Health Canada
www.hc-sc.gc.ca
Common menu bar links
About Health Canada
Management Response and Action Plan (MRAP) Audit of Data Integrity - Lotus Notes Grants & Contributions
Help on accessing alternative formats, such as Portable Document Format (PDF), Microsoft Word and PowerPoint (PPT) files, can be obtained in the alternate format help section.
(PDF Version - 35 K)| Recommendations | Management Response:
|
Planned Management Actions | Deliverables | Expected Completion Date | Accountability |
|---|---|---|---|---|---|
| 1. The Director General, Financial Operations Directorate, Chief Financial Officer Branch should ensure that the Lotus Notes G&C system is updated to include more automated edits. | 2. Accept with conditions | A study is currently underway to identify a recommended automated G&C system for the entire department. Increased automated edits will be incorporated into the implementation of the departmental solution. Updating the LN G&C system to include more automated edits would require a significant effort in redesigning the interface with SAP. In the interim, the existing controls within the G&C Centre of Expertise (CoE) will continue to function. These include the automated identification of failed interface transactions and the manual rectification of problems by either the CoE or the transaction originator. | Senior management approval of recommended solution. | March 31/08 | DG, FOD |
2. The Director General, Financial Operations Directorate, Chief Financial Officer Branch should document input error handling procedures. At a minimum these procedures should include:
|
1. Accept | As indicated in the planned actions to Recommendation No. 1, the Lotus Notes G&C Help Desk has already initiated daily error reporting. The plan is that the formal documentation of the procedures will be completed by March 31, 2008. | Documentation of error handling procedures. | March 31/08 | DG, FOD |
| 3. The Director General, Financial Operations Directorate, Chief Financial Officer Branch should ensure that adequate separation of duties is maintained. The procedures should include a definition of roles performed by each type of user and roles that should not be performed by each type of user. | 2. Accept with conditions | Explaining user roles and responsibilities has always been a component of the LN G&C System Training; which is offered on numerous occasions throughout the year. Included in the training documentation is the requirement for a proper separation of duties as well as the definitions of roles that should and should not be performed by each type of user. The CoE's training documentation will be amended to | Amended training documentation. | August 31/08 | DG, FOD |
| 4. The Director General, Financial Operations Directorate, Chief Financial Officer Branch should incorporate control totals into the Lotus Notes G&C reconciliation process and implement procedures and document the procedures to ensure that errors are corrected and resubmitted on a timely basis. | 1. Accept | Monthly reconciliations are now being done. | Monthly reconciliations. | Monthly | DG, FOD |
| 5. The Director General, Financial Operations Directorate, Chief Financial Officer Branch should: a. implement procedures to ensure input/output and interface specifications are documented and that there is approval at the appropriate level; and b. document detail requirements for testing. |
1. Accept | Significant improvements have already been implemented to address system changes/ enhancements. The CoE has implemented a formal "Systems Development Request Process"; which includes the requirement that all requests be approved by the Team Lead, Business and Systems, prior to being submitted to the Systems Development Team. All systems development requests are initiated through the "Corporate Services Branch (CSB) Request" database, which is used to estimate, track and record all elements within the Systems Development Life Cycle. Proper utilization of this database should mitigate the risks identified in the observation. |
Implementation of the Systems Development Request Process. | Nov. 20/07 | DG, FOD |
| 6. The Director General, Financial Operations Directorate of Chief Financial Officer Branch should implement and document formal procedures for: a. requesting that new user account and changing/deleting user accounts be based on job responsibility; and b. regularly reviewing user access to the Lotus Notes G&C System be based on job responsibility. |
1. Accept | The CoE is planning to implement a formal user account request/change process. This process will be based upon job responsibility. The CoE has implemented a "User Activity Report Process" whereby user activity/non-activity is monitored on a monthly basis. Accounts no longer required are deactivated. |
User account request/ change process User Activity Report Process |
August 31/08 Nov. 20/07 |
DG, FOD |
| 7. The Director General, Financial Operations Directorate of Chief Financial Operations Branch should implement and document procedures for managing problems, monitoring changes and implementing emergency changes. These procedures should include but not be limited to: a. identifying changes; b. approving changes; c. implementing emergency fixes; and d. estimating changes. |
1. Accept | Please refer to the planned actions to Recommendation No. 5. | Implementation of the Systems Development Request Process. | Nov. 20/07 | DG, FOD |
| 8. The Director General, Financial Operations Directorate of Chief Financial Officer Branch should document and implement more frequent, regular monitoring procedures. | 1. Accept | As per the planned actions to Recommendation No. 4, the monthly reconciliation process should be sufficient to properly mitigate internal control risks. | Monthly reconciliations. | Monthly | DG, FOD |
