This Web page has been archived on the Web.

2007 October Report of the Auditor General of Canada

Chapter 5—Keeping the Border Open and Secure—Canada Border Services Agency

Main Points

Introduction

Risk-based approach to border management
Focus of the audit

Observations and Recommendations

The challenge of a new and broader mandate

The Agency is in the early stages of applying an integrated risk management framework

Facilitating low-risk travellers and goods

The Agency bases risk assessment on applicants' history
Most membership criteria were followed
Some programs are based on voluntary compliance
Pre-approval programs yield varying benefits
The Agency has not demonstrated that it refocuses its resources to higher-risk areas

Targeting high-risk people and goods

The Agency now collects more information on people and goods before their arrival
Advance targeting assesses more air travellers
Not all air and marine cargo shipments are assessed before they arrive
Automated advance targeting is not yet working as intended for cargo shipments
The Agency has no risk management framework for pre-arrival targeting

Control at ports of entry

Emergency response plans for the border are to be updated
The Agency has not developed an overall risk management framework for border operations
The Agency has added specialized inspection equipment
The level of examination varies across ports of entry
The Agency is developing a new policy on lookouts
Processes for seized goods and currency need improvement
Training of new recruits shows promise

Performance measurement

The Agency needs to improve its performance measurement and reporting

Conclusion

About the Audit

Appendix—List of recommendations

Exhibits:

5.1—Most travellers and commercial shipments enter Canada by land from the United States

5.2—Pre-approval programs to facilitate border clearance of low-risk shipments and travellers

5.3—A common risk management process

5.4—The Agency collects information on shipments and travellers

5.5—The amount of advance information gathered on air travellers is increasing

5.6—The number of rejected manifests is decreasing

5.7—Examples of the Agency's detection technology equipment

Main Points

What we examined

The Canada Border Services Agency (the Agency) manages access to Canada at 1,269 ports of entry by sea, air, and land. It was created in December 2003 to integrate the front-line border management and enforcement activities of three other agencies. Along with responsibility for customs, processing of new immigrants and foreign visitors to Canada, and inspection of food, plants, and animals at ports of entry to Canada, the Agency was given an enhanced mandate for national security at border points.

We examined whether the Agency's approach to border management is based on threat and risk assessments and achieves the desired levels of border openness and security. More specifically, we looked at how it identifies and intercepts people and goods that represent a high risk to Canada and at the same time facilitates the free flow of low-risk people and goods into Canada. We did not audit the work of the Agency's Migration Integrity Officers located in foreign missions, its War Crimes Program, or its programs aimed at detaining or removing people who are not admissible to Canada. Nor did we look at the management of duties, fees, and taxes collected on imports or export control permits.

Why it's important

The Agency's border services officers allow 96 million people to enter Canada every year—tourists, immigrants and refugees, business people, and returning Canadians. They also approve the entry of $404.5 billion in imported goods annually. Given the volume of trade and travel across its borders and the threats of terrorism and spread of disease, Canada must have a credible system to manage its borders and protect the safety and security of its people. Failure to do so could also have a severe economic impact if it prompted Canada's trading partners to close their borders or refuse shipments of Canadian goods.

What we found

  • The threat and risk assessments that the Agency has put in place are not satisfactorily supporting its efforts to achieve a border management approach that is based on risk. It is still developing a risk management framework to guide its activities and does not have a suitable model for assigning the necessary resources to manage risk levels among ports of entry and modes of travel. While the selection of individual travellers or shipments for examination is based on risk indicators, the overall rate of examination at the border is based on historical levels of resources and capacity. In addition, the Agency's lookout system, which was designed to identify and intercept high-risk individuals and shipments, is not working as intended: we found some cases where lookout subjects were missed at the border, and not examined as required. The Agency does not have consistent monitoring in place to know the extent to which this is happening and take remedial action.
  • In recent years, the Agency has received considerably more advance information on goods and people arriving by air and marine travel. The Agency needs to do more to determine the extent to which this has resulted in better targeting and interception of high-risk goods and people for examination. It has invested $150 million in automated systems for identifying high-risk people and goods. These systems are still in the early stages of development and implementation, and the Agency needs to do more to monitor their effectiveness in order to improve their capabilities. Border services officers continue to rely more on their own analysis and judgment to select shipments for examination, and some of the advance information the automated tools rely on is inaccurate and incomplete.
  • The Agency does not record the results of all secondary examinations, information it could use to determine whether its targeting activities are identifying the right people for further examination. Nor does it have an effective system to randomly select goods and people for further examination and use the results to validate or improve its targeting and examination strategies. Without this information, the Agency cannot determine whether it is appropriately matching levels of examination activity to levels of risk.
  • Since its creation in 2003, the Agency has faced considerable challenges in integrating the operations of the former three agencies. It has recently established a new classification standard and integrated training for its border services officers. While the Agency has many new initiatives under way to manage an open and secure border, it has yet to put them together into a coherent risk management framework. The organization may be relatively new, but many of the issues identified in our audit have persisted since the 1980s under various organizational structures, as we have reported in the past.

Canada Border Services Agency has responded. The Agency agrees with each of our recommendations and is proposing actions to address the concerns.

Introduction

5.1 In December 2003, the federal government created the Canada Border Services Agency (the Agency) to integrate the front-line border management and enforcement activities formerly performed by three organizations:

  • Customs Services, previously part of the then Canada Customs and Revenue Agency (CCRA);
  • Immigration services at ports of entry and most of the Intelligence and Enforcement programs of Citizenship and Immigration Canada (CIC); and
  • the Import Inspection at Ports of Entry program of the Canadian Food Inspection Agency (CFIA).

5.2 Section 5(1) of the Canada Border Services Agency Act sets out the Agency's mandate: to provide "integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants." The Agency mainly enforces the provisions of the Customs Act and the Immigration and Refugee Protection Act. It is also responsible for administering portions of a further 90 acts on behalf of other government departments. The Agency reports to the Minister of Public Safety.

5.3 Canada has one of the longest land borders in the world. The Canada–US border spans more than 6,000 kilometres from the Atlantic to the Pacific Ocean, and 2,500 kilometres from the Pacific to the Arctic Ocean. All individuals and goods entering Canada are required to report to the Agency through a designated port of entry. The Agency provides services at 1,269 locations across Canada, along the geographic border and further inland. Thirteen international airports handle 97 percent of air traffic; 95 percent of commercial shipments arriving by sea pass through the ports at Vancouver, Montréal, and Halifax. The Agency has a full-time physical presence at approximately 148 border points and a limited physical presence at the remaining ports of entry.

5.4 The Agency had an annual budget of $1.5 billion and a staff of 12,800 people in the 2006–07 fiscal year. Its headquarters is divided into seven branches. The largest is the Operations Branch, with a presence in eight regions and employing 5,400 border services officers (BSOs) at its ports of entry. In the 2005–06 fiscal year, the Agency processed almost 96 million travellers entering Canada. About half were returning Canadian residents. It processed shipments valued at $404.5 billion, entering Canada through the various highway, marine, rail, and airport entry points. Most travellers and commercial shipments enter Canada by land from the United States (Exhibit 5.1).

Exhibit 5.1—Most travellers and commercial shipments enter Canada by land from the United States

Exhibit 5.1-Most travellers and commercial shipments enter Canada by land from the United States

5.5 The Agency faces significant challenges:

  • to operate in a 24/7 environment of heightened security concerns, with constantly changing and evolving risks;
  • to process increasing volumes of commercial shipments;
  • to develop a corporate management infrastructure and integrate the differing cultures and procedures of its three legacy organizations;
  • to exchange information with Canada's international partners on trade and security matters;
  • to improve its information management systems to keep pace with these challenges and the Agency's new mandate; and
  • to do all of the above, while ensuring that existing border operations are maintained.

5.6 Upon establishing the Agency's initial budget allocation, the Treasury Board directed the Agency to conduct a comprehensive review of its ongoing funding requirements, and to focus on efficiency gains and opportunities for reallocation. The results of the review were to serve as the basis for determining the Agency's ongoing funding beyond the 2009–10 fiscal year. The Agency recently completed its review, which identified a significant shortfall. It plans to seek additional funding in fall 2007.

5.7 Beyond this review, in its 2006 budget the government announced an additional $404 million over two years to secure a safe and open border, including $101 million to arm border services officers and increase staffing at posts previously handled by an officer working alone. The Agency plans to use the increased funding to implement a border strategy that promotes the movement of low-risk trade and travellers, while protecting Canada from security threats. The additional amount may help in the medium term but the strategy is still in the early stages of development.

Risk-based approach to border management

5.8 The federal government has been refining its risk-based approach to border management for more than a decade. This involves targeting passengers and goods before they arrive at a Canadian port of entry. The Agency has developed a three-pronged strategy for this:

  • Pre-approval programs. The Agency seeks to identify low-risk travellers and goods, and facilitate their entry into Canada.
  • Advance information. The Agency seeks to identify and intercept high-risk people and goods before they reach Canada.
  • Intelligence, risk analysis, and management. The Agency turns the information it collects into intelligence by using automated risk analysis, analytical tools, and risk management. This allows it to work toward its objective of balancing security concerns with the need to facilitate the flow of people and goods.

5.9 The Agency's pre-approval programs facilitate the entry of low-risk travellers and goods. The programs were developed under previous customs and immigration agencies. Individuals and companies applying for these voluntary programs undergo a risk assessment to ensure that they have a history of compliance with customs and immigration laws or to determine the extent of any criminality. Applicants for most programs pay a fee for processing and membership. In April 2007, 170,000 people were enrolled in CANPASS and NEXUS, two programs for trusted travellers (see Exhibit 5.2 for brief descriptions). For commercial shipments, Customs Self Assessment (CSA) importers account for 26 percent of all commercial passages at key southern Ontario ports of entry and about 12 percent nationally, according to Agency estimates.

Exhibit 5.2—Pre-approval programs to facilitate border clearance of low-risk shipments and travellers

Commercial programs

Objective

Fee and duration of membership

Similar US program

No. of active members

Memberships withdrawn

Applications denied/cancelled

Customs Self Assessment (Importers)

Streamlined processing and clearance

No fee

No

47

39

2

Customs Self Assessment (Carriers)

Streamlined processing and clearance

No fee

No

766

299

507

Customs Self Assessment (Commercial Driver Registration)

Streamlined processing and clearance

No fee / 4 years

No

24,357

1,036

9,403

Partners in Protection (PIP)

Industry partners to enhance border security and customs compliance. Pre-requisite for FAST

No fee

No pre-determined duration of membership

Customs-Trade Partnership Against Terrorism (C-TPAT)

Minimum security requirements mandatory from May 2005

2,092

Based on voluntary compliance

  • no mandatory minimum security requirements
  • no memberships revoked

Based on voluntary compliance

  • no mandatory minimum security requirements
  • no memberships revoked

FAST (Importers)

Expedites border clearance and reduces delays for pre-approved, low-risk importers. Must be member of CSA + PIP

FAST = CSA + PIP

No fee

FAST
(joint Canada–US program)

38

Not available

Not available

FAST (Carriers)

Expedites border clearance and reduces delays for pre-approved, low-risk carriers. Must be member of CSA + PIP

FAST = CSA + PIP

No fee

FAST
(joint Canada–US program)

660

Not available

Not available

FAST (Drivers)

Expedites border clearance and reduces delays for pre-approved, low-risk truck drivers. Must be member of CSA + PIP

FAST = CSA + PIP

$80 / 5 years

FAST
(joint Canada–US program)

78,543

1,689

10,968

Programs for travellers

Objective

Fee and duration of membership

Similar US program

No. of active members

Share of cross-border activity (%)

CANPASS AIR

Streamlined clearance process for air passengers—Available in Edmonton, Winnipeg, Calgary, Halifax, Montréal, Toronto, and Vancouver

$50 / 1 year

NEXUS (joint Canada–US program)

18,471

0.61% of total air passages

CANPASS Corporate Aircraft

Facilitates entry into Canada for corporate aircraft (up to 15 passengers, including crew)

$40 / 5 years

No

283 companies

3,148 members

3.57% of total general aviation passengers

CANPASS Private Aircraft

Facilitates entry into Canada for private aircraft owners and their passengers

$40 / 5 years

No

9,213

2.37% of total general aviation passengers

CANPASS Private Boat

Facilitates entry into Canada for boaters

$40 / 5 years

Canadian Border Boat Landing
(1–68) Program

8,235

3.11% of total private boat passengers

CANPASS Remote Area

Facilitates entry into Canada at selected remote border crossings

$30 / 1 year

No

20,117

Unknown

NEXUS

Expedites the clearance process

NEXUS Highway: June 2002 (pilot Nov. 2000)

NEXUS Air: Feb. 2007 (now Vancouver, Toronto, and Montréal)

NEXUS Marine: May 2007 (pilot May 2006)

$80 / 5 years

NEXUS is a joint Canada–US program

113,451

1.8% of total highway passages, 0.18% of total air passages

5.10 The advance information that the Agency collects varies depending on the mode of travel and the applicable international agreements. Information is received electronically for about 80 percent of shipments across all modes from importers and consignees. Advance information on air travellers has been required by law since 2001; normally the Agency receives this once the aircraft has left the ground. Air and marine commercial carriers must provide the Agency with information on cargo shipments before their arrival for automated risk assessment. While highway and rail carriers are not required to present advance information, 12 percent of highway and 99 percent of rail manifests are received electronically and may be used by the Agency to target shipments for further examination. The Agency has invested heavily in information technology, including automated systems to capture and analyze advance information. It told us that it was one of three border agencies in the world using automated risk scoring tools. Border services officers screen the information presented on these systems and may select people and goods for further examination at the border.

5.11 There is always an element of risk when allowing people and goods to enter Canada. In managing the border, a fully developed risk management process can provide assurance that the Agency properly controls areas presenting the greatest exposure to risk. A risk management process can also support decisions on how to allocate limited resources for mitigating risks. The Agency seeks to manage risks through a number of means, including the collection and analysis of intelligence information, the use of detection tools, the analysis of indicators and judgment of front-line officers, and random checks. Through random referrals for examination and analysis of the results, the Agency can update the overall effectiveness of its risk identification, intelligence, and targeting activities, as well as the balance between the different activities.

Focus of the audit

5.12 We examined whether the Agency's approach to border management is based on a threat and risk assessment, and whether it achieves the desired balance between an open border and a secure border for the entry of people and goods into Canada.

5.13 More details on the audit objective, scope, approach, and criteria are in About the Audit at the end of this chapter.

Observations and Recommendations

The challenge of a new and broader mandate

5.14 The Canada Border Services Agency was created on 12 December 2003. The transfer of responsibilities and resources from its legacy organizations took place over a two-year period:

  • The Canadian Food Inspection Agency transferred front-line border enforcement activities to the Agency on 12 December 2003.
  • The Canada Customs and Revenue Agency transferred the Customs Branch, and its associated compliance and appeals functions, on 12 December 2003, and Corporate Support on 1 April 2004.
  • Citizenship and Immigration Canada transferred Enforcement, Intelligence, and Detentions and Removals on 12 December 2003, Port of Entry and Border Management on 8 October 2004, and Corporate Support on 1 April 2005.

5.15 It was a major challenge for the new Agency to create the necessary management infrastructure while continuing to provide essential border services. Agency officials told us that the Agency did not receive the necessary resources and expertise in a number of areas, including corporate services. Recently the Agency completed a review of its needs compared with the funding it receives from Parliament. It plans to use the review to seek additional funding.

The Agency is in the early stages of applying an integrated risk management framework

5.16 The Agency's two objectives are to provide border services that support national security and public safety priorities, and at the same time to facilitate the cross-border movement of legitimate trade and travellers. To achieve these two objectives we expected the Agency to have an Integrated Risk Management Framework, as specified by the Treasury Board of Canada Secretariat (TBS) in April 2001 (Exhibit 5.3). The TBS Integrated Risk Management Framework offers a systematic approach for identifying and managing risk issues, a model federal government organizations are expected to follow. Use of a risk management framework would enable the Agency to set priorities for its investments and resources.

