passport canada security bureau evaluation

Transcription

PASSPORT CANADA
SECURITY BUREAU EVALUATION
Final Report
Foreign Affairs and International Trade Canada
Office of the Inspector General
Evaluation Division
August 2008
This document may not be fully accessible. For an accessible version, please visit
http://www.international.gc.ca/about-a_propos/oig-big/2008/evaluation/pptc08.aspx?lang=eng
Passport Canada - Security Bureau Evaluation
TABLE OF CONTENTS
ACKNOWLEDGEMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
LIST OF ACRONYMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
1.0
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1
Evaluation Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2
Evaluation Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3
Description of the Security Bureau . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4
Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1
4
7
8
2.0
RELEVANCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1
Most Security Bureau Functions Remain Relevant . . . . . . . . . . . . . . . .
2.2
Absence of an Entitlement Risk Assessment . . . . . . . . . . . . . . . . . . . .
2.3
Shifting to a Risk-Based Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.4
Impact of Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
13
16
17
18
3.0
SUCCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1
On a Track of Ongoing Improvements . . . . . . . . . . . . . . . . . . . . . . . . .
3.2
Balancing Client Service and Security . . . . . . . . . . . . . . . . . . . . . . . . .
3.3
Inadequacy of Performance Information . . . . . . . . . . . . . . . . . . . . . . . .
21
21
25
26
4.0
COST-EFFECTIVENESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1
Clarifying Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2
Improving Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3
Improving Standardization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4
Impact of Security Bureau Resources . . . . . . . . . . . . . . . . . . . . . . . . . .
4.5
Need Better Tools for Decision-Making . . . . . . . . . . . . . . . . . . . . . . . . .
4.6
Passport Canada is Making Progress . . . . . . . . . . . . . . . . . . . . . . . . . .
29
29
31
32
34
38
41
5.0
CONCLUSION AND RECOMMENDATIONS . . . . . . . . . . . . . . . . . . . . . . . . . 43
APPENDIX A: MANAGEMENT RESPONSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
August 2008
Office of the Inspector General / Evaluation Division (ZIE)
i
ACKNOWLEDGEMENTS
The evaluation team would like to express their appreciation to the many individuals
who have contributed to this evaluation. We extend our thanks to all those employees of
Passport Canada, Consular Affairs, RCMP and our colleagues in the United Kingdom,
New Zealand and Australia who provided us with their insight, valued opinions and
good-will.
Of special mention the evaluation team acknowledges that the conduct of this
evaluation occurred during a particularly challenging point in the transformation of
Passport Canada. We appreciate the additional effort and cooperation extended to the
evaluation team in order to complete this assessment.
August 2008
ii
LIST OF ACRONYMS
CBSA
Canada Border Services Agency
CIC
Citizenship and Immigration Canada
CMO
Case Management Officer, Passport Canada
CSC
Correctional Services Canada
CPIC
Canadian Police Information Centre
DFAIT
Department of Foreign Affairs and International Trade Canada
DQA
Data Quality Analyst, Passport Canada
ERA
Entitlement Review Analyst, Passport Canada
ERI
Entitlement Review Investigator, Passport Canada
IPS
International Processing Service, Passport Canada
NPS
National Processing Service, Passport Canada
OAG
Office of the Auditor General of Canada
RCMP
Royal Canadian Mounted Police
RSA
Regional Security Advisor, Passport Canada
SICMS
Security and Intelligence Case Management System, Passport Canada
UK-IPS
United Kingdom-Identity Passport Services
WHTI
Western Hemisphere Travel Initiative
August 2008
iii
EXECUTIVE SUMMARY
Passport Canada was established in 1990 as a Special Operating Agency of the
Department of Foreign Affairs and International Trade Canada. DFAIT identified the
need to evaluate the effectiveness of the Passport Canada Security Bureau in its Report
on Plans and Priorities for 2007-08.1 The undertaking of this evaluation was considered
crucial in order to assess organizational effectiveness during a time of heightened
global security, high passport demand and organizational re-alignment to meet such
demands.
The evaluation found that the Security Bureau continues to remain relevant and has
improved its effectiveness in ensuring the integrity of the passport issuance process.
However, the Security Bureau would benefit from an assessment of risks and tolerance
levels to guide the progress to reduce security risks. The Bureau would also benefit
from a sound performance measurement framework.
Context
Passport Canada’s Security Bureau “ensures the integrity and effectiveness of the
passport issuance process, the security and quality of the passport concept and its
compliance with both Passport Canada’s eligibility policy and the Government Security
Policy.”2 This includes responsibility for the integrity of entitlement decision-making
processes and the physical characteristics of the travel document.3
The Security Bureau was evaluated at a critical junction in the implementation of its
mandate. The events following September 11, 2001 led to a focus on security and a
heightened emphasis on the integrity of travel documents world-wide. The Western
Hemisphere Travel Initiative,4 initiated by the United States, contributed to a dramatic
increase in demand and security-related measures. For Passport Canada, this
translated to a surge of applications from Canadians applying for passports. Over the
last six years, Passport Canada saw demand for passport documents increase by 137%
and a corresponding 157% jump in resources. Since 2001-02, full-time equivalent staff
positions have increased by 206%.
1
2
3
4
Department of Foreign Affairs and International Trade: Report on Plans and Priorities 2007 – 2008, p. 110.
Responding to Change: Annual Report 2006 – 2007, Passport Canada, p. 5.
There are seven types of travel documents: regular “blue” passports (with either 24-page or 48-pages),
temporary passports, diplomatic passports, special passports, emergency passports, refugee travel documents
and certificates of identity. (Passport Canada Business Plan 2006 – 2009, Appendix A).
This initiative will require all travelers including citizens from the United States and those living in the Americas to
have a passport to enter the United States by June 2009.
August 2008
iv
The Office of the Auditor General conducted an audit in 2005 and a follow-up audit in
2007 which identified significant concerns with respect to Passport Canada’s capacity to
respond to increased demand and meet security requirements. Although Passport
Canada has taken many initiatives to address these issues, there still remain numerous
jurisdictional and legislative considerations beyond the control of Passport Canada that
affect entitlement.
For instance, Passport Canada, like other agencies that require proof of identity to
deliver services, has to deal with multiple agencies in different jurisdictions to confirm
identity. Vital statistics (e.g. births/deaths) fall under provincial/territorial jurisdiction,
each with different document standards. There are also legal provisions to respect
individuals’ rights to privacy and who can access and share personal information.
The evaluation findings were based on 68 interviews with stakeholders between
January and March 2008. Extensive passport documentation was also reviewed.
Qualitative and quantitative analyses formed the basis for the evaluation assessment on
relevance, success and cost-effectiveness.
Relevance
The issue of relevance addresses questions pertaining to the contribution of the
Security Bureau in achieving Passport Canada’s mandate. The evaluation found that
the Security Bureau is relevant in addressing passport entitlement but it was challenging
to assess the relevance of the Security Bureau’s activities in the absence of a risk
assessment on entitlement and issuance. Without this assessment, there is no
framework to determine which functions are appropriate to the Bureau’s mandate.
The Security Bureau’s functions5 contribute to the integrity of the Canadian passport
document by supporting entitlement decision-making through expert assistance to the
policy and operational units of Passport Canada both at home and at Canadian
missions abroad. This centralized approach contributes to ensuring the security aspect
of passport issuance. However, the evaluation also found that some functions appear
more related to passport operations, rather than to security, including some of the data
integrity functions, case management functions and support to foreign operations.
Until recently, the focus of passport security had been to provide a complete and
standard review of each and every passport application. This was conducted by a rigid
application of rules and procedures. Passport Canada has begun to shift this focus to
one that is based on an assessment of risks and the identification of the high risk
5
Security Bureau is responsible for gathering intelligence, maintaining the integrity of the data in Passport
Canada’s passport issuance system, providing advice on complex applications, investigating applications related
to suspected criminal or fraudulent activities, collecting and sharing information on lost or stolen passports, and
recommending changes to the physical characteristics of travel documents.
August 2008
v
situations. The simplified renewal process is one example of this new approach. The
simplified renewal process is based on the concept of known applicants who present a
lower risk. Any previous passport holder who has not reported a lost, stolen or damaged
passport as well as other criteria can reapply without resubmitting supporting document
and without a guarantor.
Success
The Security Bureau continues on a path of improvement. Efforts are underway to
establish a compliance function and to clarify the role of the Regional Security Advisors.
The Security Bureau ensures the integrity of the passport issuance process by providing
the necessary support to the operational units as well as to Canadian missions
responsible for the Passport Program abroad.
The Bureau has also been successful in changing its management culture. It continues
to develop new tools to support decision-making, to improve access to information, to
strengthen information systems, to increase support to Canadian missions and to
include new security measures in passports. These measures are designed to reduce
fraud and the misuse of the passport document.
The evaluation found that the Security Bureau responds primarily to identified or known
risks based on a narrow scope. Currently, the focus is to develop the tools and
processes required to be more systematic in the identification and management of
security risks. This will allow for improved management and balance between client
service demands and the security of the passport issuance process.
Some informants also had the impression that security was compromised in efforts to
maintain client service standards during the unprecedented increase in passport
applications in 2006-07. There is insufficient information on the Security Bureau’s
activities at this time to conduct a review or to assess on a broader scale the Bureau’s
performance with regard to the impact of increased volume on entitlement decisionmaking.
Cost-effectiveness
The cost-effectiveness of the Security Bureau was found to be affected by such factors
as: the unclear communication of the Bureau’s role, responsibility and direction; varying
levels of standardization of security-related activities; and, on the adequate use of its
resources and information holdings.
The evaluation found that many employees did not understand the role of the Security
Bureau. This impression was most evident with the role of Regional Security Advisors
(RSAs) who are located in the regional directorates. RSAs were intended to increase
the Bureau’s capacity to enhance the integrity of the Passport Program within the
August 2008
vi
regions in Canada. The evaluation interviews revealed that there has been little
direction given to RSAs on their expected role and, as a result, their roles have evolved
inconsistently across Canada. In some regions, the Regional Security Advisors may
deal with issues beyond the mandate of the Security Bureau for example, physical
security.
