Skip to main content Start of content

PACP Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content

House of Commons Emblem

Standing Committee on Public Accounts



Wednesday, May 27, 2015

[Recorded by Electronic Apparatus]



     I call the 61st meeting of the Standing Committee on Public Accounts to order.
    Colleagues, we are here today to do a public hearing on chapter 5, Information Technology Investments—Canada Border Services Agency, of the spring 2015 report of the Auditor General of Canada.
    I have no business beforehand, other than to mention that the Canada Border Services Agency had their action plan in and on time. That's much appreciated. Thank you. Also, colleagues, a reminder that next Monday, June 1, we will hold yet another public hearing, which will be on chapter 4, Access to Health Services for Remote First Nations Communities. That's also flowing from the spring 2015 report.
    Without further ado, I will call on our Auditor General, Mr. Ferguson, to give us his opening remarks. Sir, you now have the floor.
    Mr. Chair, thank you for this opportunity to discuss our spring 2015 report on information technology investments managed by the Canada Border Services Agency.
    Joining me at the table is Martin Dompierre, principal, who was responsible for the audit.


    This audit focused on assessing whether the Canada Border Services Agency has the corporate and management practices in place to enable the delivery of information technology investments that align with and support its strategic corporate objectives.
    As part of the audit, we consulted six federal government departments and agencies to get their views on their collaboration with the agency.


     The Canada Border Services Agency plays a key role in Canada's security and prosperity by managing the access of people and goods to and from Canada. In the 2013-14 fiscal year, the agency admitted close to 100 million travellers and cleared more than 14 million commercial shipments. These and other agency activities resulted in the collection of $26.9 billion in revenues.
    Information technology plays an important part in the agency's ability to achieve its strategic objectives and its mandate to ensure border security. The agency's current portfolio is made up of 30 information technology projects, with a budget of more than $1 billion.
    Overall, we found that the agency has had significant challenges in managing its information technology portfolio in a way that ensured it could deliver IT projects that meet requirements and deliver expected benefits.
     In December 2013, the agency put in place a new project portfolio management framework to strengthen its management of IT investments. We found that the framework was comprehensive, but our review of five projects against the framework revealed that the agency had not fully applied it, which resulted in several issues.


    For example, we found that the information provided to senior committees tasked with overseeing the information technology portfolio did not contain accurate financial information, project status information, or timelines. This information is important to ensure that projects are being managed to meet all stages of approval, meet delivery requirements, and align with the agency's strategic objectives.


    In addition, projects often lacked clear requirements, had no defined and measurable benefits, or had poorly stated benefits. This resulted in project delays, duplication of effort, and business requirements that were not finalized. For example, over 75% of projects had minimal or no information on whether benefits would be realized or aligned with strategic objectives.


    Information technology plays a key role in the agency's ability to achieve its strategic objectives and mandate. Without access to complete, reliable project information with clear business requirements, the agency is restricted in how efficiently and effectively it can manage its portfolio of projects.
    Our report makes three recommendations to the Canada Border Services Agency. The agency has agreed with our recommendations and has shared its action plan with us.
    Mr. Chair, this concludes my opening remarks. We would be pleased to answer any questions the committee members may have. Thank you.



    Very good. Thank you, Mr. Ferguson.
    Now, from the Canada Border Services Agency, we have Caroline Weber, who is the vice-president, corporate affairs branch.
     Welcome. If you would, please introduce your delegation and present your opening remarks. You now have the floor, ma'am.
    My name is Caroline Weber. I am the vice-president of corporate affairs at the Canada Border Services Agency, or CBSA. I have with me today my colleagues, the associate vice-president of information, science and technology, Mr. Louis-Paul Normand, and Mr. Chris Bucar, who is acting director general of resource management.
    I'd like to thank the committee for affording us the opportunity to appear today in order to discuss chapter 5 of the spring report from the Auditor General of Canada.
    As the committee is aware, the audit of CBSA's information technology investments examined whether the agency's corporate and management practices are enabling the delivery of IT investments.


    As the Auditor General noted, the CBSA is a law enforcement agency, charged with a dual mandate to secure the border, while contributing to Canada's prosperity by managing the access of people and goods to and from the country.
    Our responsibilities are diverse and complex. In a global age, modern border management means focusing our efforts on six core areas: pushing out the border; facilitating the entry of low-risk people and goods; delivering integrated and effective enforcement; improving efficiencies; increasing harmonization with our international partners; and focusing on client service excellence.
    Managing the border in today's environment involves broadening our understanding of what is traditionally thought of as “the border”.


    Rather than thinking of the border as a line across the 49th parallel, our approach increasingly is to manage the border as a corridor where decisions are sequenced and made, as much as possible, before people and goods arrive. Addressing threats at the earliest possible point is essential to strengthen security and improve the free flow of goods and people through our border, and investment in our information technology is critical to our ability to do that.
    Since 2013 the CBSA has invested considerable time and energy to improve project management, while developing and delivering one of the most complex suites of IT projects in the Government of Canada, including significant responsibilities under the beyond the border action plan.
     The investments being made in information technology are not solely about back office efficiencies. These projects are necessary to realize operational benefits such as improving the CBSA's lookout system, scrutinizing passenger name record information before inbound flights depart, and analyzing electronic manifest information before commercial import shipments arrive at crossings.


    Consequently, the agency has an IT project portfolio totalling more than $1 billion. As noted by the Auditor General, the agency implemented a strong project portfolio management framework in 2013 to better manage these investments to 2020.
    The CBSA is pleased that the Auditor General's spring report reinforces that the direction and actions taken by the agency are on the right path to further improve the management of major IT projects.
    We also agree that the recognized strong project management framework will continue to evolve, providing more and more predictability for project delivery.


     Overall, the audit reached three main conclusions: that while the CBSA has established a robust project portfolio management framework, it requires full implementation and a strengthened governance process for IT investments; that more clarity was needed for IT systems requirements to ensure project requirements could be met, and defined measures were needed to assess project benefits; and that clear requirements for how project dashboard information is collected, validated, and reported were required for consistent and complete project status reporting on IT projects.
    Mr. Chair, as the agency has responded in the report and in the management action plan provided to this committee, the CBSA agrees with the Auditor General's conclusions. We are committed to continuing to strengthen the controls and oversight necessary to fulfill our commitments on IT projects and ensuring that they deliver expected benefits.
    We have a detailed work plan in place to address the key issues. That has been reviewed by the Auditor General's office. We are tracking on time to meet those commitments. A few examples of this work include the following: updating important IT planning documents, such as the annual IT plan and an investment plan, which includes all significant capital projects over the next five years; establishing directives to ensure that enterprise architecture is adhered to by all IT projects through formal gate reviews and approvals; formalizing the coordination and oversight function across all project stakeholders, developing a baseline set of performance benefits indicators and quarterly reporting to the executive cadre on benefits realization status of IT projects; and initiating a formal review process of the procedures and practices of how project dashboard information is collected, reported, and enforced.
    The agency has also delivered its IT investment plan, which includes all major activities.



