Audit of the Immigration Program at the Canadian Mission in Ankara

Audit Report
Internal Audit and Accountability Branch
Citizenship and Immigration Canada
April 2011


Table of Contents


List of Acronyms Used in the Report

CAIPS
Computer-Assisted Immigration Processing System
CIC
Citizenship and Immigration Canada
CBO
Canada-Based Officer
DFAIT
Department of Foreign Affairs and International Trade
DIO
Designated Immigration Officer
HR
Human Resources
IPM
Immigration Program Manager
MIO
Migration Integrity Officer
RPC
Regional Program Centre

Executive Summary

The Citizenship and Immigration Canada (CIC) risk-based audit plan for 2010–2013 provides for the audit of missions abroad. The selection of the immigration program at the Canadian mission in Ankara was done in consultation with the International Region Branch at CIC national headquarters. The on-site field work was conducted from October 11 to 15, 2010.

The Ankara mission is a full-service centre. It processes the full range of immigration applications from residents of Turkey, Azerbaijan, Georgia and Turkmenistan. As per International Region data, the mission is currently staffed with 11 full-time equivalents.

The audit objectives were to assess the adequacy of the mission’s:

  • governance framework for administering the Immigration Program;
  • risk management processes and practices for supporting the program’s objectives; and
  • internal control framework governing operational, administrative and financial activities.

The criteria used in the audit are based on Treasury Board and CIC applicable legislation, policies and directives.

We found that:

  • the governance framework met our expectations;
  • risk management processes and practices met our expectations; and
  • the internal control framework partially met our expectations as some adjustments to operational and administrative processes were required.

This audit report sets out the recommendations for addressing our observations, as well as the mission’s responses and action plans for following up on our recommendations.

1.0 Introduction

The Citizenship and Immigration Canada risk-based audit plan for 2010–2013 provides for the audit of missions abroad. The immigration program at the Canadian mission in Ankara was selected for auditing in consultation with the International Region Branch at CIC national headquarters. The on-site field work was conducted from October 11 to 15, 2010.

1.1 Background

1.1.1 Operations

CIC recruits, selects and processes applications from foreign nationals who want to come to Canada temporarily or permanently and who will stimulate economic growth and enrich and strengthen the social and cultural fabric of Canadian society. Responsibility for those tasks lies with the Operations Sector, which is divided into domestic and overseas operations. Overseas operations fall under the responsibility of the International Region and its network of visa offices (or missions) abroad.

There are three categories of visa offices or missions abroad: regional program centres (RPCs), full-service centres, and satellites and specialized offices. RPCs and full-service centres both deliver the full range of immigration services for the countries they serve, but RPCs also oversee satellite offices. The full range of immigration services includes the processing of permanent and temporary resident applications as well as other immigration applications, such as requests for travel documents or temporary resident permits. Satellites and specialized program offices do not deliver the full range of immigration services.

The Ankara mission is a full-service centre. Consequently, the mission provides the full range of immigration services from residents of Turkey, Azerbaijan, Georgia and Turkmenistan.

According to International Region data, the mission had 11 full-time equivalents as follows:

  • 3 CBOs (including one migration integrity officer [MIO])
  • 2 locally engaged program officers
  • 6 locally engaged staff

Appendix A presents the mission’s organizational chart as at January 2011.

The majority of the employees are responsible for the direct processing of immigration applications. The MIO is involved in antifraud and interdiction activities that support program integrity in the Region.

Appendix B sets out a summary of the mission’s statistics for 2010, 2009 and 2008.

1.1.2 Environmental Context

This section of the report highlights some of the operating environment issues which the mission faces. They are presented here for information purposes only and do not reflect any particular order.

Mission management identified the following challenges related to the operating environment:

  • Exit requirements for residents of Turkey – Turkey may levy substantial fines on people departing Turkey if they did not comply fully with all local requirements while in Turkey.
  • Operational challenges in serving applicants from Azerbaijan, Georgia and Turkmenistan – While these cases make up a small portion of the workload, they require much more time to process than Turkish cases. Additionally, applicants in these countries may experience difficulty arranging payment of processing fees both at the mission and at case processing centres, and traditional mail service is unreliable for these countries.
  • Decline of applications in the economic category – The introduction of C-50 significantly reduced the intake of federal economic applications in 2009. The mission had determined that maintaining federal economic visa output at the current level would be a challenge in moving forward.

1.2 Audit Risk Assessment

On the basis of reviews and analysis during the planning phase and applicable elements of the Treasury Board Secretariat’s Management Accountability Framework and CIC’s Core Management Controls Framework, the following key risks were identified:

  • Governance framework – There are risks that governance structures and processes may not be clearly defined, and results and performance not properly reported.
  • Risk management processes and practices – There are risks that critical events that could impact on the delivery of the Immigration Program have not been identified and appropriately assessed and mitigated.
  • Internal control framework – There are risks that adequate controls are not in place for the operational and administrative processes used to deliver the Immigration Program.

.3 Audit Objectives

The audit objectives were to assess the adequacy of the mission’s:

  • governance framework for administering the Immigration Program;
  • risk management processes and practices for supporting the program’s objectives; and
  • internal control framework governing operational, administrative and financial activities.

1.4 Audit Criteria

The audit criteria were based on applicable Treasury Board and CIC legislation, policies and directives. See Appendix C for the detailed criteria.

1.5 Audit Scope

The audit only involved operations at the Canadian mission in Ankara. The audit scope covered all significant aspects of CIC operations at the mission, as described in section 1.1.1 of this report. This included the full range of immigrant and non-immigrant program activities with associated financial and administrative components typically found in a full-service centre. The audit examined the activities of the mission from July 1, 2009, to the end of the on-site examination period on October 15, 2010.

1.6 Audit Methodology

There were three lines of enquiry:

  • governance framework;
  • risk management practices; and
  • the internal control framework.

As part of our examination of the governance framework and risk management processes and practices, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes, documented controls, tested information and reviewed samples of management files to test for compliance.

As part of our examination of the internal control framework, we examined controls over application processing, the Computer-Assisted Immigration Processing System (CAIPS), controlled documents, immigration revenues, and travel and hospitality expenditures.

For our examination of application processing, we examined all decisions related to permanent resident determination travel documents, temporary resident and permanent resident cases and temporary resident permits finalized from July 1, 2009, to June 30, 2010, to test compliance with decision-making authorities. We also interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes and documented controls. The audit also examined a judgmental sample of five permanent resident determination travel documents, 20 temporary resident cases and 20 permanent resident cases that were finalized between July 1, 2009, and June 30, 2010, to assess compliance with legislation, regulations and the policy requirements of each case file. We determined the sample size based on processing volumes at the mission. Individual sample cases were selected randomly and were reviewed in order to validate findings from the interviews, reviews of documents and observations of procedures.

In examining other internal controls, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes and documented controls. Specifically, we examined CAIPS user profiles, tested CAIPS inventory controls, tested a sample of transactions involving the office's inventory of controlled documents, examined immigration revenue controls, and reviewed a sample of travel and hospitality claims to assess the effectiveness of the controls in place.

As part of this process, the Head of Mission was debriefed on our preliminary observations. The audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing.

2.0 Audit Conclusions

We found that:

  • the governance framework met our expectations;
  • risk management processes and practices met our expectations; and
  • the internal control framework partially met our expectations as some adjustments to operational and administrative processes were required.

The next section of this report contains detailed observations and recommendations.

3.0 Observations and Recommendations

3.1 Governance Framework

The audit examined three areas of the governance framework:

  • governance and strategic direction;
  • values and ethics; and
  • results and performance.

We expected to find that:

  • structures were in place to ensure that accountabilities were appropriately discharged;
  • values and ethics were promoted and reinforced; and
  • information on results was gathered, used to make decisions and reported.

The governance framework in place at the mission met our expectations. We found that reporting lines were clearly established in organizational charts and reflected in staff job descriptions. Our review of the mission plans found that they were developed in accordance with International Region guidelines and communicated the organization’s goals and risks. We also found that human resources (HR) management practices promoted public service values and ethics through a periodic review of public service information on values and ethics. Lastly, we found that the mission was monitoring performance with regard to the mission’s objectives through the periodic review of processing results.

3.2 Risk Management

As part of the audit, we examined the adequacy of risk management processes and practices in place to support the achievement of the mission’s objectives. Specifically, we expected to see that processes were in place to identify, assess, mitigate and monitor risks, that management appropriately communicated risks and risk management strategies to key stakeholders, and that planning and resource allocation took risk information into account.

We found that risk management practices in place were appropriate for a mission of Ankara’s size. Risks were documented in the mission’s annual plan and also identified as part of the mission’s application processing. When merited, risk mitigation strategies were established and adjusted according to updated risk information. However, mission management expressed some concern over its ability to conduct quality assurance activities due to its limited resources. Our review found that the quality assurance done was appropriate, but acknowledged that further efforts in this area could strengthen the mission’s practices.

3.3 Internal Control Framework

As part of the audit of the internal control framework, we examined the controls in place over application processing, CAIPS , controlled documents, immigration revenues, travel and hospitality expenditures, human resources, client-focused service and learning, innovation and change management.

We found that the internal control framework partially met our expectations as some adjustments for operational and administrative processes were required.

3.3.1 Application Processing

The audit of internal controls included an examination of immigrant and non-immigrant processing. We expected to find that application decisions were adequately documented, that processes and procedures complied with the applicable legislation and policies, that sufficient controls were in place to ensure that admissibility requirements were met, and that designated and delegated authorities for decisions were appropriate and complied with departmental policy.

We found that controls in place over application processing met our expectations. We documented and reviewed the process to review and assess immigration applications in place at the mission and found that overall, adequate controls were in place to ensure compliance with operational and legislative requirements. We also reviewed all decisions made on cases finalized over our review period and found that all decisions were made by individuals with the authority to do so. As part of our audit, we also reviewed samples of case files finalized during our review period. We generally found processing files to be compliant with policy. We also interviewed staff as part of this process and found that they were knowledgeable about legislative and operational processing requirements.

3.3.2 CAIPS

As part of the audit of the internal control framework, we examined controls over CAIPS. We expected to find that appropriate controls were in place to ensure the appropriate use of CAIPS at the mission and that CAIPS assets were safeguarded.

We found that the mission was controlling access to the CAIPS system. Our review of CAIPS profiles found CAIPS accounts to be generally in compliance with policy. We also found that controls were in place to safeguard CAIPS assets. Access to the CAIPS room was restricted. We also found that the mission was performing periodic system maintenance, backing up information to ensure the continued functioning of the CAIPS system, and that it maintained a log of CAIPS inventory.

3.3.3 Controlled Documents

In missions abroad, controlled documents are comprised of counterfoils and seals and are issued together as a visa. The counterfoil is the document on which missions print visa information and the seal is a document that is placed over the counterfoil, which is placed in passports to prevent tampering.

As part of the audit of the internal control framework, we examined controls over controlled documents. The audit expected to find that the roles and responsibilities were appropriate and that an effective control framework was in place for the custodianship, safeguarding and handling of controlled documents.

Overall, the control framework in place for controlled documents partially met our expectations. We found that the roles and responsibilities related to controlled documents were assigned and appropriate and that generally, an effective control framework was in place for the custodianship and handling of controlled documents.

As part of our audit testing, we reviewed controlled document records and conducted a physical inventory to validate their accuracy. We found there was a discrepancy in the paper records compared to a physical inventory, resulting in an understatement of counterfoils on hand. As a result, this error was reflected in their last quarterly inventory. This was corrected while we were on site and the mission updated its report immediately. Our discussions with mission staff found that while the mission recorded use as per policy and used electronic tools to facilitate its record keeping, it did not conduct periodic physical inventories to validate its records.

Performing periodic physical inventories is a control that helps ensure that records remain accurate. If not done, there is a risk that administrative records may be incorrect and may result in over- or understated inventory levels.

Recommendation 1

The Forms Control Officer should periodically perform a physical inventory to validate the accuracy of the mission’s paper records.

Management Response

This recommendation has been implemented. Physical inventories are performed at the time of each quarterly report.

3.3.4 Immigration Revenues

The audit examined the control framework in place to safeguard revenues collected in the immigration section of the mission. The mission accepts payment by direct deposit and cheques in Canadian dollars only. Its immigration revenues totalled CAN$0.8 million in 2010–2011 (up to July 2010).

We expected to find that roles and responsibilities complied with departmental policies for immigration revenues, that adequate controls were in place to safeguard the cost recovery of immigration revenues, and that an adequate monitoring regime was in place.

Overall, the mission met our expectations in this area. We found that:

  • roles and responsibilities related to the cost recovery of immigration revenues were assigned and understood;
  • general controls over the collection of funds were in place; and
  • periodic monitoring of the cost recovery of immigration revenues was occurring.

In Ankara, the mission receives payment for immigration fees through local banking arrangements. This eliminates the need to handle financial instruments at the mission as applicants pay fees directly to a local bank and then submit their application (along with their direct deposit receipts from the bank as proof of payment) at a later date to the mission. However, verification of direct deposit receipt only occurs if the mission suspects that a fraudulent receipt has been submitted. We also note that applicants are under no obligation to submit an application within a certain timeframe after making payment. In fact, some applicants who make a payment at a bank may not submit an application at all. Upon receipt of the application, the immigration section records the fees collected in POS+, a stand-alone financial system. Our testing of immigration revenue cost-recovery transactions in Ankara found that funds recorded as collected in POS+ were traceable to applications.

Once a week, mission administration provides the immigration section with a copy of the bank statement listing all deposits made at the bank that week. Immigration, due to limits on the information captured by the banks for these transactions, reviews this statement and informs administration of the total fees collected by business line. The totals, entered into the financial accounting system, are unrelated to the amounts recorded as collected in POS+. This process in place in Ankara is a different process from what we have seen in other missions abroad with direct deposit agreements. We also note that the Department does not currently have departmental guidelines on how revenues should be recorded when banking arrangements are in place.

In our previous audits, we noted issues of non-reconciliation of direct deposit receipts at missions abroad and the associated issues of accounting treatment. At that time, we were informed by the International Region that clearer guidelines were needed and that the systems in place needed revision for missions abroad to move toward full transaction reconciliation in the longer term and support an accounting treatment that complies with Canadian accounting standards for the recording of revenues.

Early in the 2010–2011, the Department issued a long-awaited cost-recovery manual. However, it does not provide guidance on individual bank receipt reconciliation nor does it set out accounting guidelines on how to record payments made at banks in light of the decoupling of applications from payments. Without reconciliation processes to track payments made at financial institutions as they are received at missions, the Department will be unable to accrue revenues as they are received as they are done in Canada.

In our discussions with the Finance Sector at NHQ, we were informed that the Financial Operations Branch was working with the Department of Foreign Affairs and International Trade (DFAIT) to establish uniform procedures for all missions abroad to follow in order to move toward global processes for the recording of immigration revenues collected through banking arrangements. The goal was to move toward compliance with Canadian accounting standards for the recording of revenues in the long term.

Recommendation 2

CIC Finance should review revenue-recording procedures for missions abroad and issue departmental procedures in collaboration with DFAIT to ensure that there is a common process for all missions abroad.

Management Response

CIC Finance agrees with the recommendation as it recognizes the need to review and standardize revenue procedures for missions abroad. CIC Finance is currently finalizing standard financial procedures for immigration fees collected at missions in collaboration with DFAIT Finance. CIC Finance will provide support to the International Region to implement the new procedures, include this exposure in its financial internal control risk assessment, and perform monitoring activities as warranted to ensure compliance. Target date: September 2011.

Recommendation 3

Once guidelines on revenue-recording procedures for missions abroad with banking arrangements are available, the International Region should ensure that these new guidelines are communicated to all missions and are implemented and followed.

Management Response

The International Region will work with CIC Finance to ensure that the new procedures are implemented. Target date: September 2011.

3.3.5 Travel and Hospitality

As part of the audit of the internal control framework, we examined the controls over travel and hospitality expenditures. The audit expected that controls would be in place to ensure that travel and hospitality transactions were processed in compliance with the applicable policies and regulations.

As part of our audit, we reviewed the approval process in place and examined the only hospitality claim processed during our review period, which accounted for all funds claimed for 2009–2010. We found that office procedures related to the administration of travel and hospitality met our expectations.

3.3.6 Human Resources

As part of the audit of the management of human resources, we examined controls in place for human resources management. We expected to find that the office was managed in a way that ensured an effective workplace.

We found that the HR process in place at the mission met our expectations. As part of the management of the program, we found that individual performance was monitored during the year as part of application processing and that annual appraisals were documented in HR files. However, we found that staff objectives did not consistently include the establishment of quantitative performance measures at the outset of a period. Given the importance of quantitative targets for missions, this should be reflected, to a certain extent, in staff performance objectives. If staff performance objectives are not set or do not reflect higher level objectives, there is a risk that the mission may not achieve its objectives.

Recommendation 4

Mission management should ensure that all annual staff performance objectives include an element of quantitative performance that supports higher level mission objectives.

Management Response

This recommendation had already been implemented by the new Immigration Program Manager (IPM). During the mid-year review in October 2010, the IPM, who arrived at the mission in July 2010, had introduced more quantitative performance indicators. During the next appraisal period, in April 2011, more attention will be devoted to this aspect.

3.3.7 Citizen-Focused Service

As part of the audit of the management of human resources, we examined controls in place for human resources management. We expected to find that the services delivered by the office met client requirements.

We found that processes were in place to adjust mission practices to meet the needs of its clients. The mission has established some local service levels and it tracks them through client complaints. The mission is also able to track the achievement of departmental service standards. Given the size of the Ankara office, this was appropriate.

3.3.8 Learning, Innovation and Change Management

As part of the audit of the management of human resources, we examined controls in place for human resources management. We expected to find that learning and development activities supported innovation and change management.

We found that the mission had processes in place to identify and implement changes in a way that supported change management. Generally, changes to process are led by mission management. The process begins with the communication of the change and continues through hands-on training. Further refinements are identified and made based on operational experience.

Appendix A: Ankara Mission Organizational Chart

As of January 2011

Ankara Mission Organizational Chart

Appendix B: Ankara Processing Summary

Ankara Processing Summary
Line of Business 2010 2009 2008
# % change # % change #
Permanent Residents Target 2,005 16.2 1,725 0.8 1,711
Visa Issued [Note 1] 2,184 34.7 1,621 -0.9 1,635
Cases Finalized [Note 1] 1,313 25.5 1,046 -1.2 1,059
Persons Finalized [Note 1] 2,766 33.6 2,071 3.6 1,999
Cases Received [Note 1] 1,121 32.7 845 -43.6 1,497
Persons Received [Note 1] 2,401 52.0 1,580 -46.4 2,947
Cases Inventory [Note 2] 907 -18.8 1,117 -28.2 1,556
Persons Inventory [Note 2] 2,189 -15.4 2,587 -26.9 3,540
Temporary Visitors [Note 1] Visas Issued 8,987 27.1 7,069 -3.7 7,343
Cases Finalized 8,701 23.1 7,069 -4.9 7,431
Persons Finalized 10,511 25.1 8,405 -6.0 8,938
Cases Received 8,751 24.0 7,057 -6.1 7,514
Persons Received 10,566 26.1 8,381 -7.3 9,039
Temporary Workers [Note 1] Visas Issued 178 35.9 131 -36.4 206
Cases Finalized 202 10.4 183 -40.4 307
Persons Finalized 203 9.7 185 -42.5 322
Cases Received 206 8.4 190 -38.3 308
Persons Received 207 7.3 193 -39.9 321
Students [Note 1] Visas Issued 983 0.0 983 26.7 776
Cases Finalized 1,399 -4.0 1,457 25.8 1,158
Persons Finalized 1,400 -4.0 1,458 25.6 1,161
Cases Received 1,419 -3.5 1,470 26.3 1,164
Persons Received 1,420 -3.5 1,471 26.0 1,167
Immigration Revenues (in millions) [Note 3] $0.8 $1.5 $1.7

[Note 1] Data from International Region data records as at December 31, 2010.
[Note 2] Data from International Region data records as at December 31, 2010, December 31, 2009, and January 2, 2009, for end of 2010, 2009 and 2008 respectively.
[Note 3] Revenues are for 2010–2011 (to July 2010), 2009–2010 and 2008–2009 fiscal years.

Note: Immigration applications are referred to as “cases” in the statistics, while “persons” refers to the number of people who have submitted an application. For example, families generally apply together in one application rather than in several separate applications. The statistics therefore refer to both the number of cases (i.e., the number of applications) and the total number of people who applied (regardless of the number of cases).

Appendix C: Detailed Criteria for the Audit

Objective 1: Governance Framework

The adequacy of the governance framework will be assessed against the following criteria:

  • Governance structures are in place to ensure that accountabilities are adequately discharged.
  • Values and ethics are promoted and reinforced.
  • Relevant information on results is gathered, used to make decisions and reported.

Objective 2: Risk Management

The adequacy of risk management process and practices will be assessed against the following criteria:

  • Processes are in place to identify, assess, mitigate and monitor risks.
  • Management appropriately communicates risk and risk management strategies to key stakeholders.
  • Planning and resource allocation take risk information into account.

Objective 3: Internal Controls

The internal controls in place to support financial, administrative and operational activities will be assessed against the following criteria under the following lines of enquiry:

  • Application Processing
    • Decisions are adequately documented, and required supporting documents are maintained.
    • Designated and delegated authorities for decisions are appropriate and comply with departmental policy.
    • Appropriate controls are in place to ensure that admissibility requirements are met.
  • CAIPS Management
    • Appropriate controls are in place for the management and use of CAIPS user accounts at the mission.
    • Appropriate controls are in place to safeguard CAIPS assets at the mission.
  • Controlled Documents
    • Roles and responsibilities are appropriate for the custodianship, safeguarding and handling of controlled documents.
    • Adequate controls are in place for the custodianship, safeguarding and handling of controlled documents.
  • Immigration Revenues
    • Roles and responsibilities assigned and procedures performed comply with departmental policies on cost recovery.
    • Adequate controls are in place in the physical environment to safeguard the cost-recovery system.
    • An adequate monitoring regime is in place to ensure that controls are working properly and that funds collected are properly accounted for and safeguarded.
  • Travel and Hospitality
    • Internal controls should be in place to ensure that travel and hospitality transactions comply with policies and regulations to protect against fraud, financial negligence and other violations of rules and principles.
  • Human Resources: The office is managed in a way that ensures an effective workplace for staff to successfully contribute to the work objectives.
  • Citizen-Focused Service: The services delivered by the office reflect its clients’ requirements.
  • Learning, Innovation and Change Management: Learning and development activities are used to promote innovation and change management.

Appendix D: Management Action Plan

Management Action Plan
Recommendations Action Plan Responsibility Target date
1. The Forms Control Officer should periodically perform a physical inventory to validate the accuracy of the mission’s paper records. This recommendation has been implemented. Physical inventories are performed at the time of each quarterly report. Mission Completed
2. CIC Finance should review revenue-recording procedures for missions abroad and issue departmental procedures in collaboration with DFAIT to ensure that there is a common process for all missions abroad. CIC Finance agrees with the recommendation as it recognizes the need to review and standardize revenue procedures for missions abroad. CIC Finance is currently finalizing standard financial procedures for immigration fees collected at missions in collaboration with DFAIT Finance. CIC Finance will provide support to the International Region to implement the new procedures, include this exposure in its financial internal control risk assessment, and perform monitoring activities as warranted to ensure compliance. Financial Operations September 2011
3. Once guidelines on revenue-recording procedures for missions abroad with banking arrangements are available, the International Region should ensure that these new guidelines are communicated to all missions and implemented and followed. The International Region will work with CIC Finance to ensure that the new procedures are implemented. International Region September 2011
4. Mission management should ensure that all annual staff performance objectives include an element of quantitative performance that supports higher level mission objectives. This recommendation had already been implemented by the new Immigration Program Manager (IPM). During the mid-year review in October 2010, the IPM, who arrived at the mission in July 2010, had introduced more quantitative performance indicators. During the next appraisal period, in April 2011, more attention will be devoted to this aspect.   Mission Completed

Appendix E: Audit Time Line

Audit Time Line
Activity Time
Audit planning August–September 2010
On-site examination October 11–15, 2010
Clearance draft to IPM and the International Region for comments January 24, 2011
Management Action Plan finalized March 18, 2011
Recommended for approval by Audit Committee April 5, 2011
Report approved by Deputy Minister April 5, 2011

Page details

Date modified: