RCMP

Royal Canadian Mounted Police, Chief Information Officer Sector

Action Plan

To Address Recommendations from Spring 2010 OAG Aging Information Technology Systems Report

Recommendation 1.59 - Risk Monitoring with Organizations
Human Resources and Skills Development Canada, Public Works and Government Services Canada, Citizenship and Immigration Canada and the Royal Canadian Mounted Police should develop an action plan for each significant aging IT risk. The plans should include specific strategies, key activities, deliverables and timelines to manage these risks. These entities should report progress regularly to senior management.

RCMP Action:
The RCMP will develop specific strategies, key activities, deliverables, and timelines to manage these risks. As of January 2010, significant IT program risks associated with aging systems are reported on the corporate RCMP Risk Register, in compliance with Treasury Board Risk Management Policy. Risk management updates will occur on a quarterly basis.
The RCMP Chief Information Officer Sector has established risk management processes to ensure IT assets are adequately protected and could be recovered or replaced within the department’s tolerance for loss. Since January 2010, IM/IT program risks were monitored at the corporate level through the Integrated Risk Management process and supported by the corporate Risk Register. To validate the risk assessment, the Chief Information Officer Strategic Review Council was created in September 2008 and is responsible for identifying emerging IT risks and providing, recommendations, strategic advice and guidance to the Senior Executive Committee. These activities including the Strategic Review Council risk reporting to senior management are provided in the table below:

Activity		Responsibility	Date	Status
Establish IM/IT Program Risk Management Process		CIO	2011-Mar-31
1	Consult with RCMP Strategic Policy and Planning Directorate on the corporate Integrated Risk Management process and policy	CIO Planning	2009-Nov-01	√
2	Establish process to integrate IM/IT Program risk management	CIO Management Team	2009-Dec	√
3	Establish CIO Sector process to evaluate IM/IT Program risks	CIO Management Team	2009-Dec	√
4	Establish Risk Management Team for the IM/IT Program	CIO Management Team	2009-Dec	√
5	Develop internal communications strategy	CIO Planning	2011-Mar-31
Conduct IM/IT Program Risk Assessment		CIO Management Team	2012-Mar-31
1	Identify and evaluate program risks	CIO Management Team	2009-Apr	√
2	Determine specific strategies, key activities, deliverables and timelines to manage risks (1)	CIO Management Team	2009-Apr	√
3	Document Risk Assessment Information in Corporate IM/IT Plan	CIO Management Team	2009-Apr	√
4	Identify and evaluate risks relative to Aging IT Systems	CIO Management Team	2012-Mar-31
5	Determine specific strategies, key activities, deliverables and timelines to manage risks (4)	CIO Management Team	2012-Mar-31
6	Document Aging IT Systems Risk Assessment Information and link to planning activities (i.e. evergreening, radio modernization, etc.) in the Corporate IM/IT Plan	CIO Planning	2012-Mar-31
Report IM/IT Program Risks to Senior Management		CIO	2011-Mar-31
1	Integrate IM/IT Program Risks into the Corporate Risk Profile Report top 5 IM/IT Program Risks on Corporate Risk Register	CIO Planning	2010-Jan	√
2	Report IM/IT Program Risks to RCMP Integrated Risk Management committee Annual presentation Report changes, as required	CIO	2010-Mar	√
3	Integrate IM/IT Program Risk Reporting into the corporate governance process Include corporate risk assessment information in Chief Information Officer Strategic Review Council IM/IT Program investment and prioritization decision making process	CIO	2011-Mar-31

Recommendation 1.71 – Funding strategy to address risks
Human Resources and Skills Development Canada, Public and the Royal Canadian Mounted Police should identify an appropriate funding strategy. The funding strategy should present investment options, or scenarios that take into account what source of funding would most likely be available in the five-year planning period.

RCMP Action:
The RCMP’s latest investment plan was prepared in 2009 to comply with the new Treasury Board Policy on Investment Planning. The IT investments included in the plan will be reviewed and updated on a quarterly basis to ensure resources are allocated according to the RCMP’s needs. IT investments will be prioritized based on operational priorities governed by the Chief Information Officer Strategic Review Council. Only IM/IT initiatives with an appropriate funding strategy compliant with the overall program strategy will be approved and included in the investment plan.

In tandem, RCMP senior management is currently developing a Corporate Funding Re-allocation Strategy which involves the assessment of activities and pressures across the organization to establish baseline funding for all program activities in the 2011-12 fiscal year. This activity will define the priorities of the IM/IT program and ensure accountability of program commitments and investments facilitating the development of the overall IM/IT investment strategy for the RCMP.

The follow table lists the activities the RCMP is undertaking to prioritize its investment needs and develop an overall funding strategy for its IT portfolio:

Activity		Responsibility	Date	Status
Establish IM/IT Investment Planning Process		CIO	2011-Mar-31
1	Establish portfolio management approach for IM/IT investment planning	CIO Management Team	2008-Sep	√
2	Integrate portfolio management approach in: Chief Information Officer Strategic Review Council IM/IT investment planning process Corporate Funding Re-allocation Strategy	CIO	2011-Mar-31
Report IM/IT Program Funding Strategy		CIO Planning	2011-Mar-31
1	Document investment strategy in IM/IT section of the RCMP Investment Plan	CIO Planning	2011-Mar-31