    Mr. Chair, we have duly noted the need to continue to implement our strong project portfolio management framework and will take steps to improve project portfolio management, project planning, and project reporting.
    We are pleased, however, that the chapter presented by the Auditor General credits the work and our work plan already underway, and that we are well-positioned to meet our commitments on time.


    Mr. Chair, I would like to note the Auditor General's own comments on the audit. When he appeared before this committee on April 29, 2015, he stated:

    We were very happy with the framework that had been put in place in the agency and the fact that it was comprehensive. Our concern, again, was that it wasn't at this point in time always being applied in the management and the oversight of the projects.
    This concludes my opening statement. I would be pleased to answer any questions the committee may have.
    Very good. Thank you.
    We'll begin our regular rotation.
    Kicking off the day will be Mr. Woodworth. You have the floor, sir.


    Thank you very much, Mr. Chair.
    I want to welcome the witnesses and thank them for joining us.


    First of all, I have an observation I'd like to make. Over the last several years, the Government of Canada has been implementing very robust security measures at border points and at the same time implementing the most historically robust trade alignment of Canada in our history with trade agreements all around the world. I can't imagine how challenging that is for border services. On top of that, I happen to know, coming from the Kitchener-Waterloo area, how quickly information technology is progressing. Every six months there are new opportunities available. So you have your work well cut out for you.
    I know from your opening comments, Ms. Weber, that you're well aware of that, and that the flow of goods, addressing threats, and examining the corridor between our nations around the world are top of mind for you.
    I wonder if you could start us off by giving us an overview and an update on the implementation of two, or perhaps three, of the larger IT projects you are currently undertaking in order to keep our borders safe and secure and to facilitate the free flow of goods and people.
     I'd like to ask my colleague to respond to the question. He's responsible for managing our IT projects and I think he can give you more detail on a couple of particular projects.
    That would be fine with me.


    Thank you.
    I don't know whether you had any particular projects in mind. The audit report focuses on five of them.


    I think I'll start with entry-exit, because it goes to explain the complexity of IT, which you alluded to. In our world, it's the complexity of the ecosystem we work in. It's a global system out there and our partners are strewn around the world.
    In the case of entry-exit, this is the ability to capture exit information as people leave Canada and to share this, in some cases in land mode with the U.S. and in other cases in air mode with other government agencies. We are at the pointy end of 90 acts of Parliament, so our partners who are using some of the information we collect are not within our direct control.
    Entry-exit is a good example of this. There are nine partners within the government that wanted the information there. The first major hurdle we ran into involved a horizontal privacy impact assessment not of the collection of the data but of how that data was going to be used. I'm looking at my colleague here who is at the heart of the privacy impact assessment work. That caused some delays. More recently on this is the fact that the regulations to be able to do this are in the border bill and we're still waiting for confirmation of the border bill.
    This goes to tell you that there are a lot of dependencies external to the projects. We have to manage those. We know the business we're in, but by and large we have to account for those constraints and that was for entry-exit.


    Maybe I could just key into that a little bit. You have to connect the external requirements of other countries with which we interface and you have to connect the internal requirements of a variety of different government agencies and you have to connect with the regulatory environment, including privacy concerns that affect this flow of information—
    That's right.
    —and you want to do all of that in a single IT system in some fashion.
    If I may add one more thing, there's the airline industry as well.
    Yes, there are the private individuals who are operating across borders.
    I think the challenge for IT in this context is that all of those things aren't always specified up front and sometimes there are policy decisions that change and that are made along the way that really had nothing to do with whether or not we had good project management or project planning. People change their minds; something happens that creates a different need, and so that ends up creating a pressure on the IT systems.
    I don't know if there's time for another project description.
    There's not really. We're over time now.
    Thank you.
    We will move now to Mr. Giguère. You have the floor, sir.


    Thank you, Mr. Chair.
    My thanks to the witnesses for appearing.
    My first question is very short.
    We have noted that you have fairly substantial resources in terms of the budget. In terms of human resources, do you have enough quality computer scientists to handle all the management duties? Or do you have to use subcontractors, who assess the work of other subcontractors?
    I would say that we have sufficient resources for the projects, but we often use a combination of approaches.
    I will ask my colleague to provide you with more details.
    Of course, with such a large project portfolio, resources are always a challenge. So far, we have managed to address the shortcomings using the resource increase model.
    When it comes to the larger projects currently being launched, we are looking at various service delivery models to give industry more and more responsibilities with regard to delivering our projects.
    There is no single response. We have to consider each case, as well as the challenges and necessary skills. So far, it has not affected us directly.
    Very well.
    We have also received other information, if you will, that your officers in charge of receiving people do not always have an interface that enables them to intercept criminals coming into Canada, even if they have previously committed offences in Canada. That is apparently directly related to a problem with implementing a computer and information-sharing system.
    First, is that a major issue?
    Second, if there is a problem, will it be resolved very quickly?


    Thank you.


     I believe this refers to the issue that has been in the media in the last couple of days.
    Our officers have access to a variety of tools at the primary inspection booth. If we talk particularly about CPIC, officers in secondary have full live access to CPIC. Officers in the primary booth have access to a variety of information, including lookout information from our law enforcement partners, including information they're pulling from CPIC and therefore asking us to look out for a particular individual.
    I think there was a bit of a misrepresentation in the media. Officers do have access to a lot of information at primary inspection.


    We are happy to learn that the problem will be taken care of very quickly, but there is also the capitalization issue. We see in your five-year plan that you have considerable funding, which is not being fully utilized.
    Does that lead to an increased backlog in some of your programs that are already behind? Given that you have the money you need, it is difficult to understand why you are not using it to address the observed shortcomings and backlogs.
    Can I ask my colleague to answer?
    Yes. As we mentioned in the entry/exit initiative example, the observed backlogs rarely stem from a lack of funds or resources. In general, they have to do with the fact that we depend on other organizations. In the case of the entry/exit initiative, there are regulations surrounding the interactive advance passenger information initiative. Backlogs are caused much more by this dependence than by a lack of money or resources. You will note that none of the projects analyzed exceed their budgets. So the source of the problem is not that, but rather the need to effectively manage interdependence and, in this context, to find solutions to help us meet our deadlines.
    As for my last question, you have already set the stage by talking about interdependence.
    In Canada, we are governed by rights that protect personal information. In those conditions, how will you manage your entire network and the interdependence situation so that the law would always be enforced properly?
    Under our project management framework, we assess privacy factors for each of our projects. As I said in the example I provided, that assessment covers everyone involved. In this particular case, every department that needed the information had to present their own case to the Privacy Commissioner to be able to use the information for the purpose sought.


    Thank you, Monsieur Giguère.
    Mr. Albas, you have the floor, sir.
    I want to say thank you to all of the witnesses here today. I certainly appreciate your roles and what you do.
     I'd like to start by going back to the report.
    I certainly recognize Mr. Woodworth and his earlier points in regard to the complexity of the environment you deal with. The different laws and different agencies and private companies you have to deal with add to that complexity.
    I also appreciate that our trade relationship with the United States is one of the most important relationships we have. The beyond the border initiative is something that I'm very supportive of, and I know that people in my riding of Okanagan—Coquihalla are very supportive of it. Safety and an increased ability to get goods and services and people across the border are vital.
    Getting back to the actual report, in response to paragraph 5.30, the CBSA commits to updating its agency investment plan. I believe you said that you'll do it by spring of 2015. Then, with the annual investment plan, I believe it will be by June 2015. We're almost at June.
    Could you please give a status update on these two areas and what that means in regard to the recommendation going forward?


     The two reports have been delivered on time. In fact, the annual investment plan—and I'm looking at my colleague, here—was delivered on April 23, 2015. The annual IT plan.... By the way, both of them went to Treasury Board. They were done on time, and they do map all our investment to our PAAs and our priorities. In fact, in the case of the investment plan, it was the second one in a row that has been delivered. It was also the case for the annual IT plan.
     We have taken the recommendation seriously. In fact, we had started on updating those documents prior to the audit.
    Again, for many people who are watching at home, they may not have had the opportunity to peruse the report itself. Between the two different plans, that would include the almost $1 billion Ms. Weber mentioned earlier that had been earmarked for these things. Is that correct?
    That's right.
    Both reports have been tabled.
    That's excellent news.
    Also, the Auditor General recommended CBSA establish clear procedures and practices on how information, for example, the project dashboards, is collected, reported, and enforced. That's recommendation 5.61.
     In response, your agency indicated that it will complete a formal review of the process by June 2015. Is this going to be an internal or an external review? How will CBSA ensure the review is consistently applied?
    We look at this information every couple of weeks, and then every month at our senior executive committee, as well.
     In my organization we're responsible for looking over the shoulder of my colleagues in making sure the information is accurate. We are putting in place more robust and clearer instructions on how to populate some of those things.
     We did have some discrepancies, as the Auditor General referred to. We knew about those discrepancies, but we were living with them because there were time gaps or time lags between some of the information. We were not including some standard information that would have been easy to add because we knew it was there and it's not the way we usually reflect things internally. However, we are changing that as a result of this audit.
    We will continue to look at this and conduct our own internal audits. I imagine the Auditor General will revisit this audit in a few years, as they usually do, and provide an external check on us, as well.
    The Office of the Auditor General noted that CBSA was due to complete a business plan for the single window initiative, which Mr. Norman had mentioned earlier, by March 2015. It's a condition for Treasury Board to release additional funds. To what extent is the single window initiative meeting its targeted outcomes?
    It's a good news story. It's completed.
    The business case was tabled and approved by TB ministers in—I forget the date—I think it was April, as well. It was presented and approved.
    Can you give a little context? Again, many people who are watching may not understand what the single window is. Could you please give a short...? I don't think I have very much time left.
    You have 15 seconds.
    I'll do it in 15 seconds.
    I mentioned that we enact 90 acts of Parliament. We collect information on behalf of a number of departments. Think of Health, Agriculture, CRA, and so on. Every department that wanted information collected at the border used to have their own forms and their own ways of collecting it. We would enact or enable that. Now it's all been concentrated into a single window for coming into Canada, if you want to call it that. That has streamlined the process at the border a lot.
    Very good. Thank you, Mr. Albas.
    Over now to Mr. Allen.
    Thank you, folks, for coming.
    Mr. Normand, if I could start with you, I think I heard you say earlier that some of the issues that arise for delays are issues of other departments perhaps changing how they do things, or changing their mind on certain things. Did I hear that correctly? Is that right?
    The sources can come from a variety of places. Sometimes there's a change in policy direction, as well.
     Yes, it can be our partner departments. We are sort of at the end of many policy processes for other departments. We enforce the law for Agriculture, the Public Health Agency, Health, DFATD, etc. We are often kind of at the operational end of what they're doing.
    I draw your attention to page13 in the English version at paragraph 5.37, toward the end, just before paragraph 5.38. The Auditor General's report states that you changed your mind in a particular instance, and you made Citizenship and Immigration have to go back. When it came to the entry-exit initiative, you decided to change your mind on a particular way you were going to handle data, which forced them to go back and rethink what they were doing, and which delayed things. Is that how I read that paragraph, Ms. Weber?


     Can you give me the paragraph number?
    Certainly. It's on page 13 in the English version at the very top of the page. It's the very last part of paragraph 5.37. It begins with “delivery of the Interactive Advance Passenger Information”. I can read it for you.
    Master data management?
    I'll read it for you, Madam:
In the case of the Entry/ Exit Initiative, the Agency began work with Citizenship and Immigration Canada—
—“Agency” being CBSA—
— in October 2013 to draft project deliverables and milestones. As of September 2014, these were still being finalized. The Agency also changed a key component in favour of a new solution (master data management) that has caused Citizenship and Immigration Canada to revisit the components it is building.
    So as much as Mr. Normand said indeed there are other agencies—and I take that at face value; it's probably absolutely true, IT is a complex business—in this particular case that the Auditor General points out, you changed your mind as an agency and caused them to go back and do something that actually caused you a delay.
    Is that correct?
    No. If I may clarify, first of all, the master data management decision is still before us. We had a comment on the enterprise architecture framework in the report. This is part of our town planning that we're doing right now.
    Master data management has the ability to create a single entry record for either the traveller or that we always make sure the name we scan at the border is matched against the right record. So this is the ability—
    Sorry to cut you off, Mr. Normand, but quite frankly, if you're going to try to explain to me master data management, I don't have that long. We don't have a week. I have five minutes.
    The bottom line is, I just read to you, sir, and I've asked you to look at it. Clearly, it says, “The Agency”, —you, CBSA—“changed a key component in favour of a new solution”—new solution, not an old solution; this is the Auditor General's report, sir, that I'm reading to you—“that has caused Citizenship and Immigration Canada to revisit the components it is building.”
    If you changed your mind on something and told Citizenship and Immigration you had changed your mind, and they had to go back and do something else, did that not cause a delay?
    We'll have the business case on master data management and we'll take into consideration the impact on Citizenship and Immigration Canada, and if that impact prevents the successful business case from being realized, it will be factored in there. The decision for master data management has not been made. We have not impacted anyone at this point, not Citizenship and Immigration Canada, nobody.
    Thank you.
    Mr. Ferguson, could you help me with this paragraph, because maybe I'm just confused.
    I guess when you look at that whole paragraph in terms of project deliverables, it goes through, as you said, what was happening in terms of.... I think the issue is really around the project deliverables, identifying what the project was intended to do, and the milestones, and I think probably in the process of identifying what some of those project deliverables and milestones would be, that would have had an impact on the other organizations that were involved.
    Again, the particular part of what was identified as being an important part of this project was having the master data management. But when they were through the process of identifying what the deliverables were going to be and what those milestones were going to be, I think some of the changes in that process caused an impact, in this particular case, on Citizenship and Immigration Canada.
    Thank you. The time has expired. Sorry.
    Moving along, it's over to Vice-Chair Carmichael. You, sir, have the floor.
    Thank you, Chair. I'm good either side of that.
    Welcome to our witnesses today.
    Mr. Ferguson, I'd like to start, if I may, with you.
    Specifically, in your opening remarks you commented on some of the deficiencies that your office found within the agency, and we've heard today about the complexity of this massive project, a significant investment by taxpayers in the agency, and specifically directed at IT investments. I'd like to direct you to paragraph 5.12 on page 3, where you talk about a project portfolio management framework—the agency had designed a strong project portfolio management framework, granted, according to your comments—and how this framework has not been fully utilized.
    When we look at the size of the investment, could you comment specifically on whether the project portfolio management framework is going to give the government and taxpayers confidence that we have the tools and management structure in place to do the job that's necessary in developing this important technology?


     What we've identified, essentially, is that, again, they have designed a strong project portfolio management framework, so, as I've said before, we were happy with the fact that the framework existed.
    Over the course of the next number of paragraphs, we talk about many of the aspects of that framework, such as governance structure in paragraph 5.17 and their investment planning in paragraph 5.21. Then we talk a bit about enterprise architecture and the risk profile. Again, they have a number of different components to that framework which we found were good.
    However, I think that in order to have the level of confidence you were talking about—and it is a billion-dollar portfolio of projects—what's important is to make sure that the framework is fully implemented and is used. The first step is there, and it's an important step to have the framework, but then what's really important is to make sure that framework is being followed. Some of the things, such as making sure that all of the information going to committee is rigorous and agrees with all of the supporting documentation so that the committee has the information, I think are a good example of that.
    Thank you.
    Ms. Weber, as we look at this report, clearly the Auditor General's office has identified some of the weaknesses within the system, but you have the structure in place. Could you expand on and talk about some of the benefits and how the CBSA is going to go forward to ensure that if we take the product portfolio management framework forward, identifying some of these deficiencies, we can have confidence that you are going to deliver on fulfilling those challenges?
    Absolutely, and thank you very much for the question.
    We did recognize a number of years ago that we needed to improve with regard to IT project management, so we put in place this framework and started implementing it. I can tell you that our IT projects are being delivered on time now and on budget, so the framework that we put in place has achieved that.
    In addition to some of the issues that the AG has identified, benefits realization was part of our framework as well, but we hadn't implemented it yet, so we are following through on that plan. We've had the benefits realization discussions at our technology and innovation project committee—I don't think I have the title of that committee right, because we use acronyms all the time—and we are moving forward. There are people mobilized to look at benefits management and benefits realization.
    I think that we're not alone in the Government of Canada. There is no excuse for that, given the size and the importance of what we're doing, but I think it's something that we've been struggling with across the government in terms of making sure that even if we have an idea of what the IT system is going to do—and many of ours are replacements of legacy systems to improve security, not always to generate savings—we haven't always quantified that. Our task before us is to operationalize the savings that have been previously identified or the benefits that have been previously identified.
    You have five seconds. You can say thank you.
    Thank you very much.
    There you go. Well done.
    Voices: Oh, oh!
    The Chair: All right. Moving right along, we'll go over to Madam Jones.
    Ma'am, you now have the floor.
    Good afternoon, everyone. Thank you for being here today to answer questions on chapter 5 of the report.
    I'm going to go back to paragraph 5.37 for a moment. I don't feel that we had clarity with regard to the questions that were asked by my colleague Mr. Allen.
    It's quite evident on page 12 of the report that with regard to the project delay, it was the result of a difference of opinion between the Canada Border Services Agency and Citizenship and Immigration Canada with regard to critical function. It did result in a three-month delay and an additional cost of $2.3 million because the agency had to extend a vendor contract.
    I would like to know what the critical function was, and why did it take three months and $2.3 million to resolve this within the department. What was the difference of opinion that wasn't seen until it got to this stage?