This lack of clarity on roles and responsibilities may be related to a more general issue
on the need for clear communications. Communications on security issues can come
from a variety of bureaus within Passport Canada; not just the Security Bureau. While
there was no evidence to suggest that there are inconsistencies in entitlement
decisions, there was considerable variation in work processes among the issuing
offices.
The evaluation also found gaps with respect to the tools and databases available to the
Security Bureau to ensure the integrity of entitlement decision-making both in terms of
the Bureau’s ability to make effective use of its internal information and its ability to
access external information from partner organizations. Improvements have been made
to increase data availability but there are still issues on data quality (completeness) and
comparability. For example, data are either available electronically but cannot be
searched or only on a limited case-by-case basis.
Despite an increase in resources, the Security Bureau still needs to fill positions as well
as define the roles and responsibilities for new positions. As a result, the evaluation
found it difficult to assess if the level of resources required for its mandate is sufficient.
Recommendations
The evaluation found that the Security Bureau performs a critical role in ensuring the
integrity of the passport issuance process and the physical characteristics of Canada’s
travel documents. It continues to work towards reducing barriers to strengthening its
processes and tools to provide more efficient service delivery, without compromising
security.
The evaluation proposes three recommendations. These recommendations are based
on one theme which is to establish an entitlement risk assessment, wide in scope, to
guide the effectiveness and progress on reducing security risk.
1. That Passport Canada conducts an assessment of security risks on passport
issuance and that the approaches to managing these risks are within acceptable
tolerance levels.
2. That the Security Bureau develops a management framework for its activities
based on the results of the security risk assessment.
August 2008
vii
3. That the Security Bureau develops performance measures to monitor its
decision-making.
August 2008
viii
1.0
INTRODUCTION
This report presents the results of an evaluation of Passport Canada’s Security Bureau
conducted between January and March 2008. A case study was also conducted with
the United Kingdom’s Identity Passport Services as a means to offer similarities and
differences in their approach to passport security. The evaluation reports on relevance,
success, and cost-effectiveness.
1.1
Evaluation Context
Passport Canada was established in 1990 as a Special Operating Agency of the
Department of Foreign Affairs and International Trade Canada (DFAIT). The mandate of
Passport Canada is to “ensure secure Canadian travel documents through
authentication of identity and entitlement, facilitating travel and contributing to
international and domestic security.”6
As an Agency, Passport Canada finances its operations from the fees charged for
passports and other travel documents7. Passport Canada is considered self-financed
and must generate sufficient revenues to meet expenditures. It offers services through
33 local offices located across the country. To better serve Canadians, it also works in
cooperation with receiving agents like Canada Post and Service Canada to assist
Canadians with their passport applications. The Agency processes applications
received by mail, in-person, through receiving agents, and through Members of
Parliament. Exhibit 1 provides an overview of Passport Canada.
This evaluation was identified in DFAIT’s Report on Plans and Priorities for 2007-088.
The purpose of the evaluation is to establish to the extent possible a baseline of the
effectiveness of the Security Bureau. This would be used to assess the integrity of the
passport document and the issuance process. The objectives of the evaluation were to:
6
7
8
9
•
Examine the relevance, success and cost-effectiveness of the Security Bureau;
•
Identify any vulnerabilities associated with the Security Bureau;
•
Conduct comparative analysis with the United Kingdom;9 and,
•
Recommend areas of improvement.
Responding to Change: Annual Report 2006 – 2007, Passport Canada, p. 3.
Passport fees cover the production of the travel document. Passport Canada receives money from TBS to
support capital projects.
Department of Foreign Affairs and International Trade: Report on Plans and Priorities 2007 – 2008, p. 110.
This component is addressed in a separate case study.
August 2008
1
Exhibit 1:
Overview of Passport Canada
August 2008
2
Exhibit 2:
Overview of Security Bureau
August 2008
3
1.2
Evaluation Methodology
The data collection for this evaluation was conducted between January and
March 2008. Below are the evaluation issues and questions.
Exhibit 3:
Evaluation Issues and Questions
Relevance
To what extent is the Security Bureau adding value in support of Passport Canada’s m ission and
objectives?
•
How does the Security Bureau contribute to the m andate and m ission of Passport Canada?
•
How does it ensure the integrity of the entitlem ent process?
•
How does the Security Bureau contribute to the im plem entation of Passport Canada business
plans?
To what extent are roles and responsibilities for the Security Bureau clearly com m unicated and
understood?
•
To what extent are the Security Bureau’s activities integrated with other parts of the organization
and external stakeholders?
•
Are its role and responsibilities understood within the organization?
•
On m atters related to security, are the lines of com m unication am ong m anagers, directors and
directors general uniform ly applied?
Success
To
•
•
•
•
•
•
•
what extent is the Security Bureau achieving objectives and expected results?
W hat are the expected results?
Are the objectives for the Security Bureau clear?
Are the objectives com m unicated, understood and agreed upon?
To what extent are perform ance expectations clear?
Are the perform ance expectations com m unicated, understood, and agreed upon?
To what extent are key perform ance m easures m easured and m onitored consistently?
Are there best practices within Passport Canada that could be applied to the organization
nationally?
Cost-effectiveness
To what extent has the Security Bureau im plem ented approaches to achieve efficiency and costeffectiveness?
•
To what extent are there consistent and standardized security functions from one location to
another? If variance exists, to what extent are these differences between locations explainable and
acceptable?
•
Are there sufficient resources in place for the consistent and uniform application of security
functions?
•
How have new technologies, approaches or policies affected the security function?
•
Does the Security Bureau have the capacity to respond and adopt new security standards /
processes; for instance, the new im plem ented guarantor policy? Is there any supporting data?
•
Are there workforce capacity issues that need to be addressed?
August 2008
4
The evaluation methodology consisted of a mixed-methods approach. This means that
the evidence is based on several different data sources: interview data from internal and
external stakeholders, financial data and key documents. The following lists the
foundation that was used for evidence:
•
A review of relevant documentation;
•
Interviews with 43 key informants within Passport Canada (representing all
regions and with direct contact with Security Bureau functions);10
•
Interviews with 11 employees in six Canadian missions responsible for the
delivery of the Passport Program abroad;
•
Interviews with three representatives of the Royal Canadian Mounted Police
(RCMP) with responsibilities for liaison with Passport Canada;11 and
•
Interviews with 11 representatives from the United Kingdom Identity Passport
Services, the New Zealand Department of Internal Affairs and the Australia
Department of Foreign Affairs and Trade.
1.2.1
Data Collection
Interviews were the primary source of data for this evaluation. The interview protocols
were established in advance and provided a standard approach to interviews. The
questions were open-ended to allow for maximum latitude to explore issues of direct
relevance with key informants. On average, each interview lasted one hour. The
evaluation findings present divergent opinions as well as consistent themes delineated
from interview data.
Passport Canada provided a list of internal and external stakeholders. Seventy-nine
percent (79%) of informants were Passport Canada and DFAIT employees, while the
remaining 21% were external stakeholders. Of these informants, only three were unable
to participate. Evaluation findings are therefore based on a participation rate of 95%.
Interview data have also been aggregated to respect confidentiality.
10
11
This included thirteen from the Security Bureau and the remaining from the Policy and Planning Bureau and the
Operations Bureau (including twenty-seven from operational units – Regional Directorates and Issuing Offices).
Only two planned interviews were not able to be completed – one with Passport Canada’s Business Information
and Technology Bureau and one with the Canada Border Services Agency.
Ibid.
August 2008
5
1.2.2
Evaluation Scope
The focus of this evaluation was on the operations of the Security Bureau as opposed to
the security function.12 Given this focus, the list of key informants was a valid frame of
reference. The results from the interviews offered reliable data to directly assess the
activities and outcomes of the Security Bureau.
The key informants were all involved in the principal bureaus within Passport Canada
that have direct contact with Security Bureau. The only Passport Canada bureau that
was unavailable for an interview was the Business Information and Technology Bureau.
Eleven DFAIT employees involved in the extension of the Passport Program at
Canadian missions were included to gain a sense of the relationship among Consular
Affairs, Passport Canada and Canadian missions. The mission sample was selected
based on geographic representation13 and volume of passport-related inquires. It is,
however, not representative of all mission-related passport activities. Of the three main
external stakeholder groups, CIC, CBSA and RCMP, only the RCMP participated.
The evaluation is subject to the following limitations on coverage and data quality:
12
13
14
15
•
The evaluation team developed a proxy measure14 of the Security Bureau’s
mandate, activities and expected results15 to serve as a framework for the
evaluation. Evaluation findings are therefore proxies and, should not be viewed
as a validated benchmark inclusive of all the Security Bureau activities, only an
approximate of key activities.
•
The evaluation was based mostly on interviews and other source data from
Passport Canada.
•
Because the focus of the evaluation was on the functions of the Security Bureau
and not the security function within Passport Canada, it was at times challenging
to distinguish whether key informants were referring to the functions of the
Security Bureau or security in general (e.g. physical security, IT security function,
operational security, etc.) This contributed to a lack of clarity on the current role
of the Security Bureau.
A description of the Security Bureau is provided in Section 1.3. The Security Bureau is not responsible for end-toend security functions.
Representation was defined by continent and by Canadians residents abroad.
Proxies for the Security Bureau mandate, expected results and outcomes were defined based on Passport
Canada’s business plan. These were further established based on key informant responses from Passport
Canada employees conducted in the course of this evaluation.
Responding to Change: Annual Report 2006 – 2007, Passport Canada.
August 2008
6
The impact of these limitations is that the evaluation is an internal assessment of the
Security Bureau. Given that most key informants were Passport Canada employees, the
findings reflect a localized and biased perception of the organization. Nevertheless, the
convergence of the responses validated the findings.
1.3
Description of the Security Bureau
1.3.1
Security Bureau Mandate
Within Passport Canada, the Security Bureau “ensures the integrity and effectiveness of
the passport issuance process, the security and quality of the passport concept and its
compliance with both [Passport Canada’s] eligibility policy and the Government Security
Policy.”16 This includes responsibility for the integrity of entitlement decision-making
processes and the physical characteristics of all travel documents17. In the past, the
Security Bureau also had responsibility for physical and information technology security
functions. Since 2006 these are no longer the responsibility of the Bureau.
1.3.2
Security Bureau Structure and Responsibilities
The Security Bureau is under the responsibility of a Director General and has four
divisions:
16
17
18
•
Security Operations Division is responsible for the integrity of passport data,
dealing with complex cases and compliance with Passport Canada policies and
procedures;
•
Enforcement and Anti-Fraud Division is responsible for intelligence gathering, the
review and investigation of cases where there are concerns about entitlement or
revocation, physical security characteristics of travel documents, security
screening for Passport Canada personnel,18 and the Regional Security Advisors;
•
Foreign Operations Division provides support for the implementation of the
Passport Program in Canadian missions; and,
•
Management Services Division is responsible for providing overall management
support to the Bureau, including the development of work plans and performance
measurement systems.
Responding to Change: Annual Report 2006 – 2007, Passport Canada., p. 5.
There are seven types of travel documents: regular “blue” passports (with either 24-page or 48-pages),
temporary passports, diplomatic passports, special passports, emergency passports, refugee travel documents
and certificates of identity (Passport Canada Business Plan 2006 – 2009, Appendix A).
This function is under consideration for transfer to the Corporate Services Bureau.
August 2008
7
The overall structure of the Security Bureau is shown in Exhibit 2. The exhibit also
presents a very brief summary of the responsibilities of each section.
The Security Bureau supports:
•
Issuing offices in the Eastern, Ontario and Western regions;
•
The National Processing Services which processes mail-in applications, as well
as those from receiving agents and members of Parliament;
•
Passport services at missions abroad.
•
The International Processing Services which processes applications for
Canadians living abroad; and
•
The print centres in Quebec and Ontario.
1.4
Challenges
Passport Canada continues to face many challenges that have had an impact on the
delivery of the Passport Program including, but not limited to, the specific influence of
the Western Hemisphere Travel Initiative (WHTI) on travel requirements to the United
States. This initiative requires all travelers including U.S. and Canadian citizens to
present a valid passport or other approved secure document when entering the United
States from within the western hemisphere. The U.S. WHTI is being implemented in
stages by mode of transportation. The WHTI was implemented for air travel on
January 23, 2007. Full implementation of the WHTI requirements for entry into the
United States by land and water is expected on June 1, 2009.
1.4.1
Changed Security Environment
The post 9/11 environment elevated a global focus on security which led to an
increased emphasis on the security and integrity of travel documents around the world.
This change in environment drove the pressures to strengthen the passport issuance
and control systems, practices, and policies and the physical specifications for
passports (including e-passports and the use of biometrics)19.
19
An e-passport is a passport document that will include an embedded electronic chip that could contain various
data such as: basic passport bearer information in the machine-readable zone and/or fingerprints and digital
photo.
August 2008
8
1.4.2
Increase in the Demand for Passports and the Impact on Resources
The volume of passports issued rose from 2.04 million in 2001-02 to 4.83 million in
2007-08 (see Exhibit 4)20. This is a dramatic increase in demand, a surge of 137% over
six years, with the 24-page regular passport representing 98% of all passports issued.
Year-to-year changes showed steady increases each year with the last three fiscal
years being the highest overall. Since 2005-06, the number of passports issued jumped
13% over the previous year and Passport Canada’s projections show this level of
demand constant until 2009.
Exhibit 4:
Volume of Passports Issued, 2001-02 to 2007-08
Number of passports
issued in millions
Increase since
2001-02
Year to year
% change
2001-02
2.04
N/A
N/A
2002-03
2.29
11%
11%
2003-04
2.62
28%
13%
2004-05
2.76
35%
5%
2005-06
3.18
56%
13%
2006-07
3.66
79%
13%
2007-08
4.83
137%
24%
21
Source: Passport Canada
There was no noticeable difference in the method by which Passport Canada received
its applications for processing (Exhibit 5). Walk-ins continue to be the primary service
channel accounting for nearly 80% of all passports. Passport applications received
through mail-ins, missions, receiving agents or other sources22 represent the remaining
20% of total passports.
20
21
22
Data from Passport Canada.
Includes all types of passports including passports issued through Consular services.
Passport Canada Annual Report.
August 2008
9
Exhibit 5:
Percentage of Applications by Business Channel, 2003-04 to 2006-07
Service channel
2003-04
2004-05
2005-06
2006-07
Average
W alk-ins
80%
77%
79%
79%
79%
Mail-ins
16%
17%
11%
13%
14%
Missions
4%
4%
4%
4%
4%
Receiving agents
1%
2%
3%
4%
2%
Other
0%
1%
3%
1%
1%
Exhibit 6 shows that the steady increase in the number of passport applications led to a
significant increase in Passport Canada resources. Between 2001-02 and 2007-08,
revenues rose from $111 million to $284 million representing an increase of 157%.
Salaries accounted for 58% of expenditures in 2007-08, up from 50% in 2001-02.
Exhibit 7 shows that over the same timeframe, expenditures were generally in pace with
revenues.
Exhibit 6:
Year
Passport Canada Resources and Percent Change, 2001-02 to 2007-08
Salary
($,000’s)
O&M
($,000’s)
Total
($,000’s)
%
change
# of
FTEs
%
change
2001-02
56421
54,654
111075
N/A
949
N/A
2002-03
70180
68,588
138,768
20%
N/A
N/A
2003-04
85875
63503
149378
7%
1291
N/A
2004-05
94,470
73013
167,483
11%
1731
25%
2005-06
115,994
83361
199,355
16%
1900
9%
2006-07
123,775
92,874
216649
8%
2256
16%
2007-08
165,753
119,222
284975
24%
2900
10%
23 24
Since 2001-02, Passport Canada continues to respond to passport demand. In 200102, there were 949 full-time equivalents, while in 2007-08, it grew to 2,900. This
represents an increase of 206% over six years. This rapid escalation contributed to
23
24
Includes employee benefits.
Preliminary numbers.
August 2008
10
organizational strain in terms of personnel security screening,25 training, implementing
double shifts, integrating new employees and, of course, the need for new and
specialized accommodations.
Exhibit 7:
Revenues and Expenses, 2001-02 to 2007-08 ($000’s)
1.4.3
External Audit
The timing of an audit by the Office of the Auditor General (OAG) in 2005 was critical in
assessing Passport Canada’s progress to effectively respond to the passport demand.
The OAG audit identified significant concerns with respect to Passport Canada’s
capacity to respond to increased client demands and meet the new and necessary
security requirements. Passport Canada has since launched several new measures to
address the issues identified in the audit.
25
This had a direct impact on the Security Bureau, which is currently responsible for personnel security screening.
August 2008
11
While the impact of these new measures is outside the scope of the evaluation, the
timeframe when these measures were initiated is covered by this evaluation. These
measures drove much of Passport Canada’s planning since 2004-05 and their progress
is reflected in the 2007 OAG follow-up audit.
August 2008
12
2.0
RELEVANCE
Evaluation findings as they relate to the relevance of the Security Bureau to achieve
Passport Canada’s mandate are reported below:
2.1
Most Security Bureau Functions Remain Relevant
The issuance of a travel document is essentially a security-based process. All aspects
of the process have security components – from checking the legitimacy of evidentiary
documents which support the applicant’s identity and entitlement to a passport, to the
secure printing and delivery of the passport. While Passport Canada is aware of the
client service aspect of its work and has made public commitments to client service
standards, ensuring the integrity of the passport document requires a security focus at
all stages of the entitlement process.
Finding 1:
Most Security Bureau functions contribute to protecting the integrity of
the decision-making and the Canadian passport document.
Most Security Bureau functions contributed to mitigating two passport security threats
that were identified in the Passport Canada Business Plan 2006–2009:
•
The fraudulent use of another person’s identity or a false identity to obtain a
passport by focusing on ensuring the security and integrity of the entitlement
process; and,
•
The tampering or counterfeiting of the passport book by focusing on high security
physical characteristics of travel documents.
Security of Entitlement Decision-Making
The Security Bureau supports decision-making on entitlement. Specific Security Bureau
functions that are consistent with the Bureau’s mandate and its role in supporting
passport integrity include:
•
Contributing to the development of entitlement decision-making policies, as
reflected in the Passport Policy Manual and commenting specifically on the
impact of policy on the security and integrity of the entitlement decision-making
process;
August 2008
13
•
Gathering intelligence for the System Lookout database26 also referred to as
“watch list.” This database is the first check for identifying cases where there may
be a security concern;
•
Maintaining the integrity of the data in IRIS (Passport Canada’s issuance system)
through the work of the Data Quality Analysts (DQAs);
•
Supporting issuing offices and the National Processing Service with advice and
guidance on complex cases (e.g. cases involving custody of children, multiple
lost or stolen passports or travelers who have incurred a debt to the Crown for
repatriation costs) through the work of the Case Management Officers (CMOs);
•
Investigating cases related to suspected criminal or fraudulent activities. These
are referred to Entitlement Review Analysts (ERAs) or Entitlement Review
Investigators (ERIs); and,
•
Collecting and managing information on lost or stolen passports and sharing this
with relevant partner organizations.
Physical Characteristics of Travel Documents
The Security Bureau is responsible for researching and recommending changes to the
physical characteristics of travel documents. It is also responsible for liaising with
partner organizations to ensure that entitlement officers are aware of any changes to
key documents used in the passport issuance process – for example, birth certificates,
driver’s licenses or citizenship certificates.
Finding 2:
Some Security Bureau functions do not appear to be distinct from the
ongoing operations of Passport Canada.
It appears that the Security Bureau currently has five key functions:27
26
27
•
Supporting operational decision-making by addressing issues related to
inconsistent or incomplete data and providing advice and guidance on complex
cases;
•
Ensuring the integrity of the passport issuance process through security
compliance reviews;
System Lookout is a database containing information on persons whose request for passport services might be
subject to refusal or limitation.
Not including the management services function that supports the other functions of the Bureau.
August 2008
14
•
Gathering of intelligence and using this information to conduct entitlement
reviews and investigations;28
•
Recommending security features for all travel documents; and,
•
Supporting Canadian missions with implementation of the Passport Program
abroad.29
Only three of these five functions appear to be uniquely related to security activities
beyond those that are inherent in the ongoing passport issuance process, which is the
responsibility of the Operations Bureau. These are:
•
Ensuring compliance with security provisions;
•
Intelligence gathering and investigations; and
•
Recommending security features.
The other functions appear to be more an extension of passport operations than specific
Security Bureau functions. In the interviews, key informants specifically questioned the
relevance of some of these activities and whether they are consistent with mandate of
the Bureau. Informants also questioned the relevance of maintaining functions related to
foreign operations, data quality analysis and, in some case, case management in a
security-focused bureau.
Support for Foreign Operations
Most informants questioned the appropriateness of maintaining the support functions for
foreign operations in the Security Bureau. There was little doubt expressed that it was
important to maintain a group focused on supporting the Passport Program in Canadian
missions. Most of these activities, however, related more to operational activities than to
the Security Bureau itself. Some of these activities included: advising missions, liaising
between Passport Canada and the missions, providing input to policy development on
the specific impact of policy changes on missions, monitoring the implementation of
passport training in missions and providing an emergency response for passport-related
issues in missions. The ongoing work and projects for 2007-08 currently being carried
out by the Foreign Operations Division reflects this operational focus.
28
29
This function is also supported by the Regional Security Advisers; although, as will be noted in Section 2.2, the
RSAs’ roles are not yet clear.
The personnel screening function (although shown in Exhibit 2) has already been identified for transfer to the
human resources unit of Passport Canada, although a date for the transfer has not yet been set.
August 2008
15
Data Quality Analysis
Some informants questioned the relevance of the data quality analysis function in the
Security Bureau. The vast majority of client index alerts addressed by the DQAs relate
to data integrity of the master client index in the passport issuance system – IRIS. Some
informants indicated that the responsibility for maintaining the quality of operational data
more appropriately belongs with the Operational Bureau. Additionally, interviews
indicated that these alerts detect very few cases of fraud because of limited scope. The
Security Bureau recently undertook a review of all the DQA activities and identified a
number of data verification edits that could be considered more operational than
security activities.
Case Management
The Security Bureau’s case management functions appear to constitute both
operational and security-related functions. The primary case management function is to
support decision-making on complex applications such as applications involving child
custody, lost or stolen passports, and applicants with debts to the Crown. While these
applications are more complex, they are not necessarily applications that seem to
involve a specific security-related issue. On average less than 5% of alerts generated
represented any known security issues. Case management would also reveal if a lost or
stolen passport is deemed to be related to the fraudulent use of a passport, although
this occurrence appeared rare.
2.2
Absence of an Entitlement Risk Assessment
Finding 3:
Passport Canada has not developed an overall risk assessment of
the entitlement decision-making process that would provide the
framework for the Security Bureau’s activities.
In 2007, Passport Canada commissioned a study that resulted in a report entitled
“Passport Issuance Process – Risk and Controls Self-Assessment.”30 Security Bureau
employees noted specifically that the report focused primarily on how to address the
rapid increase in the demand for passports, rather than on the overall entitlement
decision-making process – perhaps because it was developed on the basis of a selfassessment conducted during the peak period for passport applications.
Passport Canada reported in its Annual Report for 2006-07 that a risk management
framework and plan31 was developed and approved by senior management. Evaluation
30
31
“Passport Issuance Process – Risk and Controls Self-Assessment”, Interis, 3 August 2007.
“Passport Canada Annual Report 2006 – 2007” p. 27.
August 2008
16
interviews indicated that this study was not sufficiently detailed to provide the necessary
framework for the security functions. The Annual Report also notes that further work on
the risk assessment has been delayed by the unavailability of employees to work on this
initiative.32
Although an adequate risk assessment is not yet in place, the Security Bureau has
proceeded to redefine its mandate and functions using a risk-based approach. It is
working towards developing work transformation processes and tools required to
address risks in the passport entitlement process.
2.3
Shifting to a Risk-Based Approach
Finding 4:
Passport Canada is shifting to a risk-based approach to manage the
entitlement decision-making.
In the past, the focus of passport security has been on ensuring that all elements of the
application process are respected. The application process was based on a one-to-one
review of all supporting documents for each application to ensure that the
documentation used for entitlement decisions contained no gaps or errors. To be
security conscious meant to apply the same procedures in each and every case. Most
informants indicated that there was a good awareness of security – a security “culture” –
in the Agency, but that the awareness was based on the idea that the only way to
ensure security was to apply the same procedures exactly the same way in each and
every instance.
Recently, Passport Canada has begun to shift the emphasis from a rigid and standard
examination for each and every case (commonly referred to as “rules-based” approach)
to focus on the identification and management of higher risk cases. This new approach
is underway. The Agency introduced “exceptional measures” in 2007 to streamline
applications based on known risk factors, without a risk framework to support these
decisions on risk.
“Exceptional measures” defined the concept of “known” and “unknown” passport
applicants. Known applicants were defined as previous passport holders, and
depending on their behavioural pattern, risk-levels were assessed. Entitlement officers
were instructed to focus on high-risk applicants; namely applicants unknown to Passport
Canada (i.e. first time applicants) or for applicants where there was evidence of riskrelated behaviour (e.g. multiple lost or stolen passports).
The “exceptional measures” were announced in May 2007 to allow for the
implementation of procedures that were going to be formalized in the simplified renewal
32
“Passport Canada Annual Report 2006 – 2007”, Appendix A, p. 41.
August 2008
17
process announced in August 2007. The simplified renewal process is based on the
concept of known applicants who present a lower risk.
Finding 5:
Without an assessment of the risks and mitigating strategies in the
passport issuance process, it is not possible to assess whether the
security provisions in place are adequate.
The shift to a risk-based approach has reportedly been difficult in the Agency because it
requires a change in the culture of the organization. The introduction of the “exceptional
measures” was the first formal implementation of a risk-based approach to entitlement
decision-making. Since the measures were implemented at the peak of the elevated
volume of applications, there was limited training or explanation of the rationale for the
changes. As a result, many key informants felt that these measures had been driven by
the need to improve client service and potentially compromised passport security.
Many of these informants also felt that the simplified renewal process and the changes
in the policy on guarantors also compromised security. However, some of the
informants interviewed who were in management positions, challenged this impression
by indicating that there were legitimate reasons for the changes related to both a riskbased approach to passport issuance and increased security in the guarantor process.
Again, without a formal assessment of the risk associated with the passport issuance
process, the perceptions are difficult to validate and assess the effectiveness of the
implications of the “exceptional measures.”
Currently the “exceptional measures” remain in place but, Passport Canada’s policies
and procedures have not yet been updated to reflect this new risk-based approach.
2.4
Impact of Authorities
Finding 6:
The Canadian Passport Order gives Passport Canada limited
recourse mechanisms.
Passport Canada’s mandate to issue, refuse or revoke a passport falls under the
responsibility of two bureaus: the Operations Bureau and the Security Bureau. The
authority to refuse a passport is shared between these two bureaus. The requirements
of the Privacy Act that affect the passport entitlement and issuance process is the
responsibility of only the Security Bureau. This allows the Security Bureau to receive
personal information on a specific applicant for the purpose of rendering an entitlement
decision33. Access to an individual’s information may only be granted to the Security
Bureau under specific justification for the disclosure.
33
Passport Canada - Ombudsman’s Annual Report for 2006-2007.
August 2008
18
Although there are many different types of complex cases, there are only a limited
number that are considered to have a security focus34. These aspects represent a
relatively narrow scope when considering the wide range of security related possibilities.
Passport Canada’s mandate comes from the Canadian Passport Order – an order-inCouncil, which is a legally recognized document approved by the Governor-in-Council.
The Order specifies who is entitled to a Canadian passport and the conditions that must
be met to determine eligibility. The Order does not proclaim any powers to the same
extent as legislation.
Unlike an Act of Parliament, the Order does not include any regulations to govern the
issuance of passports35 and, as a result, Passport Canada’s mandate is open to
interpretation with respect to definition, authorities and controls. For example, the
conditions in the Canadian Passport Order are vague on issues related to revoking or
refusing passports (sections 9 and 10). The use of “may refuse to issue” or “may revoke
a passport under certain conditions” presents ambiguity in the application of the
conditions.
The Order does not provide strong recourse mechanisms or any administrative
penalties in the case of applicants who attempt to obtain a passport fraudulently.
Although the Security Bureau, in its enforcement role can refer cases to law
enforcement agencies, including the RCMP for investigation, evaluation interviews
reported that law enforcement agencies only have the capacity to investigate cases
when significant evidence has been documented. Other than that, the only recourses
open to Passport Canada are to:
34
35
•
Refuse or revoke the passport – a remedy that requires strong grounds and is
subject to the approval of the Passport Canada ombudsman;
•
Require applicants to resubmit their applications – thereby, paying twice for the
service; or
•
Limit the validity of the passport.
This includes fraud, multiple loss, mutilation, damaged, custody, repatriation and alerts relating to potential
criminal activity.
Passport Canada has begun consultations on the creation of a Passport Act which would strengthen its ability to
fulfill its mandate (see Responding to Change: Annual Report 2006 – 2007, Passport Canada, p. 25).
August 2008
19
Finding 7:
Passport Canada must depend on the provinces and territories for
essential information on passport applicants.
Passport Canada is also challenged by the absence of a national centralized database
(or several interoperable databases) that would contain all necessary elements to verify
the identity and citizenship of a passport applicant. The reason is that vital statistics in
Canada (e.g. births, deaths) are under the legal jurisdiction of a province or territory.
The 2005 OAG report noted that Passport Canada and DFAIT have taken great strides
in addressing this identity documentation issue.36
For Passport Canada, there are two ways to demonstrate Canadian citizenship. The
applicants can either provide a Canadian birth certificate or a Certificate of citizenship.
Although citizenship certificates are provided by Citizenship and Immigration Canada,
the provision of birth certificates is a provincial responsibility and, as a result, there is
considerable variation in both the physical nature of birth certificates across Canada
and the way in which the information is stored electronically by provincial governments.
Faced with jurisdictional differences, Passport Canada has to deal with a wide variety of
documents, sources and systems to verify the authenticity of documents. It is a major
challenge to confirm an individual’s identity. Although the level of potential identity theft
is presently unknown in Canada, the birth/death registrars are considered as the main
source of vulnerability because names (and hence identity) can be duplicated between
jurisdictions.
A passport applicant could assume a false identity. When undetected this could result in
the issuance of a valid passport. This could introduce a systematic error in the issuance
process that could also go undetected through the current simplified renewal process.
This process was introduced to increase efficiency for re-issuance.
In the absence of a national identity system in Canada, Passport Canada must depend
significantly on individual provinces/territories for vital statistics information on a caseby-case basis. When and where possible, it must corroborate such information to
address the identity and entitlement of an individual’s right to a passport.
36
Report of the Auditor General of Canada to the House of Commons, Chapter 3: Passport Office – Passport
Services, Office of the OAG, April 2005, p. 10.
August 2008
20
3.0
SUCCESS
Evaluation findings as they relate to the achievement of the Security Bureau’s
objectives, including the adequacy of the Bureau’s performance measurement, are
reported below.
3.1
On a Track of Ongoing Improvements
Finding 8:
The Security Bureau has contributed to the integrity of the passport
issuance process and travel documents. It continues to work towards
more improvements.
The 2005 OAG audit on Passport Canada identified many concerns with the Agency’s
operations – some specifically related to the activities of the Security Bureau. Over the
past two years, Passport Canada has made significant efforts to address these
concerns and, in 2007, the OAG gave Passport Canada an overall satisfactory rating for
these changes. Many key informants interviewed for this evaluation also noted
favourably the changes made in response to the audit.
The specific improvements within the Security Bureau included organizational,
management and culture changes; improved tools for entitlement decision-making;
improved physical characteristics of travel documents; and strengthening the integrity of
the use of travel documents.
Management and Culture Change
In 2006-07, the Security Bureau began a process of redefining its mandate and
developing a three-year strategic plan37. However, for most of 2007, the Security
Bureau did not have stable leadership, with two acting directors general responsible for
the Bureau. In the fall of 2007, a new director general was appointed. Informants noted
that, prior to the appointment, there was considerable uncertainty within the Bureau,
which contributed to a decline in the level of communication among Security Bureau
managers.
The Security Bureau has undertaken a number of change initiatives since the fall of
2007. A Management Services Directorate has been established and the Bureau has
begun the development of systematic work planning.
37
“Passport Canada Annual Report 2006 – 2007,” Appendix A, p. 41.
August 2008
21
Tools and Processes for Entitlement Decision-Making
The Security Bureau continued to develop new tools to ensure the integrity of
entitlement decision-making including improved access to partner information,
strengthened information systems, development of a Compliance Program, increased
support to Canadian missions, and improvements to the physical characteristics of the
passport document.
The Security Bureau has strengthened its information sources and analytic capacity to
support decision-making. It has expanded existing and developed new links with partner
organizations for increased sharing of information with partners including Correctional
Services Canada, RCMP, Department of Justice, Canadian Security Intelligence
Service and Citizenship and Immigration Canada. In addition, a new case management
system – Security and Intelligence Case Management System (SICMS) – is being
developed to increase the Bureau’s capacity to analyze and use existing passport
information. This will mean that the Bureau will have additional information on the
entitlement process and will be able to identify risk areas such as a large number of
applications from the same address or a person who is acting as a guarantor for an
unusually large number of applicants. It will also assist the Bureau in an effort to clear
many alerts automatically – rather than through manual data processing.
Improvements in accessing information for decision-making are important first steps, yet
there remain areas where gaps in the availability of electronic access to information
affect the entitlement decisions. Passport Canada cannot confirm electronically the
information provided by applicants to determine Canadian citizenship (birth certificates,
citizenship certificates) and to gather intelligence to support the decision-making
process38. Electronic data verification would greatly reduce the need for manual data
edits and checks.
Another element to ensure the integrity of the entitlement process is the Compliance
Program which is a quality assurance mechanism. The implementation of this Program
was deferred due to the need to focus on passport demand. Now, efforts have begun to
fully staff and to define the mandate of the Compliance Program. Initially, this Program
was to focus on physical security but this responsibility was transferred to the Corporate
Security. Once the Compliance Program is fully established, it would be vital in
providing quality assurance measures including but not limited to entitlement decisionmaking within a risk-based approach to security management. For example, a good
start to the Compliance Program was the review of access rights of employees to the
passport issuance system. The review identified what personnel categories had access
to sensitive components of the system. Following this review, a manual was developed
38
The Security Bureau receives information regularly on deactivated birth certificates from Ontario Vital Statistics.
This information is entered in Passport Canada’s database.
August 2008
22
to list the appropriate access rights for the tasks to be performed. A revision of system
access permissions is in progress.
Another key component of the issuance process is the decision-making that occurs at
Canadian missions. As a result of concerns raised in the OAG report, Passport Canada
created the Foreign Operations Division in the Security Bureau to provide a focus for
the Passport Program being delivered at missions. The entitlement decision-making
processes at missions is being supported by online training that all mission employees
engaged in the Passport Program are required to complete this fiscal year. While the
training is developed outside the Security Bureau, the implementation of the training is
being monitored by the Foreign Operations Division. Passport Canada and DFAIT are
also exploring the option of repatriating the entitlement decision-making for applications
from missions to the International Processing Service.
Physical Characteristics of Travel Documents
The Security Bureau continues to strengthen the physical characteristics of the travel
documents. The officer responsible for the travel document meets regularly with
partners to ensure that Canada’s travel documents meet international standards and
keep pace with those of the Five Nations Group (Australia, Canada, New Zealand,
United Kingdom and United States). Based on recommendations from the Security
Bureau, Passport Canada is moving to the implementation of facial recognition and a
new e-passport.39
Contributions to the Integrity of the Use of Travel Documents
The integrity of the passport entitlement process extends beyond the issuance of the
passports. It includes the integrity of the use of Canadian travel documents. The
Security Bureau is responsible for collecting and managing information about lost or
stolen passports. This information is shared regularly with CPIC, CIC, CBSA and
Interpol.
Finding 9:
The contributions of the Security Bureau mainly focus on responding
to known security-related issues.
Currently the processes in the Security Bureau focus primarily on responding to systemgenerated alerts (based on known passport applications stored in databases) or alerts
brought to the attention of the Security Bureau. This would suggest more of a responsebased approach as opposed to one based on risk.
39
The February 2008 budget of the Government of Canada indicated that these e-passports would be valid for ten
years. (http://www.budget.gc.ca/2008/pamphlet-depliant/pamphlet-depliant1-eng.asp).
August 2008
23
System-generated alerts appear when the passport application information is verified
against IRIS data verification rules and matched to its “watch list” – a list that contains
information on cases of interest or potential problems. The “watch list” holds individual
names received from key partner agencies and departments. Passport Canada uses
this “watch list” to identify potentially ineligible cases or cases where the individual
should receive a limited validity period passport. The reasons for ineligibility or for
limited validity vary. The most common reasons were restrictions as determined by the
judicial system. This query process generates three types of alerts:
•
Alerts related to data integrity. Information from data collected in two separate
months suggests that the Data Quality Analysts (DQAs) address about 85,000
client index alerts a month. The vast majority of these are generated because the
system has identified more than one person with the same surname, date of birth
and gender;40 Interviews with Security Bureau employees indicated that the vast
majority of these alerts relate to data entry issues and not security threats. The
DQAs reportedly detect very few cases of fraud;
•
Alerts related to complex cases (e.g. custody cases, lost or stolen passports)
identified through the “watch list” – Case Management Officer (CMOs) respond to
these alerts. CMOs also provide support to issuing office and Canadian missions
when employees have questions about these types of cases; and
•
Alerts related to potential criminal activities identified through the “watch list”
– These alerts are directed to the Entitlement Review Team41. These alerts may
result in an investigation which is carried out by an ERI. In 2007-08, the Security
Bureau conducted 124 investigations42 which represented less than a percentage
point of passport applications. One-third of the investigations result in a
recommendation to the adjudicator to revoke or refuse the passport and to
withhold passport service for a period of time. Of these, 95% were refused or
revoked. In 2007, 293 two-year limited validity passports were issued based on a
review of the “watch list” files. In addition to this, full validity passports and limited
validity passports of other duration would have been authorized.
Given the high volume of alerts of various types, the largest component of the work of
the Security Bureau is associated with responding to potential issues rather than
developing and analyzing the information necessary to anticipate potential security
threats.
40
41
42
Data from Data Quality Analysis Section, Security Bureau.
ERAs and EROs are included in the Entitlement Review section. EROs, entitlement review officers, were
established in 2007. They are front line for inquiries from regional offices in Canada and for missions abroad
pertaining to watch list alerts.
Draft Passport Canada Annual Report 2007-08.
August 2008
24
The Intelligence Section of the Enforcement and Anti-Fraud Division currently gathers
information for the “watch list.” Similar to alerts, the work is primarily responsive to
information provided by partners or the public, rather than proactive in terms of the
analysis of security threats. Informants suggested that SICMS could enable the Security
Bureau to institute electronic data verification edit-check rules as well as enable officers
to analyse alert patterns. This shift in work process also could change the composition
of resources to assume responsibility for critical tasks requiring different skills.
In the absence of a Compliance Program, there is no accurate and comprehensive
measure of the nature and extent of compliance to PPTC entitlement and corporate
policies, procedures and directives related to security. The DQAs perform systematic
monitoring of the entitlement process only on a sample of applications from missions.
3.2
Balancing Client Service and Security
Finding 10:
It is not clear to what extent security may have been compromised
during the period of high volumes in 2006-07.
Passport Canada must balance the demands of client service with security. Delays in
meeting the demand for passports have the potential to impact on the mobility of
Canadians. On the other hand, failure to manage adequately the security risks
ultimately increases the risk of inappropriate issuing and use of Canadian passports and
would affect the credibility of the Canadian passport and Canada’s image in the world.
Many key informants, notably in the issuing offices, expressed concern that when
Passport Canada was struggling to cope with an unprecedented high volume of
passport applications in 2006-07, security may have been compromised in the efforts to
maintain client service. There are a number of factors that led these key informants to
have this impression:
•
At the time, issuing offices and the NPS were working long hours to cope with the
demand and facing applicants who were experiencing extended time delays.
Under those conditions, employees suggested that it was possible that less time
was spent on details when compared to periods of normal volumes.
•
In order to cope with the volumes, Passport Canada increased its capacity.
There were more clerks hired and assigned to pre-screen applications for their
review by entitlement officers. Some key informants raised concern that the new
hires did not receive enough training. Pre-screeners received only one week of
training but, in many offices, they were also responsible for client interface,
review of the identity and entitlement documents which normally was the function
of the Entitlement Officer. Officers usually receive three weeks of classroom
training (reduced from four weeks) and ten weeks of on-the-job supervision.
While the new employees relieved some pressure on the entitlement officers,
August 2008
25
supervising the new employees also reportedly reduced the time experienced
officers could attend on passport applications.
•
Many interviews with informants indicated that any policy/procedural changes on
entitlement decision-making were often transmitted by email. Such changes were
not reflected in a timely fashion in the Passport Policy Manual. While email is a
good way to transmit information quickly, it was not read by all especially when
employees were too busy with working at the counters. As a result, some
employees did not comply with some procedural changes.
•
Many informants also indicated that the application of “exceptional measures” in
the summer of 2007 signalled that application shortcuts were authorized because
of the high volume of applications. Many informants believed this because they
were unaware of, or unconvinced by, the need for the “exceptional measures.”
•
Finally, some informants believed that the public pressures contributed
significantly to maintain client service standards rather than strict and rigid
adherence to passport examination procedures.
While many informants believed that the entitlement process was compromised, the
evaluation cannot determine the extent to which it may have occurred, without a review
of decisions taken during the peak periods and the ability to compare this to decisions
made prior to the increase in the volume of applications. It is not possible to assess this
even qualitatively without an assessment of the security risks in the passport issuance
process and the activities that are being carried out to manage these risks.
3.3
Inadequacy of Performance Information
Finding 11:
There is insufficient performance information on the activities of the
Security Bureau.
Passport Canada at present does not have a comprehensive framework for monitoring
and evaluating its performance. Passport Canada only has performance measures
related to client service standards (i.e. waiting times, turnaround times for applications
etc.) The evaluation team was unable to find systematic information, collected over
time, on measures that could have assisted in evaluation findings. While data were
available on the volume of alerts, data were not available on:
43
•
Volume of different types of alerts43 or the disposition of these alerts;
•
Volume of cases referred to CMOs, ERAs or ERIs and the disposition of these
cases; or
Information was available on the volume of alerts, by type, for two one-month periods in 2007 and 2008. This
gave an indication of the types of alerts – see Finding 9.
August 2008
26
•
Numbers of passports denied based on the activities of the Security Bureau.
In consideration of data availability issues, the Security Bureau has not been able to
analyze alert trends or client patterns which could have been useful for resource
management.44
Finding 12:
An assessment of the nature and extent of passport entitlement
security risks is not available.
A common method to assess the effectiveness of passport security is to review its
approach relative to others; in this case, through a study with the United Kingdom’s
Identity Passport Services (UK-IPS). Direct comparative studies among any of the Five
Nations Group could not be conducted at this time because there are no international
guidelines or standards on passport issuance in consideration of the rights of
sovereignty. However, security is viewed similarly among this group of five and based
on evaluation observations, Canada, while facing unique challenges in passport
demand, has not developed a strong evidence-based approach to determine the nature
or level of security risks on passport issuance. The Security Bureau, in its deliberations,
on security risks could consider the quantitative assessment now in place at the UK
IPS, to be tailored to the Canadian environment, as a means to systematically address
security risks.
Such an approach would offer a wider assessment from which to develop more
comprehensive scenarios or profiles. The evaluation found that given the current gaps
in risk identification, there is a possibility that passport applicants could obtain their
identity fraudulently. Such an occurrence could be undetected by the current
examination process, resulting in a passport being issued to an ineligible applicant.
Once in the system, any subsequent renewal request may not yield any alerts and
hence, would have created a systematic bias in the issuance process. One way to
mitigate this occurrence would be to establish a system of monitoring the nature and
extent of fraud as was found in the UK IPS.
44
SICMS will assist in providing management information. Phase I of SICMS is expected to be operational by
April 2009.
August 2008
27
Finding 13:
The risk is high that personal information between business contacts
is transmitted electronically over the internet.
Passport Canada and Consular Services have an obligation to protect private and
personal information. Access to protected information is governed by the “need-toknow” principle and the level of security for the persons requiring access to perform a
job function. In order to protect personal information sent electronically over the internet,
DFAIT’s “Policy on the Use of the DFAIT Electronic Networks” restricts the transmission
of electronic information to the DFAIT network only. Personal information is never to be
sent over public networks like the internet where the risk of interception is very high.
The Policy states:
“Anyone in the world can be registered on the INTERNET under any name they wish,
and access will be granted. Therefore, in dealing with business contacts via the
INTERNET, it must be remembered that, at this time, it is impossible to properly
authenticate INTERNET users. Also, the path taken by information travelling on the
INTERNET from one user to another is unknown. Hence, it must be assumed that the
path has no security protection. That is to say, any information flow may be read and/or
altered without the knowledge of the sender or receiver. Therefore, no sensitive data
is to be sent over the INTERNET.”45
Passport Canada and DFAIT do not share the same network. Passport Canada uses
PPTCNet, while DFAIT uses SIGNET. Therefore, there is a high risk that any personal
information sent electronically over the internet between DFAIT and Passport Canada
can be subject to interception. For example, an email sent from an employee with
PPTCNet email account to an employee with a SIGNET email account must first travel
through the public internet to reach its destination.
Evaluation interviews confirmed that there is no secure channel between PPTCNet and
SIGNET at this time. No personal or protected information, on a passport file, should be
sent via email between Passport Canada and DFAIT, because the transmission is
considered non-secure. Both organizations must therefore manage this risk accordingly.
45
Policy on the Use of the DFAIT Electronic Networks, ISD/SXD – 2000-03-15 – Amended 2007-09-10.
Emphasis (i.e. caps and bolded text) is copied from original text.
August 2008
28
4.0
COST-EFFECTIVENESS
Evaluation findings on cost-effectiveness including the clarity of roles, responsibilities
and communications, the adequacy of standardization of decision-making as well as
resources are reported below.
4.1
Clarifying Roles and Responsibilities
Finding 14:
The role of the Security Bureau is not well understood.
The role of the Security Bureau was not well understood among regional directorates
and issuing offices. Evaluation interviews suggested that informants knew generally of
the roles of the DQAs, CMOs and ERAs but, they were often unable to distinguish the
specific roles of each group in terms of the types of alerts46 they dealt with, and who
should be contacted. Frequently, informants also included physical and IT security
within the mandate of the Security Bureau when these functions are no longer part of
the Security Bureau mandate.
One key issue identified was who retained the final responsibility to render entitlement
decisions. The Policy Manual clearly stated that for custody cases the issuing office had
the authority to refuse a passport but for files related to misleading information in an
application, multiple losses of passports or criminality, the final authority for passport
refusal rested with the Security Bureau.47
Responses also varied from key informants about who had authority for both approvals
and refusals for cases that had been referred to the Security Bureau. While there was a
lack of clarity on authorities for security cases, employees generally agreed that
entitlement officers retained authority to decide to issue a passport (once any security
concerns had been cleared by the Security Bureau), whereas the Security Bureau
appeared to have the authority for passport refusal.
Finding 15:
There was lack of clarity and agreement on the roles and
responsibilities of the Regional Security Advisors.
The Security Bureau established RSAs in 2006-07 in response to the 2005 OAG audit
of Passport Canada. The evaluation found that the role of RSAs varied across regional
directorates and their purpose was unclear. A number of events also contributed to this
lack of clarity.
46
47
Alerts related to administrative/data integrity issues, alerts related to complex cases or alerts related to potential
criminal activities.
Passport Policy Manual, Section 1910.
August 2008
29
First, a Memorandum of Understanding between the Security Bureau and the
Operations Bureau, drafted in 2005, remains incomplete. While the Security Bureau is
responsible for the RSAs, the role of RSAs has evolved differently across the regions. In
the absence of any specific direction from headquarters on RSAs, the roles in each
region appear to have been determined to a large extent by regional directors.
Therefore, the nature of the work by RSAs varies considerably across regions.
The evaluation also found that communication on the role of RSAs has been rather
sparse and incomplete. RSAs were created as the first step towards a decentralized
approach to support the passport issuance processes in Canada. Information on the
role of RSAs48 indicated that their role is to increase the Bureau’s capacity to enhance
the integrity of the Passport Program within the regions.49
Furthermore, communications have been unclear on the overall rationale for RSAs.
Evaluation interviews among the regional directorates and the issuing offices indicated
that the role of the RSAs was not precise. RSAs generally reported that many requests
for their support related to components of security (e.g. physical security) that were not
within the mandate of the Security Bureau.
Although headquarters confirmed that the “functions and organization of the regional
security advisor network will continue to be refined through the program evaluation of
the Security Bureau as well as the Corporate Services Bureau’s work towards
developing a management framework for the administration of the Government Security
Policy…”50, there still seems to be considerable effort ahead to discuss the
standardization of the RSA. Headquarters has started the process to establish the work
parameters of the RSA through information updates to staff that the role of RSAs should
focus on “entitlement and program fraud prevention, detection and response”51 and
indicated that, when physical security issues arise, they should notify the Physical
Security Section at headquarters.
48
49
50
51
Communication to staff from Director, Enforcement and Anti-fraud.
Staff Email from Director, Enforcement and Anti-fraud, Security Bureau, 19 February 2008.
Security Bureau Internal email, 19 February 2008.
Ibid.
August 2008
30
4.2
Improving Communications
Finding 16:
There were mixed views on the adequacy of communication both on
general security issues and specific cases within Passport Canada
and with Canadian missions.
There were mixed views from key informants on general communications within
Passport Canada. Most key informants felt that communications within headquarters
were adequate. Some noted though that this had been true when the organization was
small but the rapid growth at headquarters, resulting from the increased volume of
passports issued, may have reduced the adequacy of communications.
