National Energy Board Coat of Arms
Symbol of the Government of Canada

National Energy Board

www.neb-one.gc.ca

Breadcrumb

Home > Reports > Internal Audit and Evaluation Reports > Information Management Records (IMR) - Audit

Information Management Records (IMR) - Audit

Please note that certain documents in this section are available in PDF format. To inquire about receiving these documents in another format, please contact us. If you do not have PDF viewing software, you can download a free PDF viewer from the Adobe® Web site.

Information Management Records (IMR) - Audit - July 2008 [PDF 338 KB]

Information Management Records (IMR) Audit

Final Report

July 2008

Prepared by: Ljubica Kuraica-Siveska

Table of Contents

1. Executive Summary

1.1 Introduction
1.2 Objectives
1.3 Approach

2. Interviews - Findings / Recommendations

2.1 Adequacy and Effectiveness of Training
2.2 Frequency of Use
2.3 Stability and User Friendliness
2.4 Support and Communication
2.5 Integration with QMS and Other Technologies
2.6 Ability to Maintain Restricted Information
2.7 Comfort Level with the Project Approach

3. IMR Capacity Check

Appendix I - RDIMS Implementation Interview Questionnaire

Appendix II - RDIMS Implementation - Maturity Criteria Description

Appendix III - Documents Reviewed

1. Executive Summary

The enclosed report summarizes the results of the Information Management Renewal (IMR) audit conducted at National Energy Board, in Calgary, Alberta in May/June, 2008. The audit was conducted by a contractor, Ljubica Kuraica-Siveska, under the direction of the Internal Audit and Review Services Advisor, Tony Mitchell.

The report is based on information harvested from two primary sources: participant interviews and a review of project practices, processes and related documentation. These were evaluated and analyzed to identify opportunities for improvement and develop recommendations. Two methodologies have been used in this audit:

  • The first approach was to look at the current records management practices, RDIMS implementation that has been done up to date and the work that has to proceed to move the implementation to the next phase.
  • The second approach, used in conjunction with the first, has been used to assess the IMR management framework capacity. The second approach is based on generally accepted best practices, and therefore provides an additional opportunity to identify gaps between current and best practices, and provides advice on how to address the gaps.

Since the beginning of the Information Management Renewal Project (January 2007), several significant goals have been achieved including:

  • Project Working Group endorsement of the RDIMS application configuration and profile.
  • Staffing the IM Team.
  • Training and Coaching of the majority of the Board.
  • Implementation and integration of RDIMS version 4.7 on user's desktops across the Board.
  • System stability.
  • Specialized knowledge bases designed for different Board functions.
  • Commencement of IMR process engagements.
  • Building relationships and process based focus.
  • Compliance with Treasury Board of Canada's July 1, 2007 Policy on Information Management.

However although much has indeed been accomplished it is clear to almost everyone that much remains to be done. Considering that RDIMS is still in the early phases of adoption it is obvious that RDIMS benefits are not fully embraced. At the moment RDIMS is not being used by many employees; some of the major identified root causes are:

  • File plan (structure) not developed for most of the processes. During training, users were advised to save their records in generic "To be filed" directory; however there are major concerns about the ability to locate them in future (Based on improper file naming conventions etc.).
  • RDIMS not being integrated with QMS and other technologies like ESIMS, ELEXIM, Translation software etc.
  • Lack of enforcement / accountability.
  • No timeframes associated with user acceptance.
  • Lack of communication.
  • Work overload / other priorities.

As a consequence, there is a high user resistance and a perception of RDIMS being user unfriendly and time consuming. Also training retention and a loss of the RDIMS momentum are evident.

The overall conclusion is that although the project shows solid framework and sense of direction, there are still a few high risk variables that are associated with the project success. The maturity of the QMS Processes as well as the resources for QMS and RDIMS remains to be ongoing challenges. The audit identified 16 recommendations and 50 opportunities for improvement. Among those recommendations the following are in need of immediate attention:

  • Close-out Implementation and Commence Operations Phase. (Revise the scope, objectives, milestones and deliverables for this phase and have them officially approved by the steering committee).
  • Communicate the Operations Phase of the implementation. Communicate what the next steps are and clarify what happens with information/records storage produced by QMS processes that will not be integrated this year (Ensure that user perceptions are consistent).
  • Revise the IM Policy to clarify responsibilities and accountabilities for everyone involved. (Then accountability could be monitored as part of the employee's RESULTS program).
  • Formalize the QMS Engagement Process to be officially accepted and "signed-off" by the Process Owner. (Once it's signed-off RDIMS becomes the official information repository).
  • Incorporate Key Performance Indicators (KPI) and Risk Factors Analysis into the project status reports to ensure accurate project control and monitoring.

Detailed findings with recommendations are discussed in Chapter 2. To enhance the overall IMR management framework additional opportunities for improvements are presented in Chapter 3.

At this time I would like to thank the NEB and a number of personnel from the various Business Units for the information feedback and assistance given to me by all involved.

Best Regards,

Ljubica Kuraica-Siveska

1.1 Introduction

The National Energy Board's Records Renewal Program was initiated in mid-2003 in response to a Consulting & Audit Canada report on records management practices at NEB. In September 2005 a second phase of the program ("The Phase 2 Project") was initiated and in the summer of 2006 a rising level of concerns about the project resulted in a decision to conduct a review and risk assessment of the program performed by Lawrence Hobbs of Chinook Solutions Inc. During the assessment it was strongly recommended that the Phase 2 Project be carefully paused while management came to grips with the significant problems that affected the very foundation of the project. In the beginning of the fiscal year 2007/2008, after the program was revalidated and proper business analysis had been developed, the subsequent implementation of Information Management Renewal program started. To prevent some of the previous scenarios happening again, it was decided that the program was to be assessed in two time frames; in May/June 2008, during the implementation of the Records Document Information Management System (RDIMS) and during the latter part of the project when it becomes fully operational.

1.2 Objectives

The objective of this report is to assess current records management practices, work of the RDIMS implementation that has been done up to date and the work that has to proceed to move the implementation to the next phase. The sets of objectives are:

  • Examine the capabilities of RDIMS to collect and store permanent and transitory records.
  • Examine the capability of RDIMS to collect and maintain confidential and secure records.
  • Determine whether user requirements and concerns are being fully met with the software and the implementation process.
  • Establish a comprehensive baseline against which the full implementation of RDIMS will be measured and compared and to provide short term and long term opportunities for improvement.
  • Assess management framework capacity and compare it with generally accepted best practices.
  • Ensure that the design and implementation of RDIMS is in compliance with Treasury Board of Canada's July 1, 2007 s.

The findings and recommendations are intended to provide input to the Internal Audit and Review Services Advisor, the Audit & Evaluations Committee as well as the IM Manager.

1.3 Approach

The assessment was conducted by a contractor, Ljubica Kuraica-Siveska, under the direction of the Internal Audit and Review Services Advisor, Tony Mitchell. The final report is based on information harvested from two primary sources: participant interviews and review of project practices, processes and related documentation. These were evaluated and analyzed to identify opportunities for improvement and develop recommended strategies. The work was organized into the following four stages:

Stage 1 - Documentation Review and Project Practices

In stage 1, extensive project documentation was collected and reviewed to establish the appropriateness of the project plan, the progress of the implementation to date and the potential influence of policies, practices, procedures and behaviors on the chances of success. In addition, information from the Treasury Board, other government departments and from outside sources was reviewed to determine legislative and policy requirements. Findings from previous studies and experiences and best practices of others were also reviewed. (A list of documents reviewed for this report is included in Appendix III)

Stage 2 - Interviews

30 participants were interviewed between May 21st, 2008 and June 13th. In order to get in-depth information, the interviewees (staff and managers) were selected from almost all of the Business Units and have various levels of involvement (some of them have already used RDIMS for 3+ years, while others are relatively new to the system). Each interview was conducted using a questionnaire and lasted between 30 min. to 1 hour. There was somewhat less participation in the interviews than originally expected; this may be explained by conflicting schedules/other commitments, resistance or simply that RDIMS is not fully implemented and not frequently used by some of them. The interview questionnaire (Appendix I) was prepared to capture the current user's perception to some of the key elements of the RDIMS Implementation.

Stage 3 - RDIMS Capacity Check Assessment

A successful IMR Implementation requires the efficient and effective transformation of business processes, technology and people skills. To assess the management framework, identify gaps between current and best practices, and provide advice on how to address the gaps, an IMR capacity check was conducted.

The objectives of the capacity check are to:

  • Compare against best practices.
  • Bring together all elements of the IMR management framework.
  • Form a comprehensive baseline of the current maturity state, against which the NEB will gauge progress over time.

The methodology and tool used for this assignment is based on the e-Government Capacity Check, originally developed by the KPMG Consulting LP. It consists of six key elements (as presented on Table 1 below) and evaluation criteria for each key element across a maturity model scale of 1-5. (Detailed description of the capacity check and scoring model is available in Appendix II).

Stage 4 - Response Formulation (Findings and Recommendations)

In this stage, 16 recommendations and 50 opportunities for improvement were identified and preliminary mitigation strategies were recommended before the results were validated (in draft form) with the Internal Audit and Review Services Advisor and IM manager. This final report was then developed and delivered.

Table 1 - RDIMS Capacity Check
Strategy Architecture Risk & Program Management
(Where we are going?) (What we are developing?) (How we are managing?)

Vision - Extent to which users and stakeholders have collaborated to develop the vision  statement, the degree of alignment with NEB's business strategies and Treasury Board direction and vision communication within the organization.

Governance - Effectiveness of the leadership and organizational accountabilities for the RDIMS to support the transformation.

Strategies, Plans and Policies - Extent to which existing business strategies, plans and policies are aligned with RDIMS.

Resource Commitment - The level of funding and degree to which financial and human resources are committed and aligned with the RDIMS strategy.

Business Model - Definition of the business processes essential for RDIMS.

Security - Definition of security technologies and standards to ensure that RDIMS transactions are secure.

Data - Definition of data objects to support integration of RDIMS applications.

Application - Definition of how RDIMS applications are designed, how they integrate with existing internal and external systems, and where they reside.

Technology - Definition of the technologies and standards for the technical components to host RDIMS initiatives.

Network - Definition of the communication infrastructure for the transmission of RDIMS information.

Risk Management - Mechanisms in place to identify, assess, mitigate, and monitor all risks, including government-wide, organization-wide and project-specific risks associated with RDIMS.

Portfolio Management - Mechanisms to plan, track, and evaluate the overall NEB Project portfolio.

Project Management - Mechanisms to manage projects in RDIMS program to ensure the optimal deployment of initiatives.

Business Transformation - Mechanisms to transform the organization's service delivery processes to an e-government business model.
Organizational Capabilities Values Management Performance Management
(What competencies are needed?) (Work with partners & clients?) (How we are doing?)

RDIMS Competencies - Mechanisms used to ensure that staff competencies in support of RDIMS initiatives are defined, acquired, developed and sustained for RDIMS design, delivery and ongoing operations.

RDIMS Tools & Techniques - Tools and techniques to support the organization in the design, delivery and ongoing operations of RDIMS.

Organizational Learning - The ability to capitalize on RDIMS knowledge through the access, sharing, and management of information within a learning organization.

 Relationship Management - Mechanisms and support for the formation of partnership between departments.

Customer Satisfaction - Mechanisms to measure, evaluate, and learn from users feedback on the effectiveness of RDIMS.

Privacy Compliance - Mechanisms to ensure that confidentiality and anonymity are maintained in the course of conducting RDIMS transactions.

Benefits Monitoring - Mechanisms to measure and assess the degree to which the expected benefits of the RDIMS program are being realized.

Predictability - Mechanisms to monitor and measure the reliability and availability of network, databases and RDIMS application systems and to compare them with predetermined service standards.

RDIMS Maturity Reporting - Mechanisms to measure and report on the organization's progress towards implementing RDIMS.

2. Interviews - Findings / Recommendations

The results presented in this section are based on information gathered through interviews with National Energy Board's staff and managers. A considerable amount of feedback from 30 interviewees was collected and organized into seven major areas. Closed questions from the questionnaire permitted the production of the charts presented in the following sections:

2.1 Adequacy and Effectiveness of Training

The majority of people (61%) thought that the training was "Mostly effective" and adequate. They think the training overall was good and the trainer's classroom style very interactive and user friendly. For some people the training was very informative but too basic, and it was noted that they need closer ties to how they will use it with their processes/procedures. There were comments that the online security information training was a bit dry and difficult to concentrate on.

Considering that RDIMS is not fully operational at this time (eg. File plan and process document's profiles have not been developed for most of the processes), the timing of the training for some users worked better than others.

Perceived Adequacy and Effectiveness of Training (%)

R1: Custom developed ( process based) follow-up training sessions as part of the QMS Engagement Process will be beneficial to deal with the paradigm shift. When developing the training incorporate lots of real life examples that are relevant to the daily process activities. For example: best and worst case scenarios, tips how to prevent them…etc. (This is action in progress; IM team is already working on something similar).

2.2 Frequency of Use

Most of the people received the training and have RDIMS on their desktops; however they don't know what to do next. Some of them are even advised by their team leaders not to use RDIMS until the file plan is developed. As illustrated on the graph below, it is obvious that most of the people rarely or never use RDIMS. Some of the major causes are:

  • File plan (structure) not developed for most of the processes. There are concerns about saving documents in "To be filed" directory and inability to locate them in future (Based on improper file naming conventions etc.).
  • RDIMS not being integrated with QMS and other technologies like ESIMS, ELEXIM, Translation software etc.
  • Lack of enforcement / accountability.
  • No timeframes associated with user acceptance.
  • Work overload / other priorities.
  • Perceived as user unfriendly and time consuming, etc.
RDIMS Frequency of Use (%)

R2 - Close-out Implementation and Commence Operations Phase. To start with a clean plate, start the integration with the QMS processes as a new project/phase. Revise the scope, objectives, milestones and deliverables for this phase and have them officially approved by the steering committee. To reflect that, revise all pertinent documents such as:

  • Project Plan
  • Program Strategy
  • Change Management Plan
  • QMS Process Engagements, etc.

R3 - Communicate the Objectives of the Operations Phase of the implementation. Communicate what the next steps are and clarify what happens with information/records storage produced by QMS processes that will not be integrated this year. Ensure that user perceptions are consistent. ("Let's Hear It from Leadership!" section on the iWeb could be one of the options).

R4 - Revise the IM Policy to clarify responsibilities and accountabilities for everyone involved (Then accountability could be monitored as part of the employee's RESULTS program).

R5 - Formalize the QMS Engagement Process to be officially accepted and "signed-off" by the Process Owner. At the moment, as part of the QMS Engagement Process, the process owner and stewards work together with the RDIMS team to develop an acceptable file plan, profiles and file naming conventions; however there is no associated time frame when RDIMS becomes the official document's repository. Once they produce output that is acceptable and agreed by the process owner, RDIMS should become mandatory and no excuses for not using it should be accepted. (After the process is accepted, documents migration should commence and access to the network directories should be blocked).

2.3 Stability and User Friendliness

Most of the people find RDIMS very stable and didn't experience any major problems. There have been few minor glitches that are relatively expectable for this stage; however most of them are solved at this time. Unlike system stability, there is a spread between perceptions on the user friendliness (as illustrated on the graph below). Many users are overwhelmed by the profile screen and feel that it's time consuming (especially for users who periodically deal with up to 600 documents a day). On the other side, some of the users who are using RDIMS for some time commented that it takes some time to get used to it, but after that it is straight forward to use.

Perceived Stability and User Friendliness (%)

R6 - Simplify the Profile Screen. It took some time for the profile screen do be developed to best serve most of the users on a corporate level and the profile screen was designed based on users feedback and needs. However in almost 100% of the cases most of the sections are not used and only the mandatory fields are populated. Although there is benefit for those fields to be part of the profile, if they are not used they are just adding to the overwhelming (time consuming) perception of the profile screen. As part of the Quality Assurance function, monitor if and which parts of the profile screen are used; if they continue to be unused re-assess the possibility of removing them.

2.4 Support and Communication

Although RDIMS support is not used that much at this stage (mostly due to the fact that not many employees are using RDIMS), half of the interviewees agreed that support is available, and RDIMS team is very responsive and professional. The other half believes that there is a space for improvement, mostly referring to the communication part of it. Some of the interviewees are aware that the IM page is available on the iWeb, but they think its "buried" in the background and hard to find, while most of them didn't even know that the page exists. It was determined that many of the interviewees weren't clear who to call for a support (i.e. service desk, RDIMS team, Documentation Services etc.). Further to that, there were comments that response to some questions was never received because most likely they were sent to the wrong person/group.

Perceived Support and Communication (%)

R7 - Communicate that Service Desk is central support contact. All inquires/questions should go through the Service Desk (This is already specified in related RDIMS documentation; however it needs to be better communicated). Then the Service desk can forward the issue to the appropriate personnel for further assistance. To ensure there aren't any outstanding issues, this should be monitored by producing periodically reports and statistics (e.g. monthly or quarterly if more appropriate).

R8 - Make IM page "visible". RDIMS affects almost all of the NEB employees. For a project of this nature, its page should be easily accessible and be available from the main page on the iWeb (something similar like the Process DashBoard). There are great knowledge management base and support tools like tips and quick guides available, unfortunately almost nobody knows about them.

R9 - Incorporate "Communications" into the project plan and engage them to play a major role in keeping employees informed with RDIMS latest developments. (The reason it should be officially incorporated in the project plan is to allocate Communications resources and to define/monitor pertinent deliverables).

R10 - Post all IMR related Processes/Procedures on the DashBoard. Some of the benefits could be:

  • Consistency with the other Business Processes.
  • Increase awareness and improve communication.
  • Opportunity to collect user's feedback directly.

2.5 Integration with QMS and Other Technologies

There are mixed feelings about the complexity of the RDIMS integration with the QMS Processes and other technologies; however interviewees all agree that the only way to ensure effective business integration and transformation is through a process focused approach. While some groups are confident that it will be a relatively smooth integration, other groups are finding it more complex and challenging. Most of them agree that there are workable solutions, however it will take a long time. Some of the main challenges are:

  • Immature QMS processes
  • Resources / Work overload.
  • Integration with other technologies (ESIM, ELEXIM etc.).
  • Process interactions and interdependencies.
Perceived Ability to Integrate with QMS and Other Technologies (%)

R11 - Keep the QMS community closely involved. "Information / Records" was one of the major gaps of the QMS Audit, so the RDIMS integration with QMS will definitely leverage that score. Considering the correlation and the impact on every QMS process, the QMS Manager should be kept informed. Additionally, some of the QMS documents (eg. "Procedure Template" which has "Information/Records" section as part of the template) will be affected, so it is important that these issues be addressed, standardized and communicated to process owners / stewards right at the beginning of the integration. (Based on a recommendation provided early in the audit phase, this recommendation is already initiated).

R12 - Group the interdependent processes together in the IMR QMS Process Engagement Plan in order to prevent user frustrations of navigating between multiple environments. (In progress, already addressed in the IMR Business Case - June 17, 2008).

R13 - Communicate which QMS processes are scheduled to be integrated this year. That will allow process owners to properly plan their involvement/resources (A few of the process owners commented that they don't have any related resources planned for this year).

R14 - Develop a plan for documents sharing between RDIMS integrated and non-integrated groups / processes. To reduce confusion and frustration clearly communicate how various groups will share information /records until RDIMS become fully operational.

2.6 Ability to Maintain Restricted Information

There is absolutely no doubt that RDIMS technology is capable and reliable of maintaining restricted and personal information; however there is a significant risk of human error based incidents. At this point, the application is not fully used, so only a couple of the interviewees experienced or knows of any incidents; however more incidents are expected to happen proportionally with the increased number of employees who use RDIMS. (One of the incidents was an actual document attached instead of a reference (link) to a document, enabling some unauthorized people to view it. Luckily it wasn't of a great sensitive nature, so no damage was caused….This is one of the few possible scenarios where sensitive information could be improperly exposed, again, based purely on human error.)

Perceived Ability in Keeping Restricted Information (%)

R15 - All security incidents should be documented and reported to the Security Manager. It is extremely important these incidents to be further analyzed. Based on the root cause a protection measure that will prevent similar incident happening again should be developed. (Measures should be commensurate with the seriousness and number of the incidents).

R16 - Additional training that will emphasize security. Real life examples of what could go wrong should be provided to all groups that are dealing with sensitive information more frequently (eg. Human Resources, Legal Services etc.).

2.7 Comfort Level with the Project Approach

As illustrated on the graph, most of the people are "somewhat" comfortable or "neutral" with the project approach. Some of the interviewees who already initiated the QMS Engagement Process are confident that it will be a smooth integration, and they don't see any major problems; however time and resources remain to be major obstacles. Small percentage of the interviewees felt uncomfortable with the project approach, mostly due to the complexity and the size of the IMR project, work overload and the available resources. Few users felt a bit demoralized as they commenced a file plan process some time ago, but they haven't heard anything since then. As stated before, lack of communication is evident and a few recommendations are already made in the previous sections.

Perceived Comfort with the Project Approach (%)

3. IMR Capacity Check

A successful IMR Implementation requires an efficient and effective transformation of business processes, technology and people skills. To assess the management framework, identify gaps between current and best practices, and provide advice on how to address the gaps, an IMR capacity check was conducted.

The mechanics of the Capacity Check are:

  • Current capabilities are assessed based on key elements of the IMR Capacity Check, and criteria provided for each key element (Detailed Criteria Rating Descriptions are available in Appendix II).
  • The capability descriptions are based on generally recognized best practices.
  • A rating system of "1" to "5" is used. A high rating does not necessarily mean "goodness", but rather, formality or maturity of capability. (Level "3" is considered the norm, while the ideal rating for any area is dependent on the needs and goals of the NEB, as well as the available resources at this time).

During the assessment all findings were consolidated and current capability levels for each criterion was identified as illustrated on the graph on the next page.

A few strong elements (capabilities) such as Project Management, Relationship Management and Technology are evident, while potential initiatives that IMR could pursue to improve its management foundation and practices are strongly suggested in the following areas:

  • Strategies, Plans and Policies
  • Risk Management
  • Benefits Monitoring
  • Predictability
  • Maturity Reporting
Mechanics of the Capacity Check

Detailed findings with opportunities for improvement are described below, in Table 2:

Table 2 - RDIMS Capacity Check Findings / Opportunities for Improvement

3.1 Strategy

Key Questions: Does the organization have a clear vision of RDIMS, and is this vision supported through the organization's strategies, plans and adequate resources? Is there senior management awareness of, and support for, the change involved in implementing the vision? Has an investment strategy been developed to fund future RDIMS projects and initiatives?

Vision (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • There has been an ongoing effort to obtain staff buy in.
  • Vision is integrated with the organization vision.
  • Staff input is considered critical.
  • The Implications of RDIMS are not yet fully understood by staff.
  • Communicate vision at working level - Process based.
  • Revise the communication plan and communicate RDIMS as a high priority item.
Governance (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • There is an RDIMS management structure which includes appropriate management and staff representation; however it is not revised to match current representation.
  • Although early in the operations phase, RDIMS team demonstrates capability in relationship building.
  • RDIMS governance structure needs to be revised and communicated, including a definition of roles, responsibilities and accountabilities.
  • RDIMS needs to be implemented in a coordinated and integrated manner across the organization. (Initiated)
Strategies, Plans and Policies (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • There is alignment between RDIMS and Treasury Board of Canada's Policy on Information, as well as most of the key business strategies.
  • Team leaders and staff are not highly committed and they don't feel fully accountable for RDIMS success.
  • Consistent methods for integrating RDIMS with QMS processes are initiated.
  • Managers and staff should be held accountable for RDIMS success.
  • Continuously update RDIMS business strategies and plans based on feedback from performance review and users.
  • Improve the awareness of the linkages between business strategies, plans and policies and RDIMS (Revise the IM Policy to reflect the RDIMS implementation, as per R4).
Resource Commitment (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • Future year resource requirements are being identified and addressed in light of new opportunities and organizational capabilities. (Business Case for QMS Process Engagement and RDIMS Evaluation Ver. 5.2 has been submitted for approval).
  • Resource commitments and operations strategy for the RDIMS should be dynamically adjusted based on benefits realization and customer satisfaction.
  • Models should be in place to assess resource requirements (Including QMS Process owners and stewards availability, communications etc.).

3.2 Architecture

Key Questions: Are service delivery processes sufficiently well defined and understood to support the transformation to RDIMS? Is the IM/IT infrastructure in place to manage the data, applications, hardware, software and networks for RDIMS?

Business Process Model (Maturity Level: 3)
Current Situation: Opportunities for improvement:
  • Overall business process architecture for RDIMS is being initiated within the organization.
  • Consistent business process methods and service delivery processes needs to be formalized/developed and in place to facilitate process transformation (They should be rapidly adaptive to allow process integration across organizational boundaries).
Security (Maturity Level: 3)
Current Situation: Opportunities for improvement:
  • Security architecture for RDIMS exists and is being applied consistently throughout the organization for all new initiatives. The architecture is regularly monitored; however stats/reports are not consistently produced.
  • A process should be in place to identify and correct security weaknesses in the architecture and practice.
  • Plan/Perform regular review/audits to assess compliance.
  • Monitor trends in technology to determine areas for improvement.
Data (Maturity Level: 2.5)
Current Situation: Opportunities for improvement:
  • Overall data architecture is being developed for RDIMS but it's not yet complete.
  • Other applications do not conform to RDIMS.
  • Convert other applications to conform to RDIMS.
  • Standards should be rapidly adaptive and adhered to across organizational boundaries, and provide a solid foundation for knowledge management/ information sharing).
Technology (Maturity Level: 4)
Current Situation: Opportunities for improvement:
  • The organization's infrastructure has been upgraded to conform to the technology architecture and to support increased demand for RDIMS services.
  • The technology architecture should be rapidly adaptive, reviewed and revised in light of new opportunities. (This is happening in practice but it is not consistently documented).
Network (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • There is a network architecture which describes the communication infrastructure which will be used for the transmission of data.
  • The network architecture should be rapidly adaptive, reviewed and revised in light of new opportunities. (This is partially happening in practice but it is not consistently documented).

3.3 Risk and Program Management

Key Questions: Has the organization adequately addressed the key risks in transitioning to RDIMS at the organization, project, and service program levels? Does the organization manage RDIMS investments proactively and monitor risks on an ongoing basis?

Risk Management (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • Some risk management factors are identified specifically for the IMR implementation project; however they are not regularly updated.
  • RDIMS risks are not integrated on organization-wide risk management framework.
  • Monitor IMR risks on an on-going basis, and develop action plans to avoid or mitigate risks (This is partially done; however it should be more detailed with specific steps identified).
  • Risk management should be highly integrated into the project management processes and organization-wide level.
  • Communicate significant risks and their implications to users and stakeholders on an ongoing basis.
  • Continuously evaluate the effectiveness of controls.
Portfolio Management (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • At the moment only limited tools and techniques exist to support planning, tracking and oversight of the IMR interdependencies with other projects.
  • Measurements of actual versus projected performance are partially happening as part of the project management process; however beside the timelines, meaningful measures of adoption should be developed and monitored.
  • Considering the complexity of the IMR and it's interdependencies with other groups/projects (QMS, IT/IS etc.), the implementation should be prioritized at the organization-wide and business line levels. (That will also ensure best match with the NEB's strategic goals overall).
  • Measurements of actual versus projected performance should be rigorously collected, evaluated, and communicated to stakeholders.
  • Implementation reviews are consistently conducted and lessons learned are fed back into the planning, tracking, and oversight phases.
Project Management (Maturity Level: 4.5)
Current Situation: Opportunities for improvement:
  • Organization-wide project management processes, standards, and tools exist to support RDIMS.
  • The majority of projects / milestones fall within acceptable performance limits and are controlled by a project management office.
  • There is open communication and trust among team members.
  • Incorporate baselines into the project plan.
  • Develop KPI (Key Performance Indicators) for each of the major milestones.
Business Transformation (Maturity Level: 3)
Current Situation: Opportunities for improvement:
  • A change management plan exists; however needs to be revised to clarify issues associated with the operations phase.
  • Working group and QMS Engagement teams have been established to initiate process integration.
  • Change agents have been identified and are committed to changing the organizational culture.
  • Detailed business cases have been updated and submitted for approval.
  • Revise the change management plan to clarify change management implications around RDIMS. (Clarify next steps, expectations, accountabilities etc.)
  • Establish methods for continuous improvement of RDIMS (Post related processes/procedures to the Process DashBoard to collect direct feedback).

3.4 Organizational Capabilities

Key Questions: Do the people, tools and knowledge necessary to transform traditional Information Management service delivery exist within the organization? Are the mechanisms in place to ensure staff acquires the skills and competencies necessary to deliver RDIMS?

Competencies (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • Organizational competencies have been assessed at the position level and some gaps have been determined.
  • Sufficient resources with the required skills are in place.
  • Training is ongoing.
  • The workforce's requisite knowledge, abilities and skills should be constantly monitored to identify opportunities for improvement.
  • Competency building programs should be ongoing.
Tools & Techniques (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • Staff has access to various tools, and techniques to support process / data mapping, testing, network monitoring, customer usage, etc.
  • Staff has been provided training on the use of some of these tools and few of them are actively used.
  • Access to the knowledge database and the RDIMS tools has been centralized (iWeb page); however most of the users are not aware of its existence.
  • New tools and updates to existing tools and techniques should be regularly assessed and mechanisms to integrate world wide best practices should be developed.
  • Refer to R8 - Make the IM page more "visible".
Organizational Learning (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • Organization-wide training and knowledge sharing technologies have been initiated.
  • The sharing of knowledge and best practices to support RDIMS should be encouraged and rewarded (eg. Monthly/Quarterly awards/prizes). IM Manager is already working on something similar.
  • The concept of organizational learning should be incorporated into the values of the organization and is consistently applied to improve all RDIMS work processes.
  • Organizational learning processes within the organization should be continuously assessed and revised in light of best practices and opportunities for improvement.

3.5 Value Chain Integration

Key Questions: Are customers, partners and suppliers aware of, and willing to support, RDIMS? To what extent can the organization build on existing partnerships and customer relationships to achieve greater integration of services through RDIMS?

Relationship Management (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • RDIMS partnering mechanisms are in place to define the contributions of each partner as well as the benefits.
  • There should be a well-defined framework for developing future partnerships (Initiated).
  • There should be continuous cooperation in the development of RDIMS plans, service delivery, technology development, and the sharing of resources, knowledge and risks.
  • Set and measure performance, identify gaps.

3.6 Performance Management

Key Questions: Is the organization monitoring service metrics and customer satisfaction and adjusting accordingly? Are there mechanisms in place to measure system reliability and availability?

Customer Satisfaction (Maturity Level: 3)
Current Situation: Opportunities for improvement:
  • Multiple channels are used to obtain information on customer needs and the actual and perceived quality of RDIMS.
  • Results are tracked over time, and considered in planning/ upgrading RDIMS at the business line level.
  • Users are able to provide input into program design.
  • Customer satisfaction should be measured at regular intervals on a widespread basis. Results should be consolidated and overall trends analyzed and reported in a timely manner. (To ensure consistency and prevent redundancy with other groups/projects this should be coordinated with "Communications").
  • Information on customer satisfaction should be shared across the organization and published externally. (Increasing customer satisfaction results should be evident).
  • Customer satisfaction should influence ongoing business planning and drive program design and service delivery decisions.
Privacy Compliance (Maturity Level: 3.5)
Current Situation: Opportunities for improvement:
  • The organization can demonstrate compliance with all aspects of the privacy act for RDIMS.
  • All privacy requirements are communicated (training is ongoing) throughout the organization and are consistently applied to RDIMS initiatives.
  • Mechanisms should be in place to audit adherence to the privacy policy on a regular basis (intervals) and to take any required corrective actions.
  • Users and partners should have full confidence that privacy compliance has been integrated into the development of all RDIMS initiatives.
Benefits Monitoring (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • Basic mechanisms like "Documents created by group by month" and "Documents accessed by group by month" exist.
  • Benefits for all RDIMS initiatives should be well defined, monitored and measured and used by senior management to influence investment decisions and to enhance screening and selection decision criteria.
  • The realization of projected benefits should be shared across the organization.
Predictability (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • Some mechanisms are being developed to monitor turnaround times and service delivery predictability (e.g. reliability, availability etc.).
  • Develop RDIMS Service Standards and regularly monitor and measure performance against service standards. Results should be consolidated on an organization-wide basis, and overall trends should be analyzed and reported in a timely manner.
  • RDIMS delivery performance should influence ongoing business planning decisions.
Maturity Reporting (Maturity Level: 2)
Current Situation: Opportunities for improvement:
  • RDIMS team has begun to identify a baseline set of key programs and services for the RDIMS integration with the QMS processes.
  • Baseline has been already established and presented in this report; next steps should be:
    • Confirm capability levels and targets
    • Prioritize the opportunities
    • Develop an action plan to pursue the high priority areas
  • Use the maturity criteria for self-assessment to gauge progress over time. (Ongoing measurement of the RDIMS maturity will allow NEB to adjust RDIMS to ensure success).
  • Trend analysis should demonstrate an increasing capability to deliver customer satisfaction and significant proportion of records and documents managed through RDIMS with a high level of integration with other applications.

Appendix I - RDIMS Implementation Interview Questionnaire

Name (Optional):

Business Unit:

Team:

Date:

As part of the RDIMS Renewal Program Assessment, the following template will be used for a series of interviews planned between May 21st, 2008 and June 13th, 2008. The purpose of these interviews is to:

  • Examine the capabilities of RDIMS to collect and store permanent and transitory records.
  • Examine the capability of RDIMS to collect and maintain confidential and secure records.
  • Determine whether user requirements and concerns are being fully met with the software and the implementation process.
  • Establish comprehensive baseline against which the full implementation of RDIMS will be measured and compared.

The results will be compiled and presented to the Internal Audit and Review Services Advisor at NEB, along with the complete assessment of the RDIMS Renewal Program.
1. Have you received training regarding your responsibilities relative to RDIMS and how to meet them? Was the training adequate and effective?

Checkbox Yes
Checkbox Mostly
Checkbox A Little
Checkbox Not at all

 Comments:
2. Are you using RDIMS for saving information? Checkbox Yes Checkbox No

If Yes, how often?
Checkbox Daily
Checkbox Weekly
Checkbox Monthly
Checkbox Never

Do you find RDIMS to be stable?
Checkbox Yes
Checkbox Partly
Checkbox A Little
Checkbox Not at all

Do you find RDIMS to be user friendly?
Checkbox Yes
Checkbox Partly
Checkbox A Little
Checkbox Not at all

 If No, please explain why:
3. RDIMS support is available and appropriate communication style is used?

Checkbox Yes
Checkbox Mostly
Checkbox Needs Improvement
Checkbox Not at all

 Comments:
4. How do you oversee the RDIMS integration with your QMS process and other technologies?

Checkbox Easy
Checkbox Minor difficulties
Checkbox Major difficulties
Checkbox Will not integrate

 Comments:
5. Do you feel RDIMS is successful in keeping sensitive and personal information restricted to the audience the information is intended?

Checkbox Yes
Checkbox Mostly
Checkbox Needs Improvement
Checkbox Not at all

 Comments:
6. How comfortable are you with the approach and plan for completing the RDIMS project?

Checkbox Very
Checkbox Somewhat
Checkbox Neutral
Checkbox Uncomfortable

 Comments:
7. What do you consider to be the major issues and challenges in the existing RDIMS implementation phase?

Comments:

 

Appendix II - RDIMS Implementation - Maturity Criteria Description

The RDIMS Implementation maturity criteria is based on the e-Government Capacity Check diagnostic tools developed by KPMG Consulting LP. It consist of six key pre-defined elements as presented below, and evaluation criteria for each key element across a maturity model scale of 1-5. The results will be compiled to create a comprehensive baseline against which the NEB will gauge the RDIMS implementation progress over time.
  1 2 3 4 5
Vision There is no clearly defined vision for the implementation of RDIMS. Senior management is aware of the need for the organization to adopt the RDIMS paradigm. Steps are being taken to develop and communicate the vision. The vision is clearly articulated, well understood by staff and integrated with the organizational vision and business model. While senior management has led the development of the vision, there has been a conscious effort to obtain staff buy in. Staff input is considered critical in refining the organization's vision. The vision is consistent with the NEB's direction and customers, suppliers and business partners have been consulted. Staff, customers, suppliers and business partners are all actively involved in shaping the organization's vision. The vision is continually refined to address customers needs and technology evolution.
Governance There is no formally designated champion and organization to lead the RDIMS program. A primary RDIMS champion has been identified and management of the RDIMS initiative is among his/her responsibilities. The champion is supported by a cross-functional team whose accountabilities involve both management and technology. RDIMS champions have been identified and meet informally and irregularly with senior management to provide updates on progress. Accountabilities for implementing RDIMS are well defined and understood. There is an RDIMS management structure which includes appropriate management and staff representation. RDIMS is being implemented in a coordinated and integrated manner across the organization. The RDIMS structure is effective in overseeing the transformation of government and has a demonstrated capability in decision-making, relationship building and stake-holder communications.
Strategies, Plans, and Policies There is no alignment between existing business strategies, plans and key policies (such as Treasury Board of Canada's Policy on Information Management) and the RDIMS program. Business strategies, plans and policies are aligned with the RDIMS program plans for some organizational units. Managers provided input into the development of these plans. Limited effort is made to align and consolidate these strategies, plans and policies. RDIMS plans are fully integrated and aligned with business strategies, plans and policies. Desired results, priorities and resources are clearly stated and aligned with the RDIMS plans. Managers fully participated in the development of these RDIMS plans. Management and staff have a high level of awareness of the linkages between business strategies, plans and policies and RDIMS. Mechanisms exist to measure the achievement of RDIMS targets in the plans. Managers are highly committed and feel accountable for their success. The business strategies, plans and policies are continuously updated based on feedback from performance reviews, customers, suppliers and business partners and these updates are fully synchronized with the RDIMS program.
Resource Commitment Senior management is aware of the need for funding and limited funding exists to support the RDIMS Program. Resource requirements have not been identified. Senior management has made the initial funding and resource commitments, but they are inadequate to achieve the objectives stated in the vision. Short-term resource requirements have been identified. Senior management has made adequate funding and resource commitments for the initial investment in RDIMS. Funding re-allocations have been made to support transition to RDIMS. Future year resource requirements are being identified and addressed in light of new opportunities and organizational capabilities. Models are in place to assess resource requirements. Resource commitments for the RDIMS program are dynamically adjusted based on benefits realization and customer satisfaction.
Business Process Model An overall business process architecture in support of RDIMS does not exist for the organization. There is no consistent definition of the business processes in use within the organization. An overall business process architecture for RDIMS is being developed within the organization, but is not yet complete and up to date. Methods for describing business processes vary between organizational units. Organization-wide business process models for RDIMS have been defined and all new capabilities are developed using these methods. Consistent methods for creating business process descriptions are in place across the organization. There are widely available automated tools which support these methods. There is wide-spread expertise in the use of these tools. Business process methods are in place to facilitate process transformation. These methods are rapidly adaptive and allow for process integration across organizational boundaries.
Security The organization does not have security architecture to support RDIMS initiatives. RDIMS security architecture is being developed that gives guidance on new technologies, standards and policies. Security has not been consistently implemented across the organization. Security architecture for RDIMS exists and is being applied consistently throughout the organization for all new initiatives. Trends in technology are being monitored to determine areas for improvement in the security architecture. A process is in place to identify and correct security weaknesses in the architecture. Security weaknesses are identified and corrected using automated capabilities, such as self-healing networks. There are regular reviews/ audits to assess compliance.
Data An overall data architecture in support of RDIMS does not exist for the organization. There is no consistent definition of the data objects in use within the organization. An overall data architecture is being developed for RDIMS, but is not yet complete and up to date. Data management standards such as the definition of data objects vary between organizational units and data transfer across organizational boundaries is costly and difficult. Organization-wide data management standards have been defined and new applications adhere to this standard. Older applications need to be converted to conform to the standard. Consistent standards for data formats and data transfer, and data object definitions are in place across the organization. There are widely available tools which support access to data objects across multiple platforms. There is wide-spread expertise in the use of these tools. Consistent data management standards are in place across the organization and are compatible with those used externally, and thereby facilitate communication with customers, suppliers and business partners. Standards are rapidly adaptive and adhered to across organizational boundaries, and provide a solid foundation for knowledge management/ information sharing.
Technology There is no technology architecture that describes the technical components that provide the foundation for RDIMS. Work has been initiated on technology architecture for RDIMS. Some technology architecture decisions have been made independently at the organizational unit level. There is a technology architecture which describes the standards for technical components to be used in RDIMS. Some legacy technology may still exist within the organization. The organization's infrastructure has been upgraded to conform to the technology architecture and to support increased demand for RDIMS services. The technology architecture is rapidly adaptive and is being regularly reviewed and revised in light of new opportunities.
Network There is no network architecture that describes RDIMS communications between organizational systems, customers and partners. An overall network architecture to support RDIMS has been initiated. Non-standard communication pathways exist within the organization. There is a network architecture which describes the communication infrastructure which will be used for the transmission of data, but not all of these capabilities have been implemented. The network architecture is rapidly adaptive and is being regularly reviewed and revised in light of new opportunities and resources available. The organization's network has been upgraded to conform with the network architecture and to support increased demand for RDIMS services.
Risk Management No risk management measures are in place. Concept of risk management is not well understood in the context of RDIMS. Some risk management policies and guidelines are in place. No policy or guidelines exist at the organization-wide level for RDIMS. Organization-wide issues are dealt with on a "one-off" basis as they arise. Organization-wide risk management framework and policy are in place for RDIMS. Major risks are identified and plans developed to mitigate risks. Managers are familiar with risk management concepts and techniques in the context of RDIMS. Risk assessment is done extensively at the project level. Major risks are highlighted in strategic, business, and project plans. Systems and processes are in place to monitor risks and to determine acceptable risk levels. RDIMS risk management is fully integrated with the organization-wide risk management program. Managers are trained in risk assessment techniques and tools. Organization-wide risks are monitored on an on-going basis, and action plans are in place to avoid or mitigate risks. Risk management is highly integrated into program/ project management processes. Significant risks and their implications are communicated to customers and stakeholders on an ongoing basis. Effectiveness of controls is continuously evaluated.
Portfolio Management No portfolio management processes exist to plan, control, monitor, and evaluate the progress of RDIMS investments. Portfolio management is fragmented within the organization. Limited tools and techniques exist to support planning, tracking, and oversight. RDIMS investments are being managed at the organization level using a standard portfolio management process. Standard tools and techniques exist to support planning, tracking, and oversight. Interim results are monitored and used to decide whether to cancel, modify, continue, or accelerate the project. Post implementation reviews are consistently conducted and lessons learned are fed back into the planning, tracking, and oversight phases. Measurements of actual versus projected performance are rigorously collected, evaluated, and communicated to stakeholders. Project mix in the RDIMS investment portfolio evolves with the vision and represents the best match with the NEB's strategic goals.
Project Management Little or no project management processes, standards, and tools exist in the organization. Minimal capability to lead or manage RDIMS exists in-house. Project management processes, standards, and tools exist within the organization but are not consistently applied. Less than rigorous scope, cost, schedule, quality, and issue management leads to project performance shortfalls. Organization-wide project management processes, standards, and tools exist to support RDIMS. The majority of projects / milestones fall within acceptable performance limits and are controlled by a project management office. RDIMS project teams are highly productive and deliver the optimal balance between cost, schedule, and quality. Stakeholder expectations are well managed. RDIMS projects demonstrate a balance between technical, business and social issues. The project team environment is low stress with low staff turnover. There is open communication and trust among team members. Stakeholder expectations are consistently met or exceeded.
Business Transformation There has been little or no consideration given to the cultural and business process changes required for success in the proposed RDIMS environment. Management is aware of service delivery opportunities. A change management process exists within the organization. Key change management implications have been identified around RDIMS. Teams have been established to initiate process re-design. Social and technical designs have been developed for key service programs and initial business cases and transition plans have been approved. Change agents have been identified and are committed to changing the organizational culture. Detailed design and implementation plans for priority services have been approved and pilot projects initiated. Detailed business cases have been updated and resources have been allocated to RDIMS. The organization is ready to support and sustain operations in an environment which delivers services through both traditional channels as well as RDIMS delivery. The organization has established methods for continuous improvement of RDIMS.
Competencies RDIMS competencies (knowledge, abilities, skills and behaviors) are not clearly defined or commonly understood. Competency building programs are not available. RDIMS competencies have been identified; however, the current organizational competencies have not been assessed. Limited competency building programs to support RDIMS, such as training, self-learning, staffing, sourcing, etc. are underway. Organizational competencies have been assessed at the position level and the gaps have been determined. Competency building programs to address these gaps are in place. Sufficient resources with the required skills are in place. Most key competency gaps have been addressed. The workforce demonstrates the requisite knowledge, abilities and skills to successfully transform key programs and services for RDIMS. Staffing and training are ongoing and high priorities. RDIMS competencies are an integral part of the organization's goal setting process. There are no significant competency gaps within the organization and any forecast gaps are proactively addressed. Training is ongoing.
Tools & Techniques Limited tools and techniques are available to assist employees in the planning, delivery and evaluation of RDIMS. Limited awareness of tools availability. Basic tools are in place to support RDIMS; however, staff do not have the skills or knowledge to use the tools effectively. New tools required for RDIMS have been identified, and are being developed or acquired. Staff has access to various analytical models, tools, and techniques to support process / data mapping, testing, network monitoring, customer usage, multimedia, etc. Staff have been provided training on the use of these tools and are actively using them. Expertise on the application of key RDIMS tools and techniques is widespread in the organization. Access to and knowledge on the use of RDIMS tools has been centralized in an organization-wide repository (e.g. intranet site). New tools and updates to existing tools and techniques are being regularly assessed and acquired in light of evolving RDIMS requirements. Mechanisms exist to integrate world-wide best practices in the application of RDIMS tools and techniques.
Organizational Learning The organizational culture is not conducive to a knowledge sharing environment and limited information management processes are in place. Mechanisms or structures to encourage organizational learning or the acquisition and dissemination of RDIMS related knowledge are not evident. Deployment of the organizational learning concept has been initiated and processes exist to support information acquisition and storage. Access to intellectual capital and knowledge sharing across organizational boundaries is limited. Organizational learning initiatives are widespread at the organizational unit level. Senior management recognizes the importance of knowledge sharing within various parts of the RDIMS program and is supportive of collaborative mechanisms and structures to encourage knowledge transfer and lessons learned. Organization-wide knowledge sharing technologies have been implemented to capture, create and disseminate knowledge and best practices. The sharing of knowledge and best practices to support RDIMS is encouraged and rewarded. The concept of organizational learning is incorporated into the values of the organization and is consistently applied to improve all RDIMS work processes. Organizational learning processes within the organization are continuously assessed and revised in light of world class practices.
Relationship Management The organization currently participates in a limited number of RDIMS partnerships. The organization currently participates in a limited number of RDIMS partnerships. Mechanisms are in place to work with partners to define the contributions of each partner as well as the benefits. There is sharing of the facilities and infra-structure used to support RDIMS. RDIMS partnering mechanisms are in place to set and measure performance, identify gaps, ensure that partners continue to work effectively together, and to validate the partnership relationship to ensure its continued relevance. There is a well-defined framework for developing future partnerships. There is cooperation in the development of RDIMS plans, service delivery, technology development, and the sharing of resources, knowledge and risks.
Customer Satisfaction Customer needs and expectations are unknown, and there are no mechanisms to assess perceived RDIMS service quality. Customer feedback is obtained in an informal manner. Customer feedback is encouraged but it is not handled in a timely or effective manner. Basic mechanisms (e.g. e-mail) exist to assess customer expectations and the quality of RDIMS. Limited mechanisms exist to incorporate customer feedback into the service delivery process, and to consolidate the feedback on an organization-wide basis. Multiple channels are used to obtain information on customer needs and the actual and perceived quality of RDIMS. Results are tracked over time, and considered in planning/ upgrading RDIMS at the business line level. Customers are able to provide input into program design. Customer satisfaction is measured at regular intervals on a widespread basis. Results are consolidated on a department-wide basis, and overall trends are analyzed and reported in a timely manner. Customer satisfaction influences ongoing business planning and drives program design and service delivery decisions. There is transparent, constructive, and ongoing consultation with customers on an organization-wide basis. Information on customer satisfaction is shared across the organization and is published externally. The organization has demonstrated increasing customer satisfaction results. Customers are given the opportunity to participate in program and service delivery design.
Privacy Compliance Mechanisms are not in place to ensure that RDIMS is in compliance with the Privacy Act. The organization has initiated a program of privacy compliance for RDIMS. Privacy impact assessments are conducted on an ad hoc basis at the project level. The organization can demonstrate compliance with all aspects of the privacy act for RDIMS. This addresses issues such as the definition of private information and the sharing of data with other organizations. Training programs are provided for conducting privacy impact assessments. All privacy requirements are communicated throughout the organization and are consistently applied to RDIMS initiatives. Privacy impact assessments are performed on a regular basis (intervals). Mechanisms are in place to audit adherence to the privacy policy on a regular basis (intervals) and to take any required corrective actions. Customers and partners have full confidence that privacy compliance has been integrated into the development of all RDIMS initiatives.
Benefits Monitoring There are little or no mechanisms in place to measure and assess the degree to which the expected benefits of RDIMS are being realized. Benefits monitoring is encouraged and basic mechanisms exist to support the measurement of actual versus projected benefits. There are tools and techniques available to support benefit tracking at the project level. Benefits monitoring results are used on a limited basis to influence project decision making. Expected benefits are rigorously tracked over time at the project level. Key project decisions are made based on benefit tracking. Benefits of RDIMS are consolidated at the portfolio or organization-wide level. Benefits for all RDIMS initiatives are tracked and used by senior management to influence investment decisions and to enhance screening and selection decision criteria. The realization of projected benefits is shared across projects.
Predictability There are no mechanisms or program service standards in place to measure the reliability and availability of the RDIMS and the infrastructure used. Some program service standards have been published, and new mechanisms are being developed to monitor turnaround times and service delivery predictability (e.g. reliability, availability etc.). RDIMS performance is regularly monitored and tracked against service standards. RDIMS is tuned and re-engineered in light of performance shortfalls. RDIMS performance is measured at regular intervals. Results are consolidated on an organization-wide basis, and overall trends are analyzed and reported in a timely manner. RDIMS delivery performance influences ongoing business planning decisions. RDIMS service levels compare favorably with government-wide service standard principles for the electronic channel. The organization has demonstrated increasing levels of reliability and availability.
Maturity Reporting A baseline set of key programs and services destined for RDIMS has not been identified and there is no reporting of the level of maturity achieved. An organizational framework for maturity reporting exists. Organizational areas have begun to identify a baseline set of key programs and services for electronic service delivery. They have some capability to report on the status of their RDIMS initiatives. All key programs and services destined RDIMS have been identified. All organizational areas are routinely reporting progress towards the vision and maturity status to senior management and central agencies. Ongoing measurement of the RDIMS maturity allows NEB to adjust RDIMS to ensure success. Trend analysis demonstrates an increasing capability to deliver customer satisfaction. An efficient and timely system is in place for measuring progress against RDIMS targets. RDIMS maturity compares favorably to external benchmarks. A significant proportion of records and documents are managed through RDIMS with a high level of integration with other applications / services.

Appendix III - Documents Reviewed

Document Name RDIMS #
NEB_IM_Renewal_Imp_Strgy_Executive_Summary 217352
Project Charter Checklist - Information Management Renewal 217347
IMR costing resourcing 234241
Work Breakdown Structure - Information Management Renewal 228103
Project Plan - Information Management Renewal 217351
RE: IMR - Project Charter / Plan 08-09 234625
IMR Legal Services Engagement Interview 217381
IMR Human Resources Engagement Interview 217380
IMR Frontier Engagement Interview 217379
IMR RM Group Engagement Interview 217377
Sharepoint and RDIMS 235136
IMR Status Report to Steering Committee 217387
Project Charter - Information Management Renewal 217348
Status Report IMR ExTeam June 26th 2007 234214
Status Report IM Renewal ExTeam March 26th 2007 234208
IMR Working Group Agenda May 2 2008 234614
Project Assessment YearEnd Q4 2007-2008 234615
Project Performance Assess Q3 2007-2008 234617
IMR Project Charter 2008-2009 235517
NEB IM Framework and Governance 234259
Statement of Work - NEB IMR Steering Committee 234258
Review and Review and Learn NEB IMR Business Rules 234265
NEB IM System Requirements 219891
IMR Information Flow 234291
NEB IM Business Rules Byron Goodall Review 234270
Engaging PP&C Planning and Engagement 220710
RDIMS Business Rules Task List 220952
Roles and Responsibilities - Information Management Renewal 234287
IMR Weekly Change Management List of Issues 235516
NEB IMR Identified Procedures and Processes 234293
IMR - PMO Project Engagement - Recommendations 234120
QMS Process Client Engagement 234546
QMS Project Management IMR Engagement Agenda 233182
Documents Created by Group by Month 2008 - Jan to April 232983
Documents by month 2007 232981
Reports 232970
QMS IMR Process Engagement 228863
IM Metadata Standard 219292
Groups and CV's maintained in RDIMS 222410
IMR Security Group Access Strategy 234308
Roles and Responsibilities - Information Management Renewal 234287
Subsidiary Management Plan - IMR Change Management Plan 234280
Project Change Request - March Change Management Minutes 230773
NEB_Change_Request_Log 220414
IM Renewal Issues Log 217834
Individual Engagement Interviews 217363 - 217375
RDIMS Fit-Gap Analysis Recommendations 2 178493
Public Folder Structure draft 234274
IMR Weekly Change Management List of Issues 235516
RDIMS Training Action Log 220130
Strategic Plan Notes to be added to training plan 218573
RDIMS Quick Reference Card - Importing Multiple Documents 218625
RDIMS Quick Reference Card - Searching for Documents 218624
RDIMS Quick Reference Guide - Searching 218683
RDIMS Student Course Evaluation Form 219208
RDIMS Student Manual DM5 219326
RDIMS Tips & Tricks 219980
RDIMS Document Naming Conventions 221271
New Employee Security Awareness Presentation 232412
Executive RDIMS Presentation 229216
RDIMS Workshop Descriptions 234196
RDIMS Workshops Sign-in Sheet 230797
RDIMS Training Status 230692
RDIMS Training Schedule Starting May 2008 233904
ACL Problem - IS Records Managers 231683
Roll Out Options 225645
Tasks List for PROD - technical 225371
IMR Coaching Requirement 234230
2008-03-31 Reports on RDIMS Coaching 231267
RDIMS Coaches List 226018
Coaches Training Course Plan 223978
RDIMS Coaches Training - Qualities of a Good Coach 229026
RDIMS Coaching Expectations and Responsibilities 223459
Legal Services / RDIMS meeting notes 233352
QMS process engagement plan 229238
IMR Tip Sheet - Public Folders 229903
RDIMS Public Folders - Pilot for the Office of the Secretary 231771
IM Renewal Transition Strategy 234306
QMS Hearing Non Hearing IMR Engagement Agenda 234963
Hearing and Non-Hearing Process Engagement Doc Analysis 234966
2008-06-09 Minutes - QMS Engagement Meeting 237015
QMS Project Management IMR Engagements Agenda 233182
IMR - PMO Project Engagement - Recommendations 234120
MS Project Management IMR Engagement Agenda 233182
PMO Engagement Recommendation 234151
QMS Engagement Initial Meeting - Energy Market Assessment 236249
Review and Learn - IM Framework and Governance 233812
Review and Learn - Working Group and Steering Committee 233811
MR SWOT 236299
InfoRM Business Case (Draft; v0.8 - Published) 178472
InfoRM Business Case (Draft; v0.8 - Published) 178426
Notes from CAR Training Debriefs 178447
Process Engagement and RDIMS 5.2 Business Case 235816
Document Name (External Documents) Date
NEB Records Renewal Program - Review and Risk Assessment Aug-06
Review of Records Management Practices - Final Report Mar-03
NEB Records and Information Management Policy Oct-05
Treasury Board of Canada - Policy on Information Management Jul-07
Treasury Board of Canada - Evaluation Policy Apr-01
Treasury Board of Canada - Policy on Management of Information Management Jul-07
Treasury Board of Canada - Policy Framework for Information and Technology Jul-07
Treasury Board of Canada - Policy in Internal Audit Apr-06
Treasury Board of Canada - IM Policy Implementation Jul-07
Treasury Board of Canada - Information Technology Security  
References
http://www.tbs-sct.gc.ca/tbs-sct/index-eng.asp
http://www.collectionscanada.gc.ca/information-management/002/007002-2012-e.html
http://wbln0018.worldbank.org/archives/learning.nsf
/434450dc9d18b47585256625004a9567/e75faf2068f983df85256a010071f87e?OpenDocument
http://publiservice.tpsgc-pwgsc.gc.ca/publiservice/text/hr-e.html
http://www.collectionscanada.gc.ca/information-management/002/007002-2003-e.html
http://www.tbs-sct.gc.ca/emf-cag/risk-risques/tools-outils-eng.asp

 

Footer

Date Modified:
2011-10-28