You are here

Report of the Auditor General of Alberta - October 2010 Released

Today, Auditor General of Alberta, Merwan Saher, CA, arranged for the Report of the Auditor General of Alberta—October 2010 to be made public. The report contains 41 recommendations. Here are the highlights:

Systems Audits—new

  • Infrastructure Stimulus Fund (Cross Ministry)—page 15
    • What we found—The Alberta government has a system to determine if it is following the terms and conditions of the Infrastructure Stimulus Fund Agreement between the governments of Canada and Alberta. The system is performing as intended so we have not made any recommendations. Albertans can be confident that these public funds are properly administered.
  • IT Governance, Strategic Planning and Project Management (Athabasca University)—page 19
    • What we found—The University still does not have well-designed and effective IT policies, processes, standards and project management systems. Management was unable to demonstrate that it is implementing its IT strategic plans cost-effectively, and that it achieved expected results and benefits.
    • What we recommend—Athabasca University should continue to improve its governance and oversight of information technology by developing an integrated IT delivery plan, requiring business cases for IT projects, and improving the coordination and communication between the IT steering committees (Rec. No. 1). The University should also continue to improve its portfolio management and project management processes for IT projects (Rec. No. 2).
    • Why it's important—The University plans to invest approximately $90 million over the next 10 years to update and maintain its information and communications technologies. Without clear governance and project management processes, these IT projects could overwhelm the University’s resources and may not meet the University’s needs or be delivered cost-effectively or on time.
  • Enterprise Resource Planning System (Grant MacEwan University)—Page 29
    • What we found—The University has established an effective governance structure and project management processes to implement the first phase of its new enterprise resource planning system (ERP). As well, the University has implemented our past recommendation to develop and implement a quality assurance program to provide assurance to the oversight committee. The University has budgeted $22 million for this project.
  • Daycare and Day Home Regulatory Compliance Monitoring (Children and Youth Services)—page 33
    • What we found—We could not determine if all verbal warnings to service providers were followed up and remedial actions taken, because the necessary documentation was lacking.
    • What we recommend—Child and Family Services Authorities need to improve systems for monitoring and enforcing child care program compliance with statutory requirements and standards by ensuring that all verbal warnings are adequately document and resolved (Rec. No. 3).
    • Why it's important—Without documentation outlining how and when non-compliance is to be resolved and confirming resolution, service providers may not take corrective action or change their behaviour.

Systems Audits—Follow-up

  • Research Management (University of Calgary)—page 43
    • What we found—The University has made positive changes in its overall control environment, but it does not have complete documentation to show how its overall research business processes operate. Its business processes were constantly changing and fragmented. Also, the roles, responsibilities and accountabilities of staff who administer and support research were not clearly defined.
    • What we recommend—The University needs to improve human resource plans and develop a system to quantify and budget for indirect costs of research (Rec. No. 4); define research management roles and responsibilities (Rec. No. 5); and ensure all research policies are current and comprehensive (Rec. No. 6).
    • Why it's important—Research is an important function of the University; it accounts for 25% of revenues. Well-functioning management systems help the University achieve value for the money spent, manage risks and meet research sponsors’ requirements.
  • Protecting Information Assets (Service Alberta)—page 73
    • What we found—Service Alberta started an IT governance and control framework in 2008. Although it did not meet its original timeline, work is progressing. Service Alberta has communicated 10 IT security directives, but it cannot yet demonstrate that government departments have implemented and are consistently following security policies, procedures and standards.
    • What we recommend—Service Alberta, in conjunction with all ministries and through the Chief Information Officer Council, needs to develop and implement well designed and effective controls to ensure all Government of Alberta web applications consistently meet all security standards and requirements (Rec. No. 7).
    • Why it's important—Albertans need to know that the IT systems the government uses are secure and are available when needed.
  • Assessing and Prioritizing Alberta’s Infrastructure needs (Treasury Board)—page 85
    • What we found—Treasury Board has not made meaningful progress establishing a process for maintaining assets over their life and developing a plan for reducing the backlog of deferred maintenance. It has yet to include information on deferred maintenance in its public reporting.
    • What we recommend—The Department needs to develop objectives, timelines and targets for reducing deferred maintenance (Rec. No. 8), and it needs to establish a process that enables public infrastructure assets to be properly maintained over their life (Rec. No. 9)
    • Why it's important—Without a plan for reducing deferred maintenance, infrastructure may cost more than it should over the life of the asset and may have to be replaced prematurely. Public safety and effective program delivery may be at risk.

The report also includes the results of our 180 annual financial statement audits and other assurance work. Highlights include:

  • Information technology resumption plan (Athabasca University)—page 111
    • What we found—Athabasca University’s Disaster Recovery Plan is outdated, incomplete and has not been tested. As well, there are no off-site disaster recovery facilities to recover IT systems within required timeframes.
    • What we recommend—The University needs to assess the risks and take the necessary steps to establish appropriate off-site disaster recovery facilities that include required computer infrastructure to provide continuity of critical IT systems, and complete and test its existing disaster recovery plan to ensure continuous services are provided in the event of a disaster (Rec. No. 10).
    • Why it's important—Without an effective disaster recovery plan, the University may be unable to systematically recover data or resume critical business and student services within the required timeframes.
  • Improve access to data and systems (University of Calgary)—page 112
    • What we found—We have made several recommendations to the University of Calgary over the last few years. The University has made substantial progress implementing the recommendations, with some notable exceptions. The University did not make satisfactory progress to improve access security to systems and data.
    • What we recommend—For the fourth time, we repeated the recommendation that the University improve controls in the PeopleSoft system by finalizing and implementing the security policy and the security design document, and ensuring that user access privileges are consistent with both the user’s business requirements and the security policy (Rec. No. 11).
    • Why it's important—Weak access controls to and within PeopleSoft may result in unauthorized access to confidential data, entry of unauthorized transactions, and the accidental or deliberate destruction or alteration of data. Poor controls may also allow the unauthorized release of confidential student or financial information.
  • Financial operations transition (Alberta Health Services)—Page 164
    • What we found—Our audit found material errors in the financial reporting system, inadequate management of changes to financial systems, and failure to fully harmonize differing financial reporting policies and processes.
    • What we recommend—Alberta Health Services needs to prepare and implement a formal transition plan for the organization’s financial operations (Rec. No. 19).
    • Why it's important—Not providing rigorous change management controls to future systems consolidation could lead to further significant errors in processing when AHS completes the consolidation of its general ledger, payroll and other financial systems.
  • Funding agreements for capital projects (Alberta Health Services)—page 166
    • What we found—A key finding of our audit is that the construction of the Villa Caritas facility was almost complete without a signed funding agreement in place.
    • What we recommend—Alberta Health Services needs to ensure that funding agreements are signed prior to commencement of construction of capital projects, and are formally amended when there are significant changes in the scope of a capital project (Rec. No. 20).
    • Why it's important—Without proper funding agreements, unfilled expectations may lead to difficult and costly resolution, and there is greater risk of cost escalation that would be borne by taxpayers.
CONTACT INFORMATION
Edmonton (Head Office)
8th Floor, 9925 - 109 Street Edmonton, Alberta T5K 2J8, Canada
Tel: 780.427.4222 Fax: 780.422.9555
Calgary Office
#820, 600 - 6th Avenue SW, Calgary, Alberta T2P 0S5, Canada
Tel: 403.297.6451 Fax: 403.297.5195