Why This Audit Matters
Information Technology (IT) serves a crucial role in enabling the Toronto Police Service (TPS) to effectively deliver policing services to Toronto’s residents. Key TPS IT systems are currently undergoing major transformations. Strong governance by TPS and oversight by the Toronto Police Service Board (TPSB) is essential to support effective and successful transition to new IT systems and to manage technology risks.
Background
This audit assessed whether the TPS has an IT governance framework in place to guide the organization in supporting its mission and strategy.
IT governance refers to the structured framework that guides how organizations strategically manage and optimize technology to support and achieve business objectives and deliver value, while mitigating risks.
The TPS uses IT extensively to support its operations, and while it has taken steps to improve its approach to IT Governance, further opportunities to mature and formalize its work in this area were identified.
By The Numbers
- Total TPS net operating budget of $1.2 billion, with $113 million for IT in 2025
- Planned capital spending of $497 million for IT over the next ten years
- 11 of 39 technology-related policies are more than 10 years old and due for review
- 33 of 205 (16%) approved IT positions were unfilled in 2025
- 8,200 TPS members, including 5,400 police officers
- Transformational new records management system under development, at an expected total cost of $35.7 million
What We Found
A. Improving the IT Governance Framework
- The TPS needs to formalize and strengthen its IT governance framework by:
- Establishing an Enterprise Risk Management function to better monitor and report on technology-related risks
- Providing consistent and holistic reporting on planned and in-progress technology projects and initiatives to the Board
- Strengthening the TPS’s Technology Strategy, aligning it with the TPSB’s upcoming Strategic Plan
- Updating and regularly reviewing technology related policies and procedures
B. Enhancing Data Governance, Privacy, and Information Security
- The TPS should better manage and control confidential and sensitive data by:
- Ensuring that new IT systems address the risks identified in Privacy Impact Assessments (PIA) before going live
- Conducting user access management reviews on a regular basis
- Establishing a dedicated approach to information and data governance, to improve data quality and promote a culture that safeguards private and sensitive information
- Enhancing the mandate of the TPS’s Chief Information Security Officer
- Performing regular reviews of external vendors’ security reports to protect TPS’s data and systems
C. Other Operational Governance Improvements
- The IT unit has been operating with vacancies of 14 to 20 per cent over the past five years, which could negatively impact technology projects and controls
- Training and policies related to artificial intelligence tools should be rolled out and updated in a timely manner
How Recommendations Will Benefit The City
A well governed IT function will support a more efficiently managed and effectively deployed use of technology to support policing operations. The Auditor General has made 15 recommendations to improve IT Governance at the TPS and the oversight by the TPSB to drive improved accountability and transparency.