Management and Oversight

Table of contents

How to use this tool

  • This tool is designed for IM specialists to use with relevant business areas when identifying information resources of business value (IRBV) and retention specifications.
  • The IRBV and retention specifications contained in this document are recommendations only and should be customized to apply in each institutional context. The complete document should be read before using any recommendations.
  • This Generic Valuation Tool does not provide Government of Canada institutions with the authority to dispose of information. Generic Valuation Tools (GVT) are not Disposition Authorities (DA) and do not replace the Multi-Institutional Disposition Authorities (MIDA).

Validation: The business processes and GVT have been validated by subject matter experts from the following departments: Fisheries and Oceans Canada, Citizenship and Immigration Canada, Department of Justice Canada, Health Canada, Natural Resources Canada and Shared Services Canada. In 2019, the revised version was validated by member departments of the working group on Information Management Common Core (IMCC).

Defining the Activity

Management and Oversight Services are those activities undertaken for determining strategic direction and allocating resources among services and processes, as well as those activities related to analyzing exposure to risk and determining appropriate countermeasures. They ensure that the service operations and programs of the federal government comply with applicable laws, regulations, policies, and/or plans.

This GVT provides recommendations on business value and retention specifications related to internal Management and Oversight activities only. It does not apply to strategic and/or horizontal business processes related to Management and Oversight that are performed on behalf of the entire Government of Canada (GC), such as those carried out by Treasury Board of Canada Secretariat (TBS), the Privy Council Office, the Office of the Auditor General, the Office of the Comptroller General, etc.

Relationship to Other GVT

Business processes often overlap. When IRBV for a sub-activity are also identified in another GVT, there is a note in the table of IRBV and retention recommendations (below) to direct the user to the proper tool.

This GVT describes overarching departmental activities, therefore it relates to many other internal services and operational activities (and associated GVTs).

The GVTs for Cabinet Affairs and Treasury Board Submissions also contain business processes similar to those in Management and Oversight and should be used in conjunction with this GVT.

Relationship to the Information Management Common Core (IMCC)

The functions and sub-functions described in this GVT align with those in the IMCC common file classification plan, which is mandatory for all Government of Canada Electronic documents and Records Management Solutions (EDRMS).

Business Processes

1. Strategic Policy and Planning and Government Relations:

Strategic planning involves determining strategic direction and planning, organizing, and directing the institution in order to achieve operational goals. Government Relations involve consultation, cooperation and agreements with other levels of government to leverage assets and facilitate program and service delivery.

2. Executive Services:

Executive services include the provision of corporate advice and support to the organizational executive offices. Activities include the coordination of Question Period responses, Parliamentary affairs, executive correspondence, governance activities through executive committees and the planning and coordination of conferences, visits and hospitality. Processes and IRBV for Cabinet Affairs can be found in the Cabinet Affairs GVT. “Executive” is defined as Director-level up to Minister. This may include Deputy Ministers, CEOs, chairpersons, or presidents, depending on the nature of the institution.

Please note: in a Minister’s office, the records dealing with departmental functions, that reflect the role of the Minister as head of the department must be maintained in the corporate recordkeeping system.

3. Policy, Standards and Guidelines:

This activity involves the creation and development of operational and administrative policies, standards, and guidelines, policy papers and initiatives.

4. Investment Planning:

This activity involves developing and executing plans related to the allocation and reallocation of resources to new and existing assets and acquired services that are essential to program delivery. Institutional Investment Planning is closely linked with project management.

This GVT covers the investment planning activity at a high level based on the objectives and requirements prescribed by the Policy on Investment Planning—Assets and Acquired Services (2009) and the Guide to Investment Planning - Assets and Acquired Services as well as an analysis of existing GC procedures.

5. Project Management:

The TBS Policy on the Management of Projects (2009) defines Project Management as “the systematic planning, organizing, and control of allocated resources to accomplish identified project objectives and outcomes. Project Management is normally reserved for focused, non-repetitive, time-limited activities with some degree of risk, and for activities beyond the usual scope of program (operational) activities.”

This GVT covers the Project Management activity at a high level based on the objectives and requirements prescribed by TBS policy instruments as well as an analysis of existing GC procedures.

6. Risk Management:

The TBS Framework for the Management of Risk (2010) defines risk management as “a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, making decisions on and communicating risk issues.”

The principles outlined apply to all TBS policies, and require that GC institutions integrate risk management into all business processes performed in support of program and service delivery.

7. Results Management and Reporting:

This activity involves the monitoring of organizational performance and the declaration of results according to GC management principles and expectations, through the Policy on Results and the Directive on Results.

8. Audit:

The TBS Policy on Internal Audit (2017) does not define audit directly but describes it as a “function that is independent of departmental management…[providing] assurance as to whether government activities are managed in a way that demonstrates responsible stewardship to Canadians.”

The internal audit function is supported and assessed by the Comptroller General of Canada. Among other requirements, departments must designate a chief audit executive to manage the internal audit function, have a multi-year risk-based audit plan focusing mainly on assurance, and establish and main an independent departmental audit committee comprised mainly of members external to the federal public administration. Departmental Audit Committees are responsible for providing advice and recommendations based on the results of internal audits and related matters, and review departmental management, control and accountability processes within its area of responsibility.

According to the Directive on Internal Audit, mandatory internal audit procedures consist of undertaking internal audits of programs and services as identified by the Comptroller General of Canada or the Secretary of Treasury Board; reporting on internal audits; adhering to public reporting requirements, including releasing information on performance results for the internal audit function and listing planned audit engagements for the upcoming fiscal year.

Also included in this activity are responses to external audits such as those conducted by the Office of the Auditor General, Public Service Commission and the Office of the Commissioner for Official Languages. (The term “external audit” does not include internal audits of a department conducted by a commercial third party.) Many of the documents created in the course of an audit by the Office of the Auditor General (OAG) are controlled and numbered and must be returned to the OAG within one week of the report being tabled in Parliament. These documents include the Audit Plan Summary and Drafts of the Audit Chapter, which are therefore not listed in the IRBV table. Due to the importance of an OAG audit, copies of information resources sent to the OAG are maintained, and a copy of the final audit report is kept on file for the department’s reference purposes.

The processes and associated IRBV recommendations were determined from What to expect: an auditee’s guide to the performance audit process (2016).

9. Evaluation:

The TBS policies which previously directed the evaluation and reporting functions have been replaced by the Policy on Results and Directive on Results. The processes for program evaluations done by the department are planning, conducting and reporting on the evaluation, as well as the recommended follow-up actions. Also included is providing advice and guidance to program areas on the use of evaluation findings.

Retention Periods

Recommended retention specifications in GVTs are determined based on traditional or best practices, a review of government-wide legislation and policy, and validation with subject matter experts. Retention periods are suggestions only; departments must take into account their own legislative requirements and business needs.

The minimum retention recommendations provided in this GVT are based on feedback received from departments during validation sessions and on traditional practices by federal departments and by organizations in other jurisdictions, as well as a review of government-wide legislation and policy. 

Business Value and Retention Recommendations

Sub-functions Activities Sample IRBV Recommended Retention
Strategic Planning and Government Relations Strategic and Business Planning
  • Program Activity Architecture (PAA) and descriptions
  • Report on Plans and Priorities (RPP) / Departmental Plans
  • Organizational plan/annual plan/integrated Business and Human Resources Plan (IBHRP)
  • Strategic plans
  • Corporate Business Plans
  • Branch work plans
  • Sector operational plans
  • Records of decision resulting in major changes
  • Internal call letters
  • Risk profiles and strategies
  • Balanced scorecards
  • Contingency plans
  • Business intelligence reports
  • White papers
  • Briefing notes
  • Environmental scans
  • Agenda, meeting minutes
  • Trend analysis
10 years after superseded
Organizational management
  • Governance structure
  • Organization charts
10 years after superseded
Government Relations
  • Provincial or international treaties
  • Service-level agreements
  • Results of negotiation (changes to process, terms, etc.)
  • Final agreements
  • Contracts
  • Memoranda of Understanding (MOU)
  • Minutes, agendas
  • Correspondence with Office of Intergovernmental Affairs, stakeholders in other jurisdictions
  • Proceedings of symposia, roundtables and conferences
  • Final case study reports
  • Records of consultation activities
  • International activity reports
5 years after agreement is superseded or terminated
Executive Services Parliamentary affairs
  • Request for information (from Question Period or Order Papers)
  • Correspondence
  • Substantive draft responses (containing modifications not reflected in final drafts)
  • Approved Question Period answer
  • Approved Statement of Completeness
  • Confirmation letter
  • Question Period tracking system
  • Briefings
  • Speeches
  • Advice
5 years after last administrative action
Executive participation in conferences, events, travel, and hospitality
  • Request or invitation
  • List of participants
  • Agenda, minutes from planning meetings
  • Program
  • Advice from program area
  • Speeches, speaking notes (including substantive drafts containing modifications not reflected in final version)
  • Presentations
  • Correspondence
  • Confirmations
  • Itinerary
2 years after last administrative action
Executive correspondence
  • Incoming correspondence (letter, email, meeting request, invitation, postcard)
  • Response
  • Supporting documentation when necessary (justification for response)
  • Correspondence reports
2 years after last administrative action
Executive briefings
  • Briefing books
  • Transition books
  • Briefing notes
  • Reports
  • Summaries
  • Presentations
5 years after last administrative action
Executive Committees
  • Terms of reference of committees
  • Agendas, minutes and records of decision
  • Presentation decks
  • Briefings
2 years after superseded or committee dissolved
Delegation of (non-financial) authorities
  • Delegation of authority documents
6 years after termination of appointment
Manage charitable undertakings
  • Agenda
  • Minutes
  • Reports
2 years after last administrative use
Policies, standards and guidelines Plan policy initiatives and draft policy instruments
  • Policy decisions for review
  • Formal identification of policy issue
  • Briefing notes
  • Policy papers
  • Substantive drafts containing changes not reflected in the final version
  • Documentation for review
  • Substantive drafts containing changes not reflected in the final version
5 years after last administrative action
Manage policy governance
  • Agenda
  • Minutes
  • Terms of reference
  • Records of decision
5 years after last administrative action
Policy instruments
  • Final policy instruments
5 years after superseded
Investment Planning Develop investment plan
  • Report/assessment on previous investments
  • Capability Gap Analysis
  • Minutes/presentations from information sessions for participants
  • Information about projects under consideration:
  • Investment Summary Notes/Investment Analysis Reports;
  • Project priority ranking, i.e. any input from stakeholders or other sections on priorities and proposals
  • Minutes of Board/working group tasked with creating investment plan
  • Project charter for creation of investment plan
  • Terms of Reference
  • Roles and responsibilities
  • Milestones
  • Performance metrics
  • Governance and reporting mechanisms
  • Drafts of plan
  • Approval from senior management
  • Final Investment Plan
10 years after the end of the fiscal year to which the resource corresponds
Monitor investment plan
  • Performance results, assessments, reports
  • Briefing note to senior management on issues
  • Reports from regions
  • Reports to Cabinet
  • Feedback on/revisions to planning process
  • Project close-out reports
  • Lessons learned
  • Targeted performance indicators
  • Performance measurement table
10 years after the end of the fiscal year to which the resource corresponds
Provide advice to Ministers
  • TBS consultation
  • Feedback/comments on drafts, plans, etc.
  • Follow-up reports
  • TBS approval
  • Communication with TBS over changes to investment plan after approval
  • Communication with stakeholders
10 years after the end of the fiscal year to which the resource corresponds
Project Management n/a
  • Organization Project Management Capacity Assessment (OPMCA)
10 years after Assessment
Risk Management n/a
  • Report from Risk Management Capability Model
  • Corporate Risk Profile (including action plans)
  • Integrated Risk Management policy (IRM)
  • IRM Policy implementation plan
  • Risk taxonomy
  • Risk list/risk registe
  • Plans for monitoring and updating risk profile
  • Monitoring reports
7 years after superseded
Results Measurement and Reporting Performance/results measurement
  • Department Results Framework (DRF)
  • Departmental Results Indicators
  • Program Inventory
  • Performance Information Profiles
  • Performance measurement strategies
  • Performance information
  • Evidence to support Management Accountability Framework (MAF)
  • Risk profiles and strategies
  • Sustainable development plans
  • Balanced scorecards
  • Environmental scans
  • Contingency plans
  • Trends analysis
10 years after last administrative use
Reporting
  • Quarterly Financial Reports
  • Management response
  • Department Results Report (DRR)
  • Performance measurement reports, including trends and metrics
  • Management Action Plans
  • Departmental Sustainable Development Strategy
  • Copies of Management Accountability Framework results
10 years after last administrative use
Audit Management of departmental internal audit function
  • Departmental risk-based Internal Audit Plan
10 years after superseded (based on a 5 year cycle, allowing reference to two cycles)
  • Annual report of Departmental Audit Committee
  • Annual report of the Chief Audit Executive
  • Briefing notes
  • Advice/recommendations
  • Practice inspection reports
10 years after last administrative use
  • Departmental audit committee or independent audit committee minutes/records of decision
  • Departmental audit committee terms of reference/charter
10 years after Committee dissolved
Provide advice
  • Documentation of advice provided to clients outside of official audits
3 years after last administrative use
Plan audit
  • Project initiation memo
  • Audit terms of reference (approved)
  • Preliminary survey reports (PSR)/assessments
  • Risk assessment
  • Advice to management
  • Minutes
  • Preliminary interviews
  • Tools, checklists
  • Interview guides
  • Audit methodologies
  • Audit schedules
  • Compliance reviews and external reports
  • Institution-specific policies
  • Maturity models
3 years after any follow-up programs have been completed and file is closed, based on traditional retention for audits.
Conduct audit
  • Substantive drafts containing changes not reflected in final version
  • Revisions to audit plan
  • Working papers such as:
    • Documents for review
    • All documented evidence
    • Interview notes
    • File review checklist
    • Analysis
    • Observation/findings sheets (approved)
  • Presentation to client
  • Record of response from client to observation/findings sheets
  • Management letters (i.e. recommendations sent to management before the report either because of urgency or because they are outside the scope of the official audit)
3 years after any follow-up programs have been completed and file is closed, based on traditional retention for audits.
Report on Audit
  • Internal Audit Final Reports
  • Validation by client
  • Approval by Chief Audit Executive
  • Approval by Departmental Audit Committee
  • Approval by Deputy Head
  • Approved Management Action Plan (may be included in Final Report)
  • Impact analyses and special studies
10 years after any follow-up programs have been completed and file is closed.
Manage follow-up
  • Request for update
  • Client response
  • Periodic status reports to Departmental Audit Committee
  • Records of decision from Departmental Audit Committee
3 years after any follow-up programs have been completed and file is closed, based on traditional retention for audits.
External audits - respond to audits by Office of the Auditor General
  • Letter of Intent to conduct audit (“Entity Notification and Custody of Drafts”) and request for access from Office of the Auditor General (OAG)
  • (Copy of) response from Deputy Head
  • (Copy of) response from Deputy Head to audit plan summary
  • Meeting minutes, briefings between OAG and department
  • (Copy of) comments and feedback from department to draft chapters
  • (Copy of) confirmation by Deputy Head of final version of chapter
  • Management letter from OAG
  • (Copy of) response from Deputy Head to management letter
  • Action plan (to address audit requirements)
  • Copy of Audit Report
5 years after any follow-up programs have been completed and file is closed, based on traditional retention for audits.
External audits – Respond to audits by other departments (e.g. Office of the Commissioner of Official Languages, Public Service Commission)
  • Letter of intent to conduct audit
  • Meeting minutes, briefings, communication between entity department and auditing department
  • Draft audit
  • Response to draft audit
  • Final audit report, including action plan
  • Notification of follow-up
  • Follow-up report
5 years after any follow-up programs have been completed and file is closed, based on traditional retention for audits.
Evaluation Management of departmental Evaluation and Performance Function
  • Departmental Evaluation Plan (5 year)
  • Performance Measurement and Evaluation Committee terms of reference
  • Annual report of Departmental Performance measurement and Evaluation Committee
  • Departmental Performance measurement and Evaluation Committee agendas, minutes, records of decision
  • Review of evaluation function
10 years after last administrative action.
Provide advice
  • Briefing notes
  • Documentation of advice/recommendations provided to clients (for example: log, template document)
6 years after last administrative action
Plan evaluation
  • Launch memo
  • Evaluation plan
  • Terms of reference for evaluation
  • Evaluability assessments
  • Methodologies
  • Schedules
  • Maturity models
6 years after last administrative action
Conduct evaluation
  • Measurement and analysis tools
  • Consultation documentation
  • Technical reports
6 years after last administrative action
Report on evaluation
  • Interim findings
  • Substantive drafts containing changes not reflected in final version
  • Final Evaluation Reports (approved)
  • Impact analyses
6 years after last administrative action
Manage follow-up
  • Management Action Plan
  • Management follow-up reports
  • Periodic status reports to Departmental Evaluation Committee
  • Request for updates
  • Client response
6 years after last administrative action
Managing departmental ATIP n/a
  • Personal information bank descriptions
  • Information structures about personal information banks
  • Annual update to chapter in Information about Programs and Information Holdings (formerly InfoSource)
  • Request (access to information)
  • Request (access to personal information)
  • Record of decision of information collected
  • Correspondence with requester
  • Disclosure of agency submissions
  • Recommendations
  • Affidavits in support of litigation responses
  • Record of privacy incident or breach
  • Assessment of privacy incident or breach
2 years after last administrative use (based on the Privacy Regulations, section 7)