Corporate Audit of Security
Final Summary Report
3.0 MAJOR FINDINGS
3.1 Security Management Structure
Responsibility for security is delegated by the Deputy Head to three separate departmental functions: Finance and Administration (Corporate Security), Human Resources (Staff Relations), and Information Management and Technologies Branch (Information Technology Security). The DSO is also the Director of Administration, and reports to the Director General of Finance and Administration. The role of the DSO at CIC is, therefore, primarily one of coordination among the three functional areas.
The Department’s organizational structure is characterized by a significant degree of regional independence. As a result, the organizational context for security is complex and there is no centralized accountability. There is neither a centralized structure nor an integrated direction for security from NHQ to the regions. Different approaches and priorities have been developed for the security function among the regions.
Security linkages from headquarters to regions were assessed as weak. Also, communications on security issues are generally managed in an informal manner. For example, minutes of departmental or regional security committee meetings, information bulletins and other circulars were rarely available during the audit. Overall, strong reliance is placed on the good will of the participants and their voluntary compliance with policies and procedures, which were not well understood by the staff at the sites audited.
The Department has implemented security in a manner that addresses the scope of the GSP. Roles and responsibilities for security have been assigned throughout the Department. There is a risk, however, that the security program is ineffective because of the overlap of functional activities, poor coordination between NHQ staff and the regions, and lack of an effective monitoring and enforcement mechanism.
- Date Modified:
