Report on Health Canada's (HC) Initiatives for Government On-Line (GOL) June 20, 2006

Executive Summary

On April 3, 2003, the Departmental Audit and Evaluation Committee approved the conduct of a Government On-Line (GOL) review as part of the Risk-Based Audit Plan for 2003-04. The objectives of the review were to report on:

• the organization and accountabilities for the GOL initiatives in Health Canada;
• the main objectives and resources/time-lines for each initiative, and risks that would preclude reaching the objectives in a timely manner, especially with respect to the December 2005 target date;
• the reporting and inter-relationship with Treasury Board Secretariat, with Public Works and Government Services Canada GoC secure infrastructure project, and with other relevant central agencies; and
• considerations of privacy as related to GOL.

Based on findings presented in the following pages, we can conclude that several of the GOL objectives have been met with respect to governance, time-lines, risk, security and privacy. The GOL governance and accountability framework at the departmental and individual project level is in place and functioning. There are processes in place to coordinate and align the GOL initiatives into a single, departmental GOL plan. Threat and Risk Assessments (TRA's) have been prepared for each of the GOL initiatives as a means to identify risk and measure impact on individual initiatives. All but the SSDUE II initiative have either been completed or terminated by the December 31, 2005 target date. Uncertainty of resources, coupled with implementation of new technology delayed the SSDUE II initiative. This initiative has been delayed until the Fall of 2006. The project delay is mainly due to the multi-departmental nature of this initiative, coupled with complex technological issues. The Audit and Accountability Branch (AAB) continues to monitor the status of this initiative by participating in bi-weekly management and Steering Committee meetings . The Network for Health Surveillance in Canada - Canadian Integrated Public Health Surveillance (CIPHS) project is now under the new Public Health Agency of Canada. This initiative was not included in the review of HC's GOL initiatives. The Department has also addressed the issue of privacy by preparing Privacy Impact Assessments (PIA's) for specific related projects.

Summary of Observations:

• The Department has a stable and clearly defined governance structure for GOL activities. Accountability for each major initiative has been identified;
• PWGSC's GoC Secure infrastructure is being used for two of HC's GOL initiatives (Pest Management Regulatory Agency E-Registration Payment and Approval System and SSDUE II). The Secure Channel for these initiatives has been tested and is providing the appropriate level of security;
• All GOL initiatives, with the exception of the Streamlining Service Delivery Using E-Collaboration (SSDUE II), have either been completed or terminated by the December 31, 2005 target date. The SSDUE II project has been delayed to the Fall of 2006.
• TRA's have been prepared for each GOL initiative; and
• Privacy issues have been addressed for GOL initiatives requiring PIA's.