ARCHIVED - System Under Development Audit – eManifest

This page has been archived.

Internal Audit Report
September 2009

Table of Contents

• Executive Summary
• Introduction
  • Background
  • Risk Assessment
  • Audit Objective and Scope
  • Approach and Methodology
  • Audit Criteria
  • Statement of Assurance
• Audit Opinion
• Findings, Recommendations and Management Action Plan
  • Project Governance
  • Project Management Processes
  • Project Plans
  • Project Status
• Appendix A: Audit Criteria
• Appendix B: List of Acronyms

Executive Summary

Background

---

The eManifest project is the third phase of the Advance Commercial Information (ACI) initiative. The objective of eManifest is to further modernize and enhance how the Canada Border Services Agency (CBSA) processes and screens commercial goods coming into Canada. eManifest received Effective Project Approval (EPA) on November 29, 2007 as a Major Crown Project (MCP) estimated at $396 million with a completion date in the fourth quarter 2011-2012.

In February 2009, the project completion date was revised to reflect a funding shift for the eManifest project as part of CBSA's reduction of Reference Levels for two years in support of Canada's Economic Action Plan. It was estimated that the impact of the funding realignment would extend the completion date from 2012 to 2014.

Objective and Scope

The objective of the audit was to provide assurance that the project management framework and data management practices for the eManifest Project were adequate and effective.

The audit focused on project management processes, including project planning, control, monitoring and reporting activities. The audit fieldwork was conducted on behalf of the Internal Audit Directorate by the Centre for Public Management Inc. between January and April 2009. Project documentation for the period December 2008 to March 2009 was in scope for the audit.

Statement of Assurance

This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.

Audit Opinion

The audit found that a high-level project management framework was established for eManifest. Given the complexity of this project, management attention is required to improve the project governance and management processes to adequately and effectively manage the risks to project timeframes, costs and scope.

As development of the user requirements was at an early stage, the audit could not provide an opinion on data management practices.

Main Observations

This audit reviewed progress against the management action plans for audits of the CBSA's overall system development management framework in 2007, and found that many of the recommendations were addressed. Project management templates have been further developed, authorities, responsibilities and accountabilities were defined, and business sponsors were engaged in the project.

The eManifest project followed this overall framework; however, additional work is required to tailor the framework to the eManifest project which is made up of multiple interrelated components.

Overall, the effectiveness of project governance was diminished by a complex governance structure. In addition, the status information presented to senior governance committees was high level and relevant information related to risks and scope was not in sufficient detail. Project planning was not performed consistently across teams, and project time tracking used different methods; this made the project tracking and reporting processes more difficult.

Opportunities for improvement exist to streamline the governance structure, and implement project and cost management processes tailored to eManifest. These changes would facilitate the provision of information needed by senior management to monitor the project to ensure that project objectives are met.

During the period selected for audit examination, staff changes occurred in the roles of Project Manager, Project Director and Project Team Lead, as well as changes in the fiscal year project expenditure levels. A funding shift in the eManifest budget was implemented as part of a two-year reduction in CBSA Reference Levels to support the Government's Economic Action Plan and the project timeframe was extended from 2012 to 2014. As a result of these changes, the project schedule baseline was being revised.

The audit was advised that a third-party technical review of the project is to be scheduled and performed after the close of this audit. This is an important review to ensure the project will meet business requirements.

Management Response

With respect to the audit's findings, the audit recommendations are accepted. The eManifest Project Team is also pleased to note that the audit reflects the solid base of overall project management practices that have been demonstrated by project members. For example, there is recognition of the continued improvement from the overall system development management framework in 2007 such that project management templates have been further developed, authorities, responsibilities and accountabilities are defined, and business sponsors are engaged in the project. With audit recommendations in hand, the eManifest Project Team looks forward to further improving the management of the project.

The eManifest Project Team would also like to note that since the end of the initial audit phases, concrete actions have already taken place and others are underway which address some of the deficiencies identified by the audit. For example, two senior level Directors General committees have been combined in an effort to improve issue escalation and the noted complex governance structure. Furthermore, the Project Support and Control Office (PSCO) has been working on documenting key project processes that correlate directly to the recommendations found in this audit pertaining to issue, risk and change management, as part of the eManifest Project Management Framework. The eManifest Team currently uses Microsoft Project 2003 to manage the project schedule – the team agrees with the audit findings that this tool has limitations for a project of this size and scope. As described in the Action Plan for Recommendation 4, the Team has started the acquisition process for the Microsoft Project Server which has been identified as a suitable planning and tracking tool.

The actions described in this report are believed to be realistic and achievable and will be completed by the eManifest Project Team and other areas of CBSA.

Introduction

Background

The eManifest project is the third phase of the Advance Commercial Information (ACI) initiative and is a key priority within the Security and Prosperity Partnership of North America. An objective of eManifest is to further modernize and enhance how the Canada Border Services Agency (CBSA) processes and screens commercial goods coming into Canada.

With the implementation of eManifest, CBSA will collect advance information for all modes of transportation; specifically, pre-arrival, electronic receipt of cargo, conveyance, crew, and importer admissibility data from carriers, freight forwarders and importers/brokers in the highway and rail environments. With this information, CBSA will perform risk assessments on commercial goods to identify and interdict high-risk shipments prior to their arrival in Canada, thereby effectively expediting the processing and clearance of low-risk shipments.

The Vice-President, Innovation, Science and Technology Branch (ISTB), as eManifest Project Leader, is accountable to the President for the project. The Director General, eManifest, as Project Manager, is accountable for achieving all defined project objectives within the time and resources allocated, and heading the CBSA eManifest Initiative team, with senior management support provided by the Project Sponsors and Project Leader. The Project Sponsor role is shared by the Enforcement, Operations, and Admissibility branches who provide subject matter expertise and make key project decisions related to program areas within their respective branches.

The eManifest Project received Effective Project Approval (EPA) on November 29, 2007 as a Major Crown Project (MCP) with an estimated cost of $396 million and a target completion date in the fourth quarter 2011-2012.

In February 2009, the project completion date was revised to reflect a funding shift for the eManifest project as part of CBSA's reduction of Reference Levels for two years in support of Canada's Economic Action Plan. It was estimated that the impact of the funding realignment would extend the completion date from 2012 to 2014.

At the request of Treasury Board Secretariat (TBS), the CBSA developed an oversight strategy in 2007, including reviews and audits that would provide advice at critical junctures for the eManifest project. The strategy was shared with TBS, as will be subsequent reports arising from the strategy. Accordingly, an audit of eManifest was identified in the CBSA's 2008-2009 Internal Audit plan.

As of March 2009, total project expenditures were estimated to be $112M ($8.2M in 2006-2007, $33M in 2007-2008 and $71M forecast in 2008-2009).

Previous System under Development (SUD) audits undertaken by Internal Audit Directorate were relevant to this audit. One audit acknowledged progress in developing a project management framework and recommended continued development of improved processes for: project quality and risk management, engaging business sponsors in the development process, benefits realization, and project status reporting. The audits of the Advance Commercial Information – Electronic Data Interface Reporting for Air, and Advance Passenger Information/ Passenger Name Record Risk Scoring development projects observed on the need to clearly define project roles and responsibilities, to have a comprehensive change/issue management process, and to review the process to define security requirements for new business systems.

Risk Assessment

A preliminary risk assessment was conducted to assist in audit planning and determining potential priorities and areas for audit. This assessment considered the size and complexity of the eManifest project and the risk response strategies developed by the project. The following risk areas were identified as critical for the successful implementation of the eManifest project:

• Project Management: Effective processes and tools to effectively manage a project of this size and complexity may not be in place. Difficulty in acquiring, training and retaining personnel with the required business and information technology (IT) skill sets presented a potential risk of delays in completing project deliverables.
• Procurement: There was a risk that the time-frame required to procure eManifest products could delay the eManifest deployment schedule.
• Data Management: There was a risk that delays in finalizing decisions about program policy changes and approving required amendments to the Customs Act legislation and associated regulations would delay the eManifest schedule.
• Communication with Stakeholders: There was a risk that lack of support by the stakeholders for the eManifest design solution and their readiness to use the new eManifest processes would result in delays in the eManifest implementation schedule.
• Business Case: There was a risk that expected project benefits were not defined in sufficient detail to measure the success of the project.
• Processes and Methodology: There was a risk that early requirements for the project were not developed to an appropriate level of detail.
• Business Transformation: The eManifest project represented significant change in the way that end-users will go about their day-to-day tasks.

Given that Innovation, Science and Technology Branch (ISTB) planned a third-party review of the business case and expected outcomes, the business case area was removed from the audit scope.

Project Management was the primary focus of the audit, based on the current timing and delivery status of the eManifest project. The other areas will be in scope for the Phase 2 and Phase 3 audits of eManifest.

Audit Objective and Scope

The objective of the audit was to provide assurance that the project management framework and data management practices for the eManifest Project were adequate and effective.

This audit focused on the project management area to meet the objective of providing assurance on the management control framework for the eManifest project. This included an assessment of the additional requirements for the management of Major Crown Projects (MCPs) and an assessment of the eManifest risk management process. Data management was removed from the scope of the audit as user requirements were at an early stage of development.

The Centre for Public Management Inc. conducted the audit examination on behalf of the Internal Audit Directorate between January and April 2009. Project documentation for the period December 2008 to March 2009 was in scope for the audit.

Approach and Methodology

The audit gathered evidence through interviews, documentation and direct observation, and analyzed and evaluated the eManifest project controls against the selected audit criteria.

The audit:

• Conducted interviews with eManifest project managers, CBSA senior management, and external representatives on eManifest governance committees to identify and assess the management framework in place for eManifest.
• Reviewed documentation to assess each of the audit criteria for evidence of the adequacy and effectiveness of the management framework over the eManifest project, including requirements for the management of MCPs.
• Performed sufficient tests to confirm that controls are adequately applied in project management.

Audit Criteria

Audit criteria for the SUD audit of eManifest were developed based upon a number of authoritative sources. These included Treasury Board Secretariat's Enhanced Management Framework, the Information Systems Audit and Control Association's (ISACA) Control Objectives for Information and related Technology (COBIT) and the Project Management Institute's Project Management Body of Knowledge (PMBOK). Detailed criteria are presented in Appendix A of this audit report.

Statement of Assurance

This audit engagement was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada.

Audit Opinion

The audit found that a high-level project management framework was established for eManifest. Given the complexity of this project, management attention is required to improve the project governance and management processes to adequately and effectively manage the risks to project timeframes, costs and scope.

As development of the user requirements was at an early stage, the audit could not provide an opinion on data management practices.

Findings, Recommendations and Management Action Plan

This audit reviewed progress against the management action plans for audits of the CBSA's overall system development management framework in 2007, and found that many of the recommendations were addressed. Project management templates have been further developed, authorities, responsibilities and accountabilities were defined, and business sponsors were engaged in the project.

The eManifest project followed this framework; however, additional work is required to tailor the framework to the eManifest project which is made up of multiple interrelated components.

Overall, the effectiveness of project governance was diminished by a complex governance structure. In addition, the status information presented to senior governance committees was high level and relevant information related to risks and scope was not in sufficient detail. Project planning was not performed consistently across teams, and project time tracking used different methods. This made the project tracking and reporting processes more difficult.

Opportunities for improvement exist to streamline the governance structure, and implement project and cost management processes tailored to eManifest. These changes would facilitate the provision of information needed by senior management to monitor the project to ensure that project objectives are met.

During the period selected for audit examination, staff changes occurred in the roles of Project Manager, Project Director and Project Team Lead as well as changes in the fiscal year project expenditure levels. A funding shift in the eManifest budget was implemented as part of a two-year reduction in CBSA Reference Levels to support the Government's Economic Action Plan and the project timeframe was extended from 2012 to 2014. As a result of these changes, the project schedule baseline was being revised.

The audit was advised that a third-party technical review of the project is to be scheduled and performed after the close of this audit. This is an important review to ensure the project will meet business requirements.

Project Governance

This project had a complex governance structure with more than 10 different committees providing direction and advice. Members of senior level committees indicated they were not provided with sufficient information to provide adequate oversight.

The audit expected to find a project governance structure with defined levels of authority and decision-making processes to provide overall direction, decision making and resource commitment to the project.

This project had a complex governance structure with more than 10 different committees providing direction and advice. Members of senior level committees indicated that they were not provided with sufficient information to provide adequate oversight. Membership, terms of reference, and roles and responsibilities for the component committees were documented. Within defined authorities, the eManifest Project Manager made project decisions and determined when to involve the appropriate committee in the governance structure in the decision-making process.

Committees did not always meet as frequently as mandated. The most senior level internal committee mandated to review key project information, such as risks, issues, scope, budget and schedule, was the Innovation, Science and Technology Committee (ISTC), which over the period of examination met quarterly and discussed eManifest as well as IT business for CBSA. The Senior Project Advisory Committee (SPAC), established to meet the project management requirements specified by Treasury Board for a MCP, was mandated to meet semi-annually but no meetings occurred between August 8, 2007 and February 2009.

Members of the ISTC and SPAC indicated a need for more detailed project status information. Generally, these comments reflected a desire for better indicators of a more complete project status. However, from the perspective of the eManifest project, status reporting was in accordance with agreed format and content guidelines. For example, the status information provided to the ISTC used templates, e.g., the executive dashboard, adopted within CBSA for development projects undertaken by ISTB. This demonstrated the need to agree on reporting expectations with management and stakeholders and the means to communicate this information.

During the period of audit examination, steps were being considered to strengthen the governance structure. This included enhancing the issue escalation / resolution process, as well as identifying changes with SPAC to better leverage the experience of the membership and make the committee more effective.

The eManifest governance structure may inhibit the project decision-making process needed for effective overall direction and management of the project. As well, the complex governance structure required significant effort on the part of the eManifest Project Support and Control Office (PSCO) and the Project Manager to manage communications with all the governance committees.

Recommendation

1. The Vice-President of the Innovation, Science and Technology Branch should streamline the existing eManifest internal governance structure, and establish a separate senior executive project steering committee with representation of all sponsor branches and having accountability for project delivery and the mandate of providing governance and direction on policy, management and project issues.

Management Action Plan	Completion Date
1.1 Review current governance structure to ensure that it meets effective project governance requirements, including the sharing of status updates with project stakeholders.	Completed
1.2 Create a dedicated senior executive steering committee which will be scheduled every two months.	Completed The eManifest Vice-President's Steering Committee's first meeting was convened on August 4, 2009.
1.3 Validate the requirement for, and roles and responsibilities of the eManifest governance bodies. Ensure that Terms of Reference are updated and accurate.	November 2009
1.4 Provide updates to Senior Management and solicit feedback – project status dashboards will be sent to the Vice-President, Innovation, Science and Technology Branch every month or as required.	Ongoing, As required. Health of eManifest meetings are now to occur every month.

 

Project Management Processes

Project management processes for the management of risks, issues, scope and human resources were not tailored for a project of this size and complexity.

The audit expected to find a standardized project approach, processes, policies and templates to support the efficient and effective delivery of all project deliverables. This would include standardized tools to support core project planning, execution and control for a project of this size and complexity. For example, the project would have a project risk management plan to identify and assess risks, develop a risk response, maintain and monitor actions and their resolution. Project teams would follow processes for managing project scope, time, risks, issues, change and confirmation management, and any issues would be reported, reviewed and closed on a timely basis.

Progress had been made on previous audit recommendations to strengthen the project management framework. ISTB had continued development of a standardized approach to managing major software development projects in CBSA. The work to tailor these generic processes to the specific requirements of a project the size and complexity of eManifest was still in process.

The eManifest project had developed desk-top procedures for the project management processes. However, the procedures did not contain the process detail needed for consistent use by project teams. Logs lacked appropriate and sufficient detail to adequately manage risks, issues and changes. For example:

• Risk logs were not consistent with the risk reports and lacked mitigating details, contingency plans, and action plans to respond to risks effectively. To date, risks were being captured at a strategic level but not at a detailed, operational level.
• Issue action plans and status reports did not provide sufficient detail on how resolutions were to take place. Details were frequently maintained in documents not cross-referenced to the issue log and this made it difficult to track progress. Also, a document review indicated that issues were not resolved in a timely manner.
• The change management procedure required that all change requests be formally documented on a change log which would be used to support analysis and formal approval of the change. There was no evidence the “change log” was being used to track change status.

Established oversight mechanisms provided assurance that strategic risks, those related to direction and operational clarity, were effectively mitigated, and that the project was aligned with and supported CBSA direction. While follow-up items were frequently an agenda item of subsequent meetings, there was minimal documentation in those meetings to determine if the follow up item was resolved. If follow-up did occur, it was typically from several months to one year following the initial discussion.

The project had experienced high staff turnover. Since project inception, there had been a few changes in project leadership, resulting in changes in the use of project management processes as experience was gained. Although project team training had taken place, there was no formal training process to efficiently integrate new staff into the project and make them aware of project scope, methodology, and procedures. The project staffing plan was not updated in accordance with the staffing requirements of the project schedule, to ensure the right people and skills were available to get the job done.

While processes were in place and practices established by management, these were not customized to incorporate best practices and lessons learned for a large project such as eManifest. Development of project management processes tailored to the specific requirements of eManifest would enable more efficient and effective management of the project.

Recommendation

2. The Vice-President of the Innovation, Science and Technology Branch should customize and implement project processes for the management of risks, issues, scope and human resources.

Management Action Plan	Completion Date
2.1 Clearly define and articulate issue, risk and change management escalation procedures for inclusion in the eManifest Project Management Framework. The Project Management Framework will consist of several components, including: plans, processes, procedures, tools, and templates, that are designed to be used together to manage the eManifest project through its lifecycle.	The Project Management Framework, Issue Management, Risk Management, Change Management, and several other procedures are all planned for approval and sign off by September 30, 2009.
2.2 Update Human Resources Management Strategy to articulate human resources planning, along with the acquisition, development and management of the project teams.	February 2010
2.3 Once approved, the components of the Project Management Framework (including plans, processes, procedures, tools, and templates) will be available on the eManifest Project Support and Control Office's website to provide easy access to the project teams.	Ongoing / February 2010

Project Plans

Project team had developed work plans for their individual projects; however, the plans were not developed in a consistent manner. Some plans did not contain the level of detail needed to effectively manage project activities on a day-to-day basis.

The audit expected to find an integrated and baselined plan that included key tasks, milestones, dependencies and deliverables.

The PSCO and eManifest Team Leaders jointly developed a Master Project Schedule (MPS) which was supported by individual team level plans as per the ISTB project planning process. The PSCO had integrated the project deliverables, activities, and milestones into the MPS and had instituted processes to establish and monitor the work completed and the schedule duration.

The PSCO relied on the individual teams to provide them with status information required to keep the MPS current. The PSCO did not have the authority to mandate a common approach for planning at the team level, and as a result, each team used their own approach. While one team planned at a detailed level and reported on effort to complete, representing a best practice approach within eManifest, other teams used high-level project plans, and reported effort expended, rather than effort to complete.

As a result, resource planning at the team level in project plans was not consistent nor complete. Progress reporting that included only effort spent to date and no estimated effort to complete was not a true representation of status in meeting deliverables schedules. In addition, it was difficult to assess whether sufficient team resources were available to complete the work required.

Development and maintenance of the MPS was further complicated by the fact that the PSCO lacked the tools to plan and track a project of this magnitude. Microsoft Project Server, the multi-user planning tool of choice by the PSCO, was not currently certified for use on CBSA's IT infrastructure. As a result, significant effort was expended in manual entry and reconciliation of team progress, introducing time delays and potential errors. The PSCO performed its project planning tasks effectively given the tool limitations and its dependency on the teams for project information.

These issues impacted the timeliness of project plan information, and increased the risk that the project status was not being accurately presented.

Recommendations

3. The Vice-President of the Innovation, Science and Technology Branch should develop and implement a standardized approach for detailed project planning and reporting for the teams.

Management Action Plan	Completion Date
3.1 Define a procedure that will establish and maintain regular and consistent project team progress reporting. The procedure will be included in the Project Management Framework (also linked to Management Action Plans 2.1 and 2.3).	November 2009

4. The Vice-President of the Innovation, Science and Technology Branch should explore options to acquire and implement an appropriate project management software tool for major IT projects.

Management Action Plan	Completion Date
4.1 Enhance the existing Microsoft Project tool by the acquisition and implementation of Microsoft Project Server.	Initial request has been made (Summer 2009). Due to length of approval and procurement cycle, completion date is not expected before September 2010.

Project Status

Status reports did not have sufficient detail to provide a full understanding of project progress, risks and issues. Estimates were used to track project costs at a detailed level but the process was not formalized.

The audit expected to find that project status and results were monitored, tracked, controlled and reported to the appropriate levels within CBSA, and that budgets for eManifest investments and ongoing operations were established and expenditures monitored against the established budgets.

Various status-reporting mechanisms were used to report progress on a regular basis to the various internal and external governance committees and project stakeholders. This included detailed status reporting at the team level, detailed and executive-level dashboards, project status briefings, “health check” briefings, financial status updates, as well as MCP Status Reviews as required by TBS. In addition to these reporting mechanisms, a third party review/oversight strategy was developed in 2007 to provide independent project advice at critical junctures. During the period of audit examination, the scope and timing for the next review was yet to be finalized. The audit was advised that a technical review of deliverables is to be scheduled and performed after the close of this audit. These technical reviews would provide assurance to senior management through independent technical advice on scope, time and budget.

The executive dashboard and status briefing decks were the principal means of keeping the ISTC informed of progress against project objectives. During the period of audit examination, quarterly updates on eManifest progress were provided to the ISTC. Subsequently, the frequency of ISTC meetings had increased and the eManifest Project Leader provided a status update when required.

The format and content of the executive dashboard and project status decks presented at ISTC were based on templates adopted by CBSA. The dashboard and status decks provided a snapshot of the overall health of the project (e.g. red, yellow, green) and contained limited information to enable comparison between actual and planned cost, schedule, scope, and quality performance.

The project plan and schedule were baselined in December 2008. However, as a result of the funding shift for the eManifest project, another baseline of the plan and schedule needed to be developed. In the absence of a baselined plan and schedule, there were no agreed-upon milestones against which to report project status.

The audit observed that processes were in place and being followed to manage eManifest funding within existing reference levels. Actual expenditures by fiscal year were analyzed to identify spending variances, and to quantify unused funds for roll-forward to future fiscal years. Financial projections based on to-date and forecast expenditures were used to assess the end-state financial status against approved budget.

The process used to report on the status of expenditures vs. budget allocated to the deliverables of the eManifest project was not formalized or reconciled. Cost status information by component or capability is a relevant metric to determine the cause and magnitude of any cost variance and whether corrective action is required.

The eManifest project had allocated the project budget by project deliverable. The eManifest financial tracking / reporting structure used in CBSA's financial management and reporting system (CAS) enabled tracking of ISTB costs by deliverable. For other branches, an estimating process would be required to allocate Branch eManifest-related costs to project deliverables.

Consequently, capturing and reporting on project costs required a manual process to retrieve actual cost data from CBSA's financial management and reporting system (CAS) and assign costs to a deliverable. The PSCO was required to estimate the distribution of actual costs by deliverable. This process was performed on an ad hoc basis and the total costs at the deliverable level were not reconciled to actual total costs in CAS. The process did not meet the standard of CBSA's project management framework which recommended establishing a cost baseline for all of the scheduled work packages or deliverables that would be used for measuring project performance.

Key stakeholders received progress updates at a high level, and the status was not tracked at a detailed enough level to reflect the true picture of project status. This was reinforced by a common theme in the audit whereby senior management did not have a good sense of where the project was in relation to its work plan and deliverables.

Recommendations

5. The Vice-President of the Innovation, Science and Technology Branch should ensure tracking, monitoring and reporting project performance at a sufficient level of detail to support the successful achievement of project objectives and resource allocation decisions.

Management Action Plan	Completion Date
5.1 Define a procedure that will establish and maintain regular and consistent project team progress and financial reporting. The procedure will be included in the Project Management Framework (also linked to Management Action Plans 2.1, 2.3 and 3.1).	November 2009

6. The Vice-President of the Innovation, Science and Technology Branch should conduct a third-party review of the eManifest project at critical junctures that includes scope, time and budget.

Management Action Plan	Completion Date
6.1 Third party reviews of the project will be completed at critical project junctures, and as required, based upon the request of senior management governance committees. Third Party Reviews will cover: budget, scope, and timelines.	As required
6.2 Statement of work for the next third party review to be ready by November 2009. Solicitation for bids will be posted December 2009.	February 2010

Appendix A: Audit Criteria

The audit criteria used for the Engagement Phase were:

Control Category	Audit Criteria
Project Management	1.1 A project governance structure with defined levels of authority and decision-making processes was established to provide overall direction, decision making and resource commitment to the eManifest Project, and is working effectively.
	1.2 Project management processes and tools are in place to guide eManifest Project delivery and are functioning appropriately.
	1.3 The project plan is integrated, baselined and reflects the eManifest Project as a whole including key tasks, milestones, dependencies and deliverables.
	1.4 Project status and results are monitored, tracked, controlled and reported to the appropriate levels within the Agency.
	1.5 Budgets for eManifest investments and ongoing operations are established and expenditures are monitored against the established budgets.
	1.6 A documented risk management process exists and is being used to identify and assess risks, develop a risk response, and maintain and monitor the risk action plan.
	1.7 A documented issue management process exists and is being used to identify and assess issues, develop and monitor an action plan, and review ongoing issues on a regular basis.

Appendix B: List of Acronyms

ACI

Advance Commercial Information

CAS

Corporate Administrative System

CBSA

Canada Border Services Agency

COBIT

Control Objectives for Information and related Technology

EPA

Effective Project Approval

ISACA

Information Systems Audit and Control Association

ISTB

Innovation, Science and Technology Branch

ISTC

Innovation, Science and Technology Committe

IT

information technology

MCP

Major Crown Project

MPS

Major Project Schedule

PMBOK

Project Management Body of Knowledge

PSCO

Project Support and Control Office

SPAC

Senior Project Advisory Committee

SUD

System Under Development

TBS

Treasury Board Secretariat