective and efficient management of IT assets from the identification of requirements to the disposal of the asset. IT assets include software, hardware, major projects and acquired services. ITAM depends on robust processes with tools to automate manual processes. 5. Legacy refers to equipment or assets procured and owned by another government organization before they were transferred to SSC in 2011, and enterprise refers to new assets and equipment that were procured with SSC funds since SSC was created. 6. A new organizational structure for SSC was adopted on April 1, 2015, entitled SSC Way Forward, to reflect SSC s focus on the migration from legacy to new enterprise IT infrastructure. The new structure made branches responsible for the entire lifecycle of services they provided. This realignment was part of SSC s natural evolution and had an impact on several groups including the Service Asset and Configuration Management (SACM) directorate which was responsible for a large part of the ITAM function at SSC and gained more responsibility after the realignment. 7. Prior to April 1, 2015, there were no standardized ITAM processes and tools in place for the lifecycle management of IT assets. Since the reorganization, the ITAM function became centralized under the SACM directorate. Shared Services Canada 2

Objective 8. The objective of the audit was to provide assurance on the adequacy of ITAM at SSC and to ensure compliance with government policies and SSC procedures. Scope 9. The scope of the audit included SSC s ITAM processes, tools and controls including the application of these processes, tools and controls from September 1, 2014, to September 30, 2015. This included the management of: Methodology All SSC IT assets, including hardware and software; and Both legacy and end-state assets. Consideration was given to the added value of addressing issues and risk related to legacy assets. 10. During the conduct of the audit, we: Interviewed relevant directors, managers and technical experts; Conducted file and system walkthroughs and reviews; Reviewed relevant documents, such as TB and SSC policies, draft Framework for SSC Materiel Inventory and Disposal Management, and SSC processes and procedures documentation; and Performed data analysis based on extracts provided from two systems used. 11. Field work for this audit was substantially completed by October 2015. Statement of Assurance 12. Sufficient and appropriate procedures were performed and evidence gathered to support the accuracy of the audit conclusion. The audit findings and conclusion were based on a comparison of the conditions that existed as of the date of the audit, against established criteria that were agreed upon with management. This engagement was conducted in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing. A practice inspection has not been conducted. Shared Services Canada 3

Detailed Findings and Recommendations Shared Services Canada s Information Technology Asset Management Governance Structure 13. We expected SSC to have a governance structure in place to ensure that IT assets were managed appropriately and in compliance with Government of Canada and SSC policies. Furthermore, we expected that there would be a documented, approved and communicated materiel management framework in place. 14. We found that SSC developed a draft Framework for SSC Material Inventory and Disposal Management (Framework). The Framework included the following instruments: Draft Directive for SSC Materiel Inventory and Disposal Management; Draft Standard for SSC Materiel Inventory Control; Draft Standard for SSC Materiel Stocktaking; Draft Standard for SSC Materiel Transfer, Loan and Donation; Draft Standard for SSC Materiel Disposal; and Materiel Management Governance Structure. 15. We found that the draft Framework and instruments were in line with applicable requirements as set out in the TB Policy Framework for the Management of Assets and Acquired Services and the TB Policy on Management of Materiel. 16. We expected that the roles and responsibilities for the management of IT assets would be documented and communicated. We found the roles and responsibilities for the management of IT assets were documented in the draft Framework and the accompanying Directive, Standards and Materiel Management Governance Structure. However, at the time of this audit the Framework had not yet been approved. Once approved, the intention was to communicate the Framework organization-wide on the SSC website. At the time of the audit, no communication plan had been developed. 17. We found that stakeholders were consulted and improvements were made to the Framework to reflect the comments received throughout the consultation process. 18. We found delays in the submission and presentation of the Framework for approval to the Corporate Management Board which was in most part due to the reorganization and consultations with various stakeholders. 19. The TB Policy on Management of Materiel stated that Deputy Heads were responsible for ensuring that a materiel management framework was in place to ensure that materiel was managed by departments in a sustainable and financially responsible manner. Further delays in the approval, communication and implementation of the Framework would result in non-compliance with TB requirements. Furthermore, the absence of a documented and communicated governance structure for ITAM could impact the Department s operational ability to manage the lifecycle of its IT assets and damage its reputation as a responsible steward of crown property. Shared Services Canada 4

Recommendation 1 The Senior Assistant Deputy Minister, Corporate Services, and Chief Financial Officer, should ensure the Framework for SSC Materiel Inventory and Disposal Management is approved, implemented and communicated. Management response: Management agrees with this recommendation. The Materiel Management Framework was reviewed by the Senior Management Board in December 2015 and approved by the President of SSC in April 2016. A communique will be sent to SSC employees in July 2016 to announce the approval of the Materiel Management Framework. Processes for the Lifecycle Management of Information Technology Assets 20. We expected that SSC would have processes in place for the lifecycle management of IT assets which met the applicable policies and directives. We found that since the reorganization on April 1, 2015, SSC centralized its ITAM function under the responsibility of SACM. 21. We found that SSC had some documented processes and controls for the purchasing, receiving, tagging, recording and disposing of IT assets. However, these processes were mainly designed for use within SACM and were only communicated to the group internally. Although the SACM directorate was using their documented processes, updates were required to reflect organizational changes and general updates. For example, the disposal processes required updates to reflect additional types of disposal that had not been previously documented and the user guide for the Enterprise Control Desk (ECD) tracking tool also required updates to align with the latest version of the software that was in use. 22. In the absence of an approved and communicated materiel management framework, we found there had been insufficient communication regarding the centralization of the ITAM function. There were no controls in place to enforce SACM s involvement in the ITAM function. Therefore, SSC employees may not be aware of the requirement to contact ITAM at different points in the lifecycle. 23. Prior to the centralization of the ITAM function, there were no standard processes or tracking tools which resulted in a lack of visibility of all IT assets that were transferred to SSC when the Department was established. As a result, we found that SSC could not provide assurance that all of SSC s legacy IT assets were adequately managed. 24. There was no integration between the financial system (SIGMA) and the IT asset tracking tools (ECD and HP Asset Manager). SACM had documented a manual process to monitor SIGMA for new IT asset purchases because there was no assurance that SACM was notified when new IT assets were purchased. Due to the manual nature of this process and the reliance on proper financial coding, there was a risk that all newly purchased IT assets may not be identified through this process. Shared Services Canada 5

25. We found that SSC s process for tracking infrastructure software (the server and network software found in data centres) was in the development stage and SSC was not able to report on the infrastructure software currently deployed, including the status of the licenses purchased or issued. In addition, although there was a project underway to identify and address the gaps for certain desktop software, there was no control in place to prevent SSC from issuing more desktop software licenses than were purchased. Overall, SSC was unable to provide assurance that the lifecycle of all software assets was appropriately managed. 26. Without awareness of all the assets that the Department owns (legacy and enterprise), SSC is not able to ensure that it is effectively managing the lifecycle of all of its IT assets. Recommendation 2 The Senior Assistant Deputy Minister, Service Delivery and Management, should update SSC s Information Technology Asset Management (ITAM) processes for all information technology assets and develop and implement a communication plan to inform SSC employees outside of Service Asset and Configuration Management of their roles and responsibilities pertaining to ITAM. Management response: SSC management agrees with the recommendation. Service Management will update ITAM processes for all IT assets. A communications plan will be developed to inform SSC employees of their roles and responsibilities related to ITAM. Recommendation 3 The Senior Assistant Deputy Minister (SADM), Corporate Services, and Chief Financial Officer, and SADM, Service Delivery and Management, should implement effective controls to ensure that procured information technology assets are recorded, managed and disposed of in accordance with SSC procedures. Management response: Management agrees with the recommendation. The SADM, Corporate Services, and Chief Financial Officer, and the SADM, Service Delivery and Management, will coordinate efforts and implement effective controls to ensure that procured IT assets are recorded, managed and disposed of in accordance with SSC procedures. SSC will implement effective controls that include integration between the financial system and IT asset tracking tools. Information to Support the Lifecycle Management of Information Technology Assets 27. We expected SSC to have accurate and sufficient information to support the management of IT assets throughout their lifecycle. However, we found problems in the accuracy and sufficiency of the information available to support the management of IT assets. Shared Services Canada 6

28. SSC used two different software systems for the lifecycle management of IT assets (i.e. ECD and HP Asset Manager). ECD was used to track enterprise assets which consisted namely of: infrastructure hardware, servers, networks, switches, etc. HP Asset Manager was used for legacy hardware, as well as for desktops, laptops, software and other end-user assets. 29. SACM identified and documented, through business rules, which fields and information were required to track and manage the lifecycle of IT assets. Reports were generated from the ECD and HP Asset Manager databases containing all SSC assets up to June 30, 2015, were reviewed as part of the audit. We compared this data to the information identified as required by SACM. 30. We found some controls in place to help ensure the required information collected was accurate and sufficient. However, there were several weaknesses identified in the controls that impacted the accuracy and sufficiency of the information captured in both tools: The business rules were very general and did not specify which specific field(s) in either system should be populated (e.g. the business rules state Location is required, but there are multiple fields in the systems that contain location-type information); There was additional information identified as important by SACM that was not captured in the business rules; and There were automated, system enforced controls for the collection of some required information, but not all. 31. In addition, we identified weaknesses with some of the automated controls in the tools: Generic options were available in system enforced drop-down fields, such as Please Select a Value or Unknown ; and Certain required fields allowed a blank entry. 32. We found that the location fields (i.e. codes, descriptions, tower, floor and room) were not enforced in ECD and although some location fields were enforced in HP Asset Manager, there were cases where the combined information populated in the location fields in both systems did not provide accurate or sufficient information to locate some assets. 33. After finding the above inconsistencies with location fields in ECD, we conducted an inventory validation exercise at one SSC location. We found that: Of the assets that were visible (i.e. in hallways and boardrooms), there were 60 assets that were required to be tagged and tracked in the system; 35 of 60 (58%) assets should have had asset tags but either did not or they were not visible; Of the 25 asset tags we identified, 18 were SSC tags and 6 were Public Works and Government Services Canada tags; and Only one asset was found in ECD and none in HP Asset Manager. 34. These observations could have been due to a combination of timing and lack of a centralized ITAM function when SSC was created. SSC did not have its own asset tags at the outset which resulted in assets being tagged with other department tags (even if they were considered SSC assets). In addition, there were no centralized processes, tools or controls in place to track any assets that were tagged even after SSC received their own asset tags. Shared Services Canada 7

35. The lack of visibility of all IT assets combined with the process and control weaknesses resulted in SSC s inability to provide accurate and sufficient information to monitor the management of all IT assets throughout their lifecycle. Recommendation 4 The Senior Assistant Deputy Minister, Service Delivery and Management, should confirm the information required to manage the lifecycle of information technology assets, update the business rules to be consistent with this information and ensure proper controls are in place to ensure that the information is being captured in a consistent and accurate manner. Management response: Management agrees with the recommendation. Information required to support IT lifecycle management will be reviewed, and business rules will be updated to support consistent and accurate asset tracking. SSC is committed to making the necessary changes to IT asset management tools and processes in support of effective IT asset management. Monitoring of the Management of Information Technology Assets 36. We expected that SSC would have mechanisms in place for monitoring and reporting on the management of IT assets. TB Policy Framework for the Management of Assets and Acquired Services required Deputy Heads to ensure that practices were in place for asset management within the department and that monitoring and reporting on the management of materiel occurred. 37. We found that SSC s draft Framework stated that the Chief Information Officer (CIO) was responsible for developing, maintaining, implementing measurement indicators and data collection tools for the Framework and for reporting on them. However, we found no systematic monitoring was taking place in relation to the overall management of IT assets at SSC; the CIO planned to develop metrics once the Framework was approved. 38. A delay in the approval of the Framework was impeding the development of metrics, indicators and the reporting of these indicators affecting the ability of the Deputy Head to monitor and report on the management of materiel at SSC and results in non-compliance with TB requirements. Recommendation 5 The Senior Assistant Deputy Minister, Corporate Services, and Chief Financial Officer, should ensure that measurement indicators are developed for monitoring and reporting on the Framework for SSC Materiel Inventory and Disposal Management. Shared Services Canada 8

Management response: Management agrees with this recommendation. Measurement indicators will be developed for monitoring and reporting on SSC s Materiel Management Governance Structure (Internal Policy Instruments: Directive and Standards associated to inventory control, stocktaking, transfer, loan, donation and disposal). Shared Services Canada 9

Conclusion 39. The objective of the audit was to provide assurance on the adequacy of ITAM at SSC and to ensure compliance with government policies and SSC procedures. 40. We found that SSC developed a draft Framework for SSC Material Inventory and Disposal Management and that the Framework and instruments were in line with applicable requirements as set out in the TB Policy Framework for the Management of Assets and Acquired Services and the TB Policy on Management of Materiel. However, it was neither approved nor communicated. 41. We found that stakeholders were consulted and improvements were made to the Framework to reflect the comments received throughout the consultation process. However, there had been insufficient communication regarding roles and responsibilities and the centralization of the ITAM function. 42. We identified several issues with the processes and controls that impacted SSC s ability to provide assurance that all enterprise assets (hardware and software) were being adequately managed. Without awareness of all the assets that the Department owns (legacy and enterprise), SSC is not able to ensure that it is effectively managing the lifecycle of all of its assets. 43. We found deficiencies in the accuracy and sufficiency of the information available to support and monitor the management of IT assets. There were inconsistencies in the identification of what information was required for the lifecycle management of IT assets and the controls in place to ensure the required information was captured in the appropriate tracking tool. 44. We found that there was no systematic monitoring taking place in relation to the overall management of IT assets at SSC; the CIO planned to develop metrics once the Framework was approved. Shared Services Canada 10

Management Response Overall Management Response Management agrees with all the findings, conclusions, and recommendations. Actions will be taken to ensure compliance with the TB Policy Framework for the Management of Assets and Acquired Services and the TB Policy on Management of Materiel. Clear roles and responsibilities will be communicated in parallel to the implementation of the Material Management Internal Policy Instruments (Directive and Standards) associated with inventory control, stocktaking, transfer, loan, donation and disposal. While there are existing processes and controls in place, SSC s ITAM processes for all IT assets will be developed and a communication plan will be implemented to inform SSC employees outside of SACM of their roles and responsibilities pertaining to ITAM. Shared Services Canada 11

Annex A: Audit Criteria The following audit criteria were used in the conduct of this audit: 1. SSC has a governance structure in place to ensure that IT assets are managed appropriately and in compliance with Government of Canada and SSC policies. 2. SSC has processes in place for the lifecycle management of IT assets which meet the applicable policies and directives. 3. SSC tracks its IT assets throughout their lifecycle and has access to accurate and sufficient information. Shared Services Canada 12

Annex B: Acronyms Acronym CIO ECD IT ITAM SACM SSC TB Name in Full Chief Information Office Enterprise Control Desk Information technology Information Technology Asset Management Service Asset Configuration Management Shared Services Canada Treasury Board Shared Services Canada 13

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback