Security reports missing or late
Only 38 per cent of all departments and agencies have confirmed with the Treasury Board that they completed mandatory reports on their security plans — albeit two years late — and the rest are either incomplete or the status is unknown, says a report by the auditor general.
In his spring report, Michael Ferguson found 41 of the 109 departments under the government’s security policy confirmed they finished final reports on their security plans by last fall. A new policy on government security required departments to submit their first reports by a 2012 deadline.
The finding is part of Ferguson’s review of the growing reporting burden that is a long-standing complaint of many public servants. It comes at a time when security in government is a top issue. The government recently introduced a new and tougher security and screening regime for all federal employees that has created an uproar over privacy rights.
A report is required under the security policy that was introduced in 2009 as a key piece of Canada’s national security framework. It spells out the responsibilities of deputy ministers and heads of agencies to ensure that government information, assets and services are protected and employees are safeguarded against workplace violence.
The report found the Treasury Board made several attempts to get a handle on the status of these reports, but that doesn’t seemed to have hastened compliance.
It pressed 25 departments in the fall of 2011 for copies or drafts of their plans. Of those, 22 departments had drafts ready and only three delivered final plans.
A few months later, Treasury Board followed up with a questionnaire to 95 of the 109 departments on the status of their security plans. It got responses from 81 departments and among those, 51 per cent had completed the reports. It was left in the dark by 28 departments — including 14 that didn’t even reply.
Treasury Board says it is taking steps to improve compliance, including a new monitoring system that comes into effect in April 2016.
But the late security reports raises critical questions about how these reports are being used for internal and government-wide management, as well as Treasury Board’s monitoring of them for compliance.
The audit took a sampling of five departments’ compliance with eight mandatory reports. It included two Crown corporations that are required to submit quarterly financial reports. Five of those reports are required to help make government more transparent and accountable and two — investment and security plans — are done primarily to help departments manage better.
Although departments are slow in completing their security plans, they rated them as the most useful of the eight mandatory reports for internal decision-making.
Reports on investment plans are also considered central to improving decisions in policy-making or managing programs and services, but Ferguson’s study found only 80 per cent of departments had completed those mandatory reports by time he finished his audit.