Audit of the Immigration Program at the Canadian Mission in Damascus

Audit Report
Internal Audit and Accountability Branch
Citizenship and Immigration Canada
February 2011


Table of Contents


Acronyms Used in the Report

CAIPS
Computer-Assisted Immigration Processing System
CIC
Citizenship and Immigration Canada
CBO
Canada-Based Officer
FSC
Full-Service Centre
GCMS
Global Case Management System
IR
International Region
IRIMP
International Region Immigration Management Plan
HR
Human Resources
RPC
Regional Program Centre

Executive Summary

The Citizenship and Immigration Canada (CIC) risk-based audit plan for 2010–2013 provides for audits of missions abroad. The selection of the immigration program at the Canadian mission in Damascus was done in consultation with the International Region (IR) Branch at CIC national headquarters. The on-site fieldwork was conducted from September 27 to October 7, 2010.

The Damascus mission is a Regional Program Centre (RPC) responsible for the delivery of the immigration program in Syria, Iran, Lebanon, Jordan, Iraq and Cyprus. It has three satellite offices that process temporary resident applications for the countries in which they are located and that provide support to Damascus in processing permanent resident applications. The mission has 55 full-time equivalents.

The audit objectives were to assess the adequacy of the following:

  • the mission’s governance framework for administering the Immigration Program;
  • the risk management processes and practices for supporting the program’s objectives; and
  • the internal control framework governing operational, administrative and financial activities.

The criteria used in the audit are based on Treasury Board and CIC applicable legislation, policies and directives.

We found that:

  • the governance framework met our expectations;
  • the risk management processes and practices met our expectations; and
  • the internal control framework partially met our expectations.

In particular, we found that controls over the Computer-Assisted Immigration Processing System (CAIPS), controlled documents and staff performance management should be strengthened. This audit report sets out our recommendations for addressing these observations, as well as the mission’s responses and action plan for following up on them.

1.0 Introduction

The CIC risk-based audit plan for 2010–2013 provides for audits of missions abroad. The immigration program at the Canadian mission in Damascus was selected for audit in consultation with the IR Branch at CIC national headquarters. The on-site fieldwork was conducted from September 27 to October 7, 2010.

1.1 Background

1.1.1 Operations

CIC receives, selects and processes applications from foreign nationals who want to come to Canada temporarily or permanently and who will stimulate economic growth and enrich and strengthen the social and cultural fabric of Canadian society. Responsibility for those tasks lies with the Operations Sector, which is divided into domestic and overseas operations. Overseas operations fall under the responsibility of the IR Branch and its network of visa offices (or missions) abroad.

There are three categories of visa offices or missions abroad: RPCs, full-service centres (FSCs), and satellites and specialized offices. RPCs and FSCs both deliver the full range of immigration services for the countries they serve, but RPCs also oversee satellite offices. The full range of immigration services includes the processing of permanent and temporary resident applications as well as other immigration applications, such as requests for travel documents or temporary resident permits. Satellite and specialized program offices do not deliver the full range of immigration services.

The Damascus mission is the RPC responsible for the delivery of the immigration program in Syria, Iran, Lebanon, Jordan, Iraq and Cyprus. It has three satellite offices in Amman, Beirut and Teheran. These offices process temporary resident applications for the countries in which they are located and provide support to Damascus in processing permanent resident applications.

According to IR data, the mission had 55 full-time equivalents as follows:

  • 16 Canada-based officers (CBOs)
  • 39 Locally engaged staff  

Appendix A presents the mission’s summarized organizational chart as of September 2010.

The majority of these employees are responsible for the direct processing of immigration applications. Damascus performs specialized immigration activities undertaken in select missions abroad. These activities are undertaken by the Canada Border Services Agency and its Migration Integrity Unit, which is involved in anti-fraud and interdiction activities that support program integrity in the region. It is important to note that the Migration Integrity Unit covers a different geographic territory than the immigration program.

1.1.2 Environmental Context

This section of the report highlights some of the operating environment issues which the mission faces. They are presented here for information purposes only and do not reflect any particular order.

Mission management identified the following challenges related to the operating environment:

  • Presence of fraud in the operating environment – Due to the prevalence of fraud in the area, the missions must have detailed knowledge about local and regional documentation and verification methods in order to determine if an application may involve fraud, terrorism, war crimes or crimes against humanity.
  • Increased workload – The mission has seen a dramatic increase in its refugee caseload, adding additional strain to the program as no additional resources were provided to accompany this increase.
  • Regional technological limitations – These limitations constitute the greatest stress on the mission’s ability to deliver effective client service.
  • Travel impediments – Iranians make up the largest single component of the mission’s caseload, but the difficulty in obtaining Iranian visas for Canadian staff based in Damascus is an operational impediment.
  • Use of commercial couriers – As regular commercial courier services cannot be used between Iran and Syria, a mix of diplomatic bag and local courier service must be used, which slows processing times.
  • Planned construction – The chancery is scheduled to undergo a renovation to address office accommodation issues. Nonetheless, this renovation will likely have a negative impact on the mission’s productivity during the transition.

1.2 Audit Risk Assessment

On the basis of reviews and analysis during the planning phase and applicable elements of the Treasury Board Secretariat’s Management Accountability Framework and CIC’s Core Management Controls Framework, the following key risks were identified:

  • Governance framework – There are risks that governance structures and processes may not be clearly defined, and results and performance not properly reported upon.
  • Risk management processes and practices – There are risks that critical events that could impact on the delivery of the Immigration Program have not been identified and appropriately assessed and mitigated.
  • Internal control framework – There are risks that adequate controls are not in place for the operational and administrative processes used to deliver the Immigration Program.

1.3 Audit Objectives

The audit objectives were to assess the adequacy of the following:

  • the governance framework for administering the Immigration Program;
  • the risk management processes and practices for supporting the program’s objectives; and
  • the internal control framework governing operational, administrative and financial activities.

1.4 Audit Criteria

The audit criteria were based on the applicable Treasury Board and CIC legislation, policies and directives. See Appendix C for the detailed criteria.

1.5 Audit Scope

The audit only involved operations at the Canadian mission in Damascus and did not examine activities carried out by satellite offices in the region. The audit scope covered all significant aspects of CIC operations at the mission, as described in section 1.1.1 of this report. This included the full range of immigrant and non-immigrant program activities with associated financial and administrative components typically found in an RPC. The audit examined the activities of the mission from July 1, 2009, to the end of the on-site examination period on October 7, 2010.

1.6 Audit Methodology

There were three lines of enquiry:

  • the governance framework;
  • risk management practices; and
  • the internal control framework.

As part of our examination of the governance framework and risk-management processes and practices, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes, documented controls, tested information, and reviewed samples of management files to test for compliance.

As part of our examination of the internal control framework, we examined the controls over application processing, CAIPS, controlled documents, cost recovery, travel and hospitality expenditures, people, citizen-focused service and learning, innovation and change management.

In our examination of application processing, we examined all decisions related to permanent resident determination travel documents, temporary resident and permanent resident cases, and temporary resident permits finalized from July 1, 2009, to June 30, 2010, to test compliance with decision-making authorities. We also interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes and documented controls. The audit also examined a judgmental sample of five permanent resident determination travel documents, 20 temporary resident cases and 40 permanent resident cases that were finalized between July 1, 2009, and June 30, 2010, to assess compliance with the legislation, regulations and policy requirements of each case file. We determined the sample size based on processing volumes at the mission. Individual sample cases were selected randomly and reviewed to validate findings from the interviews, reviews of documents and observations of procedures.

In examining other internal controls, we interviewed Immigration Program staff and other mission staff with links to immigration operations, reviewed documents, observed processes and documented controls. Specifically, we examined CAIPS user profiles, tested CAIPS inventory controls, tested a sample of transactions involving the office's inventory of controlled documents, examined cost-recovery revenue controls, and reviewed a sample of travel and hospitality claims and a sample of staff Human Resources (HR) files to assess the effectiveness of the controls in place.

As part of this process, the Head of Mission was debriefed on our preliminary observations.

The audit was conducted to be in accordance with the Government of Canada’s Policy on Internal Audit and the professional practice standards established by the Institute of Internal Auditors.

