Audit of Operational Controls at
Ports of Entry (Based on the
1996 Tassé Report) – Final Report

Appendix C: Tassé report—Recommendations and Action Plans

Note: The audit team’s comments on the implementation of the recommendations and action plans are in italics. The action plan was established in May 1997.

RECOMMENDATION 1

CIC should take steps to ensure the application of “risk management” techniques to improve the effectiveness and efficiency of its operational controls, particularly in deciding what the role of local and regional management should be in the development and definition of detailed control procedures that respond to their own particularities and exigencies. The increased application of self-managed teams and joint accountability will have a positive impact on the efficiency of operational controls.

Action Plan 1

Specific initiatives have been undertaken by the Departmental Delivery Network (DDN) and Strategic Policy, Planning and Research (SPPR) to introduce risk management techniques. SPPR has developed a risk assessment model to provide a risk-based description of CIC and potential review projects. The model will provide a strategic approach to the consideration of programs and initiatives to be reviewed, evaluated and audited.

Responsibility: Director General, SPPR
Completion Date: June 30, 1997

Corporate Review has established a risk assessment model to provide a strategic approach to the consideration of programs and initiatives to be reviewed, evaluated and audited.

Action Plan 2

DDN will host a “best practices” national workshop in 1997 with a goal of improving awareness and encouraging practice of risk management principles within CIC.

Responsibility: Director General, DDN
Completion Date: December 31, 1997

A port of entry workshop was held in Windsor in 1997.

Action Plan 3

Enforcement Branch, in cooperation with the regions, has developed and tested a method to assess the risk associated with traffic seeking to enter Canada, with a view to developing work standards for the Primary Inspection Line. Pending further consultation with the regions, a national program will be implemented as part of the revised memorandum of understanding with Revenue Canada, Customs (now CCRA).

Responsibility: Director General, Enforcement
Completion Date: December 31, 1997

The MOU is currently under renegotiation; therefore, this recommendation and the action plan were not carried out.

RECOMMENDATION 2

Part 1

A more systematic approach, including an analysis of the level of risk that CIC is prepared to accept, should be adopted by CIC in the implementation of any reduction of control applications.

Action Plan 1

Enforcement Branch agrees that a systematic analysis of risks should be adopted by CIC if further reductions to control applications at ports of entry are planned. This analysis will ensure that the level of risk CIC is prepared to accept has been thoroughly reviewed.

Responsibility: Director General, Enforcement
Completion Date: Ongoing

See the observations in section 2 (sections 2.2 to 2.5) of this report. There have been few changes since 1996.

Part 2

Where changes are undertaken in CIC’s organizational structure, it is imperative that an assessment be carried out of the impact the changes will have on control processes. Where control responsibilities are reassigned, it is imperative that steps be taken to ensure that employees understand their additional responsibilities and are provided with adequate training.

Action Plan 2

Where future changes to operational controls are considered as part of organizational change, a risk assessment will be required as part of the decision-making process. If control responsibilities are reassigned, affected employees will be informed in writing of their new duties and, where necessary, training will be provided on a priority basis.

Responsibility: Director General, Enforcement, and Regional Directors General
Completion Date: Ongoing

When new systems have been introduced across the country, such as SAP, all employees have received training. There have been few changes in the operational controls since 1996.

RECOMMENDATION 3

Given the time frame for the review and implementation of changes in the handling of public money at ports of entry under the Renewal Agenda, consideration should be given to the following interim steps.

Part 1

NHQ, in conjunction with the regions, should examine the merits of partnerships with Revenue Canada, Customs (now CCRA) to share cashiers at ports of entry, and enter into such partnerships where conditions permit.

Action Plan 1

Port of entry managers will ensure that employees are reminded of their responsibilities when handling public money and will provide any necessary training.

Responsibility: Regional Directors General
Completion Date: June 30, 1997

There has been status quo in operations since 1996. Immigration employees have received training in new systems that have been put into place (for example, SAP and SAP/POS).

Action Plan 2

Regions may examine the merits of entering into partnerships with Customs (now CCRA) to share cashiers at ports of entry.

Responsibility: Regional Directors General
Completion Date: December 31, 1997

Three ports of entry have undertaken such partnerships. This is discussed in section 2.3.3 of this report.

Part 2

NHQ, in conjunction with the regions, should redefine the level of specific risk that CIC is willing to accept in an environment with no cashier. If CIC decides not to provide a cashier at a port of entry:

  • a more detailed risk analysis should be undertaken to establish what level of risk acceptance CIC is willing to adopt;
  • steps should be undertaken to ensure that employees clearly understand their roles and responsibilities; and,
  • training should be provided to staff members who have not previously carried out this type of administrative control process.
Action Plan 3

CIC does not plan to redefine the level of risk it will accept in an environment without cashiers. Mr. Tassé found no evidence of abuse in the handling of public funds at ports of entry and changes in the way public money is handled at ports of entry are planned for late this year as part of the Renewal Agenda. The changes planned under the Handling of Public Money project are designed to secure, as much as possible, the revenue generated at ports of entry. In particular, CIC will take advantage of system integration and interfaces between the program and financial systems to track the receipt of funds and provide for an adequate audit trail.

Responsibility: Director General, Information Management and Technologies, and Director General, Finance and Administration
Completion Date: March 31, 1998

There has been status quo since 1996. The Handling of Public Money project relates to Case processing centres (Mississauga, Sydney and Vegreville) and does not involve ports of entry.

There has been no interface between program systems (FOSS) and financial systems (SAP and SAP/POS) to track the receipt of funds and provide for an adequate audit trail.

RECOMMENDATION 4

All the action plans related to this recommendation pertain to chapter SA6.

Part 1

NHQ, in conjunction with the regions, should reassess the need for ports of entry to stock IMM 1000 Permanent Resident Record and visa forms. If these forms are not required, they should be removed from stock in the prescribed manner.

Action Plan 1

IMM 1000s no longer required at ports of entry are to be removed from stock in the prescribed manner (sections 12 and 14 of SA6).

The audit team found that some ports of entry had IMM 1000s on site (see section 2.2.1 of this report).

Part 2

NHQ, in conjunction with the regions, should require each port of entry to analyse its stock requirements and ensure that the maximum stock does not exceed (section removed). This requirement should be emphasized for the IMM 1000 forms, if some of these are to be maintained at ports of entry.

Action Plan 2

Ports of entry are to analyse stock requirements for IMM forms to ensure that supplies do not exceed the anticipated use for (section removed) (section 10 of SA6).

The audit team found that some ports of entry had excess manual immigration key control forms on hand.

Part 3

NHQ, in conjunction with the regions, should carry out an annual inventory of immigration key control forms to account for all forms supplied to each port of entry and should stress the importance of periodic local office reconciliation of forms received from NHQ and on hand.

Action Plan 3

Ports of entry are to ensure that an annual inventory of immigration key control forms is conducted each fall (section 16 of SA6). Inventories not completed last fall should be completed by June 30, 1997.

See section 2.2.1. Annual inventories are still not being conducted in ports of entry.

Part 4

NHQ, in conjunction with the regions, should ensure that all employees know and understand the policies and procedures and their role and responsibilities regarding the control and administration of immigration key control forms.

Action Plan 4

All employees handling immigration key control forms are to review the policy and procedures in chapter SA6 regarding control of these forms.

Responsibility: Regional Directors General
Completion Date: December 31, 1997

This chapter was revised in summer 2000. The audit team found that there were gaps of knowledge regarding this chapter among immigration employees at ports of entry, throughout the country.

RECOMMENDATION 5

All the action plans related to this recommendation pertain to chapters SA3 and SA4.

Part 1

NHQ, in conjunction with the regions, should establish the level of observance port of entry managers must apply in the wearing of uniforms and badges.

Action Plan 1

Ports of entry are to review with staff the dress regulations concerning uniforms (section 4 of SA4) and the manner of display for immigration badges (section 3 of SA3).

This recommendation and action plan were carried out. There were a few exceptions and they are noted in the body of the report under sections 2.4.1 and 2.4.3.

Part 2

NHQ, in conjunction with the regions, should emphasize to port of entry examining officers the importance of their responsibilities and accountability in regard to badges and port stamps, as well as the importance of safeguarding and securing these badges and stamps.

Action Plan 2

Ports of entry are to review with employees their responsibilities with regard to the protection and security of their badges and port stamps.

This recommendation and action plan were carried out. There were a few exceptions and they are noted in the body of the report under sections 2.4.2 and 2.4.3.

Responsibility: Regional Directors General
Completion Date: June 30, 1997

RECOMMENDATION 6

CIC’s Information Management and Technologies Branch, Information Management and Technologies Branch in conjunction with the regions, should review the possibility of using password-protected screensavers as an additional level of security for access to CIC’s systems, and steps should be taken to ensure that employees adhere to industry norms for unique user codes and passwords.

Action Plan 1

Ports of entry using Microsoft Windows are to use the screensaver option with password protection. This action will provide some level of security against unauthorized access to CIC’s systems.

Subject to individual operational considerations, ports of entry should ensure that industry norms regarding the use of unique user codes and passwords for each user are followed. In this regard, individual users should log out of all computer applications (such as FOSS and the Canadian Police Information Centre they have opened, when the terminal will no longer be under their control. For example, if officers leave to go for coffee, they should log out, logging in again when they return. In this way, a clearer audit trail of all activities can be maintained.

Responsibility: Regional Directors General
Completion Date: June 30, 1997

Few password-protected screensavers were used. See section 2.5 of this report.

Action Plan 2

IMTB will introduce Windows NT, which will include upgraded security features, at all ports of entry by the end of 1997. A draft IT security policy is scheduled to be released that year for discussion. These new measures will alleviate the concerns Mr. Tassé raised in this area.

Responsibility: Director General, Information Management and Technology
Completion Date: December 31, 1997

This was not covered in this audit due to the corporate audit of security, which was conducted in winter 2001.

RECOMMENDATION 7

The port of entry at Pearson International Airport should review with Revenue Canada, Customs (now CCRA) the approach used for referring passengers to immigration secondary examination, with a view to reducing the risk that clients will bypass immigration examination by simply removing the blue paper ribbon. The practice in other international airports should be considered as an alternative approach.

Action Plan

A new procedure for the referral of passengers to immigration secondary examination has been implemented at Pearson International Airport. Customs inspectors are now marking the customs declaration forms of all passengers referred to immigration secondary examination. The immigration examining officers are responsible for stamping the cards when the examinations are concluded. When the cards are collected by customs as the passengers exit the customs hall, they are checked to ensure that the cards that require an immigration stamp have one.

Responsibility: Director General, Ontario
Completion Date: Completed

This recommendation and action plan have been carried out.

<< Contents| Previous >>