Follow-Up Audit of the Immigration and Refugee Board of Canada Regional Offices

Printable version (PDF, 139 KB)

 

February 2013

FINAL REPORT

Prepared by

INTERNAL AUDIT DIRECTORATE

Table of Contents

  1. Executive Summary
    1. 1.1 Background
    2. 1.2 Audit Objective
    3. 1.3 Scope
    4. 1.4 Key Findings and Recommendations
    5. 1.5 Conclusion
  2. Introduction
    1. 2.1 Background
    2. 2.2 Audit Authority
    3. 2.3 Audit Objective
    4. 2.4 Scope
    5. 2.5 Methodology
    6. 2.6 Audit Criteria
  3. Observations and recommendation
    1. 3.1 Security
    2. 3.2 Financial Transactions
    3. 3.3 Interpreter Services
    4. 3.4 Human Resources
    5. 3.5 Corporate Oversight
  4. Conclusion
  1. Appendix A – Audit Objectives and Criteria
  2. Appendix B – Management Response and Action Plan

1. Executive Summary

1.1 Background

The Immigration and Refugee Board of Canada (IRB) is an independent quasi-judicial tribunal accountable to Parliament through the Minister of Citizenship, Immigration and Multiculturalism. With a mission to resolve immigration and refugee cases fairly, efficiently and in accordance with the law, the IRB conducts proceedings principally in three Regional Offices, located in Toronto, Montreal and Vancouver.

In order to provide IRB management with information on the adequacy and effectiveness of management controls with respect to the Board’s regional operations, an audit of IRB Regional Offices was conducted in 2008. That audit was designed to provide management with independent assurance regarding the design and operating effectiveness of those key controls critical to managing administrative areas of highest risk, namely with respect to financial transactions, interpreter services, human resources (HR) management and security. This audit is the follow-up to the 2008 Audit of the Regional Offices. It was performed by the Internal Audit and Integrity Directorate in accordance with the IRB’s Risk-Based Audit Plan 2010/11 to 2012/13.

1.2 Audit Objective

This is a follow-up audit engagement undertaken further to the 2008 Audit of the Regional Offices. Its purpose is to verify and provide assurance related to the implementation of commitments made by management arising from the 2008 audit recommendations, and identify any gaps or discrepancies.

1.3 Scope

The follow-up audit of the IRB Regional Offices was conducted from March 2012 to May 2012. The scope of this audit included specific administrative processes within the control of the three IRB Regional Offices:

  • Central Region (Toronto);
  • Eastern Region (Montreal); and
  • Western Region (Vancouver).

The administrative processes examined, to the extent that they are performed in any given Regional Office, included:

Security
Security Framework
Risk Management CasesNote 1

Financial Transactions
Accounts Payable
Travel
Procurement

Interpreter Services
Interpreter Pay
Interpreter Contracts

Human Resource Management
Staffing Practices

Corporate Oversight

The sample of transactions for testing the effectiveness of management controls for the above elements was selected from the period July 2011 to March 2012. Field testing was conducted on-site in each Regional Office in April 2012.

1.4 Key Findings and Recommendations

Interpretation and operation of management controls were generally effective across the regions in accordance with the commitments made by management in relation to the 2008 audit recommendations. However, we noted that the inconsistent application of certain controls was affecting the Regional Offices’ ability to consistently demonstrate compliance with applicable standards and policies.

1.4.1 Security:

Findings

The Security Policy developed in March 2009 lacks the following:

  • Defined roles and responsibilities of the Regional Security Officers (RSOs);
  • The respective roles and responsibilities of the Regional Directors (RDs) and the Departmental Security Officer (DSO) in the area of security practice applied in the Regional Offices;
  • Procedures to define what is meant by a risk management case and a consistent approach to deal with security measures for such cases; and
  • A systematic approach to handle Threat and Risk Assessment (TRA) recommendations.
Recommendations
  1. The Security Policy should be reviewed given the imminent changes to the organizational structure in the regions that are taking place in 2012-2013. This exercise should include a review of the roles and responsibilities of the RSOs, the relationship between the DSO and the RDs in the area of security practices, and the establishment of clearly defined procedures for the implementation of recommendations arising from TRAs.
  2. Define criteria for what is meant by risk management cases and develop a procedure to ensure risk management cases are dealt with in a consistent manner.

1.4.2 Interpreter Services:

Findings
  1. The manual inputting of hours worked by interpreters into the Interpreter Pay System (IPS) leads to minor errors in the hours for which interpreters are paid.
  2. There is no procedure to monitor deficiencies identified in interpreters’ language testing.
Recommendations
  1. Implement a standardized way of capturing interpreter hours on the timesheets.
  2. Develop an effective system to ensure hours logged into IPS are accurate.
  3. Develop an IRB-wide procedure to address the following:
    • Monitor the foreign language and French and/or English test results for all interpreters and apply corrective measures if necessary, such as retesting when an interpreter has failed a test or setting up required testing for languages not previously tested; and
    • Implement a solution to address the testing of uncommon languages where no standardized tests exist.

1.4.3  Corporate Oversight:

Findings

A Core Management Control Framework was developed in 2008 as part of the management action plan in response to the 2008 Audit of Regional Offices but was only partially implemented.

Recommendations

A review by senior management of the 2008 Core Management Control Framework and its action plan is recommended, with a focus on aligning the Framework with the current and emerging risks identified in the national and regional risk registers. The resulting realignment of risks and their applicable control measures should be relevant to and reflective of current changes to the organizational structure in the Regions.

1.5 Conclusion

Notwithstanding the observation of certain minor variances, our overall conclusions are:

  • Administrative processes that the audit reviewed generally comply with relevant IRB and Government of Canada policies and procedures; and
  • The related management controls generally reflect the design and operational effectiveness objectives associated with the detailed audit criteria listed in Appendix A.
  • These conclusions are based on the examination of samples of files and transactions dated between July 1, 2011 and March 31, 2012.

The management action plan responding to the Audit recommendations is included in Appendix B.

The audit was conducted in accordance with generally accepted internal auditing standards and the requirements set out in the Treasury Board Secretariat (TSB) Policy on Internal Audit.

2. Introduction

2.1 Background

The Immigration and Refugee Board of Canada is Canada's largest administrative tribunal. On behalf of Canadians, the IRB resolves immigration and refugee cases efficiently, fairly, and in accordance with the law. The Chairperson of the IRB reports to Parliament through the Minister of Citizenship, Immigration and Multiculturalism. The Chairperson provides leadership and guidance to the organization and is responsible for the supervision and direction of the personnel and work of the Board.

At the time of the audit, the IRB fulfills its mandate through three divisions: the Refugee Protection Division (RPD), the Immigration Division (ID) and the Immigration Appeal Division (IAD). On December 15, 2012, a fourth division, the Refugee Appeal Division (RAD), was established with the coming into force of the Balanced Refugee Reform Act (BRRA) and the Protecting Canada’s Immigration System Act (PCISA). The IRB conducts proceedings principally in three Regional Offices, located in Toronto, Montreal and Vancouver. Approximately 65% of the IRB’s workload is processed in Toronto, 25% in Montreal and 10% in Vancouver. In addition, a small number of proceedings are conducted in other locations, including Calgary, Edmonton, Niagara Falls and Halifax.

The IRB has a fiduciary obligation to ensure that its operations, including its administrative functions, comply with its own policies and procedures as well as requirements set by the Government of Canada. To ensure compliance, a strong management control framework over key financial and administrative processes is vital to ensure sound stewardship of public funds and the safeguarding public trust and confidence.

The IRB continues to invest in various management controls that are designed to ensure that it carries out its business efficiently and effectively. In order to provide IRB management with information on the adequacy and effectiveness of these controls, an audit of IRB Regional Offices was conducted in 2008. That audit was designed to provide IRB management with independent assurance regarding the design and operating effectiveness of those key controls critical to managing the areas of highest risk, namely financial transactions, interpreter services, HR management and security.

2.2 Authority

This audit is a follow-up to the 2008 Audit of the Regional Offices. It was performed by the Internal Audit Directorate in accordance with the IRB’s Risk-Based Audit Plan 2010/11 to 2012/13, which was approved by the Chairperson on October 20, 2010. The audit was conducted in accordance with generally accepted internal auditing standards as set out in the TBS Policy on Internal Audit.

2.3 Audit objective

The objective of the follow-up to the Audit of IRB Regional Offices is to conduct an audit engagement to verify and provide assurance related to the implementation of commitments made by management arising from the 2008 audit recommendations, and identify any gaps or discrepancies.

2.4 Scope

The scope of this audit included specific administrative processes within the control of the three IRB Regional Offices:

  • Central Region (Toronto);
  • Eastern Region (Montreal); and
  • Western Region (Vancouver).

The administrative processes examined, to the extent that they are performed in any given Regional Office, included:

Security
Security Framework
Risk Management Cases

Financial Transactions
Accounts Payable
Travel
Procurement

Interpreter Services
Interpreter Pay
Interpreter Contracts

Human Resource Management
Staffing Practices

Corporate Oversight

Field testing was conducted on-site in each Regional Office during April 2012. The sample of transactions for testing the effectiveness of management controls dated from July 2011 to March 2012

The scope of this audit was limited to above-mentioned administrative activities that are within the control and the responsibility of each regional office. The audit did not include Information Technology (IT) functionalities, IT security issues, and core business processes, such as case management, adjudicative support or adjudicative decision-making.

2.5 Methodology

The follow-up Audit was conducted in three phases:

  • Planning phase;
  • Examination phase; and
  • Reporting phase.

Planning Phase

The following steps were completed during the planning phase of the engagement:

  • Review of relevant background documentation and applicable policies;
  • Interviews with selected Senior Management Representatives at Headquarters; and
  • Interviews with each Regional Director and Responsibility Centre Managers of the three Regions.

Based on the information gathered during the planning phase, audit criteria and related sub-criteria were developed in accordance with the audit objective – refer to Appendix A for details.

Examination Phase

The fieldwork was conducted on-site at each of the three Regional Offices, and included the following activities:

  • Performed a detailed process walk-through for each administrative process included in the audit;
  • Tested the effectiveness of key controls and compliance testing in each region on a sample of transactions for each administrative process;
  • Debriefed Management Representatives at each Regional Office prior to the completion of each visit; and
  • Analyzed and summarized the discrepancies, if any, between the Management Action Plan arising from the 2008 Audit of Regional Offices and the findings of this follow-up Audit.

Reporting Phase

  • Validated the audit fact sheets with the RDs and Responsibility Centre Managers;
  • Developed the draft audit report based on the audit fact sheets;
  • Briefed Senior Management Auditee Representatives on the audit findings and recommendations in the draft audit report;
  • Asked Senior Management Auditee Representatives to complete a Management Action Plan and associated schedule; and
  • Presented the final report with a completed Management Action Plan to the Departmental Audit Committee (DAC) and the Chairperson.

2.6 Audit Criteria

In accordance with the audit objective, a set of criteria and related sub-criteria was developed for the administrative processes examined based on the 2008 Management Action Plan. A detailed list of the criteria applicable to this audit is included in Appendix A - Audit Objectives and Criteria

3. Observations and recommendations

3.1 Security

3.1.1 Security Framework and Risk Management Cases Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Appropriate security measures are in place in the regions to address the most recent TRA and increased risks associated with specific hearings, we would expect that:

  • An IRB-wide regional security framework has been developed; and
  • A procedure outlining the steps required to address Risk Management Cases has been developed.

3.1.2 Security Framework Observations

The audit of IRB Regional Offices in 2008 recommended the following actions related to the security framework (3.1.1 (a)):

  • Develop a Board-wide regional security framework including defined responsibility for the DSO and the RSO; and
  • As part of the regional security framework, develop a priority list for implementation of Threat Risk Assessments.

After interviewing the DSO and the Manager, Security Services in Ottawa and visiting the three Regional Offices, we made the following observations:

  • Although the IRB does not have a complete security framework, it has developed an IRB security policy with sub-policies (e.g. Security sweep policy, Site access policy);
  • The role of the RSOs, which is assumed as part of the duties of the Responsibility Centre Manager in each region, report to their respective Regional Director and there is no functional reporting relationship with the DSO;
  • The role of RSOs is not defined in the IRB security policy;
  • TRAs are conducted every two years and a follow-up is done when the next TRA is completed. Some recommendations recur in every report examined without an indicated that they have been acted upon; and
  • When implementing TRA recommendations, the RSO/Responsibility Centre Manager, in conjunction with the RD, decide what recommendations will be implemented. It is noted that consultation with the Headquarters security staff is optional when implementing TRAs.

3.1.3 Risk Management Cases Observations

As part of the 2008 audit report on IRB regional offices, the following recommendation was made:

  • Outline the procedures to address Risk Management Cases including the definition of a Risk Management Cases and responsibilities of DSO and RSO (3.1.1);

The audit team examined three risk management cases in Central Region and two in Western Region for the period of July 1, 2011 to March 31, 2012. No examination could be undertaken in the Eastern Region because it does not track such cases and therefore has no relevant documentation. The following observations were made:

  • There are no national written procedures to define a risk management case and the specific steps involved in dealing with such cases;
  • The Central Regional Office is the only Region with draft security procedures for addressing security issues related to risk management cases in its hearing rooms at the Immigration Holding Centre;
  • All three Regions determine their own procedures when addressing risk management cases. Consultation with Headquarters security staff is considered optional in all three Regions;
  • The three cases examined in the Central Regional Office demonstrated that the RSO performed a risk assessment and actions were taken to address security issues. The two cases examined in the Western Regional Office showed that some informal procedures developed locally were followed. However, in both Regions there was a lack documentation of follow-up actions or lessons learned from these cases;
  • For all three Regions, there are no files to document information related to these risk management cases;
  • There is no tracking of risk management cases where extra security was originally requested but subsequently determined not to be necessary;
  • There were no security incidents in connection with the risk management cases that were reviewed; and
  • Headquarters security staff has provided the Regions with a template to be used as a tool to determine if extra security is needed to address risk management cases but it is not being used in any Region.

3.1.4 Security Conclusion

The Security Policy developed in March 2009 lacks the following:

  • Defined roles and responsibilities of the RSO;
  • The respective roles and responsibilities of the RDs and the DSO are not clearly defined in the area of security practice in regional offices;
  • No definition exists as to what constitutes a risk management cases and no uniform procedures are in place to ensure that such cases are dealt with in a consistent fashion; and
  • A systematic approach to respond TRA recommendations.

3.1.5 Security Recommendations

We recommend that the Departmental Security Officer:

3.1.5.1 Complete a review the IRB Security Policy to ensure alignment with the refugee reform-related changes to the organizational structure in the Regions. This should include the roles and responsibilities of the RSO, the relationship between the DSO and the RDs in the area of security practices in Regional Offices, and the establishment of clearly defined procedures for the implementation of recommendations arising from the TRAs.

3.1.5.2 Define criteria for what is meant by risk management case and develop procedures to ensure risk management cases are dealt with in a consistent manner.

3.2 Financial Transactions

3.2.1 Accounts Payable Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Appropriate operational and financial controls are in place to ensure effective and efficient verification and payment of accounts. We would expect that:

  • Financial Procedures are used and training is provided to managers.

3.2.2 Accounts Payable Observations

The audit team verified 25 accounts payable transactions in each of the three Regions. Since the last audit, the practice of attaching a label to each invoice for verification of Sections 34 and 33 of the Financial Administration Act (FAA) has been implemented. When an invoice is received by regional finance, a label is attached and the invoice is sent to the responsible manager, along with any other relevant documentation, for Section 34 verification, including confirmation that the goods were received or service provided. Once the documentation is returned to regional finance, quality assurance is undertaken and followed by Section 33 sign off by the regional finance officer. Checklists for Section 34 verification and quality assurance have been developed by Headquarters finance but the audit team found no evidence of their use in the Regions. Section 34 verification and quality assurance was simply signed off or initialled to indicate that it had been completed.

While Headquarters finance has been carrying out monitoring of accounts payable processed in the regions, it ceased doing so as of April 1, 2011 due to a lack of resources.

Managers who have delegated authority under Section 32 and 34 are required to undergo mandatory training. The Western Region has initiated an annual review of delegated authorities, and conducts an annual refresher session for managers to remind them of their specific obligations.

3.2.3 Accounts Payable Conclusion

Overall, the accounts payable function was adequate for the time period reviewed for all three Regions.

3.2.4 Travel Audit Criteria from the 2008 audit of regional offices management action plan - applicable to only Eastern Office as there was a gap identified in the 2008 audit

Travel reimbursements in the Eastern Region comply with the Treasury Board Secretariat (TBS) Travel Directive and applicable IRB travel policies. We would expect that:

  • All travel is formally pre-approved;
  • All deviation from the policy is appropriately documented for justification and attached for Section 34 approvals; and
  • Section 33 verification is completed prior to payment being issued.

3.2.5 Travel Observations

The audit team examined 25 travel transactions in the Eastern Region. We observed that all transactions complied with TBS Travel Directive and applicable IRB travel policies. Section 32 was pre-approved for all travel requests prior to the date of travel. Compliance in this regard is facilitated by a built-in control in the Electronic Management Tool (EMT). Flights cannot be booked in Travel AcXess unless the responsible manager has approved Section 32. Once Section 32 is approved, a Travel Authorization Number (TAN) is generated by the system. Section 34 was approved in all cases by the responsible manager and accommodation and meal costs were within the allowable limits.

3.2.6 Travel Conclusion

The sample selected from the Eastern Region complies with the TBS Travel Directive and applicable IRB travel policies.

3.2.7 Procurement Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Contracting processes in the Western and Central Regions comply with TBS procurement policies. We would expect that:

  • All documentation required to support a completed procurement process is kept with the contract file.

3.2.8 Procurement Observations

The audit team reviewed 15 transactions in the Western Region and 15 transactions in the Central Region, verifying that there was a valid contract with proper Section 32 authorization, along with documentation indicating that a Request for Proposals (RFP) was properly undertaken and kept on file. When contracting for goods or services, Regional Offices use regional purchase orders, call-ups against standing offers, regular contracts, letters of agreement and regular purchase orders. We found that all transactions over $10,000 were sent to Headquarters procurement for FAA Section 41 authorization.

In the Western Region, there was one case where a contract could not be located to substantiate the payment of a telephone bill. As services to the department by the Public Works and Government Services Canada (PWGSC), large telephone contracts for the provision of services across different departments are held by PWGSC. As such, no copy of the contract in question could be located. However, effective April 1, 2012, these types of contracts were assumed by Shared Services Canada.

In the Central Region, of the 15 transactions selected for review, 14 were in compliance with the TBS policy. However, in one case the procurement file could not be located.

3.2.9 Procurement Conclusion

Contracting and procurement practices in the Western and Central Regions generally comply with applicable TBS procurement policies.

3.3 Interpreter Services

3.3.1 Interpreter Pay Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

The process to verify interpreter payments ensures compliance with IRB policies and procedures and applicable TBS policies. We would expect that:

  • The Financial Procedures on the Processing of Interpreter Payments has been updated and implemented;
  • A Quality Assurance (QA) checklist has been developed and implemented;
  • The Section 34 verification checklist has been amended and implemented; and
  • A robust verification process related to IPS batch transactions has been implemented.

3.3.2 Interpreter Payment Observations

The Audit of IRB Regional Offices conducted in 2008 recommended that financial procedures be updated, that the quality assurance and Section 34 verification checklists be modified to reflect the interpreter pay process and a robust verification process be implemented.

The financial procedures related to interpreter pay have been updated and came into effect in April 2009. The procedures clarify the roles and responsibilities of various key stakeholders in the process of paying interpreters. The quality assurance and Section 34 verification checklists have been modified for the interpreter pay process as recommended in the original audit.

The verification process in place in 2008 is still being used. This process involves the selection of a five-percent sample by regional finance from the batch of payments to be made which are then reviewed against the relevant timesheets and contracts.

The audit team reviewed a sample of 25 transactions in each of the Regions to verify if interpreter pay complies with IRB policies and procedures as well as applicable TBS policies. We assessed whether timesheets were completed for each interpreter on a daily basis, if these timesheets matched the hours logged into IPS, that the correct payment was made, and that Section 34 and 33 were signed by the respective delegated authorities. Although the process is similar in each Region, a number of differences were noted. The similarities pertain to the manual inputting of timesheet information, weekly batching by Headquarter Finance in Ottawa as well as the review of a five-percent sample to verify compliance with Sections 34 and 33. Central and Western Regions now have a minimum of four hours for a half-day of work by an interpreter and seven hours for a full-day. However, Eastern Region continues to use three hours and six hours respectively. The differences between regions are outlined below.

Eastern Region

The Eastern Region has developed its own program for the sign-in and sign-out of interpreters known as "Site d’accueil." This allows for a more accurate and efficient sign-in and sign-out process. The IPS supervisor does a 100 percent review of the hours inputted into the system as evidenced by the initialling of the hours in IPS.

Of the 25 samples reviewed in the Eastern Region, we found no errors with the recording of hours and payments made to interpreters.

Western Region

The Western Region uses manual timesheets that are logged to the minute and signed by the interpreter. Timesheet information is then inputted into IPS. There was no evidence to indicate that this information was reviewed by the IPS supervisor. For hearings in Calgary, Edmonton or Winnipeg, timesheets are faxed to Vancouver for processing. Once verification of the five-percent sample has been completed, Section 34 is verified by the Registrar and Section 33 authorized by Regional Finance.

Of the 25 Western Region transactions reviewed, we found three cases where no timesheet was available to substantiate the hours logged into IPS.

Central Region

Central Region uses an Excel spreadsheet to sign-in and sign-out interpreters. Time worked is logged in 15 minute intervals and not by the minute. For hearings held in Rexdale or Niagara Falls, the timesheets are handwritten and faxed to the Central Regional Office. Central Region also has separate logs that are completed by the member to capture information about the hearings such as the name of hearing participants and the time required to complete the hearing. These logs are used to confirm the information indicated on the timesheets.

Of the 25 transactions reviewed in the Central Region, we found one case where there was no timesheet to substantiate the hours indicated in IPS, one case where the hours indicated in IPS did not match the hours on the timesheet and three cases where minor inaccuracies involving immaterial amounts were noted.

3.3.3 Interpreter Payment Conclusion

The manual inputting of timesheet information into IPS leads to errors in the hours for which interpreters are paid. However, the process to pay interpreters complies with IRB policies and procedures.

3.3.4 Interpreter Payments Recommendation

We recommend that the Director General, Operations:

3.3.4.1 Implement a standardized method of capturing interpreter hours on timesheets.

3.3.4.2 Develop an effective system to ensure that hours logged into IPS are accurate.

3.3.5  Interpreter Contracts Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Controls are in place to ensure that interpreter services are contracted in accordance with IRB policies. We would expect that:

  • Valid language proficiency testing for all languages under contract, security clearances and contracts are on file.

3.3.6 Interpreter Contracts Observations

The audit team examined the interpreter contracts in the Eastern and Central Regions and the following observation were made:

  1. In the Eastern Region, 25 interpreter contracts were examined and all the contracts were approved and the contract dates were valid. The security clearances for all 25 interpreter contracts were valid. As for the foreign language(s) spoken under these individual contracts and French and/or English requirements, the following results were found. Specifically, where an interpreter had failed language testing, the individual contract was not amended accordingly:
    • One file could not be retrieved with all the supporting testing documents and no evidence was examined to substantiate successful foreign language testing and French and/or English testing;
    • One file had no documentation substantiating the successful testing of a foreign language and French and/or English;
    • Four files had no foreign language testing results documented because of the rarity of the language spoken;
    • Three files with no foreign language testing results documented;
    • Four files with failed French and/or English testing results; and
    • Two files with a failed foreign language testing result.

    No evidence was observed to indicate that the testing or retesting of interpreters was underway in cases where they had failed a language test or where results were not on file. For files with no existing standardized language test (i.e. on account of the language’s rarity), there was no evidence to indicate that specific measures had been taken to address this issue.

    It was also noted that the documents in the physical files were not structured in any specific order. There is also no evidence to indicate that a process exists to ensure that interpreters have valid testing results for foreign languages and French or English.

    However, the Eastern Region has developed a monitoring process in relation to contract expiry dates and security clearances.

  2. In the Central Region, 25 interpreter contracts were examined and the audit team found that all the contracts were approved and both the contact dates and security clearances were valid. However, the following issues were found with respect to language testing results:
    • Three files had no indication of French testing although French is a language on their contract (all three interpreters began working before the test was developed);
    • Five files had no foreign language testing results on file because of the rarity of the language spoken; and
    • Two files showed no evidence of retesting where the interpreter had failed a language test.

    It is noted that the Central Regional Office conducted a 100 percent audit of interpreter files in 2011 following which a checklist was developed and put in each file. The 2011 audit findings were similar to the findings of this audit.

    We also observed that as a good practice the test results were noted inside the front cover of the file for more effective monitoring by interpreter staff.

  3. Regional staff with whom the audit team met raised a number of issues regarding language testing. These include the lack of a standard procedure for testing in relation to rare foreign languages, as well as the quality of the test used for testing foreign language ability and the basis for establishing a passing mark of 70% percent.
  4. The audit team did not observe any evidence of a specific standard that would address the following issues:
    • the monitoring of expiry dates for contract and security clearances; and
    • the monitoring of the testing for foreign languages and for French and/or English.

    Further, there is no national process to address the monitoring of possible deficiencies in the quality of language testing and no national process for monitoring the expiry of contracts and security clearances. The IRB needs to manage the risk of having interpreters who were not properly tested and/or who have failed testing related to their language(s) of interpretation. This in return could have the following impact:

    • Signing contract with interpreters without knowing if they are properly qualified; and
    • Counsel and stakeholders challenging the interpreters’ work in hearings.

3.3.7 Interpreter Contracts Conclusion

All contracts reviewed were approved with dates and valid security clearances. However, procedures pertaining to language testing were found to be deficient in the sample that was examined.

3.3.8 Interpreter Contracts Recommendations

We recommend that the Director General, Operations:

3.3.8.1 Develop, in collaboration with the Regions, IRB-wide procedures to address the following:

  1. National procedures to properly monitor the foreign languages and French and/or English test results for all interpreters and bring collectives measures if necessary, such as retesting when a test has been failed or setting up testing for languages not previously tested; and
  2. Bring forward a solution to address the testing of rare languages where no standardized test currently exists.

3.4 Human Resources

3.4.1 Staffing Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Regional staffing practices are in compliance with IRB policies and consistent with the Public Service Employment Act (PSEA). We would expect that:

  • Staffing files are sufficiently documented in order to demonstrate compliance with the PSEA and applicable IRB policies.

3.4.2 Staffing Observations

The Public Service Commission (PSC) conducted an audit of IRB staffing activities in 2009 for the period from January 1, 2006 to June 30, 2009. As a result of the audit, the PSC required the IRB to present an action plan with deliverables – Departmental Staffing Accountability Reports (DSAR 2010/11 and 2011/12). After carefully reviewed the PSC audit report, we determined that our audit criteria were already encompassed in the PSC audit. In order not to duplicate the efforts of the PSC on the detailed review of the IRB action plan deliverables, we limited our audit scope to the verification of the DSAR reports and supporting documentation prepared by the IRB, the required action plan with deliverables as well as the PSC response to the IRB to ensure that regional staffing practices are in compliance with applicable IRB policies and consistent with the PSEA.

  1. The IRB Internal audit reviewed the following documentation which described IRB actions and measures related to the PSC audit and the overall recommendations of the PSC audit report:
    • The IRB initiated a full and complete action plan (DSAR 2010-11 action plan-deliverables and DSAR 2011-2012 action plan-deliverables);
    • The IRB HR Staffing Policy suite was reviewed and updated as necessary;
    • From the results of this audit, other documents were drafted to improve staffing activities. These include:
      • Information sessions on ”how to prepare for a selection process”
      • Procedures for non-imperative staffing
      • Template for Justification for acting appointment over 12 months
      • A guide to writing a rationale supporting a non-advertised process
      • A guide to writing a “right fit” rationale
    • A verification checklist was developed to ensure that all proper procedures were followed and documentation was included in a HR file;
    • A quality assurance checklist was developed to verify that HR staffing file standards were met;
    • As of March 2010 the IRB implemented a new Quality Assurance Process which includes a 100 percent review of all staffing files;
    • Starting in 2010, all managers with delegated HR authority had to undergo a mandatory HR refresher course;
    • In 2011, the IRB began to qualify HR advisors who were not previously qualified under the PSEA. Among other requirements, they had to obtain a passing score on the Appointment Framework Knowledge Test (AFKT); and
    • In 2010-2011, a pilot initiative was launched in which Regional HR Managers and their staff in Central and the Eastern Regions reported to the Human Resources and Professional Development Branch (HRPDB) at Headquarters instead of the Regional Director. The objective of this initiative was to determine if HR capacity could be strengthened and overall service to regional managers and personnel improved by having all HR personnel work together under the HRPDB. This initiative, which ended on March 31, 2011, was determined to be a success by IRB management. As a result, it was decided to make the change in organizational structure permanent for all three Regions effective April 2011.
  2. As a result of the IRB's DSAR for 2011-2012, the PSC gave the IRB a rating of "acceptable."
  3. In its report on the Agreement on the Follow-up to the Audit of the Immigration and Refugee Board of Canada, the PSC stated that:
    • The IRB’s DSAR results for 2010-2011 show that the IRB has taken action and demonstrated improvements against the audit recommendations made in the PSC's 2009 audit report;
    • The PSC’s follow-up audit work, conducted for a period of one year (July 2009 to June 2010) showed that IRB’s appointment and reappointment processes generally comply with the PSEA, the PSC appointment framework and other governing authorities.

3.4.3 Staffing Conclusion and Recommendation

Based on the review of documents referenced in the observation section and the PSC follow-up review report of 2011, we confirm that regional staffing practices are in compliance with IRB policies and consistent with the PSEA. It is recommended that the efforts undertaken in the past few years be sustained in the future.

3.5  Corporate Oversight

3.5.1 Corporate Oversight Related Audit Criteria from the 2008 Audit of Regional Offices Management Action Plan

Controls are implemented consistently in the Regions. We would expect that:

  • A corporate oversight framework has been developed; and
  • An ongoing monitoring program has been developed for finance and HR.

3.5.2 Oversight Framework Observations

In the Audit of Regional Offices completed in 2008, the audit team recommended that a corporate oversight framework be developed. Management responded by indicating that a Core Management Control initiative was underway that would address this recommendation. A management control framework is a system of internal controls, both formal and informal, that are put in place by management to enable the achievement of its objectives.

In the course of this follow-up audit, the audit team found evidence that a Core Management Control initiative was initiated in early 2007. The initiative included the following four phases:

  1. Design and planning of the Core Management Controls Project
  2. Gap Analysis and validation
  3. Action plan, and
  4. Implement the Framework

In September 2007, the Chairperson’s Management Board (CMB) validated the gap analysis for the initiative as well as approved 18 top-rated priority controls for the IRB. In 2008, a master action plan to address the top-rated priorities was developed and brought to CMB for approval. Since that time, the initiative was stalled due to organizational change and turnover of key personnel.

However, other aspects of an oversight framework have been developed and implemented, such as:

  • Policies have been developed for finance in relation to travel and procurement;
  • HR has developed policies to ensure staffing complies with the PSEA;
  • A Risk Management Framework has been implemented;
  • Performance Management of tribunal results are being developed and implemented;
  • Security have a developed of policies developed since the last audit; and
  • Procedures have been developed, both nationally and in some cases regionally, in areas such as travel and interpreter pay.

3.5.3 Finance and Human Resources Monitoring Observations

Monitoring systems have been developed in the areas of HR and Finance. In HR, the IRB has implemented a verification checklist that is attached to each staffing file and is completed by the HR advisor. Furthermore, a quality assurance program has been implemented where 100 percent of staffing files are reviewed by HR at Headquarters.If deficiencies are identified in the staffing file, they are corrected prior to any employment offer is made. The finance monitoring program is a monthly review of all types of financial transactions on a sample basis including salaries, accounts payable, interpreter pay and other operation and maintenance payments.

3.5.4 Corporate Oversight Conclusion

A corporate oversight framework was developed through the Core Management Control initiative but it was only partially implemented. However, monitoring programs have been put in place for both HR and Finance (refer to 3.5.3).

3.5.5 Corporate Oversight Recommendation

We recommend that Senior Management:

3.5.5.1 Review the 2008 Core Management Control Framework and its action plan with a focus on aligning the current and emerging risks identified in the national and regional risk registers. This realignment of risks and their applicable control measures should be relevant to and reflective of refugee reform-related to the organizational structure in the Regions.

4. Conclusion

With certain exceptions that have been noted in our report, we conclude that:

  • Administrative processes reviewed by the audit generally comply with relevant IRB and Government of Canada policies and procedures; and
  • The related management controls generally reflect the design and operational effectiveness objectives associated with the detailed audit criteria listed in Appendix A.

Appendix A – Audit Objectives and Criteria

Audit objectives

The objective of the follow-up on the Audit of the Regional Offices is to conduct an audit engagement to verify and assure that the implementation plan/schedule proposed by Regional Management in relation to the audit recommendations was carried out, and to identify any gaps or discrepancies in relation to the implementation plan/schedule.

Security

Criteria

1.0 Appropriate security measures are in place in the regions to address the most recent TRA and increased risks associated with specific hearings.

Sub-Criteria

1.1 A board-wide regional security framework has been developed.

1.2 A procedure outlining the steps required to address high risk hearings has been developed.

Finance

Criteria

2.0 Appropriate operational and financial controls are in place to ensure effective and efficient verification and payment of accounts.

Sub-Criteria

2.1 Financial Procedures are used and training is provided to managers.

Interpreter Payment

Criteria

3.0 The process to verify interpreter payments ensures compliance with IRB policies and procedures and applicable TBS policies.

Sub-Criteria

3.1 The Financial Procedures on the Processing of Interpreter Payments has been updated and implemented.
3.2 A Quality Assurance checklist has been developed and implemented.
3.3 The section 34 verification checklist has been amended and implemented.
3.4 A robust verification process related to the IPS batch transactions has been implemented.

Procurement

Criteria

4.0 Contracting processes in the regions comply with TBS procurement policies.

Sub-Criteria

4.1 All documentation required to support the completed procurement process is maintained within the contract file.

Travel

Criteria

5.0 Travel reimbursements comply with the TBS Travel Directive and applicable IRB travel policies for the Eastern Region.

Sub-Criteria

5.1 All travel is formally pre-approved.

5.2 All appropriate documentation for the justification of non-compliance is attached for section 34 approval.

5.3 Section 33 verification is completed prior to payments made.

Interpreter Contracts

Criteria

6.0 Controls are in place to ensure interpreter services are contracted in accordance with IRB policies.

Sub-Criteria

6.1 Valid language proficiency testing for all languages under contract, security clearances and contracts are on file.

Human Resources

Criteria

7.0 Regional staffing practices are in compliance with IRB policies and consistent with the PSEA.

Sub-Criteria

7.1 Staffing files are sufficiently documented in order to demonstrate compliance with the PSRA and IRB policies.

Corporate Oversight

Criteria

8.0 Controls are implemented consistently in the regions.

Sub-Criteria

8.1 A corporate oversight framework has been developed.

8.2 An ongoing monitoring program has been developed for finance and HR.

Appendix B – Management Response and Action Plan

Security

Recommendation

3.1.5.1 Complete a review of the Security Policy to ensure alignment with the refugee reform-related changes to the organizational structure in the Regions. This should include the roles and responsibilities of the RSO, the relationship between the DSO and the Regional Directors in the area of security practices as applied in the Regional Offices, and the establishment of clearly defined procedures for the implementation of the recommendations arising from TRAs.

Management Response and Action Plan

An ongoing review of all Security policies is currently under way. This includes the development of a three year Departmental Security Plan. The updated IRB Security policy will reflect the roles and responsibilities of the RSO and the relationship between the DSO and the RDs or Registrars of Common Services in accordance with Protecting Canada’s Immigration Systems Act.

New procedures to implement the recommendations of the TRA’s will be developed and forwarded for approval by CMB.

Responsible Manager

DG, CPSB and Director, Security Services

Schedule of implementation

Q3, 2012-13

Recommendation

3.1.5.2 Define criteria for what is meant by risk management cases and develop a procedure to ensure that risk management cases are dealt with in a consistent manner.

Management Response and Action Plan

Security Services will work with all Division and DG Registry and Regional Services to create and develop procedures for Risk Management Cases.

Responsible Manager

DG, CPSB and Director Security Services

Schedule of implementation

Q2, 2012-13

Interpreter Pay

Recommendation

3.3.4.1 Implement a standardized way of capturing interpreter hours on the timesheets.

Management Response and Action Plan

A standard contract was developed and in being used by all regions to ensure consistency and accuracy. The contract standardizes the minimum hours across all regions and divisions as well as the hourly payment when interpreter services exceed 8 consecutives hours and use of interpreters on weekends.

With the creation of separate registries (ID, Common Services and RPD) the current process for logging of interpreter hours is being reviewed. Internal procedures will be created to ensure the accurate and standard recording of hours as well as the process put in place for the regular monitoring of the time recordings. Bi-monthly meetings are being held to discuss operational and emerging issues related to the IRB interpreter program, with the aim of ensuring greater cross-regional consistency. Meeting participants include the common service registrars, interpreter coordinators, the national interpreter program coordinator as well as representatives from the Procurement and Security Services units.

Responsible Manager

National Coordinator and Registrar Common Services/Manager of Operations

Schedule of implementation

Q4 2012-2013/ Ongoing since 2012

Recommendation

3.3.4.2 Develop an effective system to ensure that hours logged into IPS are accurate.

Management Response and Action Plan

Written instructions have been given to the interpreter coordinator in each region establishing national standardized minimum hours of work, i.e. 4 hours in the morning and 3 hours in the afternoon.

New internal procedures will be created to ensure the regular monitoring of the time recordings. To ensure consistent recording of interpreter hours and input into the IPS, training will be also be provided to the appropriate delegated staff.

Responsible Manager

National Coordinator and Registrar Common Services/Manager of Operations

Schedule of implementation

Q4 2012-13

Interpreter Contract

Recommendation

3.3.8.1 Develop, in collaboration with the regions, Board wide procedures to address the following items:

  • National procedures to properly monitor the foreign languages and French and/or English test results for all interpreters and bring corrective measures if necessary, such as retesting when a test has been failed or setting up testing for languages not previously tested.
  • Bring forward a solution to address testing of rare languages where no written standardized tests exist.

Management Response and Action Plan

In November 2012, the Interpreter program in consultation with Procurement and Legal Services developed a standard definition and process for the accreditation and testing of interpreters. In addition, a definition was created for rare languages and dialects.

Once approved, the National Interpreter Coordinator will monitor the application of the definitions and processes on an ongoing basis.

The interpreter program expanded its accreditation tests so that we now have tests for 73 languages. Source countries are reviewed quarterly to determine whether tests for new languages should be developed. For testing of rare dialects/languages the Interpreter program will continue to use the standardized UNCHR Declaration of Human Rights sight test (available from their website in 362 languages).In those cases where the IRB does not have language test for seldom used, rare languages or dialects, the Interpreter program will recommend the use of a third party company to provide interpretation services.

Responsible Manager

National Coordinator and Registrar/Manager of Operations

Schedule of implementation

Q4 2012-13

Corporate Oversight

Recommendation

3.5.5.1 Review the 2008 Core Management Control Framework and its action plan with a focus on aligning the risks identified in the national and regional risk registers. This realignment of risks and their applicable control measures should be relevant to and reflective of the refugee reform-related changes to the organizational structure in the Regions.

Management Response and Action Plan

The Corporate Risk Profile will be updated in late 2012 to capture all significant risks facing the IRB nationally and regionally. Following the implementation of changes to the organizational structure and governance in the regional offices and NHQ upon the CiF of Bill C-31, an updated analysis of extant risks will be conducted and appropriate controls will be implemented.

Responsible Manager

DG, CPSB, Director, CPMPD plus the individual risk owners to be determined

Schedule of implementation

Q3 2012-13 for the Corporate Risk Profile and additional following CiF

Notes

Note 1

 Risk Management Cases is the new term used at the IRB to refer to High Risk Hearing as referenced in Appendix A – Audit Objectives and Criteria.

Return to note 1 referrer