NRM SDLC - Requirements

A Financial Risk and Control Review must be conducted for any system that records financial transactions.

If the application will contain financial transactions, a Financial Risk and Controls Review must be conducted which requires involvement of Ministry of Finance resources and verifies that Chapter 13 of core policy is being followed.

Standards / Guidelines

Government wide standards for financial risks and controls are included in Chapter 13 Core Policy and Procedures Manual - Financial Systems and Controls.

Templates

There is no template currently available.

Deliverable Requisite

The deliverable is optional for all project complexities unless the system contains financial transactions.

Samples

There is no sample currently available.

The RIA will identify the records, their appropriate classification and retention along with the Officer of Primary Responsibility (OPR) and media format. The Records Impact Analysis is drafted during the Initiation phase and is finalized in the Build phase.

The draft Records Impact Assessment must be completed for all initiatives to fully identify the classifications and resulting retention periods for the records related to the application.

The RIA will also identify if there is a need for the development of additional classifications using an Information System Overview (ISO) analysis.

Standards/Guidelines

Government wide standards for the records management are included in Chapter 12 of the Policy and Procedures Manual and addressed in detail on the Records Management site, see Records and Information Management Services.

Deliverable Requisite

A Records Impact Assessment is mandatory for all project complexity levels.

Samples

There is no sample currently available.