Internal Audit of Passport Program Compliance with the User Fees Act

Internal Audit & Accountability Branch
February 2016

Table of contents

Executive summary

Background

The provision of passport services to Canadians is done in accordance with the Canadian Passport Order. This regulatory document sets out the parameters for obtaining a Canadian passport and how the government organizations involved in processing passport applications must administer these services. The funding model that is used to administer passport services is a revolving fund as set out in the Revolving Funds Act. A revolving fund is a means by which Parliament provides continuing authorization for the collection of fees and drawdown of funds to support a client-oriented service that is funded by users.

Through the Passport Revolving Fund, the operations of the Passport Program are financed entirely from the fees charged for passports and other travel documents. The fees that are charged to passport applicants must be set in accordance with the provisions set out in the User Fees Act, which prescribes how user fees are to be established, communicated and reviewed – both internally within the Government of Canada and with the public.

Effective July 2, 2013, the accountability for the Program and the Fund shifted from Global Affairs Canada to Immigration, Refugees and Citizenship Canada. In addition, delivery of the bulk of domestic passport processing services was transferred to Employment and Social Development Canada. Global Affairs Canada continues to deliver passport services outside of Canada. Within Immigration, Refugees and Citizenship Canada, the Director General of Operational Performance Management Branch acts as the Fund Manager for the Passport Program.

In addition to the financial authority and control framework for expenditures (mainly based on the Financial Administration Act and the Revolving Funds Act), the control framework for passport fees includes legislation (e.g. the User Fees Act) and regulations and the Treasury Board Policy on Service Standards for External Fees. The User Fees Act imposes specific rules which support transparency on how costs to provide the service justify user fees and what levels of service are expected in exchange for the fees collected. Immigration, Refugees and Citizenship Canada is accountable to Parliament for the Program’s service standards and financial performance, therefore, it is important to ensure that Immigration, Refugees and Citizenship Canada, supported by Employment and Social Development Canada, be in compliance with the User Fees Act and to demonstrate its accountability in effectively managing the Passport Program.

Audit objective and scope

The audit objective was to assess whether Immigration, Refugees and Citizenship Canada has adequate policies and procedures in place to support compliance with the User Fees Act, including the monitoring and reporting of compliance.

The scope of the audit focused on the management control framework over data integrity related to the reporting of the Passport Program’s performance against service standards in support of User Fees Act compliance as established for fiscal-year 2014-2015. This included the full reporting cycle and monitoring activities undertaken for the year.

Scope exclusion

Due to the relative immateriality of the volume of Global Affairs Canada-related passport activities, the audit did not include an assessment of the management control framework in place to ensure compliance with the User Fees Act relative to performance monitoring of Global Affairs Canada-related passport activities.

Conclusion

Overall, Immigration, Refugees and Citizenship Canada has adequate policies and procedures in place to support compliance with the User Fees Act. Governance bodies were established to oversee monitoring and reporting against the performance standards. Roles, responsibilities and accountabilities for personnel within Immigration, Refugees and Citizenship Canada, as well as between the department and Employment Social Development Canada, were defined and communicated. A management control framework was established to identify and address most data integrity issues in a timely manner and instances of non-compliance to the performance standards. In addition, the disclosures and complaint procedures in place when the Program’s user fees were reviewed and updated in 2013-14 were in accordance with the User Fees Act.

An area for improvement was identified to review and update the guidance provided to processing centers related to the capturing, recording, and monitoring of application processing times to ensure that all data collected supports Immigration, Refugees and Citizenship Canada’s compliance with requirements under the User Fees Act.

Management has accepted the audit findings and developed an action plan to address the recommendation.

Background

The provision of passport services to Canadians is done in accordance with the Canadian Passport Order (CPO). This regulatory document sets out the parameters for obtaining a Canadian passport and how the government organizations involved in processing passport applications must administer these services. The funding model that is used to administer passport services is a revolving fund as set out in the Revolving Funds Act. A revolving fund is a means by which Parliament provides continuing authorization for a service that is funded completely by users, or partly by users and partly by subsidization.

Through the Passport Revolving Fund (the Fund), the operations of the Passport Program (the Program) are financed entirely from the fees charged for passports and other travel documents. The fees that are charged to passport applicants must be set in accordance with the provisions set out in the User Fees Act (UFA), which prescribes how user fees are to be established, communicated and reviewed – both internally within the Government of Canada and with the public.

