Internal audit of program integrity: Immigration and temporary resident programs
Internal Audit & Accountability Branch
15 Feburary 2018
- The audit of the Program Integrity of the Immigration and Temporary Resident programs was included in the Department’s 2017-2020 Risk-Based Audit Plan, which was reviewed by the Departmental Audit Committee at the February 2017 meeting and subsequently approved by the Deputy Minister.
- Immigration, Refugees and Citizenship Canada (IRCC) delivers a wide range of immigration programs on behalf of the Government of Canada under the authority of the Immigration and Refugee Protection Act (IRPA). IRCC officers determine the eligibility of foreign nationals to become permanent or temporary residents of Canada, and offers Canada’s protection to those who qualify as refugees. IRCC facilitates the arrival of immigrants and temporary visitors by assessing applications to determine an applicant’s eligibility. Eligibility is determined by the conditions of the immigration or temporary resident program for entering and remaining in Canada.
- IRCC processing officers assess applications for eligibility in an environment with increasing application volumes and the expectation to meet service standards. They have the responsibility to ensure the integrity of the immigration program and the prevention of fraud. Thus, this means that they must ensure that applicants seeking to immigrate or temporarily visit Canada are properly identified, have valid documents and provide complete and accurate information. The IRPA and Immigration and Refugee Protection Regulations establish the requirements to make a determination on eligibility and admissibility to Canada.
- Program integrity is the delivery of the right service to the right person for the right reason in a consistent manner. Departmental officials have to manage program integrity to assure Canadians, partners and the international community that IRCC’s decisions on eligibility and inadmissibility are well-founded and support the Minister in upholding their responsibilities under IRPA.
II. Audit objective, criteria, scope and methodology
Audit Objective and Criteria
- The audit objective was to assess the adequacy and effectiveness of program integrity practices in place to support immigration and temporary resident program processing.
- Criteria were selected to evaluate the extent to which the Department has met the audit objective. The criteria was based on internal and external sources, and leading practices.
- A governance structure was established to effectively operate and support program integrity activities across the delivery processing networks;
- Program integrity activities were planned and conducted in a manner that supports improved decision-making across the three processing networks; and
- The results of program integrity activities were shared across the networks and used to improve program delivery.
- The scope covered the period from April 1, 2015 to November 30, 2017. This time period was, in some cases, expanded up to April 1, 2011 to consider ongoing program integrity requirements as established by the 2011 Program Integrity Frameworks.
- The examination of the program integrity activities for the Passport, Refugee, Citizenship and Settlement Programs were excluded from this audit, in addition to those conducted by IRCC’s partners, such as CBSA.
- The following audit procedures were performed:
- Review of applicable legislation and policy documents;
- Review of key supporting documents and relevant background documentation such as the Program Integrity Frameworks and Program Integrity Guides;
- Conducted tests and examination of steps of key processes, procedures, and systems;
- Conducted interviews with key personnel; and,
- Conducted site visits to IRCC offices across Canada and Migration Programs at selected missions abroad, including::
- Regional offices in the CN (CPC-Mississauga, CPC-Ottawa, OSC),
- Regional offices in the DN (Edmonton, Vancouver, Etobicoke), and
- A select sample of IRCC Migration Offices abroad (London, Accra, Abu Dhabi, Beijing, Shanghai, Hong Kong and Guangzhou).
Statement of Conformance
- The audit is in conformance with the Internal Auditing Standards for the Government of Canada as supported by the results of the quality assurance and improvement program.
III. Audit findings and recommendations
Program Integrity Framework
- IRCC developed a department-wide Program Integrity Framework, which came into effect on April 1st, 2011. The purpose of this Framework was to fully integrate risk management, quality assurance, and fraud deterrence and detection into IRCC’s day-to-day operations. This would be accomplished by integrating systematic program risk management into all IRCC programs, promoting consistent program risk management across the Department, and emphasizing the need for continuous monitoring and review of program risk management processes over time.
- Two categories of activities were identified to put in place program integrity in IRCC’s immigration and temporary resident programs: program adherence and risk management.
Program Integrity Activities
Aims at ensuring that IRCC staff and applicants comply with established policies and procedures and that IRCC is delivering accurate and timely products and services.
The verification of accuracy, consistency and timeliness of the steps taken in processing an application to ensure that they were being assessed within the legislative Framework provided by the Acts and their respective regulations and operating guidelines. It is also focusing on whether decisions taken were compliant in law and fact.
The assessment of whether the end results met established standards (i.e. did a visitor visa counterfoil have any flaws).
The targeting of cases, business lines, or specific entities where fraud is known or is suspected to exist with a view to quantifying its incidence and developing tools to mitigate or prevent it.
Aims at providing the department with greater capacity to identify risk indicators and measure risks in all lines of business.
The establishment of current performance on a line of business in order to return at a later point and determine how/if performance has changed.
The review of procedures in a line of business to identify whether risk mitigation efforts were sufficient or require strengthening.
Establishing Risk Indicators
Analysis of quality assurance and anti-fraud activities supplemented by baselining and risk assessments on a line of business to allow IRCC to uncover and measure trends and patterns of program abuse (indicators of risks)
Risk-tiering and Triage
Once the predicted likelihood of risk is identified, files or cases can be handled by procedures and assigned to offices and staff as deemed appropriate.
- The program integrity activities cover a wide range from assessing a processing officer’s compliance with operating procedures to detecting application fraud, trends and program abuse. The program integrity activities were identified as stand-alone activities to be completed separately from routine application processing. They were to be conducted on an ad-hoc basis as the activities were not embedded as part the processing procedures.
- The 2011 Program Integrity Framework was to be reviewed every three years or as required. Since 2011, multiple versions have been drafted but none were finalized or approved.
- Despite the rapid growth in intake of applications since 2011, as well as the developments and implementations of new procedures in processing applications, the Program Integrity Framework and the Program Integrity Activities have not been updated to reflect the advancements in the immigration and temporary resident programs.
- Having an up-to-date and approved framework that reflects the current reality of the processing networks would better support and guide processing offices in the delivery of departmental programs, and demonstrate a firm commitment to the importance of program integrity.
Roles and Responsibilities
- The Framework defines the roles and responsibilities for officials across the Department to carry out activities to ensure program integrity. Processing networks are responsible to plan and conduct program integrity activities, and Integrity Risk Guidance Branch (IRGB) is responsible to support the program integrity activities by providing guidance, monitoring and following-up on the results of these activities.
- As such, program integrity activities are a shared responsibility between the processing networks and IRGB. However, the role and responsibility for the oversight of ensuring the implementation of the Framework was not adequately defined, resulting in a governance gap for program integrity. Officials across the processing networks were not always clear on the requirements or their responsibilities in implementing the Framework and IRGB’s responsibility for monitoring and following-up on program integrity activities.
Tools and Guidance
- As part of its role and responsibility to support the program integrity activities across the processing networks, IRGB developed guidance and tools that were available on the departmental internal website (intranet). These included:
- Program Integrity Guide;
- Quick Start Guide;
- Program Integrity Tool;
- Program Integrity Exercise Repository; and
- Program Risk and Fraud Trends Analysis Tool.
- Processing officers were not always aware that these guides and tools were available. Also, the Program Integrity Tool, which is a web-based application created by IRGB to facilitate program integrity activities, was not easily accessible to processing officers working overseas at Migration Offices abroad.
- The processing networks have also developed their own program integrity tools. For example, in 2016; the Centralized Network, in collaboration with the International Network, created the Validation and Verification Process. This program integrity exercise was developed to ensure the quality and validity of information submitted by an applicant, detect potential fraud, and validate the criteria to triage and share the specific caseload across the networks.
- A challenge in regards to the delivery of the right service to the right person for the right reason in a consistent manner, which is the departmental definition of program integrity, is that the processing officers were not always making use of the tools and guidance available to support the implementation of program integrity activities across the processing networks.
Program Integrity Exercises
- In accordance with the Program Integrity Framework, the processing networks were required to develop a Program Integrity Annual Plan and encouraged to share their plans with IRGB. As part of the plan, the processing networks were required to determine a minimum number of program integrity exercises to complete. The networks were expected to report and share the results of the program integrity exercises they conducted and use the results to strengthen and improve program integrity.
- The International Network had a Program Integrity Annual Plan for the majority of its Migration Offices for the last three fiscal years. These were developed as part of the Migration Offices’ International Network Integrated Management Plan (INIMP). The INIMP is an annual planning and forecasting tool which is intended as a tool for effective planning and management of human, financial and material resources to achieve program delivery objectives at a Migration Office.
- The International Network had set its minimum number at two program integrity exercises per year per Migration Office. The majority of the Migration Offices did not meet the requirement to complete a minimum of two program integrity exercises during the last three fiscal years.
- The Centralized Network had a Program Integrity Annual Plan for 2017-18, and had set its minimum number at four program integrity exercises per year per Case Processing Centre. However, at the time of the audit, the plan was in draft and had not been approved at the Director General level. In addition, the program integrity exercises in the plan were not based on identified program integrity risks.
- The Domestic Network, which was recently created, did not have a Program Integrity Annual Plan. Officials from the Domestic Network indicated that they participated in the program integrity exercises across the processing networks and conducted quality assurance exercises to assess the quality of decision-making. This was done through supervisor review of processing officer decisions.
- Overall, many of the plans were not shared with IRGB and there is no standardized process to develop, implement and monitor plans to conduct program integrity exercises across the processing networks. Without an established process to review and revise program activity plans, there is a risk that important elements of program integrity (risk management, quality assurance, and fraud detection and deterrence) are not consistently incorporated into their daily work across the processing networks.
Repository of completed Program Integrity Exercises
- One of IRGB’s roles and responsibilities is to maintain the Program Integrity Exercise Repository. All processing offices are encouraged, but not required, to send their program integrity exercise reports to IRGB to be added to the repository so that the results can be shared across the processing networks. The records indicated that not all reports were forwarded for retention in the Repository.
- There were 79 program integrity exercise reports entered into the Repository from January 2016 to October 2017. Of these, 42 reports included recommendations. It was noted that there was no follow-up on the recommendations, and responsibility for tracking and monitoring the implementation of these recommendations were not established.
- While there is a system in place to retain information about program integrity exercises conducted throughout the processing networks, it is not always being used. In addition, the system lacks information to ensure the implementation of the recommendations. Without an accurate record of the program integrity exercises conducted across the processing networks, there is a risk that officials lack the necessary information to know whether the Department is delivering on its commitment to ensuring program integrity across the processing networks.
Program Integrity Exercises across the Processing Networks
- In addition to program integrity exercises conducted by each processing office, there were also exercises conducted across the processing networks. For example, quality assurance exercises were conducted across the networks to review a specific area or concern with a particular caseload. The focus of these exercises was to ensure that processing officers were complying with established policies and procedures by reviewing the consistency of decision-making and the documentation of decisions for the specific caseload.
- The Program Integrity Framework (2011) indicated that IRGB was to conduct one network-wide program integrity activity each year. In 2013, the requirement increased to two exercises per year.
- From 2011 to 2013, the required one-per-year network-wide activity was conducted. However, since 2014, only two network-wide exercises have been conducted.
- As the Department continues to shift from place-based to capacity-based and activity- based processing of its immigration and temporary resident applications, it is imperative that the Department have a robust program integrity process in place to support processing across the networks.
- Recommendation 1. The Assistant Deputy Minister, Operations Sector should review and revise the Program Integrity Framework so that it is updated and reflects the reality of a shared workload across the processing networks. The review should consider how the department defines program integrity and the broad range of exercises included under program activities.
- The Framework should clearly identify the roles and responsibilities, including the oversight role for ensuring implementation; have clear and measurable performance expectations supported by a rigorous approach to planning and implementation. This would help to ensure that program integrity exercises are consistently carried out, monitored, tracked, adjusted using a risk-based approach, and that results are shared across the processing networks.
- The Framework and the supporting tools and guidance should be well communicated and accessible across the processing networks and the supporting Branches so that program integrity is embedded in the immigration and temporary resident programs.
- The Operations Sector developed a department-wide Program Integrity Framework in 2011. The Integrity Risk Guidance Branch along with the processing networks have planned and conducted some program integrity exercises in order meet the expectations set out in the framework.
- Opportunities for improvement were identified to strengthen the commitment to program integrity and to better mitigate the risks related to the integrity of the immigration and temporary resident programs. These included updating the Program Integrity Framework to reflect the current reality of processing across the networks, establishing clear roles and responsibilities; and communicating the revised Framework and tools and guidance across the processing networks.
Appendix A – Management response
The Assistant Deputy Minister, Operations Sector should review and revise the Program Integrity Framework so that it is updated and reflects the reality of a shared workload across the processing networks. The review should consider how the department defines program integrity and the broad range of exercises included under program activities.
The Framework should clearly identify the roles and responsibilities, including the oversight role for ensuring implementation; have clear and measurable performance expectations supported by a rigorous approach to planning and implementation. This would help to ensure that program integrity exercises are consistently carried out, monitored, tracked, adjusted using a risk-based approach, and that results are shared across the processing networks.
The Framework and the supporting tools and guidance should be well communicated and accessible across the processing networks and the supporting Branches so that program integrity is embedded in the immigration and temporary resident programs.
The Assistant Deputy Minister, Operations Sector, agrees with this recommendation.
The 2011 Program Integrity Framework will be replaced by a newly-developed Framework for Managing Integrity Risk (Framework) and a companion Policy on Managing Integrity Risk (Policy).
The Framework will define the concepts of program integrity, integrity risk and integrity risk management. It will outline the Department’s approach to ensuring integrity in the delivery of IRCC programs and services, promoting the identification and mitigation of integrity risk as key elements of sound policy and program design, development and service delivery. The Policy will provide guidance on how to ensure program integrity in IRCC operations, with the expected result that, through the application of integrity risk management considerations, activities and mitigations, IRCC’s lines of business will consistently use evidence- and risk-based approaches to monitor, track, and continuous improve program integrity and decision-making.
Operationally, responsibility for conducting program integrity activities is shared between program areas and the processing networks. As the focal point for managing integrity risk in Operations Sector, the Integrity Risk Guidance Branch will continue to develop integrity risk tools, systems and processes; provide support to manage integrity risk and mitigation across the continuum of IRCC programs and services; engage with key stakeholders on managing integrity risk issues; and communicate these activities across the Department.
- Date modified: