Audit of the framework and implementation of situation management at CSC, 2018

The Audit of the Framework and Implementation of Situation Management at CSC was conducted as part of the Correctional Service Canada (CSC) Internal Audit Sector’s 2016-2019 Risk-Based Audit Plan (RBAP). This audit links to CSC’s corporate priority of ensuring the "Safety and security of the public, victims, staff and offenders in institutions and in the community"^{Footnote 3} and the following corporate risk: "There is a risk that CSC will not be able to maintain required levels of operational safety and security in institutions and in the community."^{Footnote 4}

As evidenced by its corporate priority, CSC is focused on ensuring that federal correctional institutions provide a safe and secure environment that is conducive to inmate rehabilitation, staff and public safety. In order to maintain safety and security within institutions, correctional staff is provided with guidance and training in how to interact with inmates and to manage situations that may arise. While the ultimate goal is to resolve situations at the lowest possible level, there are numerous options available for staff to utilize, which range from dynamic security up to and including the use of force.

It is essential that CSC has an adequate and effective framework in place to ensure that situations are managed within the scope of the law, including the Corrections and Conditional Release Act (CCRA), the Corrections and Conditional Release Regulations (CCRR), and that CSC guidance around the use of force is limited to only what is necessary and proportionate.

As described in CD 567 Management of Security Incidents, the Situation Management Model (SMM) is a graphic representation used to assist staff in determining the correct response options to be used in managing situations. This SMM is available in Annex A. While it is only one piece of the framework in place, the model is a key tool that provides direction to staff to assess the situation and the subject’s behaviour continuously, and select the most reasonable intervention option, relative to those circumstances as perceived at that point in time. The various response options are shown on the SMM, and they overlap to indicate that one or more can be used at the same time. It is recognized that in dynamic situations, the subject’s behaviour and the staff's perceptions and tactical considerations could change at any moment. The SMM represents the process by which staff assess, plan, and respond to situations that threaten the safety and security of an institution and/or a person.

Underlying the SMM are four key elements in the management of a situation: assessment, selection of management strategy, intervention type, and post intervention. The following graphic provides details of each of these four elements.

In 2017, CSC began revising the SMM. While the revised model is based on the same elements as that of the SMM, for example, assessment of the situation, selection of management strategy, etc., it is intended to provide greater clarity for some of these elements as well as expanding on the use of partners during a response, particularly CSC health services. To strengthen this new direction, the revised model will be called the Engagement and Intervention Model (EIM). CSC is planning to replace the current SMM with the EIM before the end of the 2017-2018 fiscal year.

Given the higher risk associated with interventions where force is utilized, additional oversight mechanisms (use of force reviews) are in place to ensure that legislative and policy requirements were adhered to during the response to a situation. CD 567-1 Use of Force outlines the requirements for post incident reporting, for subsequent reviews of the incident, and defines the timeframes within which the reviews must be completed. Refer to Annex B for details of the review process.

When an incident occurs, all parties involved complete a Statement/Observation Report (SOR). The Security Intelligence Officer (SIO) on site then summarizes those SORs into an ‘Incident Report’ in the Offender Management System (OMS). If the SIO indicates that a use of force occurred, OMS automatically triggers this incident’s addition to the module. The module then prompts the necessary parties to input information about the use of force incident and perform the required reviews.

The Use of Force Module (module) was introduced in 2015 to ensure that use of force data was captured in a centralized database to allow for greater monitoring, trend analysis, and facilitate the completion of required reviews.

The way in which security incidents are managed at CSC is governed under the criminal code sections: 25 to 27, 34, 35, 37, 67 to 69, 92, 117.07, 494, and 495. Section 26 specifically states, "Everyone who is authorized by law to use force is criminally responsible for any excess thereof according to the nature and quality of the act that constitutes the excess." These sections, while covering different situations, focus on the reasonableness of the force applied and how the force must match the potential outcome of not applying force.

The CCRA establishes the purpose of the federal correctional system as contributing to the maintenance of a just, peaceful and safe society with the protection of society as its paramount concern. The following sections of the CCRA directly relate to how incidents are managed at CSC: 3, 3.1, 4, 15.1, 31 to 44, 68, and 97. Section 4 is the most relevant to the management of situations, where it limits the measures CSC may use in carrying out its mandate. Specifically, it states that "the Service uses measures that are consistent with the protection of society, staff members and offenders and that are limited to only what is necessary and proportionate to attain the purposes of this Act."

The CCRR lays out the regulations to support the CCRA and includes the delegation of authorities to staff members to carry out requirements within the CDs, which would include CD 567 Management of Security Incidents. The following sections of the CCRR directly relate to how incidents are managed at CSC: 3, 4, 19 to 41, and 73.

There are 15 CDs and guidelines (GLs) that have requirements and processes that are related or applicable to the management of situations. Refer to Annex C for a complete list.

The Assistant Commissioner, Correctional Operations and Programs (ACCOP) is responsible for the development, implementation, maintenance and evaluation of interventions, and to ensure that any issues or deficiencies arising from security policies or procedures are addressed in a timely manner. Additionally, the ACCOP is to ensure that national training and certification standards for staff are developed in collaboration with the Director General, Learning and Development.^{Footnote 5}

The Director General, Security, designated as the senior CSC authority on safety and security is to ensure that security policies and procedures are knowledge and research based and to provide direction and support to regions in relation to policy, safety and security issues. Additionally, the Director General, Security is to inform the ACCOP, of any issues arising from security policies, procedures or implementation.^{Footnote 6}

The Assistant Commissioner, Health Services, and/or Health Services Director Generals are authorized to establish direction that must be adhered to by all health care professionals and other applicable staff.^{Footnote 7}

The Assistant Deputy Commissioner, Correctional Operations (ADCCO), is responsible for communicating policies and providing support to operational units as well as conducting operational reviews of policy implementation on a regular basis. Additionally, the ADCCO is to report any issues or deficiencies arising from security policies/procedures or their implementation to the Director General, Security in a timely manner.^{Footnote 8}

The Regional Director, Health Services (RDHS) will ensure the provision of health services to offenders in CSC institutions and in the community, in accordance with relevant legislation, professionally accepted standards, CSC policies and practice directives; and the implementation of procedures to monitor and evaluate the quality and timeliness of health services and in a manner that promotes patient safety and quality improvement.^{Footnote 9}

The Institutional Head is responsible for implementing security policies and procedures, ensuring staff are equipped and trained in their duties, including training on situation management, and ensuring staff follow processes and respond to medical emergencies pursuant to CD 800 Health Services. Additionally, following a security incident, the Institutional Head is to ensure the institution returns to a safe and secure environment as soon as possible, managing any resulting challenges as well as conducting a debriefing with all individuals involved in the incident.^{Footnote 10}

Staff are responsible for ensuring that they know and understand the applicable law, policies and procedures and consider cultural, physical health, mental health and gender issues in their interventions, demonstrate fairness, judgement and professionalism when returning the institution to a safe and secure environment, to not consent to or take part in any cruel, inhumane or degrading treatment or punishment of an inmate and report any such behaviour or treatment if witnessed. Additionally, staff is required to take every reasonable step to return the institution to a safe and secure environment as soon as possible when they become aware of any situation that jeopardizes the security of the institution or safety of the public, staff or inmates and resolve conflicts at the lowest level possible.^{Footnote 11}

The Audit of the Framework and Implementation of Situation Management at CSC was identified as a high audit priority and an area of risk to CSC in the Internal Audit Sector’s 2016-2019 RBAP. An engagement level risk assessment was completed by the audit team using the results of interviews, research, and knowledge obtained through previous audits to assist in determining areas that the audit should cover.

Overall, the assessment identified key risks associated with the framework that is in place to support the management of situations as well as implementation of key controls. These risks have been covered by this audit to assess whether mitigation strategies were sufficient.

The objectives of this audit were to:

• Provide assurance that the framework in place to support situation management is effective; and
• Provide assurance that key activities supporting the situation management framework have been implemented effectively.

Specific criteria have been established to assess these objectives and are included in Annex D.

The audit was national in scope and included the framework and processes in place at the national, regional, and local levels. It also addressed whether the results of the review of the SMM completed by the Correctional Operations and Programs Sector (COPS) in collaboration with the Health Services Sector (HSS) and the Canadian Association of Chiefs of Police in November 2015 have been implemented, or are progressing as scheduled in addition to any other key commitments made by CSC as a result of the Coroner’s Inquest Touching the Death of Ashley Smith. For the file review, the audit assessed a sample of use of force incidents that occurred between April 1, 2015 and March 10, 2017.

The audit did not focus on determining if the type of force applied during an incident was correct. Minimum security institutions were excluded from testing as they normally have the lowest number of incidents and are therefore considered by the audit team to be lower risk. Security incidents which occurred in the community were also not included in the audit as CD 567 Management of Security Incidents, where the SMM is defined, pertains exclusively to incidents that occur in an institution.

The Audit of the Management of Security Incidents, which was completed in 2014, previously examined several areas related to this audit, including the reporting of security incidents and whether or not incidents were formally documented with SORs, logbooks, or case work records, as well as the management of equipment and weapons used during an incident response. Although management indicated that the actions it took to address the recommendations from that audit were fully implemented as of August 2015, we found through the current audit that one of these issues is still outstanding today. Refer to section 3.1.3 for details of this issue.

The SMM is the main tool in place to provide guidance to staff when managing situations. This model is in the process of being revised and replaced by the EIM. CSC's plan to change the model was taken into consideration during the planning phase, and the criteria for this audit were developed to ensure that resulting audit findings would apply to, and support the organization’s transition to the EIM.

For the first objective, we found that a framework is generally in place to support situation management. However, the following areas require further consideration by management in order to help ensure that the management framework fully supports the effective implementation of situation management at CSC:

• Clarifying who is in charge of controlling a response to a security incident;
• Providing guidance material for use of force reviews;
• Providing training on the use of force module in OMS to staff; and
• Monitoring and reporting on performance at the local, regional and national levels.

With respect to the second objective, we found that key activities including the sharing and consideration of intelligence information, completion of medical assessments and provision of treatment, completion of use of force reviews, and implementation of corrective action are in place and support the effective management of situations. However, the following areas require further consideration by management in order to help ensure that key activities supporting the management of situations are implemented effectively:

• Ensuring that intervention plans are documented as required by policy;
• Ensuring that post use of force first aid and physical assessments are completed;
• Ensuring that use of force reviews are completed within the required timeframes;
• Clarifying the focus and intent of use of force reviews;
• Ensuring that corrective actions taken are effective; and
• Ensuring that compliance issues and corrective action are consistently documented within the module.

Recommendations have been issued in the report based on areas where improvements are required.

Audit evidence was gathered through a number of methods:

Specific engagements that were used in planning the work for this audit include:

The audit found that:

• Monitoring and reporting of security incidents was not occurring in all situations;
• Log books contained records of security incidents which were never formally reported; and
• Trend analysis was not being completed to try and predict, or alleviate potential security incidents before they occurred.

Areas where significant testing was completed for the Audit of the Management of Security Incidents were scoped out of this current audit. The following actions were taken by management to address the recommendations from the audit:

• COPS created a monitoring report that was distributed to regions for review and input;
• Developed a template for shift briefings that was distributed to all regions;
• Issued a security bulletin to all regions addressing observation reports and log books;
• Received attestations from all regions that sites were utilizing log books as required by policy;
• Took measures to ensure that OMS and Reports of Automated Data Applied to Reintegration (RADAR) accounts were created for all Correctional Officers-ll (CO-ll);
• Revised and promulgated CD 570;
• NHQ Security Branch received attestations that sites have updated local policy and practices pursuant to CD 570;
• A new national equipment inventory system was implemented in February 2014 requiring sites to migrate equipment information to the new tool, this was subsequently completed by all sites; and
• Revised and promulgated CD 568-1.

The Security Branch conducted a review of use of force incidents that occurred between April 1, 2015 and December 31, 2016. The review was completed in April 2017; however, the final report is still in draft form. The report will provide the results of analysis around various metrics (i.e. rates of use of force incidents per region, age of inmates involved in incidents, location of incidents, types of incidents, use of force types, etc.).

The audit team reviewed the draft report to identify how the results of the review will be used to inform decisions around policy and procedures related to the management of situations.

The Board of Investigation into the death of Matthew Hines was reviewed as part of the planning phase of this current audit. Many issues were noted, including the health care assessment and health care involvement, the type of force applied and how it was applied, the lack of reassessment based on the situational factors, and a lack of managerial oversight.

The 2015-2016 Annual Report of the Office of the Correctional Investigator examined the use of force within CSC, as well as the SMM. The report found that:

• There is a trend in the reliance on and the significant escalation in the number of use of force incidents involving inflammatory agents; and
• More than half of the post use of force health care assessments reviewed included deficiencies.

The audit team considered the results of actions taken by CSC to address recommendations during the planning phase of the current audit.

The Coroner’s Inquest Touching the Death of Ashley Smith made a number of recommendations related to the SMM. CSC subsequently responded to the recommendations by making a multitude of commitments. To provide assurance that those commitments are being met, the CSC Internal Audit group conducted an auditability assessment of the CSC commitments and ranked them based on their risk. The following recommendations directly relate to the SMM and were considered in the planning of the current audit.^{Footnote 14}

Recommendation 50: CSC develops a new, separate and distinct model, from the existing SMM, to address medical emergencies and incidents of self-injurious behaviour.

Recommendation 51: That the SMM not be resorted to in any perceived medical emergency.

Recommendation 52: That, when reporting a Use of Force intervention to preserve the life of an inmate who has self-harmed an expedited reporting system will apply. Further, all such incidents should be reviewed, within 48 hours, by:

1. The Warden;
2. The Chief of Health Care;
3. The Chief Psychologist;
4. Women Offender Sector (for female inmates);
5. Office of the Correctional Investigator;
6. RHQ - Members of the Regional Complex Mental Health Committee; and
7. NHQ - Members of the National Complex Mental Health Committee.

The review will focus on the mental health needs of the inmate, their behaviour and its lethality, as well as the response of frontline staff, including its appropriateness. It will assist and support the well-being of the inmate, in addition to the efforts of the institution and frontline staff. It will also include strategies to manage the inmate in a safe manner, and encourage staff to exercise good judgment.

Recommendation 55: That, to reduce institutional or criminal charges laid against an inmate, CSC adopts the methods of the St. Lawrence Valley Correctional and Treatment Centre model of care for disruptive or self-injurious behaviours symptomatic of a mental health disorder.

The following commitments were made by CSC in response to the recommendations:^{Footnote 15}

"Correctional Operations and Programs Sector, in collaboration with Health Services and the Canadian Association of Chiefs of Police, will revisit the application of the SMM to medical emergencies, incidents of self-injurious behaviour, and offenders with mental health disorders in order to ensure its continued suitability."

"In June 2014, an updated Use of Force Review module was added to the Offender Management System for use at five institutions across Canada, and by those responsible for Use of Force review at the regional level. The changes to the module resulted from an Executive Committee (EXCOM) decision and aim to increase efficiencies for the review of use of force incidents. These changes created a streamlined, triage process, including a clear explanation for review and decision-making. The module is to provide a more user-friendly structure to allow users to capture and distribute use of force related information for timely review, when required. The revised OMS modules are to be rolled out nationally in tandem with the updated Commissioner's Directive 567-1: Use of Force."

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with management. The opinion is applicable only to the area examined.

The audit conforms to the Internal Auditing Standards for Government of Canada, as supported by the results of the quality assurance and improvement program. The evidence gathered was sufficient to provide senior management with proof of the opinion derived from the internal audit.

Sylvie Soucy, CIA

Chief Audit Executive

Effective January 2000 to January 2018.

Effective January 2018 to current.

Description of Engagement and Intervention Model Components

Review Process^{Footnote 16}

"43. Within two working days of the completion of the incident report in OMSR, the Institutional Head will ensure that a preliminary review of any incident involving the use of force is completed in order to identify any serious concern or deficiency. This review will be completed by a Correctional Manager or above.

44. There are three types of review processes dependent on the type of intervention. The requirements for review and the sample size (if applicable) are identified in Annex B.

45. A Level 1 Use of Force - Compressed Review is a condensed analysis and assessment of incident-related documentation and video-recordings (where applicable) finalised by the Assistant Warden, Operations, at the institutional level to ensure compliance with law and policy. This involves a use of force situation where physical handling (no allegation of excessive use of force or injury), control of offender, inflammatory agents and/or chemical agents intentionally aimed at an individual, displaying/pointing or charging of a firearm, or the non-routine application of handcuffs were sufficient to resolve the situation. The Institutional Head will ensure that all level 1 use of force reviews will be completed within 20 working days of the incident.

46. A Level 2 Use of Force - Full Review is an analysis and assessment of all incident-related documentation and video-recordings (where applicable) finalised by the Deputy Warden to ensure compliance with law and policy. This involves any other use of force situation where force is used to resolve the incident not covered in level 1. The Institutional Head will ensure that all level 2 use of force reviews will be completed within 20 working days of the incident. The Assistant Deputy Commissioner, Integrated Services, will conduct regional level 2 reviews within 25 working days upon notification of the use of force completion at the institutional level. The Director General, Security will identify for the Security Branch, the use of force incidents requiring a full review as outlined in Annex B. The Women Offender Sector will review 100% of the use of force incidents that occur at women sites. National level 2 reviews will be completed within 30 working days upon notification of the use of force completion at the regional level.

47. A Level 3 Use of Force - Expedited Review requires immediate review of a use of force, finalised by the Assistant Deputy Commissioner, Integrated Services, and the Director General, Security. This involves a situation where there may be serious violations of policy. Where the preliminary review indicates possible serious violations of policy, or any other aspects that may cause serious concerns, the Institutional Head will inform, without delay and in writing, the Assistant Deputy Commissioner, Integrated Services, the Director General, Security, and when applicable the Deputy Commissioner for Women, the Assistant Commissioner, Health Services, and the Director General, Aboriginal Initiatives. The Institutional Head will provide a description of the incident and a summary of any concerns.

48. In these cases, the Director General, Security, in consultation with the Assistant Deputy Commissioner, Integrated Services, will decide if an expedited review is necessary, and if so, will notify Regional Headquarters, the Institutional Head, the Office of the Correctional Investigator, and the Director General, Incident Investigations. In such cases, the Institutional Head will ensure that the use of force documentation, including video footage, is made available in OMSR without delay, but no later than two working days from the creation of the incident report, and that the review be completed within five working days upon receipt of the notification from the Director General, Security. The Assistant Deputy Commissioner, Integrated Services, will finalize the review within five working days of receiving notification of use of force completion at the institution. The Director General, Security, will finalize the review within five working days upon receipt of notification of use of force completion at the regional level."

The following CDs and GLs include requirements and processes that are related or applicable to the management of situations.

• CD 253 Employee Assistance Program
• GL 253-2 Critical Incident Stress Management
• CD 560 Dynamic Security and Supervision
• CD 567 Management of Security Incidents
• CD 567-1 Use of Force
• CD 567-2 Use of and Responding to Alarms
• CD 567-3 Use of Restraint Equipment for Security Purposes
• CD 567-4 Use of Chemical and Inflammatory Agents
• CD 567-5 Use of Firearms
• CD 568-1 Recording and Reporting of Security Incidents
• CD 600 Management of Emergencies
• CD 702 Aboriginal Offenders
• CD 800 Health Services
• GL 800-4 Response to Medical Emergencies
• CD 843 Interventions to Preserve Life and Prevent Serious Bodily Harm

The following sites were selected based on security level, number of incidents, number of incidents where a chemical agent was used, whether a violation of CSC guidance was noted during an incident review, and whether an institution has open, closed, or mixed concept ranges.