Exhibit 5.3—A common risk management process

Exhibit 5.3-A common risk management process

5.17 We found that the Agency has recently begun to make progress in applying the TBS Integrated Risk Management Framework. We observed that risk management is not formally incorporated into the Agency's strategic planning and priority setting. During the audit, the Agency moved from step two to step four in its application of the framework. It identified and ranked the risks to its mandate and has developed a number of operational activities to mitigate some of the risks. However, we found no overall coordination for risk management or for mitigating strategies. For example, the Agency has invested $525 million in technology over three years, including the 2006–07 fiscal year. While investments have been guided by business plans and government priorities, these IT projects have not been guided by a strategic plan for information technology or information management, and they were not based on adequate threat and risk assessments. The Agency has recently initiated work on developing an IT strategy. This strategy needs to be aligned with the Agency's strategic plan and its business objectives. In addition, IT risks need to be identified and their management included in the integrated risk management framework.

5.18 Border services are not yet fully integrated. In its 2004–05 Departmental Performance Report, the Agency stated that the completion of the transition and integration of the mandates of the three legacy entities was a top priority. Normally, an organizational transformation of this type would take up to five years. The Agency agrees that the transition is not yet complete. However, a senior management transition team was dismantled six months after the Agency's creation and transition activities were transferred to the Agency's vice-presidents. We found the Agency has implemented a number of new initiatives. A significant accomplishment was establishing a new classification standard for border services officers. It has also updated its training for new recruits. However, we did not find an overall management framework to oversee the transition process nor current plans for the integration of border services. We also found no overall progress reports assessing the extent to which the Agency had succeeded. In addition, we found that the identity and culture of the three legacy organizations remain strong and visible. The Agency's ability to retain core competencies in immigration and food inspection is under stress. We noted that the Agency had identified in its 2007–08 Report on Plans and Priorities the need for an immigration and food inspection recruitment, retention, and succession plan as an activity in support of its priority for effective delivery of programs and services.

5.19 Strategic planning is incomplete. The Agency's 2006–07 strategic plan states its vision, mandate, mission, values, and three-year strategic priorities. The Agency's most recent strategic plan for 2007–08 does not identify key risks to border integrity; however, it was developed at the same time as the Agency's Enterprise Risk Profile. Still, the strategic plan does not specify the resources required, timelines for implementation, or measurable performance indicators. A number of key corporate documents that are essential for implementation of the strategic plan were missing or incomplete.

5.20 Recommendation. The Canada Border Services Agency should complete its development of an Integrated Risk Management Framework to guide the delivery of border services in support of its mandate for public safety and trade facilitation.

The Canada Border Services Agency's response. The Agency agrees. The Agency analyzes and mitigates risk regularly and uses a variety of strategies, processes, and tools to do so. Border services officers are trained to identify, mitigate, and address all the various risks they would potentially encounter in their work. As well, the Agency manages risks through initiatives such as its risk assessment programs and risk scoring systems for cargo and travellers, detection tools for contraband and radiation detection technology, and the interceptions of irregular migrants before they depart for Canada. The Agency undertakes regular analysis of threats and risks, including the type of contraband, port, mode, type of threat, and country of origin.

The Agency is working to better integrate these existing strategies, processes, and tools into a comprehensive framework, consistent with the Treasury Board Policy on an Integrated Risk Management Framework (IRMF). The Agency is developing an IRMF that builds on its Enterprise Risk Profile. The IRMF will inform decision making and priority setting and provide for continuous improvement.

Notwithstanding all that the Agency is currently doing, it faces considerable resource constraints. This work on the IRMF could be accelerated if the Agency receives incremental resources to address the gap identified in its A-base review of its ongoing funding requirements.

Facilitating low-risk travellers and goods

5.21 The Agency has developed pre-approval programs in which individuals or companies can enrol to speed up their cross-border travel (Exhibit 5.2). These voluntary "trusted traveller and trade" programs facilitate the entry of low-risk people and goods into Canada, allowing the Agency to focus its resources on higher-risk areas.

The Agency bases risk assessment on applicants' history

5.22 Members of pre-approval programs generally face less intensive examination at the border; individuals entering the country may be able to report to the Agency by telephone rather than in person, and some are not required to report to the Agency. However, they may still be subject to examination on entry. We expected the Agency to pre-approve only people and companies presenting a low risk of security threat or non-compliance with Canadian laws and regulations. We found that the Agency assesses pre-approval applicants strictly against their criminal and compliance history. For similar US programs, US Customs and Border Protection may also consider intelligence information to determine the eligibility of applicants for its pre-approval programs.

5.23 We found that individuals applying for pre-approval programs undergo assessment for past criminal activities both in Canada and the US, as well as Canadian immigration violations and customs seizures. The Agency does not use intelligence files or investigations under way to determine an applicant's eligibility for pre-approval programs. The Agency does not currently have the authority to prevent someone from enrolling in a program on the basis of intelligence information or an investigation. Upon acceptance into a pre-approval program, the Agency may put additional monitoring in place when intelligence information indicates it is necessary. A recent Agency evaluation recommended that it consider intelligence information when assessing NEXUS applicants and expand risk assessment checks to include other databases and databanks. It found that the current limited assessment leaves pre-approval programs potentially vulnerable to infiltration by people involved in criminal activity. We agree.

5.24 To facilitate the commercial movement of goods, the Agency may grant pre-approval to carriers and importers under two programs: Customs Self Assessment (CSA) and Free and Secure Trade (FAST). For both programs the Agency conducts a risk assessment of the applying legal entity only, not the owners or employees. It has 766 active CSA member carriers; membership was denied or cancelled for 507 applicants as they were not bonded, did not provide complete information, or did not meet other eligibility requirements. Following this initial eligibility stage, only one applicant failed the subsequent risk assessment. Similarly, only one importer has failed the risk assessment portion of the CSA application process; which has 47 importers as members.

5.25 The Agency does not conduct risk assessments of individuals associated with applicant companies unless they are sole proprietors and it does not impose minimum security requirements for supply chain partners. As a result, the Agency cannot easily perform a thorough risk assessment of importers and carriers applying for CSA/FAST. For example, the initial risk assessment could note that an applying company has been linked to organized crime. The Agency does not necessarily regard this information as indication that the company represents a significant risk, as it may relate solely to individuals. Another company may have a record of not stopping and reporting when crossing the border. However, the infraction is ordinarily attributed to the driver who failed to report, not the company employing that individual. The Agency would not refuse an application from the company unless it could be linked to the infraction.

5.26 In its assessment of applications the Agency considers past criminal activities both in Canada and the US, as well as Canadian immigration violations and customs seizures. It requires applicants to provide true and complete information. But our review of files found that applicants sometimes did not disclose prior violations of customs or immigration legislation, or prior convictions for an offence. Agency officials told us that it does not refuse applicants simply for not disclosing certain information in their applications. According to these officials, failure to answer a question correctly is not the same as failure to provide true and complete information.

5.27 In our audit, we found that approximately 589 CANPASS Air members had applied for NEXUS membership but had been refused by US authorities. By agreement with US Customs and Border Protection, membership acceptance or refusal is the only information exchanged by authorities in the two countries. Consequently, the Agency does not know why the applicants were refused. Reasons for the different decisions between the two countries could be due to differences in legislation or the consideration of intelligence information. For example, following the laws of Canada, the Agency accepts individuals who have been granted pardons for past criminal convictions, while the US does not have such a provision.

Most membership criteria were followed

5.28 During our audit, we reviewed pre-approval program files to ensure that established criteria had been followed. We found that all established criteria were followed, with one exception: members are to be risk-assessed yearly. For the NEXUS program, we examined 12 files and found that seven members had not been risk-assessed on a yearly basis. Risk assessment periods varied from 20 to 27 months. However, NEXUS members are subject to scrutiny at each crossing. The Agency recognized it had a backlog of files to be risk-assessed in January 2006, and told us that the problem would be resolved by June 2007.

5.29 A CANPASS Remote Area permit should be valid for only one year from the date of issue. However, we found that validity periods were for up to two years. Moreover, we found many cases in which individuals were given multiple permits when they should have received only one. In one instance, an applicant applied twice and was issued only one permit but with a two-year validity because he had paid twice. CANPASS Remote Area has numerous members who do not have to report to the Agency when entering Canada. We expected the Agency to have systems in place for ensuring that members continue to comply with the program's regulations. While the Agency has, on occasion, recorded enforcement actions for CANPASS Remote Area members, it cannot say whether members have been complying with regulations.

Some programs are based on voluntary compliance

5.30 Before CANPASS Private Boat members arrive in Canada, they need to telephone the Agency and report their estimated time of arrival (ETA). This requirement also applies to CANPASS Private and Corporate Aircraft members, as well as general aviation (non-CANPASS members). However, it does not apply to non-members of the Private Boat program, who need to telephone the Agency and report only after they have arrived at an authorized location. In other words, under the CANPASS Private Boat program, the Agency receives advance arrival information from low-risk individuals but not from individuals of unknown risk. If an Agency officer is not waiting to meet arriving program members at their reported ETA or actual time of arrival (whichever is later), they are permitted to proceed to their final Canadian destination. Non-program members need to telephone the Agency upon arrival and await instructions. More than 93 percent of boaters who reported to the Agency by telephone did not see an Agency officer in person. In addition, 598 out of the total 650 docking sites have no permanent staff—they may be serviced by larger ports of entry.

5.31 For the CANPASS Private and Corporate Aircraft Programs, 87 percent of passengers who reported to the Agency by telephone did not see an Agency officer. The Agency has no permanent staff at 183 out of a total of 223 airports. We also found that the Agency does not compare its records with Nav Canada flight data. It has been discussing this with Nav Canada since February 2006, but the issue has not yet been resolved. The result is that the Agency has no way of knowing whether all people arriving by general aviation aircraft have reported as required. Even though the Agency largely relies on the voluntary compliance of the individuals required to report under its pre-approval programs, the Agency also conducts selective or targeted examinations.

Pre-approval programs yield varying benefits

5.32 The advertised benefit of pre-approval programs is that they expedite cross-border travel. We found that the benefit varies from one program to another. For instance, members of NEXUS Air and CANPASS Air can use iris scans to expedite border crossing. The technology is not yet available at all major airports, but a plan to expand the program had been developed and was to be implemented by fall 2007. Members of other CANPASS programs benefit from being inspected less often. Finally, while NEXUS Highway expedites border crossing at the 11 high-volume locations in Canada where it is available, sometimes members wait in the same line as non-members, since there are physical infrastructure limitations.

5.33 For company pre-approval programs, CSA/FAST clients receive some benefit, including more expeditious border clearance and reduced reporting requirements. However, the limited number of CSA/FAST participants (importers or carriers) means that companies cannot always take advantage of the FAST lane. For example, if a truck does not contain only FAST shipments, it cannot use the FAST lane. Companies will receive greater benefit as more clients are approved for CSA/FAST and the FAST lane infrastructure improves.

The Agency has not demonstrated that it refocuses its resources to higher-risk areas

5.34 We also expected that pre-approval programs would have allowed the Agency to refocus resources to higher-risk areas. In general, we found that less than 2 percent of travellers participate in these programs, although some ports of entry have more than 20 percent of their traffic represented by members of these programs. While the Agency has had to invest in program design and delivery, it has not specified the enrolment level that would allow it to refocus resources to areas of higher risk. Pre-approval programs have not undergone a cost-benefit analysis, and the Agency has not conducted a formal analysis of the resources it has refocused after implementation of NEXUS or CANPASS.

5.35 Recommendation. The Canada Border Services Agency should establish controls and monitoring for its pre-approval programs to ensure that members who are assessed above low-risk at the time of admission, based on reasonable and credible information, are monitored and their participation in the program is reviewed to ensure that their net risk level is reduced to low.

The Canada Border Services Agency's response. The Agency agrees. It has developed a risk-based protocol to direct the monitoring and re-assessment of CSA carrier participants. The backlog of files to be risk-assessed in the NEXUS program has been addressed and monitoring procedures are now in place. The Agency will review its controls and monitoring for all pre-approval programs. In addition, it should be noted that the expansion of the NEXUS program is ongoing and is currently in place at seven international airports and 11 land border sites.

Targeting high-risk people and goods

5.36 To better manage risks, the Agency collects information on many travellers and shipments before they arrive at Canadian ports of entry. When possible, the Agency uses the information to expedite the clearance of low-risk people and goods and to identify high-risk travellers and shipments before they arrive, so that it can intercept and examine them more closely on arrival. Before the Agency had access to advance electronic information, it relied more on manual screening of paper manifests and travellers' documents at ports of entry. We provide recommendations related to our observations of the Agency's targeting procedures at the end of this section at paragraph 5.61.

5.37 Exhibit 5.4 provides an overview of what type of advance information is collected and when.

Exhibit 5.4—The Agency collects information on shipments and travellers

Mode

Type of Information Requested

Mandatory

Time frames

Status of advance information across modes: Commercial

Air

Advance Commercial Information (ACI)

Yes

4 hours prior to arrival (or "wheels-up" for flights shorter than 4 hours)

Marine

Advance Commercial Information (ACI)

Yes

24 hours prior to loading cargo at a foreign port

Land: Rail

Cargo and conveyance data

No

Recommended 2 hours before train arrives in Canada

Land: Highway

Cargo and conveyance data

No

Recommended as far in advance as possible

All modes

Pre-arrival Review System (PARS) data on importer and consignee (recipient of goods)

No

1 hour for electronic data and 2 hours for paper data

Recommended 30 days prior to leaving for the destination

Status of advance information across modes: Travellers

Air

Advance Passenger Information/ Passenger Name Record (API/PNR)

Yes

Information provided upon departure of flight

Marine

Passenger and Crew Information

Yes

Number of passengers and crew required 96 hours in advance of arrival; however, names are not mandatory

Recommended as far in advance as possible and updated/confirmed as soon as vessel departs the last port

Land: Rail

None

No

N/A—but discussions under way

Land: Highway

None

No

N/A

The Agency now collects more information on people and goods before their arrival

5.38 Since 2001, air carriers have been required by law to submit advance electronic information on their passengers and crew at the time of departure. Similar requirements were put in place for marine cargo in 2004 and air cargo in July 2006. No such legal requirements apply to commercial shipments by land; however, the Agency receives advance electronic cargo information on about 99 percent of rail shipments and 12 percent of highway shipments. Further information on the importer and recipient of the goods, known as Pre-arrival Review System (PARS) data, is received for shipments across all commercial modes. The information is intended to allow the Agency to streamline clearance for low-risk shipments and to identify high-risk shipments for further examination on arrival.

5.39 The Agency determines that an individual or commercial shipment is high-risk if there is a substantial likelihood of non-compliance with the Canadian laws or regulations it enforces. The Agency considers many factors, including past seizures, intelligence information, improper reporting of goods imported, the extent of criminality, and the point of origin of the traveller or goods. On this basis, it determines the level of risk connected with the entry of an individual or shipment, and whether further examination is required.

5.40 The Agency's National Risk Assessment Centre (NRAC) was established in January 2004. It identifies national security threats by analyzing advance information on arriving goods and people. Results of its analysis are shared with officials in operations and with others. For this purpose the Centre relies on

  • automated risk assessment systems—TITAN for marine and air cargo, and the Passenger Information System (PAXIS) for people;
  • searches of databases and travel patterns; and
  • analysis of indicators and the judgment of the targeting officer.

Despite its information sharing mandate, the Centre does not have ready access to all the intelligence databases available to the Agency. While it has access to various intelligence products, it does not receive any national security intelligence products to guide its targeting activities. The Agency told us that discussions are under way to enhance collaboration between its intelligence directorate and the National Risk Assessment Centre.

5.41 We found that the Agency has begun to focus on receiving advance information to address risks involved with entry to Canada of passengers arriving by rail or shipments by post. The Agency has recently initiated programs and discussions with stakeholders to expand advance targeting in these modes. However, for each mode (air, marine, land, rail, and post) it has not systematically reviewed how it should modify the type or extent of examination to compensate for gaps in information on risk assessment prior to arrival. In other words, where advance information is not adequate to complete a risk assessment, additional procedures or an increased level of examination may be needed.

Advance targeting assesses more air travellers

5.42 Implemented in 2002, PAXIS is an automated risk assessment system for air travellers (passengers and crew). It is used to target high-risk passengers based on the Advance Passenger Information/ Passenger Name Record (API/PNR) data received from air carriers for incoming flights to Canada. The Agency reconciles API with incoming flight lists to determine which flights are not submitting API, and follows up with the airlines. The increase in the amount of advance information received by the Agency is shown in Exhibit 5.5.

Exhibit 5.5—The amount of advance information gathered on air travellers is increasing

Exhibit 5.5-The amount of advance information gathered on air travellers is increasing-Percentage of air passengers on whom the Agency received Advance Passenger Information records

Exhibit 5.5-The amount of advance information gathered on air travellers is increasing-Percentage of air passengers on whom the Agency received Passenger Name Record information

5.43 The National Risk Assessment Centre reviews air travellers heading to Canada, whose information PAXIS has assessed and found to exceed the threshold risk score for risks to national security. Because of problems in data transfer and completeness, not all passengers are assessed by PAXIS, limiting the Centre's ability to identify potential high-risk travellers before their arrival. If the data is not accurate, it may not be matched to lookouts, with the result that high-risk people may not be targeted for examination.

5.44 A total of 22 million passengers flew into Canada from April 2006 to March 2007. Only 16 million of these passengers were risk-scored in PAXIS since only passengers with complete data who travel on commercial flights are assessed. Further, the Centre's targeters are presented passenger information for only the portion of these passengers who received a high-risk score in PAXIS. In the 2006–07 fiscal year, the system categorized 1.2 percent of passengers as high-risk. From this high-score list the Centre's targeters selected passengers for further examination at the airport on arrival. Officers were concerned that PAXIS might have erred in assessing certain travellers as low-risk. The Agency told us that it is currently discussing how to improve the risk scoring.

5.45 Agency officers at local airports also target passengers in advance of arrival and have access to the full flight list. However, local targeters do not always know which flights have already been assessed by the Centre, which can result in gaps or duplication of effort. They target primarily for contraband (for example, illegal cigarettes, alcohol, drugs, and firearms) and potential immigration violations, not national security concerns. At the National Risk Assessment Centre, Toronto's Pearson International Airport, and a number of other Canadian airports, we observed officers targeting passengers on incoming flights. We found that passenger targeting units at airports did not assess all incoming flights, although the Agency considered some of the airports to be high-risk ports of entry. One control that is in place at all airports is the assessment of every passenger on their arrival at primary inspection. However, the Agency did not have risk mitigation procedures in place to compensate for flights not targeted in advance of arrival. Also, officers at primary inspection do not know which passengers or flights have been risk-assessed in advance.

5.46 To allow proper targeting of travellers in advance of their arrival, it is essential that carriers supply good quality and timely information. We found that the Agency is not monitoring the timeliness of the API/PNR it receives because of conflicting legislative requirements. Section 107.1(1) of the Customs Act states that passenger information must be sent "in advance of the arrival of the conveyance in Canada or within a reasonable time after that arrival." Section 4(1) of the Passenger Information (Customs) Regulations states that passenger information must be provided to the Minister "at the time of the departure of the commercial conveyance." The Agency has recommended that the Customs Act be changed to read "at a prescribed time" and that the regulations specify timelines for different transportation modes. Legislative amendments were still in the draft stage at the time of our audit.

5.47 The Agency is taking steps to improve the quality of data used for targeting. It began producing systematic monitoring reports on the completeness of advance passenger data in late 2006, and found that it was receiving about 94 percent of that required data. In December 2006, the Agency compared the advance data received for four flights with the actual passengers who arrived. The study found that 37 percent of data transmitted by the airlines for these flights was not accurate, potentially hindering the proper identification of high-risk travellers. The Agency receives Passenger Name Record (PNR) data for some incoming flights and focuses its targeting to a large extent on those flights. Over the course of the audit, the Agency established teams to improve the quality of data received from airlines. Their priority is improving Advance Passenger Information (API) data quality because PNR data can be properly linked to a traveller only when the API data is received.

Not all air and marine cargo shipments are assessed before they arrive

5.48 The Agency cannot provide assurance that it conducts risk assessments of all air and marine cargo in advance of arrival. In the marine mode, we found that the Agency had done a preliminary analysis of discrepancies between what enters Canada and the advance information supplied. To address potential gaps in advance information, the Agency has met with shipping authorities. However, the Agency does not consistently assess the extent of the gap between what it has been told is arriving and what actually arrives. It is not tracking the timeliness of its risk assessment process for marine containers because it does not compare the time of arrival with the risk assessment date. The Agency needs to address these gaps to ensure that it conducts risk assessments of all containers prior to their arrival.

5.49 The National Risk Assessment Centre's responsibility is to risk-assess marine containers for national security concerns prior to their arrival in Canada. If the Agency receives information suggesting that a marine container poses a potential threat to national security, it refers the container for examination at the foreign port of origin before loading. We found that all containers identified as a national security threat by the Agency had been examined at the foreign port. The Centre may also place "Do Not Load" orders on containers when it lacks information or suspects national security risks and can recommend containers for examination based on indications of contraband.

5.50 Centre records show that 548 containers were loaded despite "Do Not Load" notices in 2005–06, and 386 "Do Not Load" containers were loaded in 2006–07, totalling 934 containers loaded without authorization over two fiscal years. The Agency did not keep systematic records on why loading had proceeded without authorization.

5.51 Of the 934 containers loaded without authorization, 243 were referred to the local Marine Container Targeting units for further assessment. Based on the Centre's records, local Agency officers examined 21 percent of these containers. The Agency told us that the proportion was low because there is currently no requirement for local examination facilities to follow up on its examination recommendations. A second reason is that the majority of these containers were risk-assessed before their arrival as more information had been received, thereby negating national security risks.

5.52 We examined in detail the files for 20 containers that were loaded without authorization and appeared to have arrived in Canada before being risk-assessed for national security concerns. We looked at information the Centre used to track containers loaded without authorization in order to learn whether it had been able to discount the possibility of a national security risk before the containers arrived in Canada. We found that it had not done so. The Centre's records showed that 10 of these containers entered Canada without the required advance targeting or any further examination. For a further eight containers, the Agency did not provide sufficient evidence to show whether it had or had not eliminated the security risk before their arrival.

Automated advance targeting is not yet working as intended for cargo shipments

5.53 The Agency also conducts automated advance targeting for marine and air cargo. It receives Advance Commercial Information (ACI) electronically from carriers and freight forwarders, and uses this as the starting point for risk assessment. The TITAN system has successfully processed more electronic manifests from carriers as shown by the decreased number of manifests rejected (Exhibit 5.6).

Exhibit 5.6—The number of rejected manifests is decreasing

Exhibit 5.6—The number of rejected manifests is decreasing

5.54 The Agency monitored 146 of its 812 ACI carriers and freight forwarders and found that some data was incomplete and contained errors. The Agency estimated that the carriers and freight forwarders it monitored represent about 90 percent of ACI received as of 31 May 2007. While the Agency issued action plans and followed up with specific companies, it had not ensured that companies providing poor data were subject to additional monitoring.

5.55 The Agency levies administrative monetary penalties on carriers that send incomplete advance passenger information. It does not currently penalize commercial carriers that send late or inaccurate data under the Advance Commercial Information program; however, other commercial penalties continue to apply. We found that the Agency has a variety of outreach activities to ensure ongoing compliance with advance information requirements. However, it does not monitor clients for compliance based on risk and it does not conduct more intensive examination when a non-compliant client arrives. We found that the Agency does reconcile Advance Passenger Information data with incoming flight lists through the PAXIS "Flight Acquittal System." This enables it to determine which flights are not submitting API.

5.56 The Agency feeds the advance information on cargo into its TITAN automated risk assessment system, which contains two programs: TITAN-Marine, introduced in November 2004; and TITAN-Air, introduced in July 2006. In its 2004–05 Departmental Performance Report, the Agency called TITAN "the cornerstone of CBSA's risk-management regime." The Agency is one of three border agencies in the world using advance automated targeting tools to risk-score incoming shipments. The system analyzes electronic manifests of commercial shipments coming to Canada, and assigns a risk score to each shipment. A higher risk should translate into a higher score. TITAN allows border services officers to view data on incoming cargo electronically, and link to databases containing information used in the risk assessment process. The National Risk Assessment Centre used TITAN to target about four million marine and air cargo manifests in the 2006–07 fiscal year.

5.57 Marine ports have the capacity to fully examine less than one percent of arriving containers. Partial examinations may include opening the container without fully unpacking it (also less than one percent) or imaging the contents with Vehicle and Cargo Inspection System (VACIS™) machines. The Agency did not have complete records for the number of VACIS™ scans it performed on marine containers in the 2006–07 fiscal year, and could not confirm the accuracy of scans reported for previous years. We found that the Agency has not determined which level of examination is appropriate for which TITAN score. The result is that examination is not mandatory for marine containers and air cargo that receive high scores indicating a high risk. In the face of two urgent risks—avian flu and explosive devices—the Agency responded but had to make emergency adjustments to its risk scores. The Agency has recognized problems with this process and is currently working to better respond to emerging threats.

5.58 We examined the risk scores and examination results for about two million marine containers that arrived in Canada in 2006. We found little relationship between a high score and the decision to examine a container. The local officers told us that they are not confident in using the automated risk score to select containers for examination. They rely more on their own analysis of various databases and local knowledge. Pre-arrival targeters were not consistently documenting why they were choosing to refer certain shipments for examination and not others. As a result, it is difficult for the Agency to determine key factors in pre-arrival targeters' decision-making processes, which would improve upon key aspects of pre-arrival targeting practices. Without this information, the Agency has actively sought feedback from targeters in order to improve the risk-scoring process.

5.59 Advance information targeting is crucial to the Agency's risk management efforts. Its targeters screen and select people and goods for further examination. We found various groups across the organization, such as the National Risk Assessment Centre, Enforcement Branch, and the regions, have developed and delivered their own training for targeters. However, neither a competency profile nor a standard training program exists to ensure that targeters have the competencies and experience required to carry out this important function. As a result, there is little overall coordination to ensure that a consistent and comprehensive approach is used to target people and goods for further examination. We note that the US Government Accountability Office found similar weaknesses in its 2004 reviews of US cargo inspection programs, and these weaknesses were subsequently addressed.

The Agency has no risk management framework for pre-arrival targeting

5.60 Advance information provides the Agency with an additional tool to screen people and goods. While the Agency has made some progress in the collection and analysis of advance information, it now needs to examine the entire process so that it looks at all of its mitigating controls in order to address instances where data quality or completeness of information is lacking. The Agency has not determined how each of the mitigating components of its pre-arrival targeting activities complement each other—including the extent of advance information, automated risk scoring, intelligence information, and the analysis and judgment of its targeters and border services officers.

5.61 Recommendation. The Canada Border Services Agency should design and implement a risk management framework for its pre-arrival targeting activities that links the identified risk with the level of examination.

The Canada Border Services Agency's response. The Agency agrees. The Compliance Management Plan element of the new Integrated Risk Management Framework (see response to Recommendation 5.20) will include a component on targeting. This will link targeting decisions, including prescribed levels of examination, to identified levels of risk.

In addition, the Agency recently established an analytical unit at the National Risk Assessment Centre to track containers "loaded without authorization" including their subsequent assessment and examination results. As well, local officers have been advised to report on the examination results of NRAC referrals.

5.62 Recommendation