Archived - Audit of Professional Standards

May 2015

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

1.0 Introduction

Federal public servants have a fundamental role to play in serving Canadians, their communities and the public interest under the direction of the elected government and in accordance with the law. As dedicated professionals, public servants uphold the public trust. Canadians expect their public institutions to function at the highest level of ethical standards.

The Canada Border Services Agency’s (CBSA) mandate includes the facilitation of large volumes of people and goods while meeting the requirements of program legislation, it is imperative that a culture of professional integrity be developed and maintained across the Agency. As part of the Public Safety Portfolio, the CBSA contributes to integrated national security, emergency management, enforcement, corrections, crime prevention and border management operations.

2.0 Significance of the Audit

The professional integrity of CBSA employees is essential to the CBSA’s role in protecting the safety and security of Canadians and the unique authority that CBSA employees have in moving people and goods across the border. To date an audit of professional standards has not been completed at the Agency.

The audit objective was to examine whether:

  • The management control framework around professional standards is well designed, which includes the investigation practices;
  • Professional standards have been clearly defined, well-communicated, and effectively implemented across the Agency; and
  • Professional standards are monitored.

The audit did not examine investigations of the following: wrongdoingFootnote 1; harassment or violence in the workplace; and security incidents. The audit scope and criteria can be found in Appendix A.

3.0 Statement of Conformance

The audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program. The audit approach and methodology followed the International Standards for the Professional Practice of Internal Auditing as defined by the Institute of Internal Auditors and the Internal Auditing Standards for the Government of Canada, as required by the Treasury Board’s Policy on Internal Audit.

4.0 Audit Opinion

The Agency has established a system and processes to create and maintain a culture of professional standards.Footnote 2 For the most part, the management control framework around professional standards has been well designed and operates as intended. Preventive, detective, and corrective controls were in place to establish and sustain high professional integrity. However, CBSA employees, managers and investigators would benefit from additional training, guidance and tools, to increase employees’ awareness of the expected standards of conduct, to drive consistent investigation practices and increase transparency of the investigation process. Although information gathered about professional standards was found to be accurate, it could be more timely and shared more broadly with oversight bodies and regional management. This results in a medium residual risk exposure for the Agency’s Professional Standards program.

5.0 Key Findings

The roles, responsibilities and accountabilities of key Agency stakeholders involved in management of professional standards have been defined and communicated. The expected behavior and standards of conduct have been established and communicated through the CBSA Code of Conduct.

Although training related to professional standards is available to all employees, it is not mandatory. As a result, the completion rates of these courses are low. Monitoring of employees’ successful completion of training by managers and supervisors is not efficient through the current system, which further impacts the completion rates. Should professional standards training remain optional, employees may not understand the Agency’s expectations related to professional standards.

Deviations to the standards of conduct were investigated by either an investigator from Security and Professional Standards Directorate (SPSD) or by regional management. Regional allegations of misconduct were not always reported to SPSD, which is not consistent with the centralized reporting requirement implemented in 2011. Also, criteria for determining the investigative body — Professional Standard Investigation (PSI) or regional management — were not established. Limited tools and formal training were available for investigators and managers involved in misconduct investigations. To compensate, regions developed their own tools and guides. Additional training, guidance and tools would help improve the consistency of investigations.

Professional Standards Case Management System (PSCMS) has been used since 2011 to capture all referrals and investigation of alleged misconduct. The audit confirmed that the PSCMS contained accurate, but not always timely, data for most entries. Opportunities exist, for example, to capture discipline information and share complete information gathered more broadly.

The Professional Integrity Program (PIP) Framework defined a governance structure where only the roles and responsibilities of Security and Professional Standards Directorate, located within the Comptrollership Branch, were articulated. Although it identified other internal partners and stakeholders broadly across the Agency, the Framework did not describe their involvement in the management of the PIP. Both the Training and Development Directorate and the Labour Relations and Compensation Directorate (LRCD) within Human Resources Branch (HRB) hold key strategic information that allow for effective management and holistic monitoring of the PIP.

6.0 Summary of Recommendations

The audit makes four recommendations relating to:

  • Developing and improving training, guidance and tools that drive consistent, transparent and administrative investigation practices of sound quality across the Agency;
  • Establishing mandatory training related to professional standards and providing a mechanism that allows managers to efficiently monitor employee training;
  • Establishing service standards for the time required to render discipline; and
  • Amending the roles and responsibilities of the Professional Integrity Program Framework to include additional strategic oversight by other CBSA Branches, specifically the Human Resources Branch.

7.0 Management Response

The Comptrollership and Human Resources Branches accept the recommendations of the Audit of Professional Standards. The principal means by which the two Branches will respond to the audit recommendations will be through the development and implementation of new tools (including automation) and training for investigators and managers to enhance competency and outcomes in the integrity continuum. The branches will also enhance employee understanding of Professional Standards through broader publication of information and training.

The two branches will also work together on developing a proposal for a distinct, comprehensive Professional Standards Management Framework in which the governance structure for professional standards is well-defined and strategic oversight is provided.

To date, the branches have published the updated policy on Professional Standards Investigations (PSI) which includes guidelines and standard operating procedures to enhance understanding of the PSI process; and released the 2013–2014 PSI Annual Report to senior management. Action Plans are in place to respond to each of the four audit recommendations before the end of December 2016.

