Audit of Document Management and Production Processes

On this page

• Context
• Audit objective and scope
• Key takeaways

Context

In March 2023, the Mass Casualty Commission (MCC) Report, Volume 7, Chapter 5 recommended that an external independent audit of the Royal Canadian Mounted Police (RCMP) and the Attorney General of Canada’s document management and production processes be conducted, with the results made public.

RCMP Internal Audit has a mandate to provide independent and objective advice and assurance to the Commissioner of the RCMP with respect to the organization’s governance, risk management, and control processes. The Internal Audit function at the RCMP is overseen by a Departmental Audit Committee, which is composed of four externally appointed members through the Office of the Comptroller General. Accordingly, Internal Audit is well placed and governed to assess the RCMP’s document management and production processes, with a view to helping the organization achieve its objectives and respond to the above MCC recommendation. As such, the Audit of Document Management and Production Processes (DMPP) was included in the RCMP’s 2023 to 2028 Risk-Based Audit and Evaluation Plan.

The MCC Report and the RCMP’s Senior Executive Committee agreed that DMPP is an organizational risk area. The RCMP acknowledged that information sharing and accessibility has been a challenge, resulting in production delays and, in some cases, the inability to share information within and outside of the organization.

Audit objective and scope

Objective

To examine the adequacy of the RCMP’s document management and production processes.

Scope

The audit scope focused on internal RCMP document management, and production structures and processes related to administrative information resources (that is, those activities that do not contribute to the enforcement of the law).

Note: The audit team consulted with the Department of Justice to formalize the audit scope from an RCMP perspective.

Scope exclusions

Employee information resources (for example, career history resources) and operational information resources (for example, law enforcement resources) are defined separately within the RCMP’s Information Management Manual and were not assessed as part of this engagement.

Scope period

April 1, 2019, to March 31, 2024.

Key takeaways

The audit found that DMPP processes may be inefficient, and that effective capturing, tracking, storing, and retrieving of paper and electronic documents in response to production requests may be difficult or delayed. These risks were assessed as much more prominent with administrative records than employee information resources and operational information resources.

• There are opportunities to enhance enterprise-wide DMPP governance and oversight in order to improve information management visibility, clarify responsibilities, and promote more consistent information management knowledge.
• There are opportunities to better manage DMPP risks through enhanced information management controls, improved file management and policy compliance, and improved information security.
• There are opportunities to enhance DMPP across the RCMP through policy improvements, modernizing current systems or implementing new systems, and considering lessons learned.