The views of key informants varied among regional directorates, issuing offices and
missions with respect to general communications on security-related policy and
procedural matters. Some felt that there was adequate communication of security
issues; others felt that they were overwhelmed with communications particularly by
email and were likely to miss the important messages in the volume of communications.
Some noted that communications on security issues can come from a variety of units
within Passport Canada – Security, Policy and Planning or Operations. Some regret that
the former security bulletin is no longer available; others felt that information was readily
available on the Passport Canada intranet site. Still, others noted that the Policy Manual
and the intranet site are not current with changes that have been communicated to the
issuing offices and missions.
Most informants revealed that the Security Bureau could improve communications to
the regions. Interview data suggested that inconsistent communication approaches
contributed to a lack of knowledge on security related issues. It was found that some
communicate with the Security Bureau on individual cases through a generic email
address, while others indicated that a specific agent in Security Operations was
assigned to their office.
Most key informants in issuing offices and missions expressed concern over timedelays in responding to security queries and the need for regular status reports on the
progress of security cases to share with passport applicants. It should be noted though
that many also recognized that time-lines have improved and efforts continue to close
the gap further.
Many key informants raised the need for more robust communications from
headquarters on case related information especially on notifying applicants of passport
refusal. The current approach is that the Security Bureau notifies denied applicants by
mail. The communication issue occurs when denied applicants attempt to pick-up their
passport prior to receiving a notice from the Security Bureau. In this case, the office
manager at the issuing office will notify the applicant that their application is under
August 2008
31
review, however, the manager cannot provide any details. Issuing offices therefore quite
frequently deal with customer services issues when applicants, concerned by the lack of
information on the reasons for refusal and the limited options for getting more
information from Passport Canada, expressed dissatisfaction.
The evaluation found that communications between Passport Canada and missions with
respect to policy interpretation and procedures has improved significantly since the
establishment of the Foreign Operations Division. Most informants in missions were
satisfied with the communications with the Foreign Operations Division.
4.3
Improving Standardization
Finding 17:
The physical security characteristics of the Canadian travel document
have been standardized.
The physical security characteristics of Canadian travel documents are standard
because of the centralization of the passport printing process. Most passports are
printed in one of two locations – one in Quebec and one in Ontario.
In 2005-06, Passport Canada repatriated the printing of passports issued by consular
offices overseas. The repatriation of the printing of travel documents in Canada has
contributed to the centralization52 of the production of passports and ensuring control to
reduce misuse of the passport document.
Finding 18:
Passport security features are consistent with but are reportedly not
at the leading edge of the security features of other members of the
Five Nations Group.
Canada is a member of the Five Nations Group (Australia, Canada, New Zealand,
United Kingdom and United States). Passport Canada representatives meet regularly
with colleagues from these countries to discuss passport security. While Canada’s
passport security features have improved, all other member countries have security
features in passport documents that exceed those of Canada. For example, the four
other countries in the Five Nations Group have e-passports. Canada, however, is only
expected to pilot e-passports in 2008-09. Passport Canada’s Security Bureau believes it
provides a secure Canadian passport at an affordable cost at this time.
52
Centralization was implemented to standardize the print process and to mitigate theft of blank passports, and
new passports.
August 2008
32
Finding 19:
Although there is no evidence that there are inconsistencies in
entitlement decisions, there are differences in work-processes among
issuing offices and the National and International Processing Service.
While there is considerable variation in the organization of the work for entitlement
decision-making in issuing offices in Canada, there is no evidence of inconsistencies in
the entitlement decisions.
The site visits to issuing offices and interviews suggested that there is considerable
variation in the organization of the work flows in the different issuing offices. A number
of different processes were put in place to cope with the volume of applications in 200607. Passport clerks were reassigned other duties. This included reviewing pre-screened
applications. The organization of the work is dictated, to a large extent, by the physical
space available to offices – particularly as they have had to cope with significant
increases in the volume of applications. The choices of which processes to follow and
when are largely determined by the managers in each office and may vary by the
volume and the time of day.
Interviews with key informants in the issuing offices indicated that, regardless of
differences in work organization, entitlement officers apply standard entitlement policies
and procedures consistently. The only change was with the “exceptional measures”
implemented in 2007, where more latitude was given to entitlement officers. It is too
premature at this time to understand the impact of the “exceptional measures.” A more
accurate assessment of the impact of these measures could be conducted when the
Compliance Program has been established.
Based on interview data, some issuing offices believe that face-to-face interaction with
applicants is a distinct advantage in the entitlement process. Statistics show that a vast
majority of passport applications (79%) were presented in-person at issuing offices in
Canada – see Exhibit 553. The remaining applications in Canada were mailed, or
forwarded by receiving agents to the National and International Processing Service. It is
likely that the majority of entitlement decisions are made after an entitlement officer has
interacted with the applicant.54
Most key informants in issuing offices strongly believe that the interaction with the
applicant provided much valued additional information to assist in the entitlement
decision-making. While a decision to deny a passport has to be made on the basis of
53
54
A small percent (4% in 2006/07) are presented at foreign missions but these are processed in a similar manner
to those presented to Issuing Offices in Canada.
However, not all applicants who present their applications at an Issuing Office are seen by the Entitlement
Officer. Some applicants are represented by other family members; some applications are received in the Issuing
Office by pre-screening clerks.
August 2008
33
documented evidence, some would argue that face-to-face interactions, as an added
source of verification, contributed to the ability to identify cases of potential fraud55.
Other key informants argued that the benefits of face-to-face interactions have been
exaggerated. All entitlement officers – whether they are working in an issuing office or
the National and International Processing Service – receive the same training but are
not specifically trained to read verbal or visual signs.56
Without a risk assessment framework, there is no explicit consideration of how the inperson interaction with applicants helps to mitigate the risks in entitlement decisionmaking and, by extension, whether there are inherent risks in decisions made solely on
the basis of documents (and often scanned copies of these documents). This issue has
potentially important implications, since Passport Canada is increasingly moving the
decision-making process away from the front-line people at issuing office counters. It is
unknown how this change in workflow would affect the ability to assess the reliability of
the passport applicant.
4.4
Impact of Security Bureau Resources
Finding 20:
Although the Security Bureau continues to receive more resources, it
still represents approximately 3% of Passport Canada resources
since 2003-04.
The unprecedented increase in the number of passport applications led to a significant
increase in Passport Canada revenues (see Exhibits 4 and 6).
While Passport Canada resources increased, so did those of the Security Bureau – see
Exhibits 8 and 9. The Bureau’s resources increased substantially between 2003-04 and
2007-08 – an 89% increase over this period. Between 2006-07 and 2007-08, FTEs for
the Security Bureau had grown from 81.5 to 95.7 representing an increase of 15%.
55
56
For example, an application for a child’s passport in which the applicant may have forged the signature of a
custodial parent or an application where the guarantor has not known the applicant for two years.
One respondent did indicate that this had been included in training for Entitlement Officers many years ago. In
addition, some offices have received training from the RCMP on the identification of fraudulent documents.
August 2008
34
Exhibit 8:
Security Bureau Resources, 57 2001-02 to 2007-08 ($000’s)
Year
Passport Canada
Salary
(including
EBP)
O&M
Total
Security Bureau
# of
FTEs
Salary
(including
EBP)
O&M
Total
# of
FTEs
2001-02
56,421
54,654
111,075
949
2002-01
70,180
68,588
138,768
S.O.
2003-04
85,875
63,503
149,378
1,291
3,677
560
4,237
57.6
2004-05
94,470
73,013
167,483
1,731
4,020
577
4,596
64.3
2005-06
115,994
83,361
199,355
1,900
4,224
900
5,124
78.6
2006-07
123,775
92,874
216,649
5,697
742
6,439
81.5
2007-08
165,753
119,222
284,975
6,946
1,302
8,248
95.7
2,256
2,900
57
The Security Bureau was established in 2003-04.
August 2008
35
Exhibit 9:
Passport Canada and Security Bureau Resources, 2003-04 to 2007-08
($000’s)
While resources for the Security Bureau increased annually, its relative growth has
remained constant since 2003-04. The Security Bureau’s resources represent
approximately 3% of Passport Canada – see Exhibit 10. These resources were needed
to address two factors: the increased volume of passport applications and additional
resources for new functions namely: the RSAs and the Compliance Program. These two
pressure points drove the need to increase resources to the Security Bureau based on
the assumption that security-related cases grow in proportion relative to passport
demand.
August 2008
36
Exhibit 10: Security Bureau and Passport Canada Resources, 2003-04 to 2007-08
The Security Bureau has also not been able to complete the staffing of all positions. All
but two of the eight RSA positions and two positions for the Compliance Program have
been staffed. Given the need to clarify roles and responsibilities as well as to complete
the staffing of positions, it is too early to assess the impact of these additional
resources.
August 2008
37
4.5
Need Better Tools for Decision-Making
Finding 21:
The Security Bureau lacks adequate tools for ensuring the integrity of
the passport issuance process.
Passport Canada relies on information from both internal and external sources to
ensure the integrity of the passport issuance process. This information is used to
confirm the identity of applicants. This includes the statement from the guarantor and
provincial documents that include applicants’ photographs (e.g. health card or driver’s
license). Even though applicants may be Canadian citizens, there may be other
information that would indicate that applicants are not eligible for a passport (e.g.
because they have been charged with an indictable offence or their mobility is restricted
as a result of criminal charges).58
The information to support these decisions currently comes from three sources:
•
the entitlement database – IRIS59 which includes historical information about
passports issued;
•
the “watch list,” which includes the names of applicants who are potential risks;
and
•
information from external sources (partner organizations): information from the
vital statistics units of provincial/territorial governments, other provincial licensing
bodies and other federal government departments.
The integration of information from internal and external sources present challenges in
terms of data comparability, quality and completeness.
Processes for Gathering Intelligence and Quality Control
Passport Canada currently has limited ability to search and analyze information on
passport applications and documents. Passport Canada’s IRIS database includes a
“watch list” with information on people whose passport application may need additional
review.
Currently, the alerts generated by queries against the entitlement database – IRIS – are
verified manually, which is time consuming and subject to human error. This situation is
expected to improve with SICMS, which will not provide different information but it will
provide a relational database, automated information and intelligence repository,
58
59
Under the new simplified renewal process, introduced in August 2007, the requirement to present these
documents (which have already been examined for an earlier passport) is waived.
This is the name given to Passport Canada’s passport issuance system.
August 2008
38
integrated with existing Passport Canada systems. SICMS will provide the Security
Bureau with a “systematic tool to manage cases to administer the alerts process, and to
identify and analyze trends by case.”60 This will allow for standard and automated data
verification edits, which may implicate current resource levels. SICMS is expected to
improve the management of information available to the Security Bureau. Phase I of
SICMS is expected to be operational by April 2009.
External Data for Entitlement Decision-Making
Over the past year, the Security Bureau has improved information-sharing with a
number of partner organizations, including:
•
Correctional Services Canada (CSC) to secure electronic access to data on
federal offenders;
•
RCMP to establish a secure link for access to data from the Canadian Police
Information Centre; and
•
Department of Justice to access information on people in arrears with family
support payments.
The Bureau is currently working on MOUs with the Canadian Security Intelligence
Service (CSIS) and Citizenship and Immigration Canada (CIC). However, there remain
three challenges in the availability of data for decision-making:
60
•
Data that is available electronically but not searchable;
•
Data that is available only on a case-by-case basis; or
•
Data that may be available but is not systematically provided
SCIMS Project Charter, June 2006, p. 4.
August 2008
39
Exhibit 11: Challenges in the Availably of Data for Decision-Making
Challenge
Details
Data available electronically
but not searchable
The Security Bureau has electronic access to some
information but the data cannot to be searched
systematically. For example, although CPIC provides
information on people with criminal records, the information,
which is in free text format, cannot be easily searched in
order to identify people charged with an indictable offence or
whose mobility is restricted. Much of the searching has to be
done manually.
Data that is available only on a
case-by-case basis
In other cases, information is available on case-by-case
basis, but not systematically. For example, passport
entitlement officers can check citizenship documents directly
with the CIC Case Processing Centre in Nova Scotia but
they do not have electronic access to citizenship
information. The same is true of data from
provincial/territorial vital statistics organizations.
In 2004, in partnership with two provinces and other federal
departments, Passport Canada undertook a pilot project
(National Routing System) to test the automation of the
verification of vital statistics information in two provinces.
The pilot was reportedly very successful, but the initiative is
not proceeding. It was superseded by a Treasury Board
Secretariat initiative to develop a more comprehensive
business case to be aligned with a national identity
management framework. The pilot project, although
successful, was reportedly very expensive and would be
difficult to implement on a national basis because of the lack
of automation of vital statistics records in some provinces.
As a result, there is still no systematic process for confirming
the validity of identity documents used in the passport
application process.
Data that may be available but
is not systematically provided
Some information is not available even on a case-by-case
basis. For example, while Passport Canada has access to
data on federal offenders to identify applicants who may
have been charged with an indictable offence, it does not
have access to provincial correctional or court data. As a
result, it relies on provincial authorities to report cases of
relevance to passport decision-making. For example, one
role fulfilled by the RSAs has been to establish links with
court authorities to ensure that Passport Canada is notified
when a passport has been seized.
August 2008
40
4.6
Passport Canada is Making Progress
Finding 22:
Passport productivity is improving.
The evaluation found that with the increase in resources between 2001-02 and 2007-08,
the average daily number of passports issued per employee decreased steadily from a
high of 8.7 in 2001-02 to a low of 6.3 in 2004-05 – see Exhibit 12. Productivity appears
to have improved recently. This is likely the result of new resources in place to deal with
increased passport demand. In addition, new measures such as the implementation of
“exceptional measures” as well as operational improvements including double-shifts
(e.g., evening shifts) to deal with increased demand would contribute to increased
productivity. The best way, however, to measure improved passport productivity would
be to assess if the average amount of time spent per application has been reduced.
Exhibit 12: Passport productivity per employee,61 2001-02 to 2007-08
61
This is defined as the average daily number of passports issued based on FTE and volumes.
August 2008
41
Public funds have been made available for new initiatives beyond the resources
received through passport fees. This additional funding is to assist with passport
demand and with implementing new security initiatives to respond to the WHTI.
August 2008
42
5.0
CONCLUSION AND RECOMMENDATIONS
The Security Bureau is central to Passport Canada. It offers a relevant and critical role
in guiding the integrity of the passport entitlement and issuance process and the
physical characteristics of Canada’s travel documents. Its main contribution to the
entitlement decision-making process is the support that it provides to the operational
units of Passport Canada namely: the issuing offices, the National Processing Service
and the International Processing Service, and the Canadian missions responsible for
the Passport Program abroad. It supports these offices by ensuring the integrity of the
Canadian passport document and entitlement information, assisting with addressing
complex civil and criminal cases and investigating cases of possible fraud.
Progress continues in redefining its mandate, improving management processes and
developing the necessary tools to provide adequate support for entitlement decisionmaking. The Security Bureau management is aware of the gaps but also faces barriers
in strengthening its processes and tools. For instance, in recent years Passport Canada
has faced major organizational strain in dealing with high passport demand. Passport
Canada had to quickly re-adjust its business to meet client demand and, as a result the
Security Bureau activities for transformation were delayed and recommenced only in the
latter part of 2007.
The evaluation has proposed one key recommendation for Passport Canada’s Security
Bureau. It was initially identified in the Office of the Auditor General audit. That is, the
need for a security risks assessment to guide the rest of the work of the Security Bureau
and other security activities at Passport Canada. The establishment of security risk
assessment would provide greater direction on the way forward for the Security Bureau.
Once completed, a risk based approach would form the foundation for either additional,
financial or organizational needs or authorities for consideration to ensure a reliable
passport entitlement and issuance process.
August 2008
43
Exhibit 13: Overview of Recommendations
Recommendation 1:
That Passport Canada conducts an assessment of
security risks on passport issuance and that the
approaches to managing these risks are within acceptable
tolerance levels.
The security risk assessment would frame the necessary direction for the development
of a performance framework for the Security Bureau. One component of this would be
the identification of those risks that require the Security Bureau’s attention (see
Exhibit 13).
It is expected that the security risk assessment would also highlight the importance of
shifting from a rules-based approach to a decision-based approach. This would mean
that entitlement officers would have more individual discretion in reviewing passport
applications. Central to this risk assessment strategy would be to address the risks
associated with passport applicants as well as different business channels. The UK-IPS
has been successful in implementing an effective and efficient risk assessment strategy.
It is based on an objective quantitative method to identify the nature and extent of
passport-related fraud and, Passport Canada could benefit from a similar approach to
determine its risks.
August 2008
44
Recommendation 2:
That the Security Bureau develops a management
framework for its activities based on the results of the
security risk assessment.
A management framework would define the mandate, policies, procedures,
organizational structures, resources, tools for the Bureau to support its responsibilities.
An appropriate management framework contributes to sound and effective program
management. It enhances program performance in achieving the expected results,
while appropriately managing financial and non-financial risks.
The development of this framework would lead the Bureau to assess a number of
issues raised in this evaluation, including those related to:
•
Functions and structure: the relevance of some current Security Bureau
functions, the role of the Regional Security Advisors, the need to focus on
security functions that provide added value to passport integrity, the role of the
Compliance Program and additional functions that might be supported by the
Security Bureau;
•
Communications: the communication of the role of the Security Bureau within
Passport Canada; and,
•
Resources: the adequacy of the Bureau’s resources to fulfill its mandate.
Recommendation 3:
That the Security Bureau develops performance measures
to monitor its decision-making.
Integral to a management framework is performance measurement. Its main purpose is
to support decision-making. Establishing this would allow the objective monitoring of
progress on results in a systematic manner. This would provide information to assist
decision makers on activities, the results achieved, work structure and resource needs.
August 2008
45
APPENDIX A: MANAGEMENT RESPONSE
Recommendations
Recommendation 1:
That Passport Canada conducts an
assessment of security risks on
passport issuance and that the
approaches to managing these risks
are within acceptable tolerance
levels.
Recommendation 2:
That the Security Bureau develops
a management framework for its
activities based on the results of the
security risk assessment.
PPTC Management Response and
Action Plan
Responsibility
Centre
Passport Canada agrees with this
recommendation, and has identified the
assessment of Security Risks as a
priority to be completed prior to the end
of the third quarter of 2008-09. W ork is
currently underway to identify and
assess security risks and accompanying
mitigation strategies in the application,
entitlement and issuance processes.
Follow-up efforts will focus on enhancing
mitigation strategies where required in
order to ensure that risks are being
managed within acceptable tolerance
levels.
PPSD
Security Risk Assessment
to be completed by the
end of October 2008
Passport Canada agrees with the
recommendation that the Security
Bureau review its management
framework, and is currently undertaking
work to develop a new model that is not
only more closely aligned with known
security risks, but which allows the
organization the flexibility to adapt in a
fluctuating risk environment. In the
second quarter of 2008-09, the Bureau
worked with an external consultant to
review its organizational structure, and,
in June 2008, put forth an initial proposal
PPSD
Organizational Review
complete
Time Frame
Validation against risk
assessment third quarter
2008-09
August 2008
46
Recommendations
PPTC Management Response and
Action Plan
Responsibility
Centre
Time Frame
to realign its core management
framework to reflect known risks. This
proposal will be validated against the
results of the Security Risk Assessment
in Fall 2008.
Recommendation 3:
That the Security Bureau develops
performance measures to monitor
its decision-making.
Passport Canada agrees with this
recommendation, and has committed to
developing draft performance measures
that will better reflect the nature of the
Security Bureau’s work, enhance its
decision-making capacity and provide a
meaningful assessment of its
performance. The Bureau’s ability to
capture and track performance
information will be greatly assisted with
the implementation of a security case
management system at the end of 200809.
PPSD
Draft performance
measures to be
developed by end of
fourth quarter 2008-09
August 2008
47

passport canada security bureau evaluation

Transcription

Similar documents

MasterCard My Account Registration

presentation

USIU-Africa Application Form - United States International University

freaky friday nights!

Donut Trail Passport - Butler County Visitors Bureau

Fun for Grown Ups and Kids!

format required for the mandatory information for each athlete that

Passport® POS

consulate general of republic of indonesia