2.0 Audit Conclusions

We found that:

  • the governance framework met our expectations;
  • the risk management processes and practices met our expectations; and
  • the internal control framework partially met our expectations.

The next section of this report contains detailed observations and recommendations.

3.0 Observations and Recommendations

3.1 Governance Processes

The audit examined three areas of the governance framework:

  • governance and strategic direction;
  • values and ethics; and
  • results and performance.

We expected to find that:

  • structures were in place to ensure that accountabilities were adequately discharged;
  • values and ethics were promoted and reinforced; and  
  • information on results was gathered, used to make decisions and reported.

The governance framework in place at the mission met our expectations. We found that:

  • clear reporting lines were in place;
  • planning conformed to IR planning requirements;
  • management practices supported and reinforced the promotion of values and ethics; and
  • management was capturing performance information to monitor performance toward planned results.

We found that reporting lines were clearly established in organizational charts and were generally reflected in staff job descriptions. Our review of mission plans found they were developed in accordance with IR guidelines and communicated the organization’s goals and risks. We also found that HR management practices promoted public service values and ethics through periodic reviews of public service information and training on values and ethics. Lastly, we found that the mission was monitoring performance toward mission-level objectives through the periodic review of processing statistics and discussion of processing results. However, we note that this review and discussion occurred at the mission level and that practices could be further strengthened through the consistent establishment of individual staff performance expectations, which included elements of quantitative expectations. This is discussed further in section 3.3.6.

3.2 Risk Management

As part of the audit, we examined the adequacy of the risk management processes and practices in place to support the achievement of the mission’s objectives. Specifically, we expected to see that processes were in place to identify, assess, mitigate and monitor risks, that management appropriately communicated risks and risk management strategies to key stakeholders, and that planning and resource allocation took risk information into account.

We found that risks were documented in the mission’s annual plan and also identified as part of the mission’s application processing. We also found that environment-scanning capabilities were established in the region which supported the mission’s operations. These capabilities included the establishment of key local networks, including information-sharing protocols and knowledge gained as part of application processing. In addition, quality assurance activities were performed to help the mission validate or refute its risk information. In this way, quality assurance was used to validate risks and helped inform managerial decisions on its processing practices. Based on the results of these activities, mitigation strategies were developed when merited and updated as needed following a reiteration of the above process. Therefore, we found that risk management practices were appropriate for a mission of Damascus’s size.

3.2 Internal Control Framework

As part of the audit of the internal control framework, we examined the controls in place over application processing, CAIPS, controlled documents, cost recovery, travel and hospitality expenditures, people, citizen-focused service and learning, innovation and change management.  

We found that the internal control framework partially met our expectations as adjustments were required for some controls in place for operational activities.

3.3.1 Application Processing

The audit of internal controls included an examination of immigrant and non-immigrant processing. We expected to find that application decisions were adequately documented, that processes and procedures complied with applicable legislation and policies, that sufficient controls were in place to ensure that admissibility requirements were met, and that designated and delegated authorities for decisions were appropriate and complied with departmental policy.

We found that the controls in place over application processing met our expectations. We documented and reviewed the process to review and assess immigration applications in place at the mission and found that overall, adequate controls were in place to ensure compliance with operational and legislative requirements. We also reviewed all decisions made on cases finalized over our review period and found that all decisions were made by individuals with the authority to do so. As part of our audit, we also reviewed samples of case files finalized during our review period. Our observations found some minor issues on a small number of cases, but none that suggested any systematic issues. Our interviews with staff found that they were knowledgeable about legislative and operational processing requirements.

3.3.2 CAIPS

As part of the audit of the internal control framework, we examined the controls over CAIPS. We expected to find that appropriate controls were in place to ensure the appropriate use of CAIPS at the mission and that CAIPS assets were safeguarded.

The control framework for CAIPS partially met our expectations. We found that access to CAIPS was controlled by the CAIPS manager. While the CAIPS manager periodically reviewed profiles and the mission recently implemented a change control log for CAIPS updates, we found that:

  • some profiles of former staff had not been deactivated;
  • some unassigned accounts had not been fully reset, although the scope of the variation differed from account to account (our audit testing found no irregular activity); and
  • a small number of accounts may have capabilities that may not be necessary.

These issues represent a potential risk to controls over CAIPS. Creating additional access points beyond what is needed increases the risk of unauthorized access. However, our additional audit testing found that all decisions made on immigration applications during the period under review were made by authorized individuals. We note that some of these issues have been addressed since our on-site review.

We also found that the mission was performing system administration activities as required by policy, including regular maintenance, information backups to ensure the continued functioning of the CAIPS system, and the maintenance of a CAIPS inventory. We therefore found that adequate controls were in place to safeguard CAIPS assets.

Recommendation 1

The CAIPS manager should review the CAIPS access requirements for staff with mission management and make any necessary adjustments as required.

Management Response

The mission has implemented this recommendation. At the time of the audit, profiles were deactivated, unassigned accounts were reset and tables were updated.

The mission recognizes that more officers have access to CAIPS key F15 than recommended in departmental manuals. Access is now restricted to regularly assigned CBOs. The mission processes a significant number of Authorities to Return to Canada, a function that is controlled from the same key. Practically speaking, all officers may require access to these files, and granting authority was recently delegated to the Unit Manager. Proper use of the function for issuance will be monitored administratively until such time as CAIPS is deactivated and the Global Case Management System (GCMS) is modified to reflect the delegation instrument.

3.3.3 Controlled Documents

In missions abroad, controlled documents are comprised of counterfoils and seals and are issued together as a visa. Counterfoils are the documents on which the missions print the visa information and seals are documents that are placed over the counterfoils to prevent tampering. Together, these documents are then placed in the passport.

As part of the audit of the internal control framework, we examined controls over controlled documents. The audit expected to find that roles and responsibilities were appropriate and that an effective control framework was in place for the custodianship, safeguarding and handling of controlled documents.

Overall, the control framework in place for controlled documents partially met our expectations. We found that the roles had been assigned to ensure the safeguarding of controlled documents and that the mission tracked and recorded their use. In general, the mission maintains the bulk of its controlled forms inventory in deep storage. The controlled forms officer then withdraws and maintains a working supply of controlled forms. All document used by Damascus are recorded in the controlled form logs maintained by the mission (the key control among all controlled document controls), thus allowing the mission to account for all of its controlled document use. However, we noted that a second “working supply” inventory was provided to the temporary resident unit and that this lacked accountability controls (e.g., sign-in and sign-out sheets).

As part of our audit testing, we conducted a physical inventory to validate the accuracy of the mission’s inventory records. We found that:

  • The mission did not periodically perform a physical inventory of controlled forms to validate its paper records; and
  • Electronic tools used to track the use of controlled documents had errors due to incorrect formula referencing, and numbers were not periodically reviewed or verified for accuracy. These were corrected immediately and, consequently, we were able to reconcile to the corrected figures.

We also reviewed the sequence of the documents used to ensure the integrity of the records, reviewed a sample of documents used to ensure the traceability and accuracy of records; and reviewed quarterly reporting and the mission-controlled documents monitoring file. Our other audit testing of controlled document controls found no significant issues. In particular, the controlled form logs recorded form use and we did not observe any breaks in the use of forms over the period under examination.

We provided the details of our inventory review to the mission for its consideration at the time of our audit and it took immediate action to begin to address our observations. If controls are not in place to validate the mission’s records, it may not be able to accurately report on its inventory. Furthermore, if accountability controls are not in place, the mission may not have controls in place to allow it to investigate and detect errors, in the event of an issue.

Recommendation 2

Mission management should ensure that adequate controls are in place for it to safeguard and account for its controlled documents inventory.

Management Response

This recommendation has been implemented.

Work done during the audit revealed calculating errors in the local inventory spreadsheets, which were quickly corrected. Physical inventories will now be done consistently.

The mission agrees that some form practices were not optimal. Separate stocks of counterfoils and seals were merged early in January 2011 and a single inventory as well as a single sign-out-and-in procedure will now be maintained. In addition, seal numbers are now being recorded in paper logs.

Lastly, we found that the mission had a separate process for issuing permanent resident visas for applicants residing in Lebanon (a small portion of permanent resident applications) with the bulk of permanent resident visas following the normal process in Damascus. This process was implemented in the spring of 2010. For these applications, the Damascus office is responsible for processing the application and printing the visa counterfoils, which are also recorded in the Damascus usage log. The visas are then periodically taken to Damascus’ satellite office in Beirut where the mission places it in the applicant’s passport and seals it. Our review found that controls in place for documents issued to applicants residing in Lebanon needed to be strengthened to ensure better accountability and control as they did not meet our expectations.

Recommendation 3

Mission management should review and update its safeguarding and transmission controls for controlled documents sent to its satellite mission in Beirut, making any necessary adjustments to these following the implementation of GCMS in Damascus.

Management Response

The mission realizes that the Beirut procedure was not ideal and it has implemented this recommendation. It was provisionally instituted earlier in 2010 in order to fulfil a client service commitment made by the Department, and has already been discontinued. As of December 2010, the visas and the confirmations of permanent residence are printed and affixed in the Beirut office, using CAIPS file loan capabilities. Neither the passports nor the counterfoils are transported between missions. This procedure has both reduced risk and improved client service, and will be adapted to GCMS when required.

3.3.4 Immigration Revenues

The audit examined the control framework in place to safeguard revenues collected in the immigration section of the mission. The mission accepts payment by certified instruments in Canadian dollars and Syrian pounds by direct deposit.

We expected to find that roles and responsibilities complied with departmental policies for cost recovery, that adequate controls were in place to safeguard the cost recovery of immigration revenues, and that an adequate monitoring regime was in place.

Overall, we found that:

  • roles and responsibilities were assigned in accordance with departmental policies and were clear;
  • the processes in place varied slightly from policy requirements because of operational constraints, but none materially varied and no significant weaknesses were observed; and
  • periodic monitoring of the cost-recovery function was occurring.

The mission had one cost-recovery clerk who was responsible for recording the collection of immigration revenues in POS+. A review of the records and audit testing of the cost recovery of immigration revenue transactions found that controls were generally in place and that the cost-recovery officer was periodically monitoring the collection of revenues.

3.3.5 Travel and Hospitality

As part of the audit of the internal control framework, we examined the controls over travel and hospitality expenditures. The audit expected that controls would be in place to ensure that travel and hospitality transactions were processed in compliance with the applicable policies and regulations.

As part of our audit, we examined a sample of five travel claims and one hospitality claim representing 54% and 82%, respectively, of funds claimed for 2009–2010 in these areas. We found that office procedures related to the administration of travel and hospitality met our expectations.

3.3.6 People

As part of the audit of the management of people, we examined controls in place for Human Resources management. We expected to find that the office was managed in a way that ensured an effective workplace.

We found that the human resources process in place at the mission met our expectations. After consultation with the management of the program, we found that individual staff performance was periodically reviewed during the year and documented formally in annual appraisals in Human Resources files. However, our review found that supervisors were not consistently setting staff performance objectives (in particular, quantitative performance) at the outset of a period. If performance objectives are not set in advance, there is a risk that the mission may not achieve its objectives as mission performance is dependent on individual staff performance.

Recommendation 4

Mission management should ensure that staff performance objectives are consistently established at the outset of a planning period and include some element of quantitative measures of performance, as necessary.

Management Response

During the autumn 2010 mid-year review process, supervisors went over quantitative performance measures with all staff, and these will be made clearer in objectives in the future, where applicable.

3.3.7 Citizen-Focused Service

As part of the audit of the management of citizen-focused service, we examined controls in place for citizen-focused service. We expected to find that the services delivered by the office met client requirements.

We found that processes were in place to adjust mission practices to meet the needs of its clients. The mission is also endeavouring to improve regional client service by working with other missions in the region with the goal of promoting and promulgating best practices related to client service, and through periodic review of client needs. The periodic review included obtaining client feedback with the goal of informing decisions to adjust and improve client services to meet their needs. We also found that the mission not only captured performance information on departmental service standards that were established, but had also established some local service levels which were monitored as well.

3.3.8 Learning, Innovation and Change Management

As part of the audit of the management of people, we examined controls in place for human resources management. We expected to find that learning and development activities supported innovation and change management.

We found that the mission had processes in place to identify and implement changes in a way that supported change management. While significant changes to the mission’s immigration operations had not been undertaken recently, several were planned for the near future. However, incremental changes were undertaken on an ongoing basis as a result of the mission’s commitment to ongoing learning and innovation to mission procedures. Discussions with mission staff and a review of mission documents found that the mission had appropriate controls in place to support learning, innovation and change management.

Appendix A: Damascus Mission Organizational Chart

Source: Adapted from the IRIMP Organizational Chart (September 2010)

Prairies and Northern Territories Region Organizational Chart

Appendix B: Damascus Processing Summary

Damascus Processing Summary
Line of Business 2010 2009 2008
Number % change Number % change Number
Permanent Residents Target 13,020 12.3 11,595 9.7 10,567
Visas Issued [Note 1] 12,081 -1.6 12,280 17.5 10,453
Cases Finalized [Note 1] 6,198 -8.4 6,767 10.9 6,100
Persons Finalized[Note 1] 13,495 -2.2 13,794 6.7 12,925
Cases Received [Note 1] 10,034 -16.8 12,065 3.6 11,643
Persons Received [Note 1] 21,896 -15.4 25,878 -1.2 26,194
Cases Inventory [Note 2] 23,083 6.1 21,763 -13.9 25,283
Persons Inventory [Note 2] 57,111 3.5 55,172 -15.6 65,357
Temporary Visitors [Note 1] Visas Issued 1,476 -5.9 1,569 9.9 1,428
Cases Finalized 2,003 -3.6 2,078 -1.7 2,115
Persons Finalized 2,388 -8.1 2,598 0.9 2,575
Cases Received 2,048 -3.6 2,124 -1.8 2,163
Persons Received 2,440 -8.4 2,663 1.0 2,636
Temporary Workers [Note 1] Visas Issued 162 -26.0 219 4.8 209
Cases Finalized 240 -29.6 341 -30.5 491
Persons Finalized 256 -28.3 357 -30.4 513
Cases Received 255 -20.8 322 -35.2 497
Persons Received 268 -21.6 342 -34.1 519
Students [Note 1] Visas Issued 115 26.4 91 -18.8 112
Cases Finalized 238 10.7 215 -4.9 226
Persons Finalized 241 7.6 224 -10.8 251
Cases Received 241 3.0 234 0.4 233
Persons Received 244 0.4 243 -6.5 260
Cost Recovery (in millions) [Note 3] $2.2 $1.6 $6.4
  • [1] Data from IR data records as at December 31, 2010. [back to note 1]
  • [2] Data from IR data records as at September 3, 2010, December 31, 2009, and January 2, 2009, for 2010, 2009 and 2008 respectively. [back to note 2]
  • [3] Revenues are as per 2010–2011 (to July 2010), 2009–2010 and 2008–2009 fiscal years. [back to note 3]

General Note. Immigration applications are referred to as “cases” in the statistics, while “persons” refers to the number of people who have submitted an application. For example, families generally apply together in one application rather than in several separate applications. The statistics therefore refer to both the number of cases (i.e., number of applications) and the total number of people who applied (regardless of the number of cases).

Appendix C: Detailed Criteria for the Audit

Objective 1: Governance Framework

The adequacy of the governance framework will be assessed against the following criteria:

  • Governance structures are in place to ensure that accountabilities are adequately discharged.
  • Values and ethics are promoted and reinforced.
  • Relevant information on results is gathered, used to make decisions and reported.

Objective 2: Risk Management

The adequacy of risk management processes and practices will be assessed against the following criteria:

  • Processes are in place to identify, assess, mitigate and monitor risks.
  • Management appropriately communicates risk and risk management strategies to key stakeholders.
  • Planning and resource allocation take risk information into account.

Objective 3: Internal Controls

The internal controls in place to support financial, administrative and operational activities will be assessed under the following lines of enquiry against the following criteria:

  • Application Processing
    • Decisions are adequately documented and the required supporting documents are maintained.
    • Designated and delegated authorities for decisions are appropriate and comply with departmental policy.
    • Appropriate controls are in place to ensure that admissibility requirements are met.
  • CAIPS Management
    • Appropriate controls are in place for the management and use of CAIPS user accounts at the mission.
    • Appropriate controls are in place to safeguard CAIPS assets at the mission.
  • Controlled Documents
    • Roles and responsibilities are appropriate for the custodianship, safeguarding and handling of controlled documents.
    • Adequate controls are in place for the custodianship, safeguarding and handling of controlled documents.
  • Immigration Revenues
    • Roles and responsibilities assigned and procedures performed comply with departmental policies on cost recovery.
    • Adequate controls are in place in the physical environment to safeguard the cost-recovery system.
    • An adequate monitoring regime is in place to ensure that controls are working properly and that funds collected are properly accounted for and safeguarded.
  • Travel and Hospitality
    • Internal controls should be in place to ensure that travel and hospitality transactions comply with policies and regulations to protect against fraud, financial negligence and other violations of rules and principles.
  • People: The office is managed in a way that ensures an effective workplace for staff to successfully contribute to the work objectives.
  • Citizen-Focused Service: The services delivered by the office reflect its clients’ requirements.
  • Learning, Innovation and Change Management: Learning and development activities are used to promote innovation and change management.

Appendix D: Management Action Plan

 Management Action Plan
Recommendation Action Plan Responsibility Target Date

1. The CAIPS manager should review the CAIPS access requirements for staff with mission management and make any necessary adjustments as required.

The mission has implemented this recommendation. At the time of the audit, profiles were deactivated, unassigned accounts were reset, and tables updated.

The mission recognizes that more officers have access to CAIPS key F15 than recommended in departmental manuals. Access is now restricted to regularly assigned CBOs. The mission processes a significant number of ARCs (Authority to Return to Canada), a function that is controlled from the same key. Practically speaking, all officers may require access to these files, and granting authority was recently delegated to the Unit Manager level. Proper usage of the function for issuance will be monitored administratively until such time as CAIPS is deactivated and GCMS is modified to reflect the delegation instrument.

Mission

Completed

2. Mission management should ensure that adequate controls are in place for it to safeguard and account for its controlled documents inventory.

This recommendation has been implemented.

Work done during the audit revealed calculating errors in the local inventory spreadsheets, which were quickly corrected. Physical inventories will now be done consistently.

The mission agrees that some forms practices were not optimal. Separate stocks of counterfoils and seals were merged early in January 2011 and a single inventory as well as a single sign-out-and-in procedure will now be maintained. In addition, seal numbers are now being recorded in paper logs.

Mission

Completed

3. Mission management should review and update its safeguarding and transmission controls for controlled documents sent to its satellite mission in Beirut, making any necessary adjustments to these following the implementation of GCMS in Damascus.

The mission realizes that the Beirut procedure was not ideal and has implemented this recommendation. It was provisionally instituted earlier in 2010 in order to fulfill a client service commitment made by the Department, and has already been discontinued. As of December 2010, the visas and COPRs are printed and affixed in the Beirut office, using CAIPS file loan capabilities. Neither the passports nor the counterfoils are transported between missions. This procedure has both reduced risk and improved client service, and will be adapted to GCMS when required.

Mission

Completed

4. Mission management should ensure that staff performance objectives are consistently established at the outset of a planning period and include some element of quantitative measures of performance, as necessary.

This recommendation has been implemented. During the Autumn 2010 mid-year review process, supervisors went over quantitative performance measures with all staff, and these will be made clearer in objectives in the future, where applicable.

Mission

Completed

Appendix E: Audit Time Line

Audit planning: August and September 2010

On-site examination: September 27 to October 7, 2010

Clearance draft to Immigration Program Manager and IR for comments: December 22, 2010

Management Action Plan finalized: January 26, 2011

Report recommended for approval by Audit Committee: February 10, 2011

Report approved by the Deputy Minister: February 10, 2011

Page details

Date modified: