Audit of Immigration Program at the Canadian Mission in Kingston

Audit Report
Internal Audit and Accountability Branch
Citizenship and Immigration Canada
Final Report
June 2010

Table of Contents

• List of acronyms
• Executive Summary
• 1.0 Introduction
  • 1.1 Background
  • 1.2 Audit Objectives
  • 1.3 Audit Risk Assessment
  • 1.4 Audit Criteria
  • 1.5 Audit Scope
  • 1.6 Audit Methodology
• 2.0 Audit Conclusions
• 3.0 Observations and Recommendations
  • 3.1 Governance Framework
  • 3.2 Risk Management
  • 3.2 Internal Control Framework
• Appendix A: Kingston Mission Organization Chart
• Appendix B: Kingston Processing Summary
• Appendix C: Detailed Audit Criteria
• Appendix D: Management Action Plan
• Appendix E: Audit Timeline

List of Acronyms

Executive Summary

The Citizenship and Immigration Canada (CIC) risk-based audit plan for 2009-2012 provides for audits of missions abroad. The Immigration Program at the Canadian High Commission in Kingston, Jamaica was selected for audit in consultation with the International Region (IR) at CIC National Headquarters (NHQ). The on-site fieldwork was conducted from November 16 to 19, 2009.

The Kingston mission is a full-service centre (FSC) visa office in Canada’s overseas network of visa offices. According to IR data, the mission has 23 FTEs. As an FSC, Kingston processes the full range of immigration applications from residents of the Bahamas, Cayman Islands, Jamaica, and the Turks and Caicos Islands.

The audit objectives were to assess the adequacy of the mission’s:

• governance framework for administering the Immigration Program;
• risk management processes and practices for supporting the program’s objectives; and
• internal control framework governing operational, administrative and financial activities.

The criteria used in the audit are based on applicable Treasury Board and CIC legislation, policies and directives.

We found that:

• The governance framework partially met our expectations, because improvements were required in the areas of human resources and performance management;
• The risk management processes and practices partially met our expectations, because improvements were required in the area of risk monitoring practices; and
• The internal control framework partially met our expectations, because improvements were required in the areas of operational activities and administrative controls.

This audit report sets out our recommendations for addressing these observations, as well as the mission’s responses and action plans for following up on our recommendations.

1.0 Introduction

1.1 Background

1.1.1 Operations

CIC recruits, selects and processes applications from foreign nationals who want to come to Canada temporarily or permanently and who will stimulate economic growth and enrich and strengthen the social and cultural fabric of Canadian society. Responsibility for those tasks lies with the Operations Sector, which is divided into domestic and overseas operations. Overseas operations fall under the responsibility of the IR and its network of visa offices (or missions) abroad.

There are three categories of visa offices or missions abroad: regional program centres (RPCs), full-service centres (FSCs), and satellites and specialized offices. RPCs and full-service centres both deliver the full range of immigration services for the countries they serve, but RPCs also oversee satellite offices. Satellites and specialized program offices do not deliver the full range of immigration services.

The Kingston mission is an FSC. According to IR data, the mission has 23 FTEs as follows:

• 4 Canada-Based Officers (CBOs) including 1 Migration Integrity Officer (MIO)
• 4 Locally Engaged Program (LEP) Officers
• 15 locally engaged staff (LES)

Appendix A presents the mission’s organizational chart as of September 2008.

As an FSC, Kingston processes the full range of immigration applications from residents of the Bahamas, Cayman Islands, Jamaica, and the Turks and Caicos Islands.

Appendix B sets out a summary of the mission’s statistics for 2009, 2008 and 2007.

1.1.2 Environmental Context

This section of the report highlights some of the operating environment issues which the mission faces.  These are presented here for information purposes only and do not reflect any particular order. 

Kingston is a full service visa office within CIC’s network of overseas offices.  Mission management identified the following challenges relating to the operating environment:

• The high level of crime in the country is not only a push factor for Jamaicans to leave but also a concern in the vetting of applicants.
• Assessing bona fides for the Temporary Resident Program is difficult given the number of claims and in-land applications by temporary resident visa holders who demonstrated previous travel, financial assets, and ties to their home country.
• There have been some cases of applicant fraud and misrepresentation, including the use of false documents. Former deportees from Canada and the U.S. are of particular concern.
• Organizational challenges include a highly seasonal workload and staffing concerns such as succession planning and shortages, which have impacted the mission’s ability to manage its workload. For example, for most of the year, the mission has operated without a full officer complement because one of its DIOs retired earlier this year.

1.2 Audit Objectives

The audit objectives were to assess the adequacy of the mission’s:

• governance framework  for administering the Immigration Program;
• risk management processes and practices for supporting the program’s objectives; and
• internal control framework governing operational, administrative and financial activities.

1.3 Audit Risk Assessment

On the basis of reviews and analysis during the planning phase and applicable elements of the Treasury Board Secretariat’s Management Accountability Framework (MAF) and CIC’s Core Management Controls Framework, the following key risks were identified:

• Governance framework – There are risks that governance structures and processes may not be clearly defined, and results and performance not properly reported upon.
• Risk management processes and practices – There are risks that critical events that could impact on the delivery of the Immigration Program have not been identified and appropriately assessed and mitigated.
• Internal control framework – There are risks that due diligence is not being exercised in the operational and administrative controls used to deliver the Immigration Program.

1.4 Audit Criteria

The audit criteria were based on applicable Treasury Board and CIC legislation, policies and directives. See Appendix C for the detailed criteria.

1.5 Audit Scope

The audit covered operations at the Canadian mission in Kingston only. It covered all significant aspects of CIC operations at the mission, including the full range of immigrant and non-immigrant program activities and the associated financial and administrative components typically found in a full-service centre. The audit examined activities of the mission from July 1, 2008, to the end of the on-site examination period on November 19, 2009.

1.6 Audit Methodology

The audit covered three lines of enquiry:

• governance framework;
• risk management processes and practices; and
• internal control framework.

As part of our examination of the governance framework and risk-management processes and practices, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes, documented controls, tested information, and reviewed samples of management files to test for compliance.

As part of our examination of the internal control framework, we examined controls over application processing, CAIPS, controlled documents, cost recovery, and travel and hospitality expenditures.

For our examination of application processing, we examined all decisions related to permanent resident determination travel documents, temporary resident and permanent resident cases and temporary resident permits finalized from July 1, 2008, to June 30, 2009, to test compliance with decision-making authorities. We also interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documentation, observed processes and documented controls. We also examined a judgmental sample of 5 permanent resident determination travel documents, 25 temporary resident cases and 20 permanent resident cases that were finalized from July 1, 2008, to June 30, 2009, to assess compliance with legislation and regulations, and with the policy requirements of each case. We determined the sample size based on processing volumes at the mission. Individual sample cases were selected randomly and were reviewed in order to validate findings from the interviews, reviews of documents and observations of procedures.

In examining other internal controls, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documentation, observed processes, and documented controls. Specifically, we examined CAIPS user profiles, tested CAIPS inventory controls, tested a sample of transactions involving the office's inventory of controlled documents, examined cost-recovery revenue controls, and reviewed a sample of travel and hospitality claims to assess the effectiveness of the controls in place.

As part of this process, we also discussed our preliminary observations with the Head of Mission while we were on site.

The audit was conducted to be in accordance with the Government of Canada’s Policy on Internal Audit and the professional practice standards established by the Institute of Internal Auditors.

2.0 Audit Conclusions

We found that:

• The governance framework partially met our expectations, because improvements were required in the areas of human resources and performance management;
• The risk management processes and practices partially met our expectations, because improvements were required in the area of risk monitoring practices; and
• The internal control framework partially met our expectations, because improvements were required in the areas of operational activities and administrative controls.

The next section of this report contains detailed observations and recommendations.

3.0 Observations and Recommendations

3.1 Governance Framework

The audit examined six areas of the governance framework:

• Governance and strategic direction
• Values and ethics
• Human resources management
• Client-focused service
• Results and performance
• Learning, innovation and change management

We expected to find that processes were in place to ensure that:

• accountabilities were appropriate
• values and ethics were promoted and reinforced
• the office was managed in a way that ensured an effective workplace
• the services delivered by the office met client requirements
• information on results was gathered, used to make decisions and reported and that
• learning and development activities supported innovation and change management

The governance framework in place at the mission partially met our expectations. We found that:

• The mission was following the IR planning process and had a clear organizational structure with accountabilities that were generally clear;
• Services delivered by the office met client requirements, although some adjustments were under way at the mission;
• Some information on results was being gathered;
• Human resources (HR) practices relating to the promotion of values and ethics, learning and development, and performance measurement were under review.

We noted that staff HR files were not up to date and, in interviews, staff indicated that there was some confusion about roles and performance expectations. The mission indicated that staff are crossed-trained so that they can back each other up. Some roles are therefore shared and adjusted as processing workloads fluctuate throughout the year. However, because of the frequency of such adjustments and the need for staff to provide backup for others who are absent, there was some role confusion, in particular with respect to the up-front processing of applications. We also found that performance expectations, when they were in fact identified, tended to be more qualitative, possibly adding to the confusion. Improvements are therefore required in the areas of human resources management and performance information.

We note that, in a smaller mission like Kingston, management must balance operational delivery and performance management. However, regular periodic performance information, both qualitative and quantitative, allows mission management to monitor the achievement of objectives, analyze performance results and make estimates for future performance. It also allows management to provide feedback to staff on their performance. The performance management process supports the achievement of organizational results because staff better understand how their performance fits into the larger picture.

Recommendation 1

Mission management should establish a mix of both qualitative and quantitative performance measures and periodically review results with staff to ensure that staff performance supports the achievement of mission-level and individual performance objectives.

Management Response

The Performance Management Plan has been a standing agenda item of every team meeting since the arrival of the new Immigration Program Manager (IPM). It was also the object of specific messages to Immigration staff.

Discussions with officers in supervising positions have taken place, and objectives for 2010‑11 will include numeric targets. To facilitate this inclusion and subsequent monitoring, every support staff member has been given a specific responsibility. But it must be understood that an Immigration Support Unit (ISU) of eight members needs to have a great deal of flexibility and that, while the employees should be spending their regular time doing their regular work, there is often a need to replace an essential function like printing visas, reception, mailroom or file creation, because the person in charge is sick or on leave.

The ISU’s production is monitored every week, while the work of the officers and their assistants is assessed against their targets every month.

A meeting with the officers, the assistants and the management team took place on March 17 to discuss the strategy to meet the 2010 target for permanent residents.

3.2 Risk Management

As part of the audit, we examined the adequacy of risk management processes and practices in place to support the achievement of the mission’s objectives. Specifically, we expected to see that processes were in place to identify, assess, mitigate and monitor risks, that management appropriately communicated risks and risk management strategies to key stakeholders, and that planning and resource allocation took risk information into account.

We noted that risks were discussed as part of meetings and, in interviews, staff confirmed that risks are discussed in day-to-day operations, but that they are not formally documented, except as part of the annual planning process. As a result, we found that the mission does identify risks and take this information into account in mission operations and when considering changes to operational processes, but that there are no formal processes to monitor risks. We acknowledge that a smaller mission like Kingston has to balance the requirements of management and operational delivery and that it may be limited in its ability to formalize the monitoring of risks to a greater degree.

One way the mission could improve its risk documentation would be to set up a more structured quality assurance program. Quality assurance is a periodic review function that management can use to ensure that higher risk areas are functioning as intended. By means of quality assurance, the mission could monitor higher risk operational areas, and at the same time enjoy access to operational information that could help management make decisions about operational design.

Recommendation 2

The mission should include more quality assurance reviews in its higher risk operations to improve risk documentation and strengthen risk monitoring.

Management Response

Many informal reviews are already done in the Visa Section. The audit’s recommendation is encouraging us to formalize these reviews. This allows us to use our resources to respond to changing work priorities and identify developing trends.

Monitoring and review activities for which no formal records are currently kept cover, among other things, the following:

• Consistency among decision-makers;
• Numbers of refugee claimants or interdictions to enter Canada compared with number of decisions by officer;
• Files created by individuals working in the ISU;
• Numbers of emails answered; and
• Numbers of POS+ transactions by cashiers.

We will continue to discuss findings with the employees concerned as we formalize our quality assurance activities.

As well as reviewing this report and its recommendations, and preparing our responses, you will note that we have already done one QA exercise for the use of Acknowledgements of Receipt (AORs).

The MIO team will compile a table of Jamaican refugee claimants in Canada to determine whether there is an existing trend. The same thing will be done for temporary resident visa applicants refused and interdicted under A40. Results will then be shared and discussed with the officers, assistants and analysts in order to increase our capacity to identify potential risks.

3.3 Internal Control Framework

As part of the audit of the internal control framework, we examined controls in place in application processing, CAIPS, controlled documents, cost recovery, and travel and hospitality expenditures.

We found that the internal control framework partially met our expectations. Some adjustments were required in the areas of operational activities and administrative controls.

3.3.1 Application Processing

The audit of internal controls included an examination of immigrant and non-immigrant processing. We expected to find that application decisions were adequately documented, that processes and procedures complied with applicable legislation and policies, that sufficient controls were in place to ensure that admissibility requirements were met, and that designated and delegated authorities for decisions were appropriate and complied with departmental policy.

We found that controls over application processing generally met our expectations.

We documented and reviewed the application processes in place at the mission and found that the mission appears to comply with Departmental standards. In interviews with staff, it was apparent that staff were knowledgeable about processing requirements. We reviewed all decisions for cases finalized in the review period and found that all decisions were made by authorized individuals.

We also reviewed samples of cases finalized.  Requirements were generally met but there was some room for improvement in terms of documenting the processing steps. Some steps were not documented consistently in case notes. For example:

• communications with the client were not always noted (e.g., acknowledgement of receipt);
• information was missing on application forms and documents;
• CAIPS notes did not consistently identify the basis of the decision or indicate closure of all concerns raised.

Documenting communications with the client serves to demonstrate what actions have been taken to process a case. Examples of such actions are: 1) requesting missing information or 2) informing the applicant of the status of their application. The first allows the case to continue to be processed, while the second acts as a preventative control to reduce the number of case enquiries, which in turn reduces the amount of that time staff have to devote to processing cases. The mission’s failure to document communications with the client may be a symptom resulting from staff vacancies and turnover at the mission. Multiple staff perform multiple functions in the processing of cases, and at each stage, employees must properly record any potential issues of concern so that when the file reaches the officer, the officer is in a position to identify the appropriate action to move the case onto the next stage. We found some officers’ notes regarding decisions were not always complete or, in some instances, were absent. However, we have noted this issue in other missions abroad as well. The impact in Kingston is that, in some instances the complete process has not been documented and may result in decisions not being fully supported in the case notes.

In performing additional work to process a case, such as responding to enquiries, the mission may be lengthening the time it takes to process a case, because staff are performing duties that do not actually advance the application forward in the application process. The “Overseas Processing Manual” states that “Officers should ensure that case notes not only document any decisions taken during case evaluation, but also clearly reflect the process the officer followed in reaching those decisions.”  Case notes serve as the record of how a case has been processed and they are used by staff outside the mission to report on cases and respond to queries. Decisions must therefore be fully documented.

Recommendation 3

Mission management should review its front-end application screening procedures to ensure that they allow for more efficient case processing.

Management Response

Mission management team has raised the different issues with the people concerned.

Changes have taken place in the ISU. A mail room has been created. All incoming mail and faxes will be processed through this room, and mail will be stamped the day it is received. TRV applications are now received by the receptionist, who confirms the reception and stamps the application. In the past, the applications were received by the cashier who processed the fees the same day they were received. In that scenario, the POS+ receipt was deemed to be the equivalent of the reception stamp and mail received was not stamped.

In March 2010, we proceeded to conduct a QA activity with the goal of verifying whether the use of AORs was occurring as per policy. The review was done on 50 family class (FC) files received between May and December 2009 and it found that all files were compliant.

Recommendation 4

Mission management should ensure that all processing steps related to decisions on temporary resident and permanent resident cases are consistently documented in CAIPS notes.

Management Response

The issue was discussed with the officers, client service unit, and immigration assistants. All were asked to note actions taken on a file in CAIPS, expressing clearly why the file was accessed. In the case of the decision-makers, they were asked to ensure that the rationale leading to decisions is clearly entered in the notes.

3.3.2 CAIPS

As part of the audit of the internal control framework, we examined controls over CAIPS. We expected to find that appropriate controls were in place to ensure the appropriate use of CAIPS at the mission and that CAIPS assets were safeguarded.

The control framework surrounding CAIPS partially met our expectations. We found that CAIPS profiles had not been updated in quite some time and that historical records were not maintained for accountability purposes. More specifically, we found that:

• A large number of active accounts belonged to former staff (31% of all active user profiles);
• We were unable to determine the status of some other accounts (5% of all active user accounts);
• All unassigned accounts had not been fully reset, although only a small number had a significant variation;
• The access and authority levels set in some user profiles were non-standard, allowing individuals to perform things they should not, but our testing found that no inappropriate use had occurred as a result;
• Some individuals had multiple accounts, some of which were possibly not necessary.

These weaknesses represent a significant risk. Creating additional access points beyond what is needed increases the risk of unauthorized access. However, our additional audit testing found that all decisions made on immigrations applications during the period under review were made by authorized individuals (see section 3.3.1, Application Processing).

In reviewing controls over CAIPS assets, we found that most items were in place. However, the mission did not maintain a list of its CAIPS inventory. A CAIPS inventory list would allow the mission to control and track CAIPS assets to prevent them from going missing.

The CAIPS Manager’s User Guide identifies the need to periodically review CAIPS accounts and hardware records to ensure that they are up to date. Doing so not only gives management records to ensure that appropriate controls are in place over user access and that hardware is safeguarded, but also gives the mission information that can support its monitoring and QA activities.

Recommendation 5

Mission management should review and update its CAIPS profiles and inventory lists, and make any necessary changes.

Management Response

The first part of this recommendation was addressed in the weeks that followed the audit. Profiles of active users of CAIPS have been reviewed and confirmed.

Recommendation 6

The CAIPS manager should periodically update the CAIPS profiles and inventory lists in the future, and maintain records of changes made.

Management Response

Initials of non-active accounts have been erased, and levels of authority have been set back to 0. A log book has been created to keep records of previous CAIPS users and their levels of authority. It is updated with every change in the users, and subject to a bi-annual review.

3.3.3 Controlled Documents

At missions abroad, controlled documents comprise counterfoils and seals that are issued together as a visa. Counterfoils are the documents on which missions print visa information. Seals are documents that are affixed over counterfoils when they are placed in passports to prevent tampering.

As part of the audit of the internal control framework, we examined controls over controlled documents. The audit expected to find that roles and responsibilities were appropriate and that an effective control framework was in place for the custodianship, safeguarding and handling of controlled documents.

Overall, the control framework in place to safeguard controlled documents met our expectations. Roles and responsibilities were assigned appropriately and adequate controls were in place to ensure compliance with departmental policies and procedures associated with the handling of controlled documents. We found that the physical controls in place were adequate to safeguard unused controlled documents. As a result, we were able to reconcile paper records, including the mission’s last quarterly inventory report, with physical inventory on hand.

3.3.4 Cost Recovery

The audit examined the control framework in place to safeguard revenues collected in the Immigration Section of the mission. For temporary residents, payment for applications within Jamaica must be made at any branch of the Bank of Nova Scotia on the island. For all other services, the mission accepts payment by bank draft in Canadian dollars only. The mission’s immigration revenues totalled $3.7 million CAD in 2008‑09 and $3.0 million CAD in 2007‑08.

We expected to find that roles and responsibilities complied with departmental policies for cost recovery, that adequate controls were in place to safeguard cost-recovery revenues, and that an adequate monitoring regime was in place.

The mission partially met our expectations in this area. We found that roles and responsibilities had been delegated and that funds were collected in accordance with policy. Specifically, we found that records were kept of fees collected and that payments were traceable to applications processed. We also found that the funds collected were appropriately safeguarded and duly transferred to administration for deposit to the mission’s bank account.

However, as in the case of CAIPS, we found that there were a significant number of user profiles in POS+, the system used to record revenues collected, that were no longer needed and had not been properly reset. We also found that some system administration functions were not being carried out regularly.

Maintaining unnecessary user profiles reduces the accountability of the system in the event of a problem, such as missing funds. By not performing system maintenance, the mission creates the risk that the system may not function as efficiently as it should or will not function at all.

Recommendation 7

The cost-recovery officer (CRO) should review and update the mission’s POS+ profiles, making changes where necessary and retaining records of profiles to ensure accountability and to support future quality assurance activities.

Management Response

All the profiles of the active users of POS+ have been reviewed. A log book has been created where we will keep track of all modifications to the list of POS+ users.

Recommendation 8

The CRO should perform POS+ system administrative functions periodically to ensure that the POS+ system is functioning as intended.

Management Response

The database of POS+ is now “compacted & repaired” once a week and archiving of the database has been done. This allowed us to retire the names of persons not using the system anymore from the list of POS+ users. Information on these administrative functions has been transmitted to the Canada-based officers (CBOs) at the mission and in the region.

3.3.5 Travel and Hospitality

As part of the audit of the internal control framework, we examined controls over travel and hospitality expenditures. The audit expected that controls would be in place to ensure that travel and hospitality transactions were processed in compliance with applicable policies and regulations.

As part of our audit, we examined a sample of one travel and one hospitality claim representing 46% and 19%, respectively, of funds claimed for 2008‑09, as well as one hospitality claim from 2007‑08 representing 15% of funds claimed that year. We found that office procedures relating to the administration of travel and hospitality met our expectations.

Appendix A: Kingston Mission Organization Chart

• Immigration Program Manager: FS 04
  • Migration Integrity Officer: FS 03
    • MIO Analyst: LES 06
  • Deputy IPM / Head, Immigrant: FS 03
    • DIO: LES 09
    • Program Assistant: LES 04**
    • DIO: LES 09
    • Program Assistant: LES 04
    • Program Assistant: LES 04*
    • Cashier: LES 04
    • Registry Supervisor: LES 05
      • Registry Clerk: LES 03
      • Registry Clerk: LES 03
      • Registry Clerk: LES 03
      • Registry Clerk: LES 03
  • Visa Officer, TR Unit: FS 01
    • DIO/ TRU/ Fraud: LES 09
    • Program Assistant / NIV: LES 04
    • Receptionist: LES 04
    • Program Assistant: LES 04*
    • Program Assistant: LES 04
  • DIO/ Farm Workers (CSAWP): LES 09
    • Program Assistant – Farm Workers: LES 05
    • Program Assistant: LES 04
  • Program Assistant: LES 04**

Source: Adapted from the International Region Immigration Management Plan (IRIMP) Org. Chart (Sept. 2008)

Legend:
* - shared between D/IPM and Visa Officer
** - shared between IPM and a DIO

Appendix B: Kingston Processing Summary

Note 1 – Data from IR data records as at December 4, 2009
Note 2 – Data from IR data records as at December 11, 2009, January 2, 2009, and January 4, 2008 for end of 2009, 2008 and 2007 respectively
Note 3 – Revenues are as per 2008-09, 2007-08 and 2006-07 fiscal years

Note (general) – Immigration applications are referred to as “cases” in the statistics, while “persons” refers to the number of people who have submitted an application. For example, families generally apply together in one application rather than in several separate applications. The statistics therefore refer to both the number of cases (i.e. number of applications) and the total number of people who applied (regardless of the number of cases).

Appendix C: Detailed Audit Criteria

Objective 1 - Governance Framework

The adequacy of the governance framework will be assessed against the following criteria:

• Governance structures are in place to ensure that accountabilities are adequately discharged.
• Values and ethics are promoted and reinforced.
• The office is managed in a way that ensures an effective workplace for staff to successfully contribute to the work objectives.
• The services delivered by the office reflect its clients’ requirements.
• Relevant information on results is gathered, used to make decisions and reported.
• Learning and development activities are used to promote innovation and change management.

Objective 2 – Risk Management

The adequacy of risk management process and practices will be assessed against the following criteria:

• Processes are in place to identify, assess, mitigate and monitor risks.
• Management appropriately communicates risk and risk management strategies to key stakeholders.
• Planning and resource allocation take risk information into account.

Objective 3 - Internal Controls

The internal controls in place to support financial, administrative and operational activities will be assessed under the following lines of enquiry against the following criteria:

• Application processing:
  • Decisions are adequately documented, and required supporting documentation is maintained.
  • Designated and delegated authorities for decisions are appropriate and comply with departmental policy.
  • Appropriate controls are in place to ensure that admissibility requirements are met.
• CAIPS Management:
  • Appropriate controls are in place for the management and use of CAIPS user accounts at the mission.
  • Appropriate controls are in place to safeguard CAIPS assets at the mission.
• Controlled Documents:
  • Roles and responsibilities are appropriate for the custodianship, safeguarding and handling of controlled documents.
  • Adequate controls are in place for the custodianship, safeguarding and handling of controlled documents.
• Cost Recovery
  • Roles and responsibilities assigned and procedures performed comply with departmental policies on cost recovery.
  • Adequate controls are in place in the physical environment to safeguard the cost-recovery system.
  • An adequate monitoring regime is in place to ensure that controls are working properly and that funds collected are properly accounted for and safeguarded.
• Travel and hospitality
  • Internal controls should be in place to ensure that travel and hospitality transactions comply with policies and regulations to protect against fraud, financial negligence and other violations of rules and principles.

Appendix D - Management Action Plan

Recommendations

1. Mission management should establish a mix of both qualitative and quantitative performance measures and periodically review results with staff to ensure that staff performance supports the achievement of mission-level and individual performance objectives.

• Action Plan: Quantitative performance measures will be included in the objectives for the 2010-11 Performance Management Plans (PMPs): decisions taken by officers, files screened by assistants, files created, transactions, and emails answered.
  • Responsibility: All team members in supervisory  positions
  • Target Date: April 30, 2010 (completed)
• Action Plan: Monitoring reports will be formalized and recorded in Infobank.
  • Responsibility: IPM + DIO
  • Target Date: Started March 2010 (ongoing)
• Action Plan: Org. chart will be reviewed and circulated.
  • Responsibility: IPM
  • Target Date: Completed

2. The mission should include more quality assurance reviews in its higher risk operations to improve risk documentation and strengthen risk monitoring.

• Action Plan: Risk information will be used to identify QA topics.
  • Responsibility: IPM + Senior Immigration Officer
  • Target Date: Started March 2010 (ongoing)
• Action Plan: QA exercises will be formalized by structuring reviews, drawing conclusions and reporting on these activities. This will include many of the reviews currently being done informally by the Visa Section.
  • Responsibility: IPM + Senior Immigration Officer
  • Target Date: Started March 2010 (ongoing)
• Action Plan: The following QA activities are under way with the aim of determining whether there is an existing trend: compilation of Jamaican refugee claimants in Canada and compilation of temporary resident visa applications refused and interdicted under A40. Results will be shared and discussed with officers, assistants and analysts in order to increase our capacity to identify potential risks.
  • Responsibility: MIO/IPM
  • Target Date: May 30, 2010
• Action Plan: A review of 50 family class (FC) applications will be carried out to verify whether the sending of the AOR was documented in the CAIPS notes. The review found that all files were compliant.
  • Responsibility: IPM
  • Target Date: March 2010 (completed)
• Action Plan: Further QA activities will be carried out on an ongoing basis.
  • Responsibility: IPM
  • Target Date: Started March 2010 (ongoing)

3. Mission management should review its front-end application screening procedures to ensure that they allow for more efficient case processing.

• Action Plan: Review front-end process, identify new processes and establish QA.
  • Responsibility: IPM
  • Target Date: Completed
• Action Plan: Create a mailroom to ensure consistency of front-end application processing procedures.
  • Responsibility: IPM
  • Target Date: Completed
• Action Plan: Train staff on new mailroom procedures.
  • Responsibility: IPM
  • Target Date: Completed
• Action Plan: Communicate changes to procedures to staff via email and staff meetings.
  • Responsibility: IPM
  • Target Date: Completed
• Action Plan: Monitor file creation process periodically as part of QA process.
  • Responsibility: IPM
  • Target Date: Started March 2010 (ongoing)

4. Mission management should ensure that all processing steps related to decisions on temporary resident and permanent resident cases are consistently documented in CAIPS notes.

• Action Plan: Officers and support staff have been informed of the requirement to document in CAIPS all steps related to decision-making.
  • Responsibility: IPM
  • Target Date: Completed
• Action Plan: Samples of cases notes will be reviewed periodically as part of formal QA to ensure that processes are now documented.
  • Responsibility: IPM
  • Target Date: Ongoing
• Action Plan: Training will be developed and provided to staff, as identified by QA reviews.
  • Responsibility: IPM
  • Target Date: Ongoing
• Action Plan: The Kingston Global Case Management System (GCMS) roll-out is scheduled for fall 2010; officers and support staff will be receiving additional training on notes to file for this new system.
  • Responsibility: IPM
  • Target Date: Fall 2010
• Action Plan: QA will be conducted and documented on file 3 months following implementation of the GCMS.
  • Responsibility: IPM
  • Target Date: Q4 2010-11

5. Mission management should review and update its CAIPS profiles and inventory lists, and make any necessary changes.

• Action Plan: The CAIPS list and logbook will be reviewed periodically.
  • Responsibility: IPM
  • Target Date: First week of each trimester

6. The CAIPS manager should periodically update the CAIPS profiles and inventory lists in the future, and maintain records of changes made.

• Action Plan: The CAIPS profiles and inventory list have been reviewed and updated.
  • Responsibility: CAIPS manager
  • Target Date: Completed & ongoing
• Action Plan: A logbook has been created to keep track of CAIPS users as they change.
  • Responsibility: CAIPS manager
  • Target Date: Completed & ongoing

7. The cost-recovery officer (CRO) should review and update the mission’s POS+ profiles, making changes where necessary and retaining records of profiles to ensure accountability and to support future quality assurance activities.

• Action Plan: POS+ user profiles have been reviewed and updated.
  • Responsibility: CRO
  • Target Date: Completed & ongoing

8. The CRO should perform POS+ system administrative functions periodically to ensure that the POS+ system is functioning as intended.

• Action Plan: The administrative functions have been performed and will continue to be carried out according to the manual.
  • Responsibility: CRO
  • Target Date: Completed & ongoing

Appendix E - Audit Timeline

Audit planning: September-October 2009

On-site examination: November 16-19, 2009

Clearance draft to IPM and IR for comments: February 12, 2010

Management Action Plan finalized: April 13, 2010

Recommended for approval by Audit Committee: June 4, 2010

Report approved by Deputy Minister: June 4, 2010