The departments involved (TBSC and SSC) agreed to the OAG’s findings.

Finding 1: Very slow progress on modernizing applications over the last 5 years

• Two-thirds of applications were in poor health, and progress on modernizing infrastructure was slow.
• In 2023, the secretariat set a target: 60% of applications to be healthy by 2030.
• The OAG found that from 2019 to 2023, the percentage of healthy applications increased marginally from 33% to 38%. Continuing at this pace would mean that 45% of applications would be healthy by 2030, far lower than the secretariat’s target of 60%.
• To achieve the 60% target by 2030, the percentage would need to increase by more than 3 percentage points every year. And even if that target were achieved by 2030, 40% of applications would then still be in poor health, 31 years after the government first identified aging information technology as a significant issue.
• From 2019 to 2023 the percentage of healthy mission-critical applications increased from 50% to 62%. However, this meant that at the time of our audit, 38% of mission-critical applications (that is, 562 of the 1,480 applications) were still in poor health.

Recommendation 1: The TBSC should consult with departments and agencies to determine and establish realistic targets and timelines for modernizing applications in poor health. The targets and timelines should be based on a documented methodology that considers factors such as priorities, the critical importance of applications, and the availability of skilled personnel and funding for departments and agencies—the secretariat’s response.

Finding 2: Slow progress in modernizing applications affecting the closure of legacy data centres.

• We found that SSC was aware of the risks related to aging information technology infrastructure, and it developed action plans to address the infrastructure modernization needs of departments and agencies. In the 2018–19 fiscal year, for example, the department established a program and started prioritizing and investing in the repair and replacement of critical hardware infrastructure identified under its Operational Risk Program.
• The OAG found that as of March 2023, work had not proceeded for 65% of the approximately 4,500 applications that departments and agencies had earmarked for modernization, including the migration to new or modernized infrastructure, such as data centres, and no schedule was in place for performing this work.
• As a result of the delays in modernizing applications, as of March 2023, Shared Services Canada had not closed 280 out of the 720 data centres it had identified for closure. In our 2015 report on information technology shared services, we noted that Shared Services Canada had set a target of closing nearly all of its data centres identified for closure by 2020. The department informed us that it depends on departments and agencies to first modernize their applications before it can make progress on closing the remaining legacy data centres.

Recommendation 2: SSC should analyze the financial and non-financial effects of continuing to operate legacy applications and infrastructure instead of migrating modernized applications to new or modernized infrastructure in coordination with the TBSC and departments and agencies, undertake a review and prioritization exercise (including estimated timelines and budget) to modernize and migrate legacy applications to new supporting infrastructure and close the remaining legacy data centres.

Finding 3: The Treasury Board of Canada Secretariat did not provide sufficient leadership for modernizing systems.

• OAG found that 24 years after the government first identified aging information technology as a significant issue, the TBSC did not have a strategy or detailed plan for moving forward with a consistent and common approach to modernizing old information technology systems.
• · The secretariat did not complete and table the government-wide strategy for modernization by March 2012, despite its promise to do so in its response to our 2010 report.
• Both the secretariat and SSC have recognized that there are significant challenges in moving forward with information technology modernization, including underinvestment and the lack of personnel with specialized skills.
• In April 2023, the Treasury Board issued a Directive on Digital Talent. This directive aims to promote cooperation between federal departments and agencies and the secretariat to advance government-wide recruitment and training to ensure that employees get the information technology skills needed to perform their work. However, the directive will take time to implement and will require the secretariat’s support, particularly for information technology modernization efforts.

Recommendation 3: In coordination with SSC and in consultation with departments and agencies, the TBSC should finalize and implement a comprehensive strategy for addressing the information technology modernization needs of departments and agencies.

• Identify and control the costs of maintaining legacy information technology systems;
• Estimate the costs and time frame for modernizing or decommissioning information technology systems;
• re-evaluate the governance mechanisms in place for prioritizing information technology systems that are to be modernized
• address the scarcity of personnel with the needed skills to support information technology modernization
• improve senior department and agency officials’ knowledge and understanding of information technology projects

Finding 4: Limited and inflexible funding approaches for modernization

• TBSC did not have a funding approach that addressed funding for both the immediate and longer-term modernization needs of departments and agencies. This is important because federal government organizations may lack adequate funding to modernize their systems and address their future needs.
• 77% of CIOs reported that their departments or agencies did not have sufficient funding to meet their modernization needs.
• There is limited incentive for individual departments and agencies to fund their modernization initiatives through their existing financial allocations.
• Departments and agencies could also seek additional or new funding from the Treasury Board for their modernization needs. However, it is time intensive and while waiting the department or agency continues to incur costs related to the maintenance of old and outdated systems and heightens the risks of system failures.
• According to 86% of CIOs the available mechanisms for funding modernization projects were not timely.
• Almost 83% reported they were not satisfied with the available mechanisms for funding modernization projects. Some officers stated that the funding mechanisms available to them provided only a portion of the funding needed to modernize their applications.

Recommendation 4:

• The TBCS, in consultation with relevant stakeholders, should revise current funding mechanisms or develop new funding mechanisms to help departments and agencies modernize their information systems. The revised or new funding mechanisms should be:
  • timely, adaptable, and efficient and consider the immediate and future modernization needs of departments and agencies, including considering information technology modernization projects that span multiple years;
  • centralize the control and management of allotted funding to help prioritize and coordinate information technology modernization spending; and require departments and agencies receiving funding to regularly report back on their information technology modernization efforts and results.