Audit of the Immigration Program at the Canadian Mission in Port-au-Prince

2.0 Audit Conclusion

We found that:

  • The governance framework partially met our expectations, because improvements were required in the areas of human resources and performance management;
  • The risk management processes and practices partially met our expectations, because improvements were required in the area of risk monitoring practices; and
  • The internal control framework partially met our expectations, because improvements were required in the areas of operational activities and administrative controls.

The next section of this report contains detailed observations and recommendations.

3.0 Observations and Recommendations

3.1 Governance Framework

The audit examined six areas of the governance framework:

  • Governance and strategic direction
  • Values and ethics
  • Human resources management
  • Client-focused service
  • Results and performance
  • Learning, innovation and change management

We expected to find that a sound planning process was in place to ensure that:

  • accountabilities were appropriate
  • values and ethics were promoted and reinforced
  • the office was managed in a way that ensured an effective workplace
  • the services delivered by the office met client requirements
  • information on results was gathered, used to make decisions and reported
  • learning and development activities supported innovation and change management

The governance framework in place at the mission was in the process of being updated, and it therefore partially met our expectations. We found that:

  • The mission was following the IR planning process and had a clear organizational structure with clear accountabilities.
  • Accountabilities were appropriate, although the mission was making some refinements as part of its change management plans;
  • Services were being refocused to bring them in line with departmental client service goals;
  • The process for managing human resources was being refined (promotion of values and ethics, and learning and development activities); and
  • Some performance information was being gathered.

Improvements are therefore required in the areas of human resources management and performance information.  As part of our audit, we reviewed HR files and interviewed staff. We noted that staff HR files were not up to date but that, since the arrival of the new Immigration Program Manager (IPM), steps had been taken to rectify HR management practices to support the governance framework. Those steps included the establishment of work objectives, performance measures and learning plans for each staff member for the current year, and the creation of a regular periodic training session.  Many of those interviewed expressed appreciation of the changes the IPM had begun to implement. Having already started to make improvements in this area, mission management appears to be on the right track, but we note that work remains to be done. Change management practices will be of critical importance over the short term.

We found that, historically, the mission has maintained little performance information. We also found that performance information was not shared regularly with staff and that performance reporting was ad hoc. We understand that in a smaller mission like Port-au-Prince, management must balance operational delivery and performance management. However, regular periodic performance information, both qualitative and quantitative, allows mission management to monitor the achievement of objectives, analyze performance results and make estimates for future performance.  It also allows management to provide feedback to staff on their performance. The performance management process supports the achievement of organizational results because staff better understand how their performance fits into the larger picture.

Recommendation 1

Mission management should establish a mix of both qualitative and quantitative performance measures and periodically review results with staff to ensure that staff performance supports the achievement of mission-level and individual performance objectives, in particular as changes are implemented.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

3.2 Risk Management

As part of the audit, we examined the adequacy of risk management processes and practices in place to support the achievement of the mission’s objectives. Specifically, we expected to see that processes were in place to identify, assess, mitigate and monitor risks, that management appropriately communicated risks and risk management strategies to key stakeholders, and that planning and resource allocation took risk information into account.

As in the case of the governance framework, the mission was in the process of reviewing its risk management practices, and it therefore partially met our expectations. The mission was not employing those practices but looking at how it could integrate them into its procedures. We noted that risks were discussed as part of meetings and, in interviews, staff confirmed that risks were discussed in day-to-day operations and mitigation strategies implemented when merited. However, the risks were not formally documented. We also found that there was little quality assurance (QA) in place at the mission to inform management’s decision-making with regard to risk management.

A key component of risk management is a QA process that supports risk management practices. As noted above in the case of performance information, smaller missions like Port-au-Prince must strike a balance between operational delivery and management. As it moves forward, the mission would benefit from a more structured QA process, especially given the number of changes being contemplated. Quality assurance can be used to ensure that there is no drop in quality pre- and post-change, and it serves to inform management about the success of its change initiative. Typically, management will begin with larger QA efforts and reduce these over time as it obtains satisfactory results.

Recommendation 2

The mission should use a quality assurance process as part of its change management practices to ensure that changes implemented do not negatively impact the quality of operational processes.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

3.3 Internal Control Framework

As part of the audit of the internal control framework, we examined controls in place in application processing, CAIPS, controlled documents, cost recovery, and travel and hospitality expenditures.

We found that the internal control framework partially met our expectations. Some adjustments were required in the areas of operational activities and administrative controls.

3.3.1 Application Processing

The audit of internal controls included an examination of immigrant and non-immigrant processing. We expected to find that application decisions were adequately documented, that processes and procedures complied with applicable legislation and policies, that sufficient controls were in place to ensure that admissibility requirements were met, and that designated and delegated authorities for decisions were appropriate and complied with departmental policy.

We found that controls over application processing generally met our expectations.

We reviewed all decisions for cases finalized in the review period and found that all decisions were made by authorized individuals, with a few exceptions. We also found that the practice leading to those exceptions had already ceased prior to our on-site examination.

As part of our audit, we also reviewed samples of cases finalized. Generally, we found that case processing met requirements and that staff knew the requirements of the Act. However, we also found that the mission was performing additional steps, making processing longer, and that there were some issues with respect to the documentation of steps in the notes.

In our review of application files, for example, we found that some applications were being received at intake without complete information and that CAIPS was not being used to the fullest. As a result, staff were spending time obtaining information that should have accompanied the application, or were spending time obtaining updates because the information on file had expired or become stale-dated. The mission may therefore be taking more time to process a case than it should. At the time of our audit, mission management was aware of some of these areas in need of improvement and had begun corrective action. For example, as part of its change management process, the mission had just delivered CAIPS training prior to our arrival on site, with the goal of improving file management and minimizing the instances of expired or stale-dated information.

With regard to gaps in the documentation of steps in case notes, it was not always clear in the notes that concerns raised during processing or problems of missing information had been addressed or, alternatively, identified as immaterial to the case by the approving officer. We noted that multiple staff perform multiple functions in the processing of cases; it is therefore imperative that employees properly record significant issues in the case notes at each stage. We also noted that officers’ notes regarding decisions were not always complete or, in some instances, absent. However, we have noted this issue in other missions abroad as well.

In performing additional work to process a case, the mission may be lengthening the time it takes to process a case, thus adding to the mission’s workload.  The “Overseas Processing Manual” states that “Officers should ensure that case notes not only document any decisions taken during case evaluation, but also clearly reflect the process the officer followed in reaching those decisions.”  Case notes serve as the record of how a case has been processed and they are used by staff outside the mission to report on cases and respond to queries. Decisions must therefore be fully documented.

Recommendation 3

Mission management should continue to review its front-end application screening procedures to ensure that they allow for more efficient case processing.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

Recommendation 4

Mission management should ensure that all processing steps related to decisions on temporary resident and permanent resident cases are consistently documented in CAIPS notes.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

3.3.2 CAIPS

As part of the audit of the internal control framework, we examined controls over CAIPS. We expected to find that appropriate controls were in place to ensure the appropriate use of CAIPS at the mission and that CAIPS assets were safeguarded.

The control framework surrounding CAIPS partially met our expectations. At the outset of our audit, we noted that CAIPS user profiles had not been reviewed for some time. Specifically, we found that:

  • Historical records were not maintained to ensure accountability;
  • A significant number of accounts belonging to former staff required resetting to prevent unauthorized use; and
  • Access levels set for certain current staff were higher than normal, but no compensating controls were in place.

These weaknesses create a greater risk of unauthorized use of CAIPS. However, our testing of CAIPS use found that, with a few exceptions, no inappropriate use had occurred. And, as noted above in section 3.3.1, we also found that the practice leading to those exceptions had already ceased prior to our on-site examination. Moreover, subsequent to the start of our audit but prior to its completion, the mission had updated the majority of its user profiles.

In terms of controls over CAIPS assets, the mission was maintaining the system as required (e.g., performing system back-ups) but was not maintaining an up-to-date inventory list of CAIPS hardware and had only recently updated physical access privileges to the CAIPS room. We note that at the time of our audit the mission was in the process of updating its controls over CAIPS assets, and it therefore partially met our expectations.

The CAIPS Manager’s User Guide identifies the need to periodically review CAIPS accounts and hardware records to ensure that they are up to date. Doing so not only gives management records to ensure that appropriate controls are in place over user access and that hardware is safeguarded, but also gives the mission information that can support its monitoring and QA activities.

Recommendation 5

Mission management should continue to review its CAIPS user profiles and inventory lists, making sure that they are periodically updated in the future and that records of changes are maintained.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

3.3.3 Controlled Documents

At missions abroad, controlled documents comprise counterfoils and seals that are issued together as a visa. Counterfoils are the documents on which missions print visa information. Seals are documents that are affixed over counterfoils when they are placed in passports to prevent tampering. 

As part of the audit of the internal control framework, we examined controls over controlled documents. The audit expected to find that roles and responsibilities were appropriate and that an effective control framework was in place for the custodianship, safeguarding and handling of controlled documents

Overall, we found that the control framework in place for the custodianship, safeguarding and handling of controlled documents met our expectations. Roles and responsibilities were assigned appropriately given the size of the mission. In reviewing correspondence with NHQ, we noted that the mission historically had problems with the accuracy and timeliness of its quarterly reporting, but that these problems have since been at least partially resolved. We also found that the physical controls in place were adequate to safeguard unused controlled documents. While we found some minor mathematical errors in controlled document inventory records, we were able to reconcile the mission’s physical inventory with its records. Consequently, we found that administrative controls were adequate.

3.3.4 Cost Recovery

The audit examined the control framework in place to safeguard revenues collected in the Immigration Section of the mission. The mission accepts payment by international money order, certified cheque, and bank draft in Canadian dollars, U.S. dollars, and Haitian Gourdes. The mission’s immigration revenues totalled $2.1 million CAD in 2008-09 and $2.4 million CAD in 2007-08.

We expected to find that roles and responsibilities complied with departmental policies for cost recovery, that adequate controls were in place to safeguard cost-recovery revenues, and that an adequate monitoring regime was in place.

The mission partially met our expectations in this area because areas for improvement were identified. We found that roles and responsibilities had been delegated and that funds were collected in accordance with policy. Specifically, we found that records were kept of fees collected and that payments were traceable to applications processed. We also found that the funds collected were appropriately safeguarded and duly transferred to administration for deposit to the mission’s bank account. However, we also found that:

  • POS+ (the system used to record the revenues collected) profiles had not been updated, in that several former employees still had accounts, and records were not being maintained to ensure accountability;
  • System administration functions (repairing, compacting and archiving) were not being carried out to ensure that the system continues to function efficiently.

Maintaining unnecessary user profiles reduces the accountability of the system in the event of a problem, such as missing funds. By not performing system maintenance, the mission creates the risk that the system will not function as efficiently as it should or will not function at all.

Recommendation 6

The cost-recovery officer (CRO) should review and update the mission’s POS+ profiles, making changes where necessary and retaining records of profiles to ensure accountability and to support future quality assurance activities.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

Recommendation 7

The CRO should perform POS+ system administrative functions periodically to ensure that the POS+ system is functioning as intended.

Management Response

Management accepts this recommendation and will evaluate its continued validity once normal operations resume at the mission.

3.3.5 Travel and Hospitality

As part of the audit of the internal control framework, we examined controls over travel and hospitality expenditures. The audit expected that controls would be in place to ensure that travel and hospitality transactions were processed in compliance with applicable policies and regulations.

We examined a sample of one travel claim and one hospitality claim representing 76% and 100%, respectively, of funds claimed between January 1 and June 30, 2009. Overall, office procedures relating to the administration of travel and hospitality met our expectations. During the period under review, delegations were not documented appropriately due to an administrative error, but they are now being appropriately documented for current operations.

 

<< Previous | Contents | Next >>