8.0 Audit Findings

8.1 CBSA’s Professional Standards Roles and Responsibilities

Audit Criteria:

  • Authority, responsibility, and accountability are clearly defined and well communicated to promote and enhance professional integrity among all CBSA employees.

8.1.1 Roles and Responsibilities

The Agency is a decentralized organization that has multiple branches involved in the process of managing employee conduct, or professional standardsFootnote 3. Both the Comptrollership and Human Resources Branches have dedicated programs and products that describe roles and responsibilities related to professional standards.

Office of Values and Ethics

The Public Servants’ Disclosure Protection Act came into force in April 2007 and required departments to establish and maintain internal procedures to manage disclosures as well as designating a senior officer for internal disclosures.

The Office of Values and Ethics within the Human Resources Branch, supports and promotes an ethical culture and working environment at the CBSA through the office of the Senior Ethics Official and Senior Officer for Internal Disclosure (SOID).

The Office of Values and Ethics is responsible for: providing tools and resources to assist employees and supervisors in understanding their responsibilities; assist with the resolution of ethical dilemmas; developing and providing values, ethics and disclosure of wrongdoing sessions to all employees; and developing and communicating policies and procedures for conflict of interest, political activities, and protected disclosure of wrongdoing, among others.

The SOID is responsible for receiving disclosures of possible wrongdoing at the CBSA and determining if an investigation into the alleged wrongdoing is warrantedFootnote 4. On matters involving disclosures of wrongdoingFootnote 5, SOID reports directly to the President. The SOID is required to protect the identity of persons involved in the disclosure of wrongdoing in addition to witnesses and persons who are alleged to have committed the wrongdoing.

Security and Professional Standards Directorate

The Security and Professional Standards Directorate (SPSD) within the Comptrollership Branch is responsible for the Security and Professional Integrity Programs within the CBSA and is accountable for the confidentiality, integrity and availability of all CBSA assets, including information holdings. Two of the four Divisions in SPSD have responsibilities related to professional standards within the audit scope, namely:

  • Security and Professional Integrity Programs Division, which includes the Professional Integrity Program (PIP) section.
  • One of the objectives of the PIP is to prevent occurrences of misconductFootnote 6 by raising awareness of professional integrity across the CBSA as well as communicating and reinforcing the expected standards of professional conduct. Another objective of the PIP is to provide information to help employees better understand how to detect, report, avoid, and mitigate situations of misconduct.
  • Personnel Security and Professional Standards Division, which is responsible for: preliminary analysis of potential misconduct, supporting regional management by providing evidence or strategic advice, performing administrative investigations into allegations of employee misconduct and recording of the information into a centralized database. Security related activities including screening and integrity assessment also make up the division’s responsibilities; however, this was not included in the scope of the audit.

Labour Relations and Compensation Directorate

The Labour Relations and Compensation Directorate (LRCD), within the Human Resources Branch, is responsible for maintaining the CBSA Discipline Policy and guidelines by providing advice and guidance to corporate managers and labour relations advisors, the monitoring of application of the CBSA Discipline Policy through assessments of investigation reports and disciplinary measures, on-site assessments, and discipline file review.

8.1.2 Establishing and Communicating Standards of Conduct

In April 2012, the Treasury Board of Canada Secretariat (TBS) launched the updated Values and Ethics Code for the Public Sector (TBS Code) as well as the Policy on Conflict of Interest and Post-Employment.

Following the launch of the TBS Code, the President of the CBSA approved the revised CBSA Code of Conduct in September 2012.

The CBSA Code of Conduct is a governing document for all employee conduct in the CBSA and applies to all uniformed, non-uniformed, armed or unarmed employees. According to this Code, CBSA employees are responsible for acting at all times in such a way as to uphold the public interest and for exhibiting conduct in keeping with the TBS Code and the Policy on Conflict of Interest and Post Employment. The CBSA Code of Conduct is available to all employees through the CBSA Intranet.

The Agency continues to improve its Code of Conduct. During 2013 and 2014 there were several clarifications providing the reader with additional detail which included specific examples, tips and links to policies, directives and guidelines.

All new CBSA employees acknowledge understanding and compliance with the TBS Code and the Policy on Conflict of Interest by signing a statement contained in their letter of offer. The TBS Code requires that deputy ministers ensure that employees in their organization are aware of their obligations under this Code and their specific organizational code of conduct.

With the implementation of the Public Service Performance Management Application in 2014–2015, all employees must acknowledge that they have read the TBS Code, the Policy on Conflict of Interest and Post-Employment, their organizational code of conduct, and understand that they are required to comply with these terms and conditions of employment. Although employees electronically check a box in the system to acknowledge their understanding, this does not provide assurance that they have read these documents. Some managers we interviewed had added sections of the Code of Conduct to their employee’s performance management agreement to ensure their employees read specific requirements.

Agency regional offices have established their own communication tools on the CBSA Code of Conduct such as town hall meetings and shift briefings. SPSD has posted electronic security bulletins and internal memoranda to senior management to remind employees of their responsibilities relative to professional standards.

The responsibilities and accountabilities related to professional standards for Agency employees is clearly defined and communicated to all employees.

8.2 Training and Tools

Audit Criteria:

  • Employees have received the training and tools to discharge their responsibilities with respect to professional standards, namely through Values and Ethics, the Code of Conduct and disclosure mechanisms.

8.2.1 Training and Tools for Employees

Providing employees with training and tools reinforces the professional standard expectations of the Agency. Ongoing training, awareness and tools are intended to help prevent the occurrence of misconduct or wrongdoing.

The Agency established a number of training courses that included material related to professional standards. These courses are delivered by both the Human Resources and the Comptrollership Branches.

At the management level, the Agency developed two mandatory courses: Manager’s Essentials; and Supervisor’s Essentials. These courses are delivered in a classroom setting and include material related to professional standards. Managers and supervisors are expected to complete these courses within one year of their appointment to the position. The audit found that approximately 75% of current employees in these positions had completed this trainingFootnote 7.

There are two training courses available to CBSA employees on professional conduct or values and ethics:

  • The Values, Ethics and Disclosure of Wrongdoing (taught in a classroom since 2008 and converted to an online course in 2014); and
  • The Ethical Leadership and Professional Integrity (launched in April 2014).

Although training related to professional standards is available, it is not mandatory for employees. As a result, the completion rates for both courses are low: approximately 17% of current CBSA employees successfully completed the first course and approximately 2%Footnote 8 completed the second course, though the numbers for the second course only capture the period from April to November 2014.

To complement the above online training, the Office of Values and Ethics also delivers in-person awareness sessions that address both Values and Ethics and the Code of Conduct. Since 2012, over 1,500 individuals at both the management and employee level have received the training and both managers and employees found the in-person sessions more effective than the online training tools.

In addition to formal training available to managers and employees, there are other mechanisms in place to help build awareness around professional standards including:

  • Specific training on values and ethics and professional integrity delivered to border services officer recruits through the Officer Induction Training Program. Since 2012, there have been approximately 360 graduates.
  • Since the spring of 2014 Insider Threat Awareness sessions were delivered by SPSD to all targeted individuals within CBSA, who have direct systems access to a specific classification of information. These sessions aim to raise awareness of the indicators, traits and behaviors of an insider threat as well as a way to mitigate the occurrences.

It is incumbent on managers to lead and inform staff of their expected conduct, however not all individuals in a manager or supervisor position have completed their mandatory training. Given that professional standards training is not mandatory, the completion rates of the two online training courses which specifically teach employees about the Code of Conduct and Values, Ethics and Wrongdoing are low. The Values and Ethics awareness sessions that are delivered in-person have reached the most participants, representing around 10% of Agency staff.

Management did not have an efficient manner to confirm the successful completion of training. The Agency’s Manager Self-Service (MSS) portal helps managers carry out their management duties including employee timesheets and learning activities. Using MSS a manager can only review the training history of one employee at a time. For managers with several hundred employees, monitoring of training through MSS is inefficient.

The low completion rate of professional standards training by CBSA employees may be attributed to inefficient training tracking tools for managers and training not being mandatory. Should professional standards training remain optional, there may be a poor understanding of the Agency’s expectations related to standards of conduct.

8.2.2 Training and Tools for Managers conducting investigations and SPSD Investigators

Administrative investigations are performed by either an investigator from PSI, an analyst from SPSA or by regional management. Although the Canada School of Public Service offers courses for investigating harassment complaints, it does not offer specific training for administrative investigations of misconduct. PSI Investigators and SPSA analysts have access to internal Agency training, Canadian Police College training and other training provided externally – however this training is not specific to professional standards. New PSI investigators job-shadow an experienced investigator until management is comfortable that they can carry out their duties. Specific training related to the competency requirements of investigators as well as the performance of an investigation is not established for investigators of professional standards. Current PSI investigators typically have experience in intelligence or have had experience performing professional standards investigations.

Managers in regions involved in regional misconduct investigations do not receive any basic training and rely on guidance from experienced peers and regional labour relations advisors. From our interviews, managers expressed an interest in receiving training, or having a specialist available as a regional subject matter expert.

We expected to find the investigation process clearly defined, documented and communicated through policies, guidelines, job descriptions, tools and templates. This would provide consistency of investigations across the Agency.

The Security Volume of the Comptrollership manual included a section on investigations of alleged misconduct (Chapter 27). The content was last updated in 2007 and has been under revision since August 2014. The appendix “Manager’s Guide to Conducting Internal Investigations” describes responsibilities for managers, employees and investigators and includes an explanation of the investigation process.

During our file review of investigations, we observed that this Guide was not referenced and few managers outside of SPSD were aware of the specific section in the Comptrollership manual. Further, there were no templates or forms centrally available. Regions developed their own tools and guides often through collaboration with regional labour relations advisors.

Without training, guidance and tools available to investigators, the consistency and quality of investigations is put at risk. Improving the training and tools for the investigation process will help ensure investigation results are of sound quality and help withstand challenges through grievances and federal adjudication.

Recommendation 1:

The Vice-President of the Comptrollership Branch should establish training requirements, guidance and tools that drive consistent investigation practices and quality across the Agency. The guidance and tools should be available to all Agency employees to enhance transparency of the process.

Management Response Completion date

The Comptrollership Branch accepts the recommendation. The Branch has updated and posted on Atlas the Policy on Professional Standards Investigations (PSI), which includes guidelines and standard operating procedures for conducting investigations.

The Branch will develop appropriate tools and guidance to ensure consistent investigation practices. The Branch will also work with the Human Resources Branch to identify and publish competencies for Investigators and Analysts, and develop and deliver training products to support management in conducting regional fact findings.

September 30, 2016

Recommendation 2:

The Vice-President of the Human Resources Branch should identify clear mandatory training related to professional standards for Agency employees and establish a mechanism that allows Agency managers to efficiently monitor the completion of training by their employees.

Management Response Completion date

The Human Resources Branch accepts the recommendation. The Branch will determine what training will be made mandatory in consultation with the Comptrollership Branch. Completion rates will be monitored and reported. The completion of the training is scheduled for December 31, 2016.

December 31, 2016

8.3 Investigations of Alleged Misconduct

Audit Criteria:

  • Investigations carried out in headquarters and across regions are reviewed and approved, as appropriate.
  • Investigations meet service standards and, as required, other policies, procedures and legislation.
  • Discipline measures are administered, when required, in consultation with Labour Relations to promote and enhance professional standards across the CBSA.

CBSA employees have a duty to protect the professional integrity of the CBSA by reporting any activities that may harm the Agency’s reputation. When an incident involving an employee or an allegation of misconductFootnote 9 is brought to management’s attention, each incident must be thoroughly investigated by SPSD or by local management after discussion with SPSD.

There are three basic types of investigations:

  • Preliminary investigation: the objective of the preliminary inquiry is to determine whether there is sufficient evidence to support the allegations made and to make a preliminary determination of the scope of the alleged misconduct. This is performed by the Security and Professional Standards Analysis section (SPSA) within SPSD.
  • Administrative investigation: if a determination is made that an investigation is warranted, SPSD determines who will conduct the investigation – whether SPSD or local management. If an allegation of misconduct is substantiated, management is responsible for taking the appropriate disciplinary measures.
  • Criminal investigation: normally conducted by the appropriate police agency.

In order for an investigation into alleged misconduct to occur, the allegation must be reported to managementFootnote 10. These allegations can come forward from a number of sources including the public, management, employees, other law enforcement agencies and self-reporting. In May 2011, SPSD issued a Memorandum across the Agency that instructed all branches and regions to report all allegations of misconduct to SPSD. The objective of the centralized reporting of misconduct was to increase transparency of investigations and ensure that senior management was informed of the extent of misconduct within the Agency.

Once an allegation is referred to SPSD, it is entered into a Professional Standards Case Management System (PSCMS) and an SPSA analyst begins a preliminary inquiry. If the analyst determines that a formal investigation is warranted, a determination is made whether it should be investigated by the Professional Standards Investigation Unit (PSI), investigated by Personnel Security (PerSec), transferred back to the region for investigation, routed to another investigative function (e.g., SOID), or there may be enough information for the analyst to conclude on the allegation and summarize their report for management.

SPSD is responsible for investigating more serious allegations of misconduct including breaches of Government and CBSA policies as well as security incidents, while regional management is responsible for the conduct of “informal” investigationsFootnote 11 into alleged misconducts determined to be less serious in nature.

Administrative investigations include interviews and evidence gathering in order to document the findings in a final report which concludes whether the allegation is founded, unfounded or inconclusive. Some allegations require a parallel investigation by personnel security that will focus on the employee’s ability to retain their reliability status.

As part of the audit, a judgmental sample of 65 investigation files across four Agency regions was selected from the following investigation types:

  • 20 Security and Professional Standards Analysis Section (SPSA)
  • 23 Professional Standards Investigations
  • 11 Regional investigations
  • 11 Investigations where SPSA ultimately referred the allegation to Personnel Security (PerSec)

These investigations were examined to determine whether they were: reported by the Region to SPSD; appropriately documented and reviewed; completed in a timely manner; and resulted in discipline where appropriate.

8.3.1 Regional Reporting of Misconduct Allegations to SPSD

The 2011 SPSD Memorandum required Senior Management to submit a package describing the allegation, including all reports collected as part of the local investigation and an indication of the final determination of the investigation (founded or unfounded).

We noted that regions were not reporting all alleged misconduct to SPSD. All 11 regional investigations included in our sample were not communicated to SPSD. Senior management in each region determined which allegations would be sent to SPSD or which would remain to be investigated regionallyFootnote 12.

The audit examined 20 SPSA investigations where SPSA conducted, or supported, the regional investigation. It was observed that there were no established criteria for the SPSA analysts to determine which investigative body should conduct the investigation: PSI or the Region. SPSA staff explained that they use informal criteria that depend on the complexity of the file, the seriousness of misconduct, impact on the Agency and the value-add their investigation would provide.

We noted that the May 2011 Memorandum was not included in any policy or operating procedure which contributes to regional under-reporting of misconduct to SPSD.

The findings noted in the above section were addressed through recommendation #1.

8.3.2 Documentation and Approval of Investigations

The PSI investigation files in our sample contained sufficient documentation regarding the investigation process as well as the decisions made. The conclusions of the investigation were clearly stated in a final report. All investigation reports related to the 23 PSI files in our sample were signed by the investigator and approved by the Deputy Director of PSI. The SPSA, PerSec and regional investigations could be strengthened by consistently issuing a final report that includes formal review and approval.

This finding was addressed through recommendation #1.

8.3.3 Completion Time for Administrative Investigations

Investigations should be conducted in a timely and efficient manner to establish the facts and present the allegation to the respondent before recollections of all individuals involved in the event fade and evidence is lost or destroyed.

SPSA set a 30-day service standard for the preliminary inquiry completion, including both the investigation performed by SPSA and additional investigation time by the region. However, the 30-day service standard was not communicated during the audit period, nor was it reported on in the PSI Annual Report. In 15 out of the 20 SPSA investigations in our sample, the investigation exceeded 30 days.

The SPSD established a performance service standard of 60 days for PSI Investigations that are considered high profileFootnote 13, and 120 days for those that are not high profile. In the 23 PSI investigations reviewed, there was no documentation that identified which profile the investigation was or what service standard would be applied. Five investigations were completed in less than 60 days, but since they were not identified as ‘high-profile’, we included them in our observations against the 120-day service standard.

Of the 23 PSI investigations, 11 were completed within 120 calendar days. The remaining 12 investigations took between 139 and 501 days. Delays in completing the investigation can be attributed to a number of reasons that are outside of the investigator’s control, including complexity of the case, involvement by other law-enforcement agencies and availability of respondent, complainant or witnesses. As of April 2014 this service standard was changed to 100 calendar days. The investigation is calculated beginning on the date that a PSI investigator receives the file from SPSA.

Finally, investigations that were conducted solely by regions had no expected service standard. Six out of the 11 investigations were completed in less than 60 days and only three exceeded 120 days. As these investigations are intended to be less serious in nature, they were observed to take less time.

8.3.4 Application of Corrective Measures (Discipline)

If an administrative investigation concluded that the allegation of misconduct is founded, management is responsible for taking the appropriate actions that are often disciplinary measures but may also include other corrective actions such as training. Disciplinary measures may be in the form of oral reprimand, written reprimand, suspension, financial penalty, demotion or disciplinary termination of employment.

Investigative functions described as part of this audit do not have any involvement in the determination of discipline in the event there is founded misconduct. Regional Labour Relations, in consultation with the Labour Relations and Compensation Directorate (LRCD), is responsible for recommending the quantum, or amount, of discipline to local management who has the authority to make the final decision in line with their delegation under labour relations. Both managers and labour relations advisors must consider both the aggravating and mitigating circumstances when determining the quantum of discipline. LRCD will consider other cases of jurisprudence prior to providing a recommended amount of discipline.

Consistency in the application of discipline is required as it ensures that employees know and understand the implications of unacceptable conduct. In September 2013, the Vice-President of the Human Resources Branch issued a memorandum that mandated delegated managers to consult with LRCD in rendering decisions with respect to discipline. Channeling of the consultation on discipline to LRCD helps drive consistent application of discipline across the Agency.  

In the 65 investigations examined, we expected discipline in 49 of the cases based on the nature of the misconductFootnote 14. Of the 49 investigations where we expected discipline, we found only 4 cases where discipline was not applied. Of these four cases either the employee was still on leave, the employee resigned, management chose to impose training rather than discipline and in one case senior management decided not to take disciplinary measures.

This demonstrated that for all types of investigations where the allegations were founded, management followed through and addressed deviations from the Agency’s expected standards of conduct.

In 45 of the 49 cases LRCD was expected to be consulted, 12 of these cases occurred prior to the HRB Memorandum. Of the remaining 33 cases there were only 4 instances where this consultation did not occur prior to the discipline letter being issued to the employee. In these four cases discipline took the form of 1, 10, and 30 day suspensions and 1 case of a written reprimand.

While the consultation process is intended to increase consistency, it also increases the time to impose discipline. There are currently no service standards for how long it should take to apply discipline. The time to render discipline once the investigation was completed ranged from an average of 54 days in regional investigations to 148 days in investigations completed by PSI. Once a PSI investigation is complete, the report must be translated and reviewed for access to information and privacy prior to being issued to the respondent for a pre-disciplinary hearing. For the PSI files in our sample this took approximately 28 business daysFootnote 15 and additional time before discipline is applied. Much like investigations, there are delays in rendering discipline that are outside of LRCD’s control, namely the availability of the respondent if the individual is on long-term leave.

Overall, the audit concluded that discipline is being rendered as a result of founded allegations of misconduct and that consultation between managers, regional labour relations and corporate LRCD occurred which increases the consistency of discipline application across the Agency. The Agency would benefit from establishing service standards for applying discipline. From an employee perspective, discipline may be seen as punitive rather than corrective if not administered in a timely manner.

Recommendation 3:

The Vice-President of the Human Resources Branch should establish service standards for the time required to render discipline.

Management Response Completion Date

The Human Resources Branch (HRB) accepts the recommendation. The HRB will advise delegated managers of the expected timeframes to complete the disciplinary process.

May 30, 2015

8.4 Monitoring and Reporting

Audit Criteria:

  • Investigation activities, results, and related discipline are recorded in a system that supports monitoring, trend analysis and “close-the-loop” reporting.
  • Professional standards risks are identified, monitored, reported and mitigating action is taken to ensure the continued integrity of the employees of the CBSA.
  • Information gathered about professional standards, including investigation activities and results, is timely and accurate to support monitoring and oversight of CBSA’s professional integrity.
  • Monitoring reports are reliable, timely and presented to oversight bodies for informed decision-making.

8.4.1 Collection of Professional Standards data

The collection of investigation-related data and documentation in a centralized data collection system ensures that critical activities can be tracked throughout the investigation process which allows for the availability of up-to-date information.

Since 2011, SPSD uses the Professional Standards Case Management System (PSCMS) to capture all referrals of alleged misconduct for SPSA, PSI or PerSec investigations. PSCMS is an off-the-shelf database software tailored for information management related to professional standards in enforcement agencies. The Agency’s regional offices track their respective investigations through electronic logs that included misconduct and discipline information, which is disconnected from the PSCMS.

If the regions were able to access the PSCMS this would reduce the duplication of tracking investigations and allow the region to see the status of the investigation. The use of regional electronic logs could account for some of the under-reporting of misconduct to SPSD.

Through the review of the investigations files, the audit confirmed that discipline information is not stored in PSCMS, although the system is designed to include discipline data. Regional LR sends monthly reports of their discipline information to LRCD. As such, LRCD has a more complete picture of what misconduct is occurring across the Agency as the discipline data captures regional investigations that SPSD has not been informed of.

Our review of the data collection system confirmed that they contained complete and accurate data for most entries into the system, with the exception of the field related to the investigation’s final status. Having discipline data linked to the investigation file and captured in a centralized data collection system would further support trend analysis and monitoring of professional standards.

8.4.2 Monitoring of Risk Related to Professional Standards

The Agency included Professional Conduct as one of the risks in the 2013 Enterprise Risk Profile (ERP). Several mitigation activities were identified which included the implementation of the Professional Integrity Program (PIP) and training and awareness related to professional standards. The ERP was developed based on risks identified from Branches within the Agency. The Comptrollership Branch’s identified risk for professional standards was used in the ERP.

SPSD also manages a Departmental Security Plan (DSP). We examined both the 2012–2013 and 2014–2015 versions of the document. {*} The Agency also developed a 2014 Fraud Risk Profile. This report identified the top 10 risks, each of which are in fact breaches of the Code of Conduct, and included details about controls and mitigation strategies. These documents included what potentially caused the risk, impact, controls and mitigation strategies.

The audit confirmed that Agency risks related to professional standards were identified and corresponding mitigation strategies were developed. While regional management understands their own regional risks related to professional standards, opportunity exists for horizontal sharing of regional risk and trends. This would help regions to be proactive and prevent activities that are occurring elsewhere in the Agency.

8.4.3 Reporting on Professional Standards

Oversight bodies should be provided with complete, accurate, and timely information in order to fulfill their function. Information on professional standards does not rest with one organization within the Agency. SPSD gathers information related to investigations that must be considered hand-in-hand with key strategic information related to training and discipline held by Human Resources Branch.

The SPSD created the 2012–2013 PSI Annual Report which presented detailed information related to investigations of alleged misconduct, including the key achievements and challenges. The PIP does not identify who this report should be shared with but the distribution was limited. The 2013–2014 PSI Annual Report was communicated to senior management in March 2015, which was not timely.

Information related to professional standards is also reported on a quarterly basis in the Agency Performance Summary that is presented to the CBSA Executive Committee (EC). This includes statistics related to two indicators: service standards for existing PSI investigations along with the percentage completed within the service standard within CBSA’s controlFootnote 16.

On an annual basis, the Departmental Security Officer prepares the “Security Program Year-End Performance Report – Functional Management Model,” which includes information on the number of high- and non-high profile cases the PSI section completed. The report also includes detail on the number of training and awareness sessions delivered compared to previous years.

In September 2013, LRCD prepared a LR Management of Misconduct Report, which included the review of average number of days to impose discipline, types of discipline as a result of PSI investigation compared to regional investigation, types of discipline measures imposed as well as issues, risks and trends. This document was not shared horizontally across the Agency.

Overall, information gathered about professional standards is not always timely, but it is accurate. Opportunities exist to share information gathered about professional standards more broadly with regional management and relevant oversight bodies in a timely manner to support informed decision-making.

The findings noted in the above section were addressed through recommendation #4.

8.5 Governance

Audit Criteria:

  • An appropriate governance body for CBSA professional standards is established.

The presence of an oversight body is important to ensure that management’s direction, plans and actions are appropriate and responsible. Oversight bodies should be provided with timely, complete and accurate information in order to fulfill their function.

The Agency’s EC is the senior management decision-making forum responsible for the overall strategic management and direction of the Agency's policy, program and corporate responsibilities. As defined in the Terms of Reference, one of the EC’s responsibilities is to act as the senior management decision-making forum on all planning cycle, resource allocation, policy and management issues affecting the CBSA.  As noted in the previous section, the EC received some information related to professional standards.

Issues related to professional standards are also presented at the Security Management Committee. The Committee held regular meetings and discussed timeliness of investigations and development of policy and guidance related to professional standards. Although the Committee’s Terms of Reference identify roles and responsibilities, they do not address strategic oversight of professional standards.

The Agency also has a Wrongdoing and Unethical Conduct Monitoring Committee that is responsible for the overall identification, oversight and reporting of potential fraud or unethical conduct such as corruption or conspiracy. The responsibilities of this Committee include establishing effective processes to report on findings of emerging patterns or trends in cases of fraud and unethical conduct to the Vice-Presidents of Human Resources and the Comptrollership branches. Although this Committee is supposed to sit four times a year, it met three times in 2014–2015.

In April 2013, the SPSD implemented the CBSA Professional Integrity Program Management Framework (PIP Framework). The PIP Framework defined a governance structure however only the roles and responsibilities of the SPSD were articulated. Although it broadly identified other internal partners and stakeholders across the Agency, the Framework did not describe their involvement in the Agency’s PIP.

Various governance committees exist at the CBSA and received some information related to professional standards. Considering the Agency’s decentralized structure and the horizontal nature of professional standards, the Agency would benefit from additional oversight against the performance of the PIP Framework. With a well-defined governance structure, the Agency would be better able to achieve its objectives through sound decision-making based on clear strategic direction.

Recommendation 4:

The Vice-President of the Comptrollership Branch, in consultation with the Vice-President of the Human Resources Branch, should amend the roles and responsibilities of the Professional Integrity Program Framework to ensure that the governance structure for professional standards is well-defined and provides strategic oversight.

Management Response Completion Date

The Comptrollership Branch accepts the recommendation and will lead the development of a proposal for approval by the Executive Committee (or appropriate Sub-Committee) for a distinct, comprehensive Professional Standards Management Framework in which: the governance structure for professional standards is well-defined; and strategic oversight is provided.

December 31, 2015

Appendix A – About the Audit

Audit Objectives and Scope

The audit objective was to examine whether:

  • Management control framework around professional standards is well designed, which includes the investigation practices;
  • Professional standards have been clearly defined, well-communicated, and effectively implemented across the Agency; and
  • Professional standards are monitored.

The scope of this audit covered professional standards across the CBSA during the period of the last two fiscal years, 2012–2013 and 2013–2014. Overall, this audit examined the management control framework around risk management, monitoring and oversight of professional standards. Specifically, the audit examined the following functions, part of the professional standards landscape:

  • Professional standards investigations;
  • Investigations of alleged misconduct conducted regionally; and
  • Application of discipline as a result of a founded allegation.

The audit did not include in its scope the following investigations of: Wrongdoing; Harassment or violence in the workplace; Security incidents; and Conflict of Interest. It also did not examine whether discipline was applied consistently.

The audit commenced in May 2014. Agency offices were visited in the Greater Toronto Area Region during the planning phase of the audit. During the examination phase three regions were visited: Atlantic, Pacific and Quebec. Fieldwork occurred in regional facilities where documentation related to the audit was stored. The examination phase work was performed during October to December 2014.

An audit of professional standards was approved by the Agency’s Audit Committee as part of the 2014–2015 to 2016–2017 Risk-Based Audit Plan.

Risk Assessment

Our risk assessment conducted during the planning phase identified the following key risk areas:

  • Oversight bodies may not have sufficient, complete, accurate, and timely information to regularly exercise oversight, and provide strategic direction.
  • An integrated risk management practice may not be in place to ensure that key risks to the success of CBSA’s culture of professional standards are appropriately identified, assessed, and managed.
  • Authority, responsibility, and accountability may not be clearly defined to support and promote a working culture of values and ethics and to provide greater clarity regarding our responsibilities and expected standards of conduct as public servants and CBSA employees.
  • Systems, processes, and practices may not be effective to enable the Agency to manage, monitor and, be accountable for professional standards, as responsibilities may be dispersed across branches.

Approach and Methodology

The examination phase of this audit was performed using the following approach:

  • Reviewed the CBSA Code of Conduct and other standards, guidelines, and directives related to professional standards and integrity.
  • Interviewed various stakeholders within the Programs, Operations, Human Resources and Comptrollership Branches on their roles and responsibilities, oversight function, monitoring and discipline function in relation to professional standards. Interviews were conducted across three or four of the highest-risk regions across Canada.
  • Collected, reviewed and analyzed documents related to investigations. Assessed the process and controls in place to produce and communicate accurate, complete, consistent and timely investigation reports.

Audit Criteria

Given the preliminary findings from the planning phase, the following criteria were chosen:

Lines of Enquiry Audit Criteria
1. Governance and Accountability 1.1 Appropriate governance structure for CBSA professional standards is established. Authority, responsibility, and accountability are clearly defined and well communicated to promote and enhance professional integrity among all CBSA employees.
2. Risk Management

2.1 Professional standards risks are identified, monitored, reported and mitigating action is taken to ensure the continued integrity of the employees of the CBSA.

3. People (Training and Tools)

3.1 Employees have received the training and tools to discharge their responsibilities with respect to professional standards, namely through Values and Ethics, the Code of Conduct and disclosure mechanisms.

4. Stewardship (Investigations and Discipline)

4.1 Investigations carried out in Headquarters and across regions are reviewed and approved, as appropriate.

4.2 Investigations meet service standards and, as required, other policies, procedures and legislation.

4.3 Discipline measures are administered, when required, in consultation with Labour Relations to promote and enhance professional standards across the CBSA.

4.4 Investigation activities, results, and related discipline are recorded in a system that supports monitoring, trend analysis and “close-the-loop” reporting.

5. Monitoring and Reporting

5.1 Information gathered about professional standards, including investigation activities and results, is timely and accurate to support monitoring and oversight of CBSA’s professional integrity.

5.2 Monitoring reports are reliable, timely and presented to oversight bodies for informed decision-making.

Appendix B – List of Acronyms

CBSA
Canada Border Services Agency
EC
Executive Committee
ERP
Enterprise Risk Profile
LR
Labour Relations
LRCD
Labour Relations and Compensation Directorate
PerSec
Personnel Security
PIP
Professional Integrity Program Framework
PSCMS
Professional Standards Case Management System
PSI
Professional Standards Investigations
SOID
Senior Officer of Internal Disclosure
SPSA
Security and Professional Standards Analysis Section
SPSD
Security and Professional Standards Directorate
TBS
Treasury Board Secretariat

Appendix C – About the Sample

As part of the audit, a judgmental sample of 65 investigation files across four Agency regions was selected from the following investigation types:

  • 20 Security and Professional Standards Analysis Section (SPSA)
  • 23 Professional Standards Investigations
  • 11 Regional investigations
  • 11 Investigations where SPSA ultimately referred the allegation to Personnel Security (PerSec)
Investigation Type Pacific Quebec Atlantic Headquarters Total
PSI 7 4 6 6 23
SPSA 5 8 4 3 20
Regional 5 2 4 0 11
Referred to PerSec 7 4 0 0 11
Total 24 18 14 9 65

Annex D – Definitions

Wrongdoing

The Public Servants Disclosure Protection Act defines wrongdoing as:

  1. the contravention of an Act of Parliament or of the legislature of a province, or of any regulations made under any such Act;
  2. the misuse of public funds or assets;
  3. gross mismanagement in the federal public sector;
  4. an act or omission that creates a substantial and specific danger to the life, health and safety of Canadians or the environment;
  5. a serious breach of a Code of Conduct; and,
  6. knowingly directing or counselling a person to commit a wrongdoing.

Misconduct

Security and Professional Standards Directorate defined misconduct as any action or inaction by an employee that is contrary to established policy, standards, procedures or practices of the CBSA; violations of legislation for which criminal sanctions are applicable; or violations of other laws, rules and regulations administered by the CBSA or any other act which would bring the CBSA into disrepute or effect the Agency's working relationship with other law enforcement partners.

Labour Relations and Compensation Directorate defined it as a wilful action or inaction on the part of an employee that includes a breach of the Criminal Code, the CBSA Code of Conduct and/or the Values and Ethics Code for the Public Service. It could also be related to attendance and inappropriate personal behaviour at work or away from work.


Notes

Footnotes

Footnote 1

The audit did not examine investigations conducted by the Senior Officer for Internal Disclosure as these were outside of the scope.

Return to footnote 1 referrer

Footnote 2

For the purpose of this audit, professional standards refer to the conduct of employees, which includes abiding by the Values and Ethics, Code for the Public Sector, and the CBSA Code of Conduct.

Return to footnote 2 referrer

Footnote 3

For the purpose of this audit, professional standards refer to the conduct of employees, which includes abiding by the Values and Ethics Code for the Public Sector, and the CBSA Code of Conduct.

Return to footnote 3 referrer

Footnote 4

Investigations of wrongdoing conducted by SOID were not included in the audit scope.

Return to footnote 4 referrer

Footnote 5

The definition of wrongdoing can be found in Annex D.

Return to footnote 5 referrer

Footnote 6

The definition of misconduct can be found in Annex D.

Return to footnote 6 referrer

Footnote 7

1,127 out of 1,500

Return to footnote 7 referrer

Footnote 8

2,382 out of 14,252 for the first course and 318 out of 14,252 for the second course. These numbers were provided by the Human Resources Branch and were not audited.

Return to footnote 8 referrer

Footnote 9

Although wrongdoing includes misconduct, the SPSD was mandated with investigating, mitigating associated risks and recommending corrective actions relating to misconduct. The definitions of misconduct and wrongdoing can be found in Annex D.

Return to footnote 9 referrer

Footnote 10

Employees can also report allegations directly to SOID, or the Office of the Public Sector Integrity Commissioner.

Return to footnote 10 referrer

Footnote 11

The audit team encountered the terminology “fact finding” for investigations conducted by management. For consistency, these activities were considered an administrative investigation.

Return to footnote 11 referrer

Footnote 12

Senior management was at the director level or higher and included briefing the Regional Director General or Branch Director General as part of the process.

Return to footnote 12 referrer

Footnote 13

Although not formalized, criteria for high profile cases were defined in the SPSD PSI Annual Report 2013–2014 as follows: allegations of theft, assault, criminal acts, fraud, facilitation, excessive use of force and duty firearm incidents, client complaints that could attract interest by the media, aggressive behaviour, etc.

Return to footnote 13 referrer

Footnote 14

The 11 PerSec investigations do not result in discipline; they are referred to Personnel Security for their own review. In five other cases the conclusion of the investigation was determined to be either not founded or inconclusive.

Return to footnote 14 referrer

Footnote 15

This number is based on information provided by LRCD and was not audited.

Return to footnote 15 referrer

Footnote 16

Other law enforcement agency investigative work is an example of delays outside of the Agency’s control.

Return to footnote 16 referrer

Date modified: