If you missed our presentation at IIA on September 26, we got you covered.
Presented by:
Hassan Qureshi, Partner, MNP LLP
Stephanie Armstrong, Senior Consultant, MNP LLP
Bruce Covington, Director, Document Imaging Services, PSPC
IIA Conference 2017 - Edmonton, AB - Paperless Governement
1. Paperless Government
What internal audit needs to know
Presented by: Hassan Qureshi, Partner, MNP LLP
Stephanie Armstrong, Senior Consultant, MNP LLP
Bruce Covington, Director, Document Imaging Services, PSPC
2. Agenda
What is digital imaging and why is it
important?
What should you know?
Digital imaging at PSPC
Overview
Common challenges
Case study
Going paperless
When should you go paperless and what
standards are important?
4. Too many documents
Court evidence
Other initiatives
Your organization handles and stores A LOT of
documents, and you want to go paperless and
destroy hard copies once they are ‘digitized’
Your organization may be asked to provide
electronic evidence for court proceedings
Your organization is undergoing
transformations of business systems that would
make it easier to reduce paper handling at the
same time
When should you go paperless?
5. Benefits of going paperless
Centralization and consolidation
Overview
6. Benefits of going paperless
Improved productivity and operational effectiveness
Overview
7. Benefits of going paperless
Compelling environmental and financial outcomes
Overview
8. How can I use my digitized records in court?
• Requirements for those who wish to present an electronic
record as evidence in legal proceedings
• Span the policies, processes, and technologies in place
around the records management system
• Span the full lifecycle of a record, from its creation,
maintenance, retirement, through to its disposal
Going paperless
9. Record digitization lifecycle
RetirementDisposal
Creation Maintenance
Creation Maintenance
Dispose when no longer
needed
Certificate of Destruction
Preparation and scanning
Records Management
Program
One master record
Disposal Retirement
Defined retention policies
Consistent metadata
Stored in repository
Clear naming convention
File format
Going paperless
10. Conforming to the CGSB Standards
A record submitted as evidence shall be authenticated by providing evidence external to the
record itself that it is what it purports to be. Alternatively, a record can be declared authentic
if:
• The integrity of the records system in which the record was made or received, or stored
• The reliability of the recordkeeping processes, can be proven.
“ “
Reliability
Integrity
Authenticity
Going paperless
11. Demonstrating integrity of a records system
A record submitted as evidence shall be authenticated by providing evidence external to the
record itself that it is what it purports to be. Alternatively, a record can be declared authentic
if:
• The integrity of the records system in which the record was made or received, or stored
• The reliability of the recordkeeping processes, can be proven.
“ “
Data source
Timely recording Data entry
Routine business data Compliance with standards
Going paperless
12. Common challenges
Scanning is just the tip of the iceberg.
Organizational Readiness
(Policy, EDRMS, Recordkeeping)
Document Preparation
Compliance with standards,
policies and directives
Analysis – Business, functional
and technical requirements definition
Procurement or in-house
expertise and capacity
Selecting the records
Logistics and Transportation
IT Infrastructure
Communication and change
management (awareness and training)
Quality Assurance
Project management
Classification,
Indexing and metadata
Common challenges
13. Case study: Public Services and Procurement Canada
Document Imaging to federal government
departments and agencies
Mailroom processing
Electronic archiving, coding and indexing
Records management and document disposal
CGSB compliance and conversion audit
Case Study
14. Case study: Public Services and Procurement Canada
End-to-end view of what needs to conform to CGSB
Client department/agency
PSPC DISC
Shared Services Canada
Defining requirements
Shipping records
Approving access to images in
web-app
Authorizing paper destruction
Scanning and storing
Managing imaging operations
Demonstrating authenticity and
integrity of RMS
Deliver IT infrastructure services
Host electronic repositories
Execute key controls (as per PSPC)
Case Study
15. Case study: Public Services and Procurement Canada
What we did
We performed an assessment of the PSPC DISC environment, through a review of its 3 components:
operations, applications, and IT infrastructure.
PSPC Imaging
solution provided
to clients
1. Operations
Operational business processes, policies, procedures
and manual controls to scan, store, view and manage
images, as well as the overarching governance and legal
framework
2. Applications
Imaging applications that enable PSPC Imaging
operations, and the associated application controls and
functionality for scanning, storing, viewing, and
managing images
3. IT infrastructure
Hardware and software to enable the operations
(including the servers, the operating systems, the
databases and the network underpinning applications
used to enable operations)
Case Study
16. Case study: Public Services and Procurement Canada
Better communication and visibility with clients
Faster search-ability and accessibility to key documents
Reliable electronic information
Environmental benefits
Reduced storage costs
Optimized processes
Outcomes
Case Study
Going paperless is defined as the process of converting information into a digital format
Improved productivity and operational effectiveness
Improved search-ability and document organization
Faster client communication
Improved data security
Automated processes
Compelling environmental, operational and financial outcomes
Decrease in storage costs
Less energy consumption when printers and copiers are inactive
More ‘green’ by reducing paper production
Talk about different types of documents (micrographics, drawings, maps, paper...
Talk about telework and remote working when talking about centralization.
Government organizations are increasingly requiring searchable electronic records management solutions for improved productivity and operational effectiveness and improves citizens service.
Going “paperless” is a strategic objective for several modernization initiatives, with compelling environmental, operational and financial outcomes
Paperless processes are often needed for centralization, consolidation or transformation initiatives
Being able to rely on the authenticity of electronic records is critical in many contexts, and demonstrating image authenticity can be required for electronic evidence in court
Government organizations are increasingly requiring searchable electronic records management solutions for improved productivity and operational effectiveness and improves citizens service.
Going “paperless” is a strategic objective for several modernization initiatives, with compelling environmental, operational and financial outcomes
Paperless processes are often needed for centralization, consolidation or transformation initiatives
Being able to rely on the authenticity of electronic records is critical in many contexts, and demonstrating image authenticity can be required for electronic evidence in court
Government organizations are increasingly requiring searchable electronic records management solutions for improved productivity and operational effectiveness and improves citizens service.
Going “paperless” is a strategic objective for several modernization initiatives, with compelling environmental, operational and financial outcomes
Paperless processes are often needed for centralization, consolidation or transformation initiatives
Being able to rely on the authenticity of electronic records is critical in many contexts, and demonstrating image authenticity can be required for electronic evidence in court
Canadian imaging standards CGSB-72.34-2017 and CGSB-72.11.93 define requirements for those who wish to present an electronic record as evidence in legal proceedings
CGSB requirements for electronic records span the policies, processes, and technologies in place around the records management system, and spans all entities involved
CGSB requirements also span the full lifecycle of a record, from its creation, maintenance, retirement, through to its disposal
An “authentic” record is, loosely, one that is what it purports to be: it was duly issued by an authorized person or agency.
A record has “integrity” if it is preserved without any alteration that would impair its use as an authentic record.
Digital techniques are available that can provide much stronger assurances than can existing techniques for paper records.
Also, digital records are potentially more vulnerable to forgery and tampering—an attacker with access to the archive’s computer could add, delete, or alter records in a wholesale fashion or make subtle alterations that would be difficult to detect by inspection.
Increased experience with personal computers has made the public aware of how easily digital documents can be altered undetectably.
Common challenges include:
Multiple stakeholders involved with unclear roles and responsibilities
Logistics: shipping sensitive information, authorization to destroy paper
Business processes use multiple technologies
Lack of stakeholder adoption
Small organization with limited segregation of duties
As of April 1st, 2017, born digital records should be transferred to Library and Archives Canada (LAC) in digital format. LAC’s preference for archival records, from this date forward, is in digital format, wherever possible.
PSPC’s Document Imaging Solutions Centre (DISC) offers government departments and agencies a range of services for document imaging, mailroom processing, electronic archiving, file management and shredding.
Several departments and agencies require that the paper digitization process conforms to applicable standards – from the point at which they send their hard-copy documents for imaging, to the point the images are returned, through to the ultimate paper destruction and ongoing management of the electronic records
To meet the CGSB conformance requirements of several of its DISC clients, PSPC sought to assess the operations, applications and IT infrastructure in place to provide imaging services
The client is responsible for the following:
Defining their business-specific imaging requirements
Shipping paper records to PSPC DISC
Authorizing the destruction of paper
Approving read-only access to the images viewed in the web application
PSPC DISC is responsible for the following:
Receiving, scanning and temporarily storing paper documents (destroying if authorized)
Managing the imaging operations (including policies, processes, procedures) and underlying imaging applications for scanning/storage
Documenting the environment and managing communications with SSC
Ascertaining image authenticity and the integrity of the imaging systems
SSC is responsible for the following:
Delivering IT infrastructure services underpinning the imaging applications
Hosting the electronic repositories for images
Executing key controls as agreed to with PSPC