Effective July 2, 2013, the accountability for the Program and the Fund shifted from Global Affairs Canada (GAC) to Immigration, Refugees and Citizenship Canada (IRCC). In addition, delivery of the bulk of domestic passport processing services was transferred to Employment and Social Development Canada (ESDC). GAC continues to deliver passport services outside of Canada. Within IRCC, the Director General of Operational Performance Management Branch (OPMB) acts as the Fund Manager for the Program.

In addition to the financial authority and control framework for expenditures (mainly based on the Financial Administration Act and the Revolving Funds Act, the control framework for passport fees includes legislation (e.g. the UFA) and regulations and the Treasury Board Policy on Service Standards for External Fees). The UFA imposes specific rules which support transparency on how costs to provide the service justify user fees and what levels of service are expected in exchange for the fees collected. IRCC is accountable to Parliament for the Program’s service standards and financial performance, therefore, it is important to ensure that IRCC, supported by ESDC, be in compliance with the UFA and to demonstrate its accountability in effectively managing the Program.

Audit objective, scope and methodology

Audit objective and scope

The audit objective was to assess whether IRCC has adequate policies and procedures in place to support compliance with the UFA, including the monitoring and reporting of compliance.

The scope of the audit focused on the management control framework over data integrity related to the reporting of the Program’s performance against service standards in support of UFA compliance as established for fiscal-year 2014-2015. This included the full reporting cycle and monitoring activities undertaken for the year.

The management control framework included in the audit scope consisted of the following elements:

  • data definitions and parameters used for purposes of reporting performance against the service standards;
  • key automated data input controls within the Integrated Retrieval Information System (IRIS); the application processing system - to ensure data integrity;
  • reliability and relevancy of data collected for reporting performance against service standards;
  • monitoring approach to confirm the accuracy of reported performance;
  • standardized process to monitor and report performance against service standards; and,
  • escalation process of potential issues of non-compliance to service standards.

Furthermore, the audit focused on performance service standards and considered disclosures to clients about user fees and user complaint mechanisms.

Scope exclusion

Due to the relative immateriality of the volume of GAC-related passport activities, the audit did not include an assessment of the management control framework in place to ensure compliance to the UFA relative to performance monitoring of GAC-related passport activities.

Methodology

The audit included a review of the management control framework established to ensure compliance of the Program with the UFA relative to performance standards. This included reviewing and evaluating the adequacy of the governance and review processes in place during the year, as well as the directives and other procedural information and documentation available to operational staff. Process reviews were conducted to assess the effectiveness, completeness and relevancy of performance tracking and reporting.

IRIS is used by both ESDC and IRCC officials for capturing, tracking and monitoring key data used for performance standards reporting. Given that ESDC is responsible for the capture of many key data fields in the system (e.g. the application reception date of passport applications). ESDC processes were reviewed in collaboration with the ESDC internal audit team.

Statement of conformance

The approach and methodology used conforms to generally accepted practices, processes, procedures and standards of internal audit in the Government of Canada, and conforms to the Treasury Board Secretariat Policy on Internal Audit and the Institute of Internal Auditors Standards for Internal Auditing.

Audit findings and recommendations

Governance, roles and responsibilities related to compliance with the UFA

Criteria

It was expected that governance bodies had been established to provide monitoring and reporting against the performance standards as outlined in the UFA; and that the related roles, responsibilities and accountabilities between IRCC and other government departments were clearly defined and adequately communicated.

Conclusion

Overall, governance bodies were established to provide monitoring and reporting against the performance standards as outlined in the UFA. Roles, responsibilities and accountabilities between IRCC and other government departments were defined and communicated.

Context

In 2010, the Program undertook a comprehensive exercise to review its fee structure in accordance with the UFA. Based on this review, a new fee structure, including increased application fees, came into effect on July 1, 2013. Under the UFA, the Program is accountable to Parliament for the established service standards which directly link to user fees, and its performance against the standards.

Beginning in fiscal-year 2014-15, IRCC assumed the responsibility for overseeing the monitoring and reporting against the UFA service standards. The roles and responsibilities for monitoring and reporting were approved and implemented by IRCC senior management. The Citizenship and Passport Operational Coordination Branch (CPOC) oversees operational monitoring to ensure compliance with the Act and OPMB is responsible for reporting on actual processing times and performance against service standards. These roles and responsibilities are understood by key personnel; however, they have not been formally documented in the Passport Canada Revolving Fund Governance document.

CPOC is responsible for overseeing the monitoring of service performance and actual processing times achieved by ESDC, GAC and IRCC. The monitoring process has evolved during the year and is undertaken on a daily basis for all of the Program’s delivery methods. In addition, detailed weekly Tactical Dashboard reports are prepared by the Business Intelligence and Operational Performance (BIOP) division within ESDC and reviewed by the relevant Director and Director General within ESDC. Issues that require discussion between ESDC and IRCC are raised at the Service Delivery Committee and DG Core Committee; these committees are comprised of officials from both IRCC and ESDC.

The OPMB prepares quarterly and annual reports covering Program results against all performance standards. The Executive Committee (ExCom) plays a key role in reviewing the quarterly and annual results relating to performance standards, as well as approving actual processing times information to be posted on the IRCC website. Ongoing oversight responsibilities have been assigned to OPMB and to the ExCom.

IRCC and other government department roles and responsibilities

As discussed above, the roles, responsibilities and accountabilities of CPOC and OPMB are defined and understood. Since February 2015, the Data Management and Governance Working Group (DMGWG) that is now co-chaired by CPOC and OPMB has focused on clarifying overall program roles and governance.

A draft Memorandum of Understanding (MOU) with comprehensive Annexes (previously referred to as Service Level Agreements) has been established between IRCC and ESDC, which outlines each department’s roles and responsibilities related to the delivery of the Program. Although this MOU remains in draft form, the terms are being adhered to by both parties.

The provisions in the MOU set out that IRCC is primarily responsible and accountable for the Program and providing support to ESDC in its delivery of the Program, which is accomplished in part through certain Service Canada locations. ESDC is responsible for measuring and reporting on the performance standards and for implementing measures to address situations where the standards have not been consistently maintained.

In addition, IRCC is responsible for establishing the parameters for the Quality Assurance Program (QAP) which ESDC is responsible for performing. The QAP is an ongoing review of applications/ files to ensure compliance with the passport entitlement provisions broadly set out in the CPO and articulated in greater detail in policy entitlement instruments and established procedures. In terms of data quality assurance relative to service standards, one of the daily automated reports prepared by ESDC is the Duration to Create Electronic Service Request Files (ESRFs) report, which refers to the time elapsed in days between receiving a complete application at a processing centre and officially recording its receipt in IRIS. The internal standard for this step is three days; the report shows the daily sum of files created within each time-duration category. CPOC now reviews this report as part of the overseeing of monitoring function and operational managers address performance inconsistencies and take corrective measures as required. This supports the integrity of the Program’s compliance with announced service standards.

Management control framework to measure performance

Criteria

It was expected that:

  • an effective management control framework was established to identify and address data integrity issues in the reporting of performance standards in a timely manner;
  • an effective management control framework was established to identify and address instances of non-compliance with the performance standards in a timely manner; and
  • disclosures regarding the establishment of the user fees and how complaints regarding the fees are resolved were adequate to meet the requirements outlined in the UFA.

Conclusion

An effective management control framework was established to identify and address data integrity issues in a timely manner and instances of non-compliance with the performance standards. In addition, the disclosures and complaint procedures in place when the Program’s user fees were reviewed and updated in 2013-14 were in accordance with the UFA.

An area for improvement was identified to review and update the guidance provided to processing centers related to the capturing, recording, and monitoring of application processing times to ensure that all data collected supports IRCC’s compliance with requirements under the UFA.

Performance standards and internal controls

Performance standards have been established for various services provided by the Program to Canadians and non-Canadians in Canada. The key data used to measure and assess the achievement of service standards are the application reception date and the processing complete/ready for delivery date recorded in IRIS. When a passport application is received, the processing of a passport application formally begins with the ESRF creation thereby triggering the start of the service standard timeline. As such, a key control point is the time and date stamp placed on the incoming application and the recording of this information into IRIS. As such, data input controls for IRIS are key to ensuring that the data maintained in the system is reliable and accurate for performance reporting and assessment purposes.

For complete passport applications received in person at a Passport Office, 90 percent or more of these applications must be processed within 10 business days to meet the service standard. When an application is submitted in-person at a Passport Office the application reception date is the same date that the applicant submits a complete application and the clerk creates a new applicant file in IRIS, and then the digital file is forwarded to the processing print centre. Typically, the file creation occurs concurrently with submission by the applicant because the completeness can be confirmed at the same time. The application reception date is automatically generated by the system as the current date.

For complete passport applications received by mail at a processing centre - either directly from the applicant or via a Service Canada location, 90 percent or more must be processed within 20 business days to meet the service standard. When an application is received by mail at a processing centre, the envelope is date-stamped with the date it is received by the processing centre and is required to be recorded in IRIS within three days. Since the application reception date in IRIS automatically defaults to the date the file is created, it is the responsibility of the processing centre clerk to manually change the application reception date recorded in IRIS to agree with the date-stamp on the applicant’s envelope, if it is earlier than the current date.

In the final phase of processing, for the purpose of calculating performance against the service standard, the status of the application is recorded as either ready for delivery or processing complete when the passport has been printed and is available for pick-up, either in-person or by the mail service provider for delivery to the applicant. The method of delivery depends on the applicant’s chosen form of service. Mail delivery time is not required to be included in processing time.

If actual processing time performance fails to meet established service standards by greater than 10 percent, IRCC is required to reduce the fees by a percentage equivalent to the unachieved performance to a maximum of 50 percent of the user fee.

Processing of incomplete passport applications

When passport applications are received that do not include all the required information, the application is considered incomplete and placed into pending status in IRIS. Once the missing information is received from the applicant, the service standard timeline is required to begin using the time and date stamp on the envelope that contained the additional information. The additional information is then matched to the pending application, and the pending statusis changed to in-process in IRIS.

There is a time delay however between the reception of the missing information at the processing centre and when the envelope is opened by the clerk. This could be a few days depending on the volume of applications at a particular moment in time. It was noted that it may take an additional five to 10 days to confirm if the additional documentation received is complete and to remove the application from pending status. The date the application is removed from pending status is automatically recorded as the new application reception date and the processing time from this point on is measured against the service standard timeline. As a result, the time delay between the receipt of the final documentation and the official start of processing time is not added to the total processing time for reporting against the service standard.

As such, the current approach to track processing time for incomplete passport applications is not aligned to the service standards. Program officials estimated that despite this time delay, 90 percent or more of pending files are still completed within the service standard timeframe (i.e. 20 days) because once the file is removed from pending, it is generally processed in three to four days. Also, for 2014-15, approximately 99 percent of all applications were processed within announced service standards thereby minimizing risk of non-compliance due to anomalies. However, without a mechanism to track the processing delay, Program officials cannot be sure they are consistently meeting their service standards for these particular applications.

Additional security checks

In instances where an application is being assessed and it is determined that additional security checks are required to authenticate the applicant's identity or entitlement, the application is put into pending status. In accordance with the CPO and service standards, the time taken to complete the security check is permitted to be excluded from processing time. As soon as the additional security verifications are completed, the application is removed from pending status is recorded as the new application reception date. In effect, the application is treated like an incomplete application and the service standard timeline reverts to day one regardless of how much time was spent processing the application prior to the additional security check.

This approach to track processing times is not aligned to the service standards requirements. Since this application was complete but internal processes were required to carry out additional security checks, the time incurred up to the date it was placed into pending status should be added to the time incurred after it was removed from pending status to determine the full processing time. In effect, the full time to process the application should include the time that was spent on the file prior to the additional security checks.

Passports delivered to applicants by mail

When a passport has been printed and is ready to be released to the applicant – either picked up in person or mailed out - the file in IRIS is marked as processing complete or ready for delivery, as applicable. According to the service standards, the measurement of the time to complete a passport must include all processing time up until the passport is picked up by the mail service provider.

The larger processing centers are generally able to mail out the passports on the day that they are printed, or the next morning when printed by the night shift. Usually, the processing complete date is the same as the pick-up date of the mail by the service provider. However, this is not always the case for smaller passport offices, where it can take up to two days for the mail service provider to pick up the passports. In cases where the passport is not picked up by the mail service provider on the same day that it is printed, the processing time is understated by up to two additional days and not accurately reported. Although the volume of passports mailed from smaller offices is low, IRCC is not accurately measuring whether service standards are being consistently met across service locations.

Quality assurance of service standard measurement

The responsibilities assigned to IRCC in the MOU with ESDC include the quality management of the Passport Program. One important element of this is a formal Quality Assurance Program (QAP) that outlines the mechanism that will be used to assess compliance with policies, procedures and criteria. As per the QAP, ESDC is responsible for performing an ongoing review of the application files to ensure compliance with the policies, procedures and criteria relative to passport entitlement. Quality review results are reported on the weekly Tactical Dashboards. These dashboards are prepared by ESDC’s BIOP divisional management, with any issues escalated to the Division’s Director. The results of these reviews should include any identified quality assurance issues and actions taken to resolve them, and are to be reported by ESDC to IRCC at least every quarter.

However, quality assurance monitoring of data fields related to performance measurement and reporting against service standards (i.e. the application reception date and processing complete date / ready for delivery date) is not currently conducted. Given the audit findings related to the management control framework for performance measurement of the service standards, periodic monitoring of the critical data fields for measuring processing times would help ensure that the Program adheres to requirements and that the strong performance related to service standards to date is maintained. In addition, as business processes are improved or changed in the future, monitoring key data fields would provide management with performance data to assess any potential impacts on service standards.

Recommendation (medium risk)

The Assistant Deputy Minister, Operations should review and update the guidance provided to passport processing centers related to capturing, recording, and monitoring of application processing times to ensure that all data collected supports IRCC’s compliance with requirements under the UFA.

Establishment of user fees and complaint resolution

The establishment of the user fee was determined through complex cost and revenue calculations based on supported assumptions and projections. The user fee analysis was reviewed and approved by IRCC senior management prior to being submitted to the Treasury Board. A Fee-for-Service Proposal and an Impact Assessment of the Fee-for-Service Proposal were also created and published on the IRCC web site. This was done to communicate to clients the change in the user fee structure and related impacts. These documents included supporting statistical data, projected revenues and expenditures over the 10-year business cycle as well as a fee comparison with other countries. In addition, the disclosures and complaint procedures in place when the Program’s user fees were reviewed and updated in 2013-14 were in accordance with the UFA.

Conclusion

Overall, IRCC has adequate policies and procedures in place to support compliance with the UFA. Governance bodies were established to oversee monitoring and reporting against the performance standards. Roles, responsibilities and accountabilities for personnel within IRCC, as well as between the department and ESDC, were defined and communicated. A management control framework was established to identify and address most data integrity issues in a timely manner and instances of non-compliance with the performance standards. In addition, the disclosures and complaint procedures in place when the Program’s user fees were reviewed and updated in 2013-14 were in accordance with the UFA.

An area for improvement was identified to review and update the guidance provided to processing centers related to the capturing, recording, and monitoring of application processing times to ensure that all data collected supports IRCC’s compliance with requirements under the UFA.

Management has accepted the audit findings and developed an action plan to address the recommendations.

Appendix A – Management Action Plan

Recommendation – medium risk

The Assistant Deputy Minister, Operations should review and update the guidance provided to passport processing centers related to capturing, recording, and monitoring of application processing times to ensure that all data collected supports IRCC’s compliance with requirements under the User Fee Act.

Management Action Plan

Management accepts this recommendation.

The Citizenship and Passport Operational Coordination Branch (CPOC) will act on the recommendations by:

Updating guidance to processing centres in current operational environment (IRIS)
  1. Reviewing the guidance provided to processing centres on the appropriate procedures to manage files that have been placed in pending. The review will provide greater clarity on when a file is considered to be “complete” for purposes of monitoring adherence to service standards.
    • OPI: ADM Operations
    • Due Date: February 19, 2016
  2. Based on the review, identifying / proposing updates to the related guidance to be provided to processing centres.
    • OPI: ADM Operations
    • Due Date: February 26, 2016
  3. Consulting on and obtaining requisite approvals for any proposed updates to the guidance.
    • OPI: ADM Operations
    • Due Date: March 11, 2016
  4. Communicating any and all updated guidance to processing centres.
    • OPI: ADM Operations
    • Due Date: March 18, 2016
Ensuring that any existing or updated guidance provided to processing centres is incorporated into quality assurance procedures.
  1. Reviewing the criteria governing the Quality Assurance Program (QAP) as they relate to Program compliance with requirements under the User Fees Act and related regulations.
    • OPI: ADM Operations
    • Due Date: February 19, 2016
  2. Amending the relevant criteria in the QAP to ensure compliance with guidelines.
    • OPI: ADM Operations
    • Due Date: March 7, 2016
  3. Communicating to Processing Centre employees regarding any amendments made to the QAP as a result of this review and the date that these amendments will be in effect.
    • OPI: ADM Operations
    • Due Date: March 31, 2016

Appendix B – Applicable legislation, policies, and directives

  1. User Fees Act, Department of Justice, March 2014
  2. Revolving Funds Act, Department of Justice, 1985
  3. Passport Canada’s Fee-for-Service Proposal to Parliament, March 2012
  4. Passport Canada’s Impact Assessment Fee-for-Service Proposal, March 2012
  5. Passport and Other Travel Document Services Fees Regulations, Department of Justice, March 2014
  6. Policy on Special Revenue Spending Authorities – Appendix D

Page details

Date modified: