Skip to content | Skip to institutional links

Common menu bar links

Institutional links

PWGSC Services

Office of Audit and Evaluation
OAE Resources
- Contact OAE

Proactive Disclosure
- Proactive Disclosure

Audit of the Management of the Government of Canada Pension Modernization Project (2007-714)

Final Report

March 19, 2009

Main Points
Introduction
Focus of the Audit
Observations
Conclusion
Recommendations and Management Action Plan
About the Audit
Annex A - GCPMP Project and Audit Chronology

Please note that under the Access to Information Act a limited amount of text within these documents may not be disclosed, and will be shown as [ * ].

Main Points

What was examined

i. We examined the project management framework being used by the Government of Canada Pension Modernization Project (GCPMP) to ensure that the project can meet and satisfy its stated requirements as well as produce planned deliverables on time and within budget. Our examination focused on the framework and processes in place at the Effective Project Approval (EPA) phase of the project.

ii. The GCPMP has been established to develop and implement both the business transformation and Information Technology solutions for the renewal of Public Works and Government Services Canada (PWGSC) pension administration services and systems. The strategy is to implement a commercial-off-the-shelf (COTS) software solution through a phased approach consisting of five (5) releases to be completed in 2011. Each additional release includes additional levels of detail and complexity.

Why it is important

iii. The Accounting, Banking and Compensation Branch (ABCB) of PWGSC is accountable for pension administration services to approximately 277,000¹ active plan members and to approximately 219,000 retired members and survivors of former plan members.

iv. The GCPMP is a multi-year Major Crown Project² with a budget of approximately $115 million and a targeted completion date of 2011. It involves multiple stakeholders from the Treasury Board of Canada Secretariat (TBS), other Government Departments and Agencies, and PWGSC.

v. The GCPMP will replace the business processes and systems infrastructure that the ABCB is currently using for pension administration. These are approximately 40 years old and, for the most part, are based on outdated technology, which make them difficult and expensive to maintain. They lack the flexibility to provide plan members with services that are in line with current industry standards.

What was found

vi. We found that the GCPMP has an effective project management framework that is consistent with the Policy on the Management of Major Crown Projects. GCPMP has mechanisms in place to ensure it aligns with government-wide and departmental business directions, priorities and requirements. The governance structure, accountabilities and responsibilities are generally in place. GCPMP has implemented and is continuing to apply a risk management function that is consistent with the PWGSC's Integrated Risk Management Framework and key governance committees are being provided with information in support of risk based decision-making. Nevertheless, we noted opportunities for improvement in the following areas: governance, project planning and scheduling, requirements traceability, and privacy impact assessment.

vii. We found some concerns about what are Information Technology Services Branch's (ITSB) accountabilities and responsibilities for this project. The GCPMP is dependant on the services provided by ITSB. At the time of the audit, the formal signed agreements in place between ABCB and ITSB did not include one key ITSB service area which is responsible for the implementation of the necessary Information Technology infrastructure.

viii. The GCPMP is being implemented using five releases into the production environment. Each release has a unique schedule and critical path. As the project moves into additional releases, the complexity of the functionality being implemented and the change to the business and technical environment will grow. There is no automated integration between the various schedules and impacts are currently evaluated manually.

ix. The design decisions made during the configuration of the COTS applications were not being reflected in requirements documents in a timely manner. Testers, business transformation specialists, trainers and documentation group need current documentation to effectively perform their functions.

Top of Page

Recommendations and Management Action Plan

Management Response

Accounting, Banking and Compensation Branch considers that the results of the Audit accurately and fairly reflect the state of the project management framework in place to ensure that the Government of Canada Pension Modernization Project can meet its stated requirements as well as produce planned deliverables on time and within budget. The Accounting, Banking and Compensation Branch intends to act on the recommendations of the audit by implementing a Management Action Plan, detailed as follows.

Recommendations and Management Action Plan

The Assistant Deputy Minister, Accounting, Banking and Compensation Branch should:

1. Establish a formal written agreement between the Government of Canada Pension Modernization Project and the Information Technology Services Branch regarding the implementation, maintenance and operation of the necessary IT infrastructure.

Accounting, Banking and Compensation Branch's response. Accounting, Banking and Compensation Branch accepts the recommendation and will be taking the following actions.

1.1 At the time of the audit, there were no finalized agreements between GCPMP and ITSB regarding the development work required to place the product into production on the IT infrastructure. Since then, two agreements were formally signed off; one with the Project Delivery Office of ITSB and the other with Enterprise Integration Management.

1.2 After Release 1.1 has been implemented in February 2009, negotiations will be held to ensure that work to be performed to transition the new software on PWGSC's infrastructure will be included in the agreement with Application Management and IT Operation Services (AMITOS). Service Management and Delivery (SM&D) of ITSB work will be covered in this agreement. This agreement will also cover the implementation, maintenance and operation of the necessary IT infrastructure for the next planned GCPMP release. Specific items of SM&D's work will be covered within the Service Level Agreement (SLA) with AMITOS. This SLA is to be completed by early May 2009, after the period of transition of the technical packages from the development to the production environment.

2. Enhance the project planning and scheduling function of the project to ensure the planning for and monitoring of the multiple releases is effective.

Accounting, Banking and Compensation Branch's response. Accounting, Banking and Compensation Branch accepts the recommendation and will be taking the following actions.

2.1 At the time of the Audit, the project had difficulties with the planning and scheduling tool (Microsoft Project on the Microsoft Web Server). Two key problems were independently assessed for Microsoft Web Server which affected project planning: data/file corruption and performance. Even though the combination of these two problems has resulted in delays to the development of future release detailed schedules, Release 1.0 and 1.1 detailed schedules were available in a timely manner.

2.2 Recently, the data/file corruption problem has been corrected and additional backup procedures are in place to reduce the risk of loss of newly entered schedule information. Current performance of Microsoft Web Server suggests the data/file integrity is now stable with no further incidents of data/file corruption. Efforts to increase application performance have reduced the time it takes to enter and save schedule information thus limiting further impacts to planning data/information entry activities. Mitigation activities are underway to ensure the comprehensive capture of detailed schedules for future releases as early as possible.

3. Update the project management processes to ensure that requirement documents are current.

Accounting, Banking and Compensation Branch's response. Accounting, Banking and Compensation Branch accepts the recommendation and will be taking the following actions.

3.1 Early in implementation, the GCPMP developed a process which would link project requirements to Functional Specifications as a means to ensure that all the business requirements were addressed. In Release 1.0, required changes to Functional Specifications were logged as defects in ClearQuest, and the pursuant changes were made and approved by the appropriate authority in ClearQuest. However, these changes were not immediately reflected in the Functional Specifications documents, as planned. Note that these changes did not have an impact on the project scope.

3.2 Release 1 Functional Specifications are now being updated. Release 1.0 became operational on December 15, 2008. This release was a scaled back version of the original Release 1.0 and consisted of the Case Management functionality. Release 1.1 is scheduled to become operational in February 2009 and is the implementation of the telephony component of the GCPMP pension solution. This release includes the Genesys commercial-off-the-shelf Software (COTS) product that will provide interactive voice response (IVR) and telephony reports. ClearQuest Functional Specifications Updates for Release 1.0 and 1.1 will be completed early February 2009.

3.3 For Release 1.5 onwards, Functional Specifications will be updated and re-baselined prior to the completion of the development lifecycle. This cycle occurs prior to the preparation of testing and training materials.

4. Update the project management processes to ensure full compliance against the Privacy Impact Assessment Policy.

Accounting, Banking and Compensation Branch's response. Accounting, Banking and Compensation Branch accepts the recommendation and will be taking the following actions.

4.1 At the time of the Audit, the Privacy Impact Assessment (PIA) had not yet been forwarded to Access to Information and Privacy (ATIP). A copy of the Release 1.0 PIA (which includes Release 1.1) has since been forwarded to the Acting Chief, Privacy. The Deputy Minister approved the Release 1.0 Privacy Impact Assessment in January 2009.

4.2 For Release 1.5 onwards, the PIA will be forwarded to ATIP, for approval by the Deputy Minister, prior to the release.

Top of Page

Introduction

1. The Public Service Superannuation Act (PSSA) provides plan members with a retirement income during their lifetime and in the event of a member's death, it provides an income for the eligible survivors and dependents. The Public Service Pension Plan (PSPP) is a defined benefit pension plan that specifies the benefits payable on death, disability, termination of service and retirement. These benefits are related to the member's salary and period of participation in the PSPP.

2. The President of the Treasury Board (TB) is the responsible Minister for the PSPP. The Treasury Board of Canada Secretariat (TBS), as part of its mandate to provide advice to the TB ministers on the management and administration of government, develops strategic and program policy on the PSPP, undertakes financial analysis, provides policy interpretation, and exercises an oversight function.

3. Under the Department of Public Works and Government Services Act, Public Works and Government Services Canada (PWGSC) has the mandate to provide compensation services, including both pension plan administration and pay administration, to Government of Canada employees and employers. The Compensation Sector, Accounting, Banking and Compensation Branch (ABCB), administers government payroll, pension and insurance processes. This allows government organizations to administer pay and benefits in accordance with collective agreements and established TB policies.

4. The Superannuation, Pension Transition and Client Services Sector, ABCB, performs a wide range of pension functions in fulfilling its services from entitlement authorization to contributors, pensioners and survivors to records maintenance. It is also responsible for: pension funds accounting; systems analysis and maintenance; quality assurance; statutory interpretation and advice; development and distribution of procedures; communications; client inquiry and liaison services.

5. Bill C71 (Pension Reform) and Bill C78 (Pension Investment Board Act), enacted in 1999, established a new Public Service Pension Fund as of April 1, 2000. Employee and employer contributions for all pensionable service are credited to this Fund and subsequently invested in the open market by the Pension Investment Board. The new legislation provides an impetus to bring pension accounting practices into line with standard industry practices. The new legislation also allows pension administration expenses associated with introducing changes to accounting practices to be recovered from the PSSA and the Public Service Pension Fund.

6. To address the challenges of pension reforms, aging technology and increased client expectations, the Compensation Sector initiated a business transformation effort to renew government pension business processes, systems and working tools. As part of this effort, the Government of Canada Pension Modernization Project (GCPMP) is expected to renew the existing pension administration processes and systems as well as providing the infrastructure to ensure that PWGSC can provide federal government employees, pensioners, departments and agencies with modern, timely, cost-effective pension administration services. There is a significant business transformation element to the GCPMP.

7. The GCPMP received Effective Project Approval (EPA) [ * ] from TB and has proceeded with the implementation and operation of modernized pension services and systems. [ * ]. There will be five releases of software, each addressing different business functionality. In order to meet the project target dates, it will be necessary for some releases to be running concurrently. Further details about the GCPMP phase chronology and audits done to date can be found in annex A at the end of this report. As part of its transformation of pension administration effort, the Compensation Sector also obtained EPA for the Centralization of Pension Services Delivery Project (CoPSDP) [ * ]. The CoPSDP has a budget of $47.2 million. Its goal is to implement a centralized pension delivery model that will replace the current decentralized model and provide members of the Public Service Superannuation Plan, employers and sponsors with higher quality pension services. The CoPSDP was the subject of another PWGSC internal audit (2007-711). The GCPMP and the CoPSDP require a strong symbiotic relationship. Neither project can achieve its objectives without the implementation of the other. The GCPMP solution is predicated on a centralized service delivery model that allows the project to implement business processes through a single point of contact and accountability for client services. The CoPSDP requires the GCPMP to provide the automated business processes and tools.

Focus of the Audit

8. The objective of this audit was to assess the adequacy of the project management framework of the GCPMP intended to satisfy stated requirements as well as to produce planned deliverables on time and within budget.

9. A project management framework establishes the fundamental principles for the achievement of consistency in project management. It is a set of integrated, cohesive and related tools, procedures and techniques. These facilitate the identification of governance structures, accountabilities, roles and responsibilities of the project participants and stakeholders. Implementing and following a project management framework increases the probability of project success, which is defined as the project being delivered on time, within budget and meeting requirements.

10. More information on the audit objective, scope, approach and criteria can be found in the "About the Audit" section at the end of the report.

Top of Page

Observations

Project aligns with business directions, priorities, and requirements

11. To be successful, projects must be aligned with and support the established business directions, priorities, and associated requirements in a timely manner and within budget. Business processes and systems being designed and implemented by the GCPMP must meet the requirements of TBS and PWGSC to be deemed successful. As a result, we expected that the GCPMP had adequate mechanisms in place to ensure its alignment with TBS and PWGSC business directions, priorities and requirements.

12. We found that goals and expected benefits are identified in key documents including the EPA Submission and Business Case. These documents also provide the justification for the GCPMP investment in terms of business needs as well as Departmental and Government wide priorities. The project's vision, objectives and principles are supportive of ABCB's initiatives to comply with the PSSA. In addition, they ensure that the Department will be properly positioned to cost effectively manage the future delivery of pension services, in line with industry standards.

13. Through the governance structure, TBS, other government departments and agencies, and PWGSC have been formally involved in the project lifecycle and its deliverables. Regular reports and scheduled meetings provided stakeholders with current project information with respect to such areas as budget, schedule, issues, risks and progress against milestones. The appropriate authorities have approved the business requirements documents. A change management process has been implemented which requires any change to scope, cost or schedule to be approved. In addition, non-pension related requirements such as those related to the Privacy Impact Assessment Policy (PIAP) and the Government Security Policy have been identified.

14. Overall, the GCPMP has adequate mechanisms in place to ensure it aligns with TBS and departmental business directions, priorities and requirements.

Governance, accountabilities and responsibilities are generally in place

15. Governance is the combination of processes and structures implemented by senior management to inform, direct, manage, and monitor the activities of the organization towards the achievement of its objectives. Accountability identifies the resource ultimately responsible for a service, a program, or a project. Responsibility identifies the resource(s) obligated to carry forward an assigned task to a successful conclusion.

16. For a project to deliver on its mandate and objectives, the organization must have in place a management framework that clearly defines and articulates the governance structure, accountabilities, and responsibilities. We expected that the GCPMP had established an effective project management framework and that its project management practices were consistent with the Management of the Major Crown Projects Policy (MMCP).

17. GCPMP governance, accountabilities, and responsibilities are described in these key project documents: Business Case and Governance document. A series of committees with decision-making, advisory or oversight mandates make up the governance framework. Their membership includes project stakeholders from TBS, PWGSC and other departments and agencies. They are meeting regularly as specified in their mandates and are actively monitoring the project.

18. The Project Leader (Assistant Deputy Minister, ABCB) is accountable and actively monitoring the project. She reports to the Deputy Minister as required by the MMCP. Under the general direction of the Project Leader, the Project Director is accountable for achieving all defined objectives within the time and resources allocated; is responsible for the overall strategic framework and manages the day-to-day activities of the project. Where the Project Director has delegated these roles and responsibilities, it is documented. Crown (federal employees) management performs the project management oversight responsibilities. The roles and responsibilities of the contract staff are clearly specified through the use of the task authorization process.

19. The GCPMP involves a major software and technical infrastructure implementation. As a result, it is dependant on the services provided by the Information Technology Services Branch (ITSB) for success. We expected that formal written agreement(s) would be in place to ensure that both ABCB and ITSB understand and agree with the services to be provided.

20. During the Preliminary Project Approval (PPA) Phase, formal written agreements, in the form of Service Level Agreements (SLAs), between the GCPMP, the Project Delivery Office, and the Enterprise Integration Management Directorate, both within ITSB, were in place.

21. During the EPA phase, concerns have been raised by project staff about the clarity of the ITSB accountabilities, roles and responsibilities. ITSB representatives are part of the project team and have been involved in such areas as the infrastructure implementation. Originally, the Service Management & Delivery (SM&D) Sector within ITSB was to implement the necessary IT infrastructure and provide for its on-going maintenance and operation as each release moves into production. Recently, it was decided that for release 1.0, a contract would be set up with the main services provider³ to provide on-going maintenance and operation services. There is no SLA between the GCPMP and SM&D.

22. As the project moves into additional releases, the complexity of the functionality being implemented and the change to the business and technical environment will grow. There is a risk to the GCPMP, potentially causing some requirements not being met, cost over runs, or delays in the project, if ABCB and ITSB accountabilities and responsibilities are not clearly defined and agreed upon by both parties.

23. While we found some concerns pertaining to the ITSB accountabilities and responsibilities for this project, the governance, accountabilities and responsibilities are generally in place.

Top of Page

GCPMP decisions are risk based

24. Risk is defined as the uncertainty that surrounds future events and outcomes. It is an expression of the likelihood and impact of an event with the potential to influence the achievement of an organization's objectives. Risk management is a process to identify, assess, manage, and communicate risk. It is an important management tool to identify areas that could negatively impact the ability of a project to deliver on time, within budget and to meet requirements.

25. We expected that management decisions regarding the GCPMP would be risk based and supported by a risk management framework and continuous risk management processes. The framework would be based on the PWGSC Integrated Risk Management Framework (IRMF) and on the Departmental Policy 082 on Integrated Risk Management (IRM).

26. We found that the project is following a documented risk management framework and processes that are based on the PWGSC IRM Framework and Policy. They were implemented in the Preliminary Project Approval phase and continue to be followed. The risk management framework includes participation of all stakeholders and other initiatives at the cross sector, branch, the departmental and government wide levels.

27. Risk templates are used to collect and document information about potential risks and the analysis of their likelihood and impact. Based on the analysis, risks are assigned a rating (high, medium or low) and potential mitigation activities are developed. A centralized risk register has been established and is used to monitor risks. Risks that are the result of other initiatives such as the CoPSDP are also included.

28. Risk management is a regular agenda item for project team meetings. Project team managers interviewed recognized their responsibility to identify and elevate risks to higher levels, if required. They also indicated that all team members are encouraged to raise risks.

29. Risk Review Sessions that include members from all groups within the GCPMP team (both Crown and services provider), are usually held monthly. These sessions review the status of project risks, especially the high risks. At the Risk Review sessions it is decided if the mitigation activities are sufficient or if the risk should be escalated to senior management for additional action or decisions.

30. The Project plan and schedule include risk reviews and management decision points. Project reports provided to senior managers and committees include risk management information. Risk management is an on-going item for their meeting agendas.

31. A Risk Management Oversight Committee, with members representing PWGSC senior management and other departments or agencies, monitors the risk management function and the risks identified. It ensures risk management is an integral part of the GCPMP management activities.

32. The GCPMP has implemented and is continuing to apply a risk management process that is consistent with the PWGSC's IRM Framework and Policy and key governance committees are being provided with information in support of risk based decision-making.

Project management processes are generally in place and support the project

33. A project management framework is comprised of best practices, methodologies, and tools designed to provide rigor and structure to the management of a project. It promotes the application of project management disciplines throughout the entire project lifecycle. This is important because it increases the capability and probability of a project being successful in achieving its objectives and goals.

34. At each stage in a project lifecycle there can be different project processes being followed. As an example, testing, release management, and data conversion processes occur later in the project lifecycle. Others, such as scope, change management and quality assurance, are necessary throughout the project.

35. The scope of the audit included the main project processes that GCPMP has in place for the EPA phase during the examination phase of this audit. Change management, quality assurance, configuration management, release management, data conversion, testing, issue and problem management, and project reporting processes were found to be adequate. However, we found weaknesses in three areas of project management. These are project planning and scheduling, requirements traceability, and privacy impact assessment. The remaining areas discussed are contract management and human resources management.

Project Planning and Scheduling

36. Project planning and scheduling includes the use of schedules to plan and subsequently report progress of a given project. Careful planning at the outset, as well as during the project, can help to avoid costly mistakes. It guides project execution, control and monitoring. It also increases the probability that the project will accomplish its goals on schedule and within budget.

37. We expected that a current, integrated and detailed project plan and schedule, developed using a structured methodology and supported by a recognized planning tool would exist.

38. During EPA, GCPMP experienced some difficulty in maintaining an integrated project plan and schedule. This was the result of technical difficulties with the planning software, which were subsequently resolved. Also, there was a high turnover in the Crown staff performing the planning and scheduling function. While the project plan assigns tasks to individuals at a high level, it does not identify all the resources assigned to a task.

39. Each of the five releases of the project has a unique schedule and critical path. As the release moves through the five stages of development, the schedule is refined and contains more details. No integration exists between the various schedules. As a result, impacts caused by changes in one schedule are not automatically reflected in the others. Currently, impacts are evaluated manually.

40. The GCPMP is using a structured methodology supported by a recognized planning tool in support of its planning and scheduling process. However, there is a risk that the impact on concurrent releases will not be adequately identified and measured.

Top of Page

Requirements Traceability

41. Requirements traceability is concerned with documenting the life of a requirement throughout the lifecyle of a project. All requirements and changes should be documented in order to achieve traceability. It ensures that all business requirements identified during the planning phase of a project are implemented within the overall operational system.

42. We expected that the process in place to identify and describe requirements would result in formal requirements documents that are current, reflect decisions made during the entire project life cycle, and are available to project staff. We found that the design decisions made during the configuration of the COTS applications were not being reflected in requirements documents in a timely manner. Crown and services provider testers confirmed they were using dated requirements documents. Similarly the same documents were being used to develop training materials and user documentation.

43. Without complete and up to date requirement documents, there is a risk that some business requirements may not be met and that business processes may not be accurately tested. The test scenarios (scripts) being developed could reflect inaccurate or incomplete business transactions. Similarly, the documentation developed to train and support users might not align with how the business processes have been implemented.

Privacy Impact Assessment

44. The Privacy Impact Assessment Policy (PIAP) is one of the tools used by the Government of Canada to assure Canadians that privacy principles are being taken into account during proposal, design, implementation and evolution of programs and services. Privacy Impact Assessments (PIA) provide a framework to ensure that privacy is considered throughout the design of programs or services. These assessments assist managers and decision-makers to avoid or mitigate privacy risks and promote fully informed policy, programs and system design choices. We expected that the PIA for the GCPMP Release 1.0 would be compliant with the PIAP.

45. We found that the PIA for Release 1.0 was completed prior to the end of the design phase. As such, the GCPMP is unable to ascertain whether privacy risks were introduced and managed during the latter parts of the design stage. Furthermore, the project plan did not include the mandatory Deputy Minister approval task for the final PIA. As of October 6^th, 2008, the Deputy Minister had not approved the Release 1.0 PIA. As such, there is a risk that PWGSC may not fully comply with the PIA Policy.

Contract Management

46. The contract with the main services provider was established using a procurement process through the Acquisitions Branch. A significant number of the project outcomes are the responsibility of the main services provider. As a result, contract management is essential and is the responsibility of the Crown.

47. There is an overall contract with the main services provider for the entire project. For the EPA phase, specific services provider deliverables are initiated through a task authorization (TA) process. The GCPMP is using the task authorizations to manage the deliverables, schedule and costs for all five releases. Individual task authorizations include work descriptions, deliverables, time required, schedule, dependencies, resources, level of effort, and rates.

48. The Crown is using due diligence to manage the task authorization process. Each TA is compared to the others to ensure there is no duplication or overbooking of resources. Financial and human resource utilization is monitored against the estimates in the plan and the overall contract. When new resources are included in the TA, their expertise and experiences are mapped to the qualifications grid to ensure they are met.

Human Resource Management

49. With a multi-year Major Crown Project, it is critical that human resources (HR) management support the project needs for leadership, an experienced team, an enabling work environment, and a sustainable Crown workforce throughout its lifecycle.

50. We found there are a limited number of subject matter experts available and many are nearing retirement. The situation is further complicated by other initiatives competing for the expertise of these same resources.

51. As a result, GCPMP has identified two risks related to HR management. These are the project's ability to maintain: the continuity of their senior management and staff; and, the necessary subject matter expertise. To mitigate theses risks, the project is in the process of developing a contingency plan.

52. As the project progresses, these HR issues will persist and necessitate continued management action.

Top of Page

Conclusion

53. The Government of Canada Pension Modernization Project has an effective project management framework that is consistent with the Policy on the Management of Major Crown Projects. GCPMP has mechanisms in place to ensure it aligns with TSB and departmental business directions, priorities and requirements.

54. At the time of the audit, the governance, accountabilities and responsibilities were generally in place. We found some concerns pertaining to the ITSB accountabilities and responsibilities for this project. The formal signed agreements in place between ABCB and ITSB did not include all related ITSB service areas. GCPMP includes major software and technical infrastructure implementations, thus it is dependant on the services provided by ITSB. In addition, with each subsequent release, the complexity of the functionality being implemented and the change to the business and technical environment will grow.

55. GCPMP has implemented and is continuing to apply a risk management function that is consistent with the PWGSC's IRM Framework and Policy. Key governance committees are being provided with information in support of risk based decision-making.

56. Most of the project management processes in place for EPA at the time of the audit were found to be adequate. Deficiencies were observed in three areas: project planning and scheduling, requirements traceability, and privacy impact assessment.

57. Each of the five releases has a unique schedule and critical path. As the release moves through the five stages of development, the schedule is refined and contains more detailed. No automated integration exists between the various schedules. As a result, impacts caused by changes in one schedule are not automatically reflected in the others. Currently, impacts are evaluated manually.

58. The design decisions made during the configuration of the COTS applications were not being reflected in requirements documents in a timely manner. Testers, business transformation specialists, trainers and documentation group need current documentation to effective perform their functions.

59. In relation to Release 1.0, we found that the PIA was completed prior to the completion of its design phase. In addition, the project plan did not include a task to seek the approval of the final PIA by the Deputy Minister. As of October 6^th, 2008, the Deputy Minister had not approved the PIA.