    I will turn to my colleague.
     Thank you for the question.
    The replacement of that system is actually twofold. One is within the CBSA's control, and it's the lookout database that we talked about earlier. The other aspect is for our officers in the ports of entry to use GCMS, the global case management system, deployed and managed by CIC. In this case, we are using what's called FOSS right now. When you scan your passport it goes to the database called FOSS, and that's what we're decommissioning. FOSS is currently doing the two systems.
    We had to agree as to what would be done in GCMS, so in the CIC system, and what had to be done and developed by CBSA. It's not an incremental cost, in that if we hadn't done it—in this case we decided to do it—then CIC would have had to do it.
    The disagreement had to do with who was to do it, not the cause of an overrun. The $2.3 million was the licence for the FOSS vendor, the legacy vendor. The decision would have been to carry it on anyway because of the rollout plan that we deployed. In other words, there was no way that we would have been able to turn off FOSS as a back-up system in December 2013 as originally planned.
     It was not really an incremental cost.
    It's stated here that you had known about the aging system since 2008. You knew it had to be changed.
     In September when you launched the project, why did you not project that there was going to be a problem then? Why was this cost not incorporated at that time?
    It's difficult to explain what the delays were. I was not around at the time.
    There are a lot of moving parts in FOSS. It's a complex project. There are over 19 systems that FOSS interacts with to get the information we should be looking for at the border. In addition to the other transformation projects at the agency, and the fact that this one is internally funded—not funded through Treasury Board—it became a matter of can we live a little longer with the old one.
    Paragraph 5.22 states, “The Treasury Board Policy on Investment Planning—Assets and Acquired Services requires that the Agency update the Investment Plan every three years, or when a significant change occurs.”
    Since 2011, the Canada Border Services Agency has had significant change occur, yet its investment plan has not been updated. Why is the Canada Border Services Agency not following the Treasury Board requirements, especially when over $1 billion has been invested into the agency itself?
    I may turn to Chris to answer this. I believe we did generate our next plan in 2013-14, 2014-15.
    Anyway, I'll let Chris speak to this.
    Mr. Chairman, thank you for the question.
    CBSA agrees with the audit findings and acknowledges that material changes should have been reflected in the update of the investment plan to Treasury Board. Going forward, the agency will review and update future investment plans if similar circumstances arise, as required by Treasury Board.
    I would like to reiterate that the agency's investment plan and annual IT plan have been approved. They were submitted to Treasury Board and approved on April 23, 2015.
    Well it was obviously a violation of Treasury Board policy.
    Auditor General, I'd like to ask whether you know of other departments in other audits you've been doing where this Treasury Board requirement has not been met. I know it's outlined clearly here. I'm not sure if it has been in other reports.


    It wasn't something that we looked at. This was just looking at CBSA. We didn't extend the audit to look at other organizations because of the scope of this audit.
    Thank you.
    Sorry, the time has expired.
     Mr. Hayes, you have the floor, sir.
    I live in a border community, Sault Ste. Marie. We have an international bridge connecting us with the United States. We're currently undergoing the rebuild of our Canada Customs plaza. It's a $50 million project. It's quite exciting for Sault Ste. Marie. I believe that was all part of the beyond the border initiative that was announced in 2011 by Prime Minister Harper and President Obama.
     Can you give me an update, in layman's terms, on the beyond the border initiative? Give me a sense of what IT project is most significant with respect to a border community such as Sault Ste. Marie. Also, does the beyond the border initiative have an end date, or does it go on forever? I want to get a sense of this whole initiative and where we are, so I can speak intelligently to my constituents.
     Thank you for the question. The idea of beyond the border is that collecting information earlier gives us more of an opportunity to assess threats and risks and to ensure that those threats and risks don't actually come to the border. We call it pushing the border out. The concept really is to collect information earlier and to then facilitate the easier flow of legitimate goods and travellers that are low risk or that there is no reason to stop.
    As for which projects might be most interesting or helpful, I think of things like the single window initiative, which makes it easier for traders to provide information to federal government entities by putting the information in once and other government departments that need access to it get it. Everything we do that makes it easier for them to interact with us I think makes it easier for legitimate goods to flow across the border. I don't know if you want more on that.
    When do we finish everything? There are a couple of dates that haven't quite been identified for 2015 and 2016.
    We're even talking about beyond the border 2.0 at some point as well.
    To add to what my colleague was saying, it also has a lot to do with trusted travellers and trusted traders in border communities, so that as these people approach the port of entry, we already see them coming before they are there. RFID, radio frequency identification, enables them to access the right booth and the right information. The idea is that for people in those communities that straddle the borders, who cross all the time, the NEXUS program comes to mind and the trusted traders program comes to mind. The FAST program, free and secure trade, allows commercial goods to go through unstopped. It's more about that. It's knowing about who is coming prior to doing all the business at the border which slows the border down.
    Is it safe to say that different border crossings are at different levels of maturity within the beyond the border plan?
    I think from a NEXUS perspective perhaps that's true. We have more capacity in general to handle our trusted travellers, NEXUS card holders, at the larger ports of entry than we do at the smaller ports of entry.
    In paragraph 5.20 of the Auditor General's report, he mentioned what's called the project management framework and then he talked about the service life cycle management framework. If I'm reading that correctly, it seems as though there was a change from one framework to the other. The reason for that change was to ensure that project prerequisites were met prior to moving on to the next phase, because the AG identified that as being an issue.
    Can you explain a little about the service life cycle management framework? Has that addressed this concern with project prerequisites being met? Are they now being met? Can we say that with confidence?
    Before I turn it over, the short answer is yes. I don't know if you want to enlarge on that.
    One thing I would say is that we're also caught in midstream on some of these projects. For projects that had already started, we implemented these frameworks, and then the question was how far back in time to go. Some of the issues we confront here, such as benefits realization for a project that was almost done, we had to look at and ask whether it was worth going back to try to figure out how to measure what the benefit would have been if it was already past gate six and was about to be closed anyway.


    The service life cycle management framework is not the same framework that changed names along the way. The project management framework was created to manage the projects once we knew we had a project. The portfolio management framework broadened that to include the investment management, what we're talking about, investment and benefits, and realization of that investment.
    The key elements of those two frameworks are gates and governance. In other words, we gate all the investments through the seven gates in our framework and then we present information to the governance committees to seek their approvals. The service life cycle management framework takes that further and describes what information should be presented for approval. We had a bit of a gap there in the sense that we said you need to have your requirements presented but we didn't specify from a methodology perspective what the document looked like. Now with the service life cycle management framework we do.
     Very good, thank you. Time has expired.
    Back to Monsieur Giguère. You have the floor, monsieur.


    Thank you, Mr. Chair.
    Mr. Normand, you said earlier that some programs might be co-managed and others were managed exclusively by you. Everything is overseen by a committee. Will the committee be able to ensure that the architecture of the entire IT network is interactive? Will we end up with a silo monster? Or will we have something with enough computer gateways to be able to support a secure network?
    Thank you for the question.
    That is actually what I was talking about a little earlier when we were discussing enterprise architecture. It enables us to do our town planning, if I may call it that, to ensure not only that the CBSA systems are interconnected—and there are some challenges with that—but that they are also linked with external partners' systems. Citizenship and Immigration Canada is one of those partners. When we deal with the global air industry, we have to make sure those standards are in place. We are doing that now. It was central to our enterprise architecture. We call it service-oriented architecture, and it's what will enable us—or is already enabling us—to interact with external partners in an effective and secure manner.


