Audit of the Immigration Program at the Canadian Mission in Mexico City
Internal Audit & Accountability Branch
Citizenship and Immigration Canada
September 2012
Table of Contents
Executive Summary
The Citizenship and Immigration Canada CIC Risk-Based Audit Plan (RBAP) identifies audit and advisory engagements to be undertaken by weighing a combination of departmental priorities and risks. Completed by the Internal Audit and Accountability Branch and approved by the Departmental Audit Committee in April 2011, the 2011-2014 RBAP identified the need for an audit of the Immigration Program at the Canadian Mission in Mexico City, Mexico in Q1 2012/13. The audit was advanced to begin in Q4 2011/12 to coincide with a Department of Foreign Affairs and International Trade (DFAIT) inspection of the mission. The site visit occurred from February 13 to 24, 2012.
The Mexico City mission is a full-service centre in Canada’s overseas network of visa offices. As of January 2012, the mission had 80 immigration employees, including 3 belonging to the Canada Border Services Agency:
- 20 Canada-based Officers (CBO), including 2 Migration Integrity Officers
- 60 Locally Engaged Staff (LES), including 1 Designated Immigration Officer, 1 Non-Immigrant Officer, and 1 Migration Integrity Assistant
The audit objectives were to assess the adequacy of the mission’s
- governance framework for administering the immigration program;
- risk management processes and practices in place to support program objectives; and
- internal control framework governing administrative, financial and operational activities.
The criteria used in the audit are based on applicable Treasury Board and CIC legislation, policies and directives, and can be found in Appendix B. The audit covered the time period from October 1, 2010, to the end of the site visit on February 24, 2012.
We found that:
- the governance framework met our expectations;
- risk management processes and practices in place met our expectations; and
- the internal control framework partially met our expectations.
This audit report sets out the recommendations for addressing our observations, as well as management’s responses, action plans and proposed completion dates.
Statement of Assurance
The conduct of this engagement was done in accordance with the Internal Audit Standards for the Government of Canada which incorporate the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing. Sufficient and appropriate auditing procedures were performed to provide a high level of assurance over the findings and conclusion in this report.
Gibby Armstrong
Chief Audit Executive Citizenship and Immigration Canada
Introduction
Citizenship and Immigration Canada CIC recruits, selects and processes applications from foreign nationals who want to come to Canada temporarily or permanently and contribute to building a stronger Canada by settling and fully integrating into Canadian society and the economy. The Operations Sector at National Headquarters, which includes domestic and overseas operations, is responsible for carrying out these tasks. Overseas operations fall under the responsibility of the International Region (IR) and its network of visa offices at missions abroad. As of September 2011, this network was comprised of 90 points of service in 76 countries.
There are four categories of visa offices or missions abroad: regional processing centres (RPCs), full-service centres (FSCs), satellites, and specialized offices. RPCs and FSCs both deliver the full range of immigration services for the countries they serve, but RPCs also oversee satellite offices. The full range of immigration services includes the processing of permanent and temporary resident applications as well as other immigration applications, such as requests for travel documents or temporary resident permits. Satellite and specialized program offices do not deliver the full range of immigration services.
As an FSC, the Mexico City mission is responsible for immigrant and temporary resident applications from Mexico; Quebec Economic Class applications from Colombia and Ecuador (effective January 2010); and all Economic Class (Quebec and federal) applications from Venezuela, Aruba, Bonaire and Curacao (effective December 2011) and Haiti (effective July 2011).
Appendix A presents a summary of the mission’s processing data for 2008 2011, and a comparison to CIC’s overseas network.
Environmental Context
The following is an overview of the environmental context within which the mission conducts and manages its operations. The information is provided as part of the background to the audit and is not listed in any particular order.
Mission management identified the following challenges related to the operating environment in their 2011/12 International Region Integrated Management Plan (IRIMP):
- Visa imposition - Visitor applications processed by the Mexico City office increased significantly following the introduction of the visa requirement for Mexican citizens in July 2009.
- Opening of Visa Application Centres (VACs) - VACs, which provide applicants with more locations and longer hours to submit their applications, were opened in Mexico City, Monterrey, and Guadalajara beginning in October 2009. They have greatly facilitated the processing of applications and enhanced the quality of basic services rendered to clients.
- Permanent resident (PR) processing – While the permanent immigration program is relatively small in Mexico City, the primary push factors for applicants from the region are as follows: economic factors, quality of life, and insecurity and violence.
- Growth in the PR program – Mexico City experienced a significant growth in PR targets from 2010 to 2011 due primarily to the transfer of Quebec Economic category cases from Colombia and Ecuador to this office. Quebec skilled workers now comprise approximately 58 percent of the mission’s total PR target.
- Temporary resident visa (TRV) processing – Application intake for TRVs fluctuates greatly during the year, with demand highest during the summer months. For example, the mission received 3.6 times as many applications in July than in January 2010.
- Temporary Work Permits – Seasonal Agricultural Worker Program cases comprise approximately 89 percent of Mexico City’s work permit application intake.
Observations and Recommendations
Governance Framework
The audit examined the adequacy of four areas of the governance framework for administering the Immigration Program:
- Governance and strategic direction
- Public service values
- Results and performance
- Accountability
To assess components of the governance framework, we interviewed program staff and other mission staff with links to the Immigration Program, reviewed documents, observed processes, tested information and reviewed samples of management files for compliance.
We expected to find that:
- The mission had clearly defined and communicated strategic directions and strategic objectives aligned with its mandate;
- That the mission had operational plans and objectives in place aimed at achieving its strategic objectives;
- Management, through its actions, demonstrated that the mission’s integrity and ethical values cannot be compromised; and that values and ethics were promoted within the mission, documented, and clearly communicated;
- Relevant information on results was gathered, used to make decisions, and reported; and
- A clear and effective organizational structure was established and documented.
The governance framework in place at the mission met our expectations.
Governance and Strategic Direction
The audit found that the Immigration Program’s annual IRIMP submission to IR provided a good overview of the program’s strategic direction, and the internal and external environmental factors affecting program management and operations.
The mission has developed two visitor programs - the Tourism Express Program and the Business Express Program - which enable the mission to identify and facilitate low-risk applications and provide improved client service, aligned with the department’s Strategic Plan and modernization objectives. Program objectives are established, and program success is measured.
We also found that the mission proactively managed resources around peak workload periods by using term and emergency LES staff and by re assigning staff and shifting resources. This need is determined using daily performance information and communication between supervisors; it is facilitated by generic job descriptions and cross-training.
Public Service Values
We found that values and ethics were promoted, reinforced, and clearly communicated at the mission. In our audit of human resources management, we found that signed acknowledgements of the code of conduct were on file, and that values and ethics were considered in the staffing competition process. Staff recently participated in values and ethics learning sessions designed and delivered by mission program management. They indicated that they understood management’s commitment to values and ethics and the reasons for it. Staff also indicated that they felt that ongoing attention to this area was important.
Results and Performance
We found that information on results was gathered, used to make decisions and reported to mission program management. Data on processing is gathered and reported on a monthly and annual basis. Detailed operational data is compiled on a daily basis, which enables mission program management to track performance, identify backlogs, and re-assign resources, if necessary.
Accountability
The program’s organizational chart was clear, established, documented, and kept up-to-date. Interviews and human resource file review support that the organizational chart was reflective of reporting lines, even with the shifting of resources and changes in supervisors.
Risk Management
The audit examined the adequacy of risk management processes and practices in place to support program objectives. Specifically, we expected to see that processes were in place to identify, assess, mitigate and monitor risks, that management appropriately communicated risks and risk management strategies to key stakeholders, and that planning and resource allocation took risk information into account.
To assess risk management processes, we interviewed program staff and other mission staff with links to the Immigration Program, reviewed documents, observed processes, tested information, and reviewed samples of management files for compliance.
We found that, although there was no specific, formal documentation of risks, the mission’s IRIMP provided an overview of the mission’s internal and external environmental context, and management was aware of the risks that may have precluded the achievement of their objectives. Business continuity plans were also in place for critical functions.
The mission conducted quality assurance (QA) exercises during the scope of the audit, and has developed a QA plan. QA exercises include a mix of quality of decision making, reliability of client information and of process activities, and are based on both random and targeted (risk-based) sampling, so that the results enable the mission to determine the effectiveness of procedures. The results are also used to identify training needs.
The risk management processes and practices in place at the mission met our expectations.
Internal Control Framework
The audit examined the adequacy of eight areas of the internal control framework governing administrative, financial and operational activities:
- Application processing
- Access controls
- Controlled documents
- Cost recovery
- Travel and hospitality expenditures
- Human resources management
- Client-focused service
- Learning, innovation and change management
Overall, we found that the internal control framework partially met our expectations. The specific details are outlined below by line of enquiry.
Application Processing
The audit of internal controls included an examination of application processing. We expected to find that application decisions were adequately documented and that required supporting documentation was maintained to demonstrate that processes and procedures complied with the applicable legislation and policies, that sufficient controls were in place to ensure that admissibility requirements were met, and that designated and delegated authorities for decisions were appropriate and complied with departmental policy.
For all permanent and temporary resident cases finalized within this scope period, we examined criminality, security and final decisions entered to test compliance with decision-making authorities. We also reviewed the process in place to assess immigration applications to ensure adequate controls were in place to ensure compliance with operational and legislative requirements. In addition, we interviewed program staff and other mission staff with links to immigration operations, reviewed documentation, observed processes, and documented controls.
Overall, we found that adequate documentation and supporting information was maintained on the application files reviewed to demonstrate compliance with relevant legislation, policies and procedures. Applications reviewed were complete, admissibility checks were well documented, and, there were good notes on file to support decisions.
We found that controls over application processing met our expectations. We reviewed the process in place to assess immigration applications and the mission’s standard operating procedures, which cover the various steps in the process, and found that adequate controls were in place to ensure compliance with operational and legislative requirements.
Our review of decisions made on cases finalized over the audit period found that all were made by individuals with the required level of authority. Security and criminality decisions were entered for all applicants approved by the mission during the October 2010 to September 2011 audit period for application processing.
It was brought to our attention that, in July 2011, a modification was made to GCMS that enabled the approval of certain permanent resident cases without the completion of an assessment of criminality and security activities. At the time of the site visit, the mission had not received clarification from NHQ regarding this exemption; however, it does not appear to be supported by documented policy.
Access Controls
As part of the audit of the internal control framework, we examined system access controls over the Computer-Assisted Immigration Processing System (CAIPS) and the Global Case Management System (GCMS). We expected to find that appropriate controls were in place to ensure the appropriate use of CAIPS and GCMS at the mission, and that information technology hardware was safeguarded.
CAIPS was the main system used to facilitate immigration work at the mission and in all visa offices abroad until the implementation of GCMS. GCMS was introduced at the Mexico City Mission in October 2010, and is currently being used to process certain types of visas. It is expected that over time, GCMS will become the main system used by visa officers overseas and that CAIPS will eventually be decommissioned.
To assess the administration of CAIPS and GCMS, we interviewed program staff and reviewed our information technology hardware inventory. We also examined user profiles to determine whether access levels exceeded authorities, accounts belonging to former employees had remained on the system, or employees had multiple profiles (although permitted for CAIPS).
We found that appropriate controls were in place to safeguard information technology hardware at the mission.
The control framework for CAIPS partially met our expectations. We found that:
- Some profiles of former staff or staff on leave had not been deactivated;
- Some accounts had unknown initials;
- Some unassigned accounts had not been fully reset, although the scope of the variation differed from account to account (our audit testing found no irregular activity); and
- A small number of accounts had an access level that exceeded their authority.
Despite the above noted observations, we found no instances in which staff exceeded their decision-making authority levels for decisions rendered during the audit period. Changes were made to the user profiles during the audit team’s on-site visit and access to the fields in question for the blank profiles was reset. The system had already been decommissioned for temporary resident processing, and permanent resident file creation had been disabled.
The control framework for GCMS partially met our expectations. We found that a number of staff who were no longer on the mission’s organizational chart still had Mexico GCMS accounts. Some of these staff members were on secondment to another section of the mission or were temporary staff who could return. For operational expediency, the GCMS Manager resets the passwords for these accounts to restrict access until advised that these individuals are returning and only sends a request to NHQ to delete or close the account if they are not returning.
A recommendation in the May 2012 Audit of System Access Controls was made to address the issue of review procedures for GCMS accounts, and management identified an action plan item in that report. This recommendation is being followed up to ensure action is taken.
Controlled Documents
At the time of the audit, controlled documents in missions abroad were comprised of counterfoils and seals that were issued together as a visa. Counterfoils are the documents on which missions print visa information. Seals are documents that are affixed over counterfoils after they are placed in an applicant’s passport to prevent tampering. Use of the security seal was eliminated effective April 1, 2012.
As part of the audit of the internal control framework, we examined controls over controlled documents. We expected to find that the roles and responsibilities were appropriate and that an effective control framework was in place for the custodianship, safeguarding and handling of controlled documents.
We interviewed program staff including the Forms Control Officer, reviewed documents including the last four quarterly reports submitted either through the recently introduced Controlled Key Forms Inventory Tracking System (CKFITS) or the previous paper version, observed visa printing processes, and documented controls. We also conducted a physical inventory count to reconcile inventory on hand with usage records, and reviewed a sample of transactions to assess the office’s accuracy in record keeping.
We found that roles and responsibilities were clear and appropriate for the custodianship of controlled documents, and that adequate controls were in place for the custodianship, safeguarding and handling of controlled documents. Although CKFITS does not yet provide this functionality, the Forms Control Officer ensures that the Immigration Program Manager signs off on a hard copy of the quarterly report, which is retained for the mission’s records. Records are adequately maintained to accurately trace printed visas, and review usage of forms. Due to the current limitations of CKFITS, the Forms Control Officer also uses an electronic spreadsheet to track counterfoil and seal usage.
Cost Recovery
The audit examined the control framework in place to safeguard revenues. The mission accepts payment by direct deposit and by certified instruments in Mexican pesos, as well as by certified instruments in Canadian dollars.
We interviewed immigration and other embassy staff with cost recovery related responsibilities; reviewed logs and reports produced by POS+ (the cash register system in use at missions abroad); reviewed documents produced by the mission, including descriptions of processes and fee schedules (which change due to exchange rates in effect); reviewed samples of completed transactions, including application fees, refunds and voids; reconciled annual revenue reports from POS+ and SAP (CIC financial system); and observed processes including end-of-day reconciliation.
Specifically, we expected to find that:
- Toles and responsibilities assigned and procedures performed were in accordance with policies, and access to cost recovery records and information was limited to authorized individuals.
- Controls were in place to ensure accurate recording and processing of cost recovery transactions.
- Cost recovery records were retained and periodically monitored and verified.
Roles and responsibilities assigned and procedures performed were generally in accordance with policies, and access to cost recovery records and information was limited to authorized individuals while in the Immigration section of the mission; however, appropriate controls were not in place for the transfer of funds to DFAIT.
The mission’s procedures for end-of-day reconciliation of immigration revenues should be strengthened. The CIC Cost Recovery Manual and the Standard Financial Procedures for Immigration Fees Collected at Missions - Official Agreement between DFAIT and CIC describe the standard operating procedures for end-of-day reconciliations. We noted that CIC does not receive an official receipt upon the daily transfer of funds (which in this case included certified instruments, but no cash) to DFAIT, and that, during the period of the site visit, funds were no longer being transferred at the end of each day. As a mitigating control, the mission had previously requested that the DFAIT accountant sign daily reconciliation documents to acknowledge amounts transferred. Official receipts and the daily transfer of funds are required by departmental policy.
We found that controls were generally in place to ensure accurate recording and processing of cost recovery transactions and cost recovery records are retained, and that they are periodically monitored and verified. A periodic review of funds deposited into the Immigration bank account and POS+ entries was conducted to assess reasonableness, prior to IPM approval. We also noted that there were no issues regarding monitoring of the exchange rate, processing of voids or processing of fees paid.
The mission has documented procedures for revenue received via direct deposit from VAC applicants that ensure traceability. At the mission’s request, the bank recently modified processes to ensure that clients could only pay the correct fee for the service they were requesting to decrease the number of fee overrides and refunds for overpayment necessary.
We found that accounts belonging to former employees—CBOs who no longer have cost recovery responsibilities and generic users—remained on the system, despite the fact that they are no longer needed. In addition, one LES appeared to have access beyond the restrictions set in the POS+ manual, though not specifically prohibited in the Cost Recovery Manual (access to fee override abilities). Access restriction requirements are therefore unclear.
We also noted that since July 1, 2011 (when the Standard Financial Procedures Agreement between DFAIT and CIC became effective and the Cost Recovery Manual was revised), the mission has been authorizing refunds under section 20 of the Financial Administration Act, but not section 34. In each case, however, all steps necessary to certify section 34 were taken, and the refund was approved by someone with the appropriate authority. Prior to this date, errors were also noted in the refund account debited; however, this has been corrected since the manual was revised.
Following the site visit, we discussed the authorization of refunds issue with NHQ Finance, who indicated that they were in the process of developing and implementing tools to ensure documentation of compliance with the appropriate section.
Additionally, the mission is refunding fees received in Mexican pesos in the amount paid rather than the current CAD equivalent; however, the Cost Recovery Manual is unclear regarding which exchange rate to use.
Recommendation 1
Mexico City program management should ensure that end-of-day reconciliation procedures are performed in accordance with the Cost Recovery Manual and the Official Agreement between DFAIT and CIC, specifically those related to the daily reconciliation of funds and the issuance of an official receipt.
Recommendation 2
Mexico City program management should review and update the mission’s POS+ profiles, making changes where necessary and retaining records of profiles to ensure accountability.
Recommendation 3
IR should clarify access restrictions for POS+.
Recommendation 4
IR should clarify procedures for refunds issued in foreign currency.
Recommendation 5
NHQ Finance should develop and communicate procedures to formally acknowledge section 20 and 34 approvals for refunds.
Travel and Hospitality
As part of the audit of the internal control framework, we examined the controls over travel and hospitality expenditures. We expected that controls would be in place to ensure that travel and hospitality transactions were processed in compliance with the applicable policies and regulations.
In examining travel and hospitality expenditures, we interviewed program staff and other mission staff with links to immigration operations, reviewed documents, and documented controls. Specifically, we reviewed a sample of travel and hospitality claims to assess the effectiveness of the controls in place.
Controls related to travel and hospitality expenditures met our expectations. Office procedures relating to administering travel and hospitality generally comply with applicable policies and were being adhered to.
People
We examined the human resources practices in place to support the delivery of the immigration program. We expected to find that human resources management was aligned with strategic and business planning, that the mission provided employees with the necessary training, tools and resources, and information to support the discharge of their responsibilities, and that the mission had a system in place for the performance evaluation of employees.
We interviewed program staff and other mission staff with links to the Immigration Program, reviewed documents, and reviewed samples of management files for compliance, including: employee human resources files, performance evaluations and completed staffing files. We were also briefed on the DFAIT inspection team’s initial observations, and we provided the inspection team with input from Immigration staff interviews on areas pertaining to DFAIT’s review.
We found that human resource management was aligned with strategic and business planning through the mission’s annual IRIMP, and through the use of daily tracking of performance information and communication to identify and manage backlogs in the process.
Although most of the human resource files reviewed did not contain up-to-date job descriptions, those that did were general for the level rather than specific to the employees’ current duties. This enables employees to be moved between roles and sections as necessary. Employee human resource files were otherwise complete, as were staffing files.
We found that the mission provides employees with the necessary training, tools, resources, and information to support the discharge of their responsibilities. The mission has developed standard operating procedures for application processing (including reception, cost recovery, and visa printing), and no concerns or issues were expressed by staff regarding tools and training. Training at the mission has evolved based on needs since the imposition of the visa in 2009.
The mission has a system in place for the performance evaluation of employees. We found that completed performance evaluations were generally on-file, and that stated objectives were consistent with job duties, measurable indicators were specified (both qualitative and quantitative), and results were documented.
Client-Focused Service
The audit examined the extent to which services provided were client focused. We expected to find that the mission takes measures to facilitate access to its services, that it leverages technology to enhance user services and access, and that a formal process was in place to consider feedback and impact on short- and long-term objectives.
To assess client-focused service, we interviewed program staff, reviewed documents and communications including the mission’s website, and reviewed performance information.
We found that the mission takes measures to facilitate access to its services, and that it leverages technology to enhance user services and access. Response times to members of Parliament are tracked, and the general email inbox response is occasionally reviewed to ensure that there are no outstanding queries. While there is no formal process for client feedback other than general mailbox, complaints received through this mechanism are followed-up on.
Urgent, official, and special program cases are prioritized, and use of VACs is encouraged. The mission conducted a review of the VACs, which included an assessment of client service.
Learning, Innovation, and Change Management
The audit examined the learning, innovation, and change management practices in place at the mission. We expected to find that learning and development activities were used to promote innovation and change management at the mission, and that change management practices supported the implementation of GCMS at the mission.
To assess learning, innovation, and change management, we interviewed program staff and other mission staff with links to the Immigration Program, reviewed documents, and observed processes.
We found that learning and development activities are used to promote innovation and change management at the mission, and change management practices supported the implementation of GCMS at the mission. The GCMS team in Mexico, supported by NHQ, proactively promoted the launch of GCMS at the mission, organized and delivered training sessions, and developed and shared tools to effectively use GCMS (within the mission and with other missions).
Other major changes following the visa imposition include the introduction of the VACs beginning in October 2009, the transfer of specified categories of permanent resident files from other offices (Bogota, Port au Prince, and Caracas), and a move in locations in March 2011. These changes went forward as planned; staff felt that the changes caused minimal disruption to work and that they were well planned and communicated.
Appendix A – Mexico City Processing Summary
Line of Business | 2011 | 2011 – All Offices Abroad |
2011 – Mexico as a % of All Offices |
2010 | 2009 | 2008 | |
---|---|---|---|---|---|---|---|
Permanent Residents | Visas Issued | 2,877 | 230,986 | 1.2% | 1,731 | 1,144 | 1,469 |
Applications Finalized | 3,394 | 281,769 | 1.2% | 2,344 | 1,875 | 1,717 | |
Applications Received | 5,194 | 303,524 | 1.7% | 3,869 | 2,340 | 3,254 | |
Temporary Visitors | Visas Issued | 62,698 | 865,933 | 7.2% | 67,454 | 42,821 | 1,606 |
Applications Finalized | 69,528 | 1,058,085 | 6.6% | 74,493 | 50,898 | 1,858 | |
Applications Received | 69,518 | 1,076,606 | 6.5% | 74,565 | 52,372 | 1,907 | |
Temporary Workers | Permits Issued | 18,036 | 132,101 | 13.7% | 18,916 | 18,735 | 20,804 |
Cases Finalized | 18,512 | 146,482 | 12.6% | 19,353 | 19,469 | 21,794 | |
Applications Received | 18,877 | 154,438 | 12.2% | 20,156 | 18,864 | 21,655 | |
Students | Permits Issued | 3,315 | 98,769 | 3.4% | 2,937 | 2,654 | 2,638 |
Cases Finalized | 3,669 | 133,332 | 2.8% | 3,180 | 3,329 | 2,995 | |
Applications Received | 3,649 | 136,787 | 2.7% | 3,206 | 3,393 | 3,050 |
Permanent Resident Application Inventory as of April 8, 2012 |
Economic | Family | Refugees |
---|---|---|---|
5,552 | 895 | 43 |
Source: Data from International Region (NHQ) records as at April 8, 2012.
Note: All data above is in persons rather than cases. A case is comprised of an application that may include multiple applicants (persons), for example: a family.
Appendix B – Detailed Audit Criteria
Objective # 1: To assess the adequacy of the mission’s governance framework for administering the immigration program.
1.1 Governance and strategic direction
- The mission has clearly defined and communicated strategic directions and strategic objectives, aligned with its mandate.
- The mission has in place operational plans and objectives aimed at achieving its strategic objectives.
1.2 Public service values
- Management, through its actions, demonstrates that the mission’s integrity and ethical values cannot be compromised.
- Values and ethics are promoted within the mission, documented, and clearly communicated.
1.3 Results and performance
- Relevant information on results is gathered, used to make decisions and reported.
1.4 Accountability
- A clear and effective organizational structure is established and documented.
Objective # 2: To assess the adequacy of the mission’s risk management processes and practices in place to support program objectives.
2.1 Risk management
- The mission identifies and documents the risks that may preclude the achievement of objectives;
- Management appropriately communicates risk and risk management strategies to key stakeholders; and
- Planning and resource allocations consider risk information.
Objective # 3: To assess the adequacy of the mission’s internal control framework governing administrative, financial and operational activities.
3.1 Application processing
- Decisions are adequately documented, and required supporting documentation is maintained;
- Designated and delegated authorities for decisions are appropriate and comply with departmental policy; and
- Appropriate controls are in place to ensure that admissibility requirements are met.
3.2 Access controls
- Appropriate controls are in place for the management and use of CAIPS and GCMS user accounts at the mission; and
- Appropriate controls are in place to safeguard information technology hardware at the mission.
3.3 Controlled documents
- Roles and responsibilities are appropriate for the custodianship, safeguarding and handling of controlled documents; and
- Adequate controls are in place for the custodianship, safeguarding and handling of controlled documents.
3.4 Cost recovery
- There is an effective control framework in place to safeguard revenues collected in the immigration section of the mission.
- Roles and responsibilities assigned and procedures performed are in accordance with policies; and access to cost recovery records and information is limited to authorized individuals;
- Controls are in place to ensure accurate recording and processing of cost recovery transactions; and
- Cost recovery records are retained, and are periodically monitored and verified.
3.5 Travel and hospitality
- The internal control framework for managing travel and hospitality expenditures is in compliance with applicable policies and directives.
3.6 People
- Human resource management is aligned with strategic and business planning.
- The mission provides employees with the necessary training, tools, resources, and information to support the discharge of their responsibilities.
- The mission has in place a system for the performance evaluation of employees.
3.7 Client-focused service
- The mission takes measures to facilitate access to its services.
- The mission leverages technology to enhance user services and access.
- A formal process is in place to consider feedback and impact on short- and long-term objectives.
3.8 Learning, innovation and change management
- Learning and development activities are used to promote innovation and change management at the mission.
- Change management practices supported the implementation of GCMS at the mission.
Appendix C – Management Action Plan
Recommendation | Risk Ranking | Action Plan | Responsibility | Target Date |
---|---|---|---|---|
1. Mexico City program management should ensure that end-of-day reconciliation procedures are performed in accordance with the Cost Recovery Manual and the Official Agreement between DFAIT and CIC, specifically related to the daily reconciliation of funds and the issuance of an official receipt. | High | IPM Mexico is actively working with DFAIT at the mission to resolve this. IRHQ will intervene with DFAIT HQ if an agreement cannot be reached at the mission. | Mexico and IR HQ | October 2012 |
2. Mexico City program management should review and update the mission’s POS+ profiles, making changes where necessary and retaining records of profiles to ensure accountability. | Medium | This recommendation has been implemented. A review indicated that the problem was caused by a lack of space in the POS+ data base which required Mexico to erase some old data and a technical problem with saving the data in a separate archive folder. Mexico has received the necessary technical support and has created archive file with the old data retaining records of profiles. A full review of profiles has been completed and is regularly maintained to reflect the current list of authorized users and their profiles. |
Mexico | Completed |
3. IR should clarify access restrictions for POS+. | Medium | A review of required access restrictions for POS+ will be conducted between IR and Finance. The Cost Recovery Manual will then be updated and access restrictions for POS+ will be clarified. | IR | December 2012 |
4. IR should clarify procedures for refunds issued in foreign currency. | Low | The Cost Recovery Manual in Section 5.10 indicates “As the fees are established by regulation in Canadian dollars, refunds will be generated in foreign currencies equivalent to the Canadian dollar according to the exchange rate at the time of the refund.” IR will review procedures with Mexico and, if necessary, ensure that they are clear. |
IR | September 2012 |
5. NHQ Finance should develop and communicate procedures to formally acknowledge Section 34 approval for refunds. | Medium | NHQ Finance will modify the refund form to clearly indicate Section 34 requirements. This will include a restricted authority limited to sign-off for refunds (Section 20). | NHQ Finance | December 2012 |
Page details
- Date modified: