Western Economic Diversification Canada
Symbol of the Government of Canada

Common menu bar links

Objective

The objective of the audit is to determine whether WD has in place an effective IMT governance framework and practices that meet GoC and WD policy requirements.

Scope

The scope of the audit included the IMT governance activities related to:

  • IMT strategic planning;
  • IMT organization;
  • IMT project oversight;
  • IMT risk management;
  • IMT policies;
  • IMT investments and budgets; and,
  • IMT performance standards.

The audit did not include a review of IMT activities related to IMT architecture management, IMT asset management, IMT application and database change management, IMT operations and support, and IMT security, disaster recovery and privacy.

Approach and Methodology

The approach and methodology used for the audit were consistent with the Internal Audit standards as outlined by the Institute of Internal Auditors (IIA), and were aligned with the Internal Audit Policy for the Government of Canada (GoC).

A risk-based audit program was completed to obtain sufficient and appropriate audit evidence. Specific audit procedures performed included:

  • Review of policies and procedures related to IMT governance;
  • Review of strategic plans, committee terms of reference and meeting minutes;
  • Review of a sample of IMT -related projects (as it related to project oversight); and,
  • Interviews with targeted individuals within WD management and the IMT Directorate.

WD strives to maintain a control framework for IMT governance that is reflective of Federal Government policies and industry leading practices. Consequently, relevant sections from the following documents were used in developing the audit criteria:

  • Control Objectives for Information and related Technology(COBIT 4.1) framework established by the Information Systems Audit and Control Association (ISACA); and,
     
  • Management Accountability Framework (MAF) that sets out the Treasury Board's expectations of senior public service managers for good public service management. Relevant MAF Areas of Management include: Effectiveness of IM, and Effectiveness of IT.

WD is also subject to Treasury Board Secretariat (TBS) Policy requirements related to the Management of IT and IM, and these requirements were leveraged as they relate to IMT governance.

The application of the audit procedures was intended to allow the formulation of a conclusion as to whether the audit criteria established for this audit were being met.  Evidence was gathered in compliance with Treasury Board policy, directives, and standards on internal audit, and the procedures used meet the professional standards of the Institute of Internal Auditors (IIA). Standards for evidence were followed to ensure that information is sufficient, reliable, relevant, and useful to draw conclusions and meet the objective of the audit.