     I would just add that what we're dealing with here in many cases are legacy systems that don't talk to each other, and a lot of what we're trying to do is overcome those silos. Much of the IT that we have is at least 20 years old and it came from the old Immigration, the old CCRA, Agriculture.... They were all separate systems, so the task before us is to take 40 databases and systems and start to move them together.


    They just laid the groundwork for doing what you are talking about.
    I would like to specify something about CIC. The relationship is so close that we have an independent governance system with the associate deputy minister. We meet every two weeks to discuss those issues and ways to make the projects operational. We talk about significant impacts at the border. We have to train our staff and the CIC staff. All those issues are discussed at that governance level.
    Of course, unfortunate situations have to be taken into account. A lady complained about being assaulted by someone who never should have entered Canada. We heard about a woman with mental health problems who was refused access to an airplane because her medical records had been transferred to foreign authorities without her permission. You will tell me things like that happen only occasionally, but these are the types of incidents that must be avoided.
    Will the system you are currently developing manage to do that? I know that haste makes waste, but we still have to get results within a reasonable timeframe. Are you headed toward that?
    This question is for you and for the Auditor General. Are we headed toward a system that will be truly satisfactory?


    That is our objective, of course.
    To make the border more secure, we have to interact with our partners. That means we need another system. However, when we say that, we are not just talking about a system. We are talking about 288 applications and 42 databases. The main challenge is the integration and interaction of those systems.
    The system must do everything in an exemplary manner. That is why the architecture is becoming absolutely critical. We have to make sure that it is open, but that we also increase security. That is of the utmost importance.
    It is actually the main challenge. The CBSA often decides not to go ahead with a system because it cannot really put the right bolts into the right places to ensure that the system will be secure.


     I think that again the agency has put in place an appropriate framework, but in order to ensure that the systems are going to deliver what they're supposed to deliver, that framework has to be operating as intended. There's more than just making sure systems are delivered on time and on budget. There's also making sure that the systems are delivering what they were intended to deliver. That's why we talk in the report about the need to assess the benefits and assess whether the systems are aligned with the objective of the agency.
     Again, I think where I would be right now is that they have the tools to try to make sure these systems are appropriately delivered, but they need to really make sure, because we are talking about $1 billion, we're talking about a complex business, and we're talking about complex systems. It's really important to make sure that this framework is rigorously applied in order to get the types of outcome that you're talking about.
    Very good. Merci.
    Mr. Aspin, you have the floor, sir.
    Thanks to both groups, the Auditor General and CBSA, for helping us with chapter 5.
    National security is a very important consideration these days, and I note that in budget 2015 there was some additional funding for CBSA to help with intelligence support and national security investigators.
    Ms. Weber, could you comment on the value of that funding and how it may pertain to the use of some of the IT projects?
    I'm afraid I haven't come prepared to speak explicitly to that and I don't come from operations. My colleagues in enforcement and intelligence, I think, are better able to respond to that. I did follow the media, though, and I know that the funding is for us to increase our capacity to follow foreign fighters basically and conduct investigations.
    Okay, thank you.
    Could you give the committee an update on the updating or replacement of what has already been referred to as the FOSS, field operations support system, and what that means to intelligence gathering and efficient screening of legitimate travellers, the accurate prediction of high-risk travellers, and what it means for our front-line CBSA officers?
    Thank you for the question.
    I'll turn to my colleague to describe the current state of play on the FOSS-GCMS transition.
    As I mentioned earlier, there are two parts to FOSS. There is the use by our border services officers of GCMS for entering immigration data as they process immigrants as they show up at our ports of entry. That's been operational since last summer. We are tweaking that right now because we have some choke points, namely the large airports. We're tweaking the performance of GCMS to handle the volume before we switch FOSS off.
    On the side of the CBSA, the information from GCMS will be made available and located in a high-performance database so that, at primary scan, your passport won't hit GCMS, which is not necessarily the right level of performance for our peak periods. It will hit our database on our servers. Those two pieces are actually developed and in operation right now. What we're working with operations on is the ability to terminate the use of FOSS as a crutch. It's been in use since the 1970s and, as we are about to pull it, there are some concerns whether the other systems can hold their own.


    The initial assessment of benefits readiness conducted by your group, CBSA, in August 2014 concluded that over 50% of portfolio projects had low readiness, that is, had minimal information on established benefits. The readiness of another 27% of projects was unknown.
    What is the current status of benefits readiness for the CBSA's portfolio of IT projects? That's the first question. The second one is: what percentage of CBSA's IT projects has defined measurable benefits?
     I don't know the answer to that.
     Do you know the answer to that?
    Well, I'm not sure. I had a hard time hearing, so....
     Yes, me too.
    We worked on a procedure for how to assess benefits and how to identify benefits. That discussion happened in January at the committee which my colleague chairs. We're now in the process of going after that benefits identification for those projects.
    My safe guess is that we're actually about the same, but by the end of June we will be in a very significantly different place, because people have been working in teams since the conversation we had in January to figure out how to operationalize benefits for those other projects.
    We've mandated that all active projects go back and revisit their business case, their business requirements, and their project plan to make sure that the benefits are clearly identified, measurable, and harvestable.
    Very good. Thank you. The time has expired.
    Madam Jones, again you have the floor.
    I want to continue with paragraph 5.22, on which I have one quick question left.
    Clearly Canada Border Services Agency did not file the appropriate requirements for Treasury Board at the time. I'm wondering if there were any penalties applied because of that. How did Treasury Board deal with the situation that you had failed to update your investment plan as per their particular requirements?
    Sorry, I was not around at the time of the first, but certainly as soon as we were made aware of the need for updating the capital plan, which is a five-year capital plan or investment plan, we did so immediately. This is the second version of the plan we produced after we were made aware of this.
    The original plan was supposed to be for five years, but in the middle of it, all those investments came pouring in. As soon as somebody identified that we needed to update our investment plan, we did.
    I think it did result in some frequent and intensive conversations with our colleagues in Treasury Board Secretariat.
    None of you were around at that time. Is that what you're telling me?
    We've been around since 2013...?
    Yes, 2013.
    Okay. I'm just wondering, because obviously Treasury Board guidelines are there for a reason. Those policies are set for a reason. When an agency does not abide by them, as is being reported right now through the Auditor General's report, I'm wondering how those situations are dealt with. I'm surprised that you wouldn't know at this stage.
    I'll move now to paragraph 5.20. A question was raised earlier about five of the projects the report examined that went through the Canada Border Services Agency project management framework and that moved on to their next phases without meeting some of the necessary prerequisites that were outlined.
    Could you outline to me what the five projects were, just so that we have it on the record, and why it was not necessary to meet the established prerequisites? What were the prerequisites, to start with, and how close were the five projects to meeting them? Were there any consequences for not meeting those prerequisites?
    Perhaps you could explain that to me, because I don't think we've had a clear understanding of that at this stage.


    Right. Thank you for the question.
    With regard to those five projects, we mentioned that we've had a project measurement framework since 2012. The project measurement framework did not include an investment management component and benefits realization component. All of those projects were gated under the project management framework. The portfolio management framework, which was deployed in February 2014, added that rigour.
    It's not a matter of if a project should be exempted; all projects are subjected to this now. At the time of the audit, no new projects had gone through the early gates. All the projects were in the latter gates of the portfolio management framework.
    As I mentioned earlier, for all active projects I've pushed people back to meeting the requirements of the earlier gates—having all of the benefits identified, the requirements identified, and all of that. There's no exception. It's just that they had gone through those gates without doing it originally.
     Do you want me to read the five projects into the record?
    They're the entry-exit initiative, FOSS, or the field operations support system replacement project, the interactive advanced passenger information initiative, the single window initiative, and the temporary resident biometrics project.
    Our issue was that as we were implementing our new framework, some of these projects—all of them, really—were in flight already. It was a question of how far back do you go given the project is.... For example, the single window initiative was approaching release to meet the previous gates, when the gates didn't exist when the project started.
    That's our time. Right on the money.
    Mr. Falk, you have the floor, sir.
    Thank you to our officials for attending committee today, and also to the Auditor General for another fine report.
    There is a line in the Auditor General's report that says that the Canada Border Service Agency administers over 90 different acts, regulations, and agreements with different federal agencies and provincial agencies. Somehow you have to have an information technology system that communicates with all these different agreements and agencies to meet their needs, as well as to meet the needs you're mandated to do, which is to facilitate the movement of goods and people safely across the border.
    For the benefit of people watching committee proceedings, can you tell us if the information technology system you employ is something you can buy at an IT store as a plug and play unit? How complex are we talking here?
    I would like to turn to my colleague in IT.
    It's a very germane question to my everyday life, so thank you for the question.
    It is a complex business. I talked about dependencies. I talked about the size of some.... We're talking about half a trillion dollars crossing the border every year and 14 million shipments. The multipliers are massive, and the legacy world my colleague alluded to with coming out of CRA, Citizenship and Immigration, and other areas of departments has created a challenge from an immigration perspective. We have a lot of point-to-point connections between systems that are legacy and aged, and are on the IT list to be replaced within the next five years.
    That's what we have to take into consideration when we start large projects like the ones you have here that have very specific business requirements. We have to look at those as opportunities to achieve our goals toward a town plan and not as a separate investment, which is unfortunately the way some of those investments were managed in the past. It is constant awareness of the need to converge toward a better world that pushes us to intercept as many of those investments as we can.


    In my previous role for 16 years as the board chair and president of Steinbach Credit Union, a $4.5 billion credit union, I went through many IT projects in the banking world and finance world. I understand a little of the complexity of some of these IT challenges. Often you go down a path for a certain distance and you find out it isn't going to achieve the end result. There are unforeseen things. The demands from people change as well from different departments, different agencies, and regulators. It's a constant moving target.
    I'm sure you're up against that at a much larger scale, but in spite of all that, the report largely concludes that the Canada Border Services Agency has done a thorough job in establishing solid practices to deliver IT investments through its project portfolio management framework. The report also put forward some reasonable recommendations, which you as an agency have agreed to. As a result of that agreement, you embarked on some very ambitious benchmarks as far as compliance and targets are concerned.
    I'm wondering if you can give this committee an update on the progress of some of those commitments you have made.
     Thank you for the question.
    As we've noted, we have completed our IT plan, our investment plan, and a number of things you see in our management action plan. I've looked at a pilot version of a report on benefits realization, and we have a way to go. We'll have that report ready in September. As I said, we have people working to make sure we have benefits operationalized for all of these projects that are beginning.
    We really appreciate the opportunity.
     We've worked very hard in the agency to take an attitude toward audits and evaluations that these provide us with management information and help us to do our job better. As I said, benefits realization was part of our work plan anyway, but the audit did highlight some other areas where we decided we had better put something more robust in place to make sure it's institutionalized and continues into the future.
    Speaking to the complexity issue, I also think our framework allows us to identify problems earlier so that we can talk about alternatives and solutions, so that we're not marching blindly off a cliff into a project that doesn't work or doesn't contribute to our agency's goals. The gating process lets us monitor if something's starting to go in a bad direction, or out of budget. I think we have a lot of information on a very frequent basis.
    Thank you.
    Thank you. The time has expired.
    Let us move back to Mr. Allen, who gets the floor one last time.
    Thank you, Chair.
    Mr. Normand, my good friend, Mr. Falk, asked you about buying off the shelf, but I know, sir, you weren't looking for an Atari or Commodore 16.
    Let me go back to page 12 and paragraph 5.37 about FOSS, the field operations support system. In response to an earlier question, you said that there was a dispute between the two agencies, CBSA, which is your agency, and Immigration Canada. There's no confusion here; it's absolutely true.
    What you said too, I believe, sir, is that the issue was who would do this, which may have inferred who would pay. Is that what you were saying?
    That's what this was about. Yes.
    Let me draw your attention to what Mr. Ferguson said, and I'll quote it. It's in the middle of the second bullet point on page 12 of the report. In reference to CBSA, it says:
In January 2014, the Agency had a difference of opinion with Citizenship and Immigration Canada over how a critical function of the replacement system would be built.
    That's considerably different from who's going to pay. That's actually a difference of opinion, not about who's going to do it, but about what we are going to do. Would you not agree, sir, that it's not quite the same as who's going to pay for it?
    In this particular instance, the two agencies funded that work, and the work to be done by CIC was paid for by CIC. The work to be done by CBSA was paid for by CBSA.


    The issue was how it would be built, not who would pay for it.
    If I may, we would need to go back to the transcript, but I think what my colleague was trying to say was that the—
    Okay. I don't have time to go back, so you can go back and look at that.
    I have a specific question for you, Ms. Weber. It was actually Ms. Jones' question initially. I would go back and look at Ms. Jones' first question period because that's when it was asked.
    Ms. Weber, you have acknowledged today, it seems to me, that the Auditor General says you have an overall—if I can use the term—macro system that's quite good. The issue is making sure you hit the gate boxes, as you might call them, along the way, where you didn't do so well. You have agreed you need to do that, according to your plan.
    How do you intend to make sure it gets done? I recognize, Ms. Weber, that you're not doing them. It's not you as an individual that's going to actually make sure all of these things get done. This is a big job involving a lot of people.
    How are you going to make sure it gets done? The Auditor General clearly said it didn't get done the last time.
    Thank you for the question.
    We were all involved in the decisions about which gates would get checked off as we implemented a new framework. The challenge for us has been IT projects that were already in progress, had been started, were a long way down the road to being completed when we bring in a new project management framework. The question then was whether we were going to go back in order to check the boxes on these projects, or whether we were going to continue and deliver, especially when we're near the end of a project, knowing that we would leave it undocumented, but thinking perhaps it wasn't the right way to use our resources at that time.
    On a go-forward basis, all of our projects are being put through the entire framework with no exceptions, and we review that all the time. It wasn't that these projects—
     I'm down to about 90 seconds. I appreciate the explanation. I'm not sure if that was the answer I was looking for, but that's neither here nor there at this point.
    Mr. Ferguson, in paragraph 5.56, on page 18 in the English version, you talk about a business-to-business project that was closed in April 2014. Let me read it partway through:
This project had an approved budget of $5.4 million from 2012 to 2017: $3.4 million for phase 1 and $2.0 million for phases 2 and 3. The final close-out report stated that the project had spent $3.6 million for phase 1 and that all deliverables had been completed, even though an important component had not been built.
    Perhaps you could speak to that particular statement in your report and why it's really important to make sure—my term used loosely, mind you—when we have a system, we check off all the boxes along the way to ensure we do what we need to do.
    The reference you are making is in paragraph 5.56. We're talking about the importance of the health of a project being reported to the people who have oversight of those projects so they understand where the project is.
    This is an example in the business-to-business project where it was confusing to understand exactly what stage the project was at because they seemed to have said it was closed, but then they were also continuing to work on it.
    Understanding that is important. Going through projects and making sure that each stage is met along the way is critically important to understand that all the requirements as well as the time and the budget are on schedule, to make sure the project is going to deliver what was intended.
    We would never ask a department to go back and try to redo gates that have already been passed. But we would expect the department, at the point they were putting in place a new framework, to at least look at those projects that were in place and identify if they seem to be on the right path to deliver what they were intended to deliver, regardless of the fact that you can't go back and re-document certain gates, whether they were passed or not passed.
    Thank you.
    That's very good. It's the next gate. Thank you.
    It's over to the last spot on our usual rotation. Mr. Albas, you have the floor, sir.
    Thank you, Mr. Chair.
     Ms. Weber, you seemed to want to reply to one of Mr. Allen's comments. You felt that you got all the things on the table? That's good. I'm happy to hear that.
    When we talk about frameworks and whatnot, it seems to me that part of the reason is to deal with the complexities that Mr. Woodworth had raised, to deal with some of the matters that Mr. Falk raised as well, making sure you don't end up going down the wrong path and delivering something to CIC or to another agency that was unintended.
     I also think it's important to take a step back and look at that yes, it's getting more and more complicated, but it is possible to deliver a very good project on time and on budget, and all those things, and to have one or two people or a small team to check off all the internal controls. But I do take the Auditor General's point that there's considerable risk to that. I would think that if someone got sick or if the team disbanded and there were unanswered questions long after that team had disbanded, that's why there are these these frameworks, so that you can come before a parliamentary committee like this, and answer questions and say that the taxpayers are getting all the things they're supposed to.
     I certainly appreciate it. With 90,000 people coming across our borders every day, I'm glad there are people like you who are able to take that on.
     I also had a question on page 18, the same page that Mr. Allen did. It's in paragraph 5.57.
Since May 2014, the Information, Science and Technology Branch introduced a new process to monitor project performance using a technique known as earned value management reporting....
    I hadn't heard of this. Could you please give me an idea of what this technique is? What is it intended to do in light of the Auditor General's concerns?


    Thank you, Mr. Chair, for the question. May I turn to my colleague? Thank you.
    Thank you for the question.
    The earned value management technique has been around for years and years. The first requirement is that you need to have a good plan. Based on that plan, you load up with your resources that you need to deliver on that plan. Then the tracking becomes the planned value. As you go through six months of activities, you should be 50% done on a 12-month project. If your actuals, your financials, are over that or below that, it creates a variance that you track. That's the essence of earned value. It does that for scheduling variance. It does that for cost variance.
    Now in our dashboard to Treasury Board, the colour for cost and schedule is no longer subjective. It is based on a percentage of variance on cost or scheduled variance.
    We removed a lot of subjectivity from the process using earned value analysis. At the risk of repeating myself, the key element is to produce a quality plan up front. People in a hurry will often produce subpar plans if they feel they can get away with it later.
    Earned value catches bad plans early in the process.
    It actually sends a message to the people who are going to be developing the system that there has to be a certain robustness.
    It's not just the actual project getting done, but it's the delivery of those systems and the monitoring of those systems, long term.
    Thank you very much for sharing that.
    We have a few recommendations that have been presented here by the Auditor General. I know that you've submitted an action plan to this committee. Would CBSA officials mind going through the action plan? Could they go through it so that people at home have an idea of what things are being done in dealing with the recommendations?
    Certainly. I will try to be quick about this.
    As we've said, we've updated our investment plan and our annual IT plan as part of our regular cycle, and we've presented it to the Treasury Board for their approval already.
    I'll move on.
    Enterprise end-state architecture, we'll continue to expand that in both breadth and depth. A functional directive covering every domain of the enterprise architecture will be finalized by September 2015. Also, we've begun to move individual projects toward architecture standards that fully align with Shared Services Canada's directions, and the service life-cycle management framework ensures that enterprise architecture directions are adhered to by all projects.
    Finally, we're going to continue to maintain our beyond the border project level risk profile and to provide a full portfolio risk update roll-up at the quarterly beyond the border senior project advisory committee.
    Am I running out of time?
    You are, Madam. Good intuition. Well done. Thank you.
    Thank you, Mr. Albas.
    That not only concludes Mr. Albas' time, but also the time allocated by the committee for these witnesses.
    In the absence of any motions or suggestions otherwise, and I'm not sensing any, on behalf of the committee let me thank our guests from the Canada Border Services Agency for being here.
    As always, to our Auditor General, thank you, sir, for the work that you and your department does. It's much appreciated.
    With that, colleagues, all those in favour of adjournment, please leave.
    The committee stands adjourned.
Publication Explorer
Publication Explorer