Open Government Portal
Found 10 records similar to Audit of Departmental Security
The objective of this audit was to provide assurance that Security Assessment and Authorization reviews of IT systems and services are being conducted in accordance with a formal process and in compliance with Treasury Board of Canada and Shared Services Canada policy requirements.
As part of its efforts to modernize how the federal government manages its information technology infrastructure, Shared Services Canada (SSC) initiated a comprehensive Government of Canada-wide business transformation hinging on six core infrastructure programs. These programs entail greater complexity and magnitude than typical programs, and as such, they were identified and recommended to be reviewed as a suite of system under development (SUD) audits by SSC’s Departmental Audit Committee. To support SSC in managing this complex transformation, the Office of Audit and Evaluation conducted quarterly SUD audit programs of SSC’s Information Technology (IT) infrastructure programs in 2016-17 and 2017-18. This report provides a summary of three of the four 2017-18 SUD audits on the topics of project management; activities vs projects, data centre consolidation; data centre closures, cyber and IT security; IT security requirements in procurements.
Financial management governance includes practices that ensure strong financial management of public resources, reinforce the principles of probity and prudence, and contribute to better decision making.
This audit provides assurance to the President of Shared Services Canada (SSC) and the Departmental Audit and Evaluation Committee that SSC's financial management governance framework for the stewardship, management and oversight of public resources was effectively designed and working as intended.
The scope of this audit included the activities undertaken by the Finance group (Director General, Finance and Deputy Chief Financial Officer (DCFO)). The audit focused on the requirements of the Treasury Board (TB) Financial Management Policy Framework, specifically: the Policy on Financial Management Governance; the Policy on Internal Control; the Policy on the Stewardship of Financial Management Systems; and the Policy on Financial Resource Management, Information and Reporting.
The objective of the audit was to provide assurance on the adequacy of information technology (IT) asset management at Shared Services Canada (SSC) and to ensure compliance with government policies and SSC procedures. The scope of the audit included SSC’s IT asset management (ITAM) processes, tools and controls including the application of these processes, tools and controls from September 1, 2014, to September 30, 2015.
Effective project management is critical for Shared Services Canada (SSC) to deliver on its mandate. To mitigate vulnerabilities in project management, the SSC Project Management Centre of Excellence (PMCoE) defined and implemented SSC’s Project Management Framework (PMF). A primary component of the PMF was the Project Management (PM) Directive. This audit provides assurance as to whether appropriate systems, processes and controls for managing projects were in place at SSC to support the achievement of SSC’s mandate.
This audit provides assurance to the President of Shared Services Canada (SSC) and the Departmental Audit and Evaluation Committee that SSC’s account verification process for telephony services was effectively designed. The scope of the audit included the practices for certification for FAA section 34 and section 33 as well as expenditure initiation. The following policy instruments were taken into consideration: Financial Administration Act; Directive on Account Verification; Directive on Delegation of Financial Authorities for Disbursements; and Directive on Expenditure Initiation and Commitment Control.
SSC is refreshing its Network and Security Strategy to align with current best practices, and to be adaptable to future requirements for its network and security services.These technology trends will require SSC to rethink how it architects, provides, manages and secures its network services, and must be agile enough to integrate any technology that is deemed necessary to government operations. To develop this Network and Security Strategy, new approaches focused on automation, software-defined infrastructure (SDI) and a zero trust concept are required. The Network and Security Strategy defines the approach SSC will need to undertake to enable the government to meet the demands of today, and adapt to the demands of the future by leveraging a progressive adoption and migration overall strategy.
The purpose of this audit project is to determine whether the project management framework and practices enable the Canadian Space Agency (CSA) to comply with the requirements of the Project Management Policy (2009) of the Treasury Board of Canada (TB).
The objective of the audit was to provide assurance regarding the adequacy and effectiveness of Shared Service Canada’s (SSC) corporate governance (structure, processes, controls and information for decision making) with a view to supporting efficiency, accountability and achievement of SSC’s mandate.
The objective of this audit was to provide assurance that appropriate controls, processes and functions had been defined for Shared Services Canada (SSC) to proactively manage the demands of, and relationships with, its partners and clients. The scope of the audit included the controls, processes and functions within the Information Technology Infrastructure Library service lifecycle related to demand and relationship management with SSC’s partners and clients.