Audit of Aging Information Technology (IT) Systems
January 2025
On this page
Full report
Audit of Aging Information Technology (IT) Systems
© His Majesty the King in Right of Canada, as represented by the Royal Canadian Mounted Police, 2025
- ISBN 978-0-660-75778-0
- Catalogue number: PS64-245/2025E-PDF
List of acronyms and abbreviations
- IM/IT
- Information Management/Information Technology
- IT
- Information Technology
- RCMP
- Royal Canadian Mounted Police
Context
The Royal Canadian Mounted Police (RCMP) relies heavily on IT systems to deliver on its mandate to keep Canadians safe and secure. Some of these systems, though currently operational, have been in use for more than 30 years, and the extent to which they are well-suited to the current and evolving needs of the organization is unclear.
Aging IT systems rely on dated technology that is increasingly costly to support, may no longer be supported by the vendor or require expertise that is increasingly scarce. Outdated systems are also more vulnerable to cybersecurity threats, and increase the likelihood of system failures during crisis situations. Additionally, there is a risk of reduced operational delivery in remote/rural areas, untimely decision-making, and not meeting the safety and security needs of RCMP employees and the public.
The RCMP is continuously addressing aging IT risks. In 2023, the RCMP decommissioned three legacy systems – two were migrated to new modern systems, and one was no longer in use; additionally, 11 servers were decommissioned as a result of these decommissioned systems and/or infrastructure evergreening.
Audit Objective
To assess the adequacy and effectiveness of the RCMP's management and modernization of its aging IT systems.
Audit Themes
The audit findings are grouped into the following themes:
- Information Management/IT (IM/IT) Governance
- Management of IT Systems
- Management of Technical Debt
Audit Scope
- Fiscal years 2018-19 to 2022-23
- Inventory of enterprise-wide, aging IT systems
- Governance structures
- IT investment plans
- Key modernization projects
- Shared Services Canada (SSC)-RCMP working relationship
- Exclusions: Direct review of SSC operations, IT systems that are owned by divisions, and non-enterprise IT systems
Key Takeaways
Overall, the audit found that since the 2010 Report of the Auditor General of Canada – Chapter 1: Aging IT Systems that identified the need for the RCMP to develop an action plan and appropriate funding strategy for each significant aging IT risk, the RCMP's progress on modernizing aging IT systems has been weak. Specifically, we found that:
- A governance process is in place at the IM/IT Program level, including an integrated planning process to prioritize IT projects and maintenance activities. However, there are opportunities to improve organizational IM/IT governance to ensure the integrated management of aging IT systems and strategic decision making.
- [REDACTED]
- The RCMP has put in place a Digital Policing Strategy and a Digital Serge approach that aim to ensure the organization has modern digital tools and enable a dynamic policing response. However, these initiatives are focused on long-term outcomes (i.e. 5-10 years outlook), [REDACTED].
The life cycle of IT systems can be as short as 2 to 3 years before they need to be replaced. [REDACTED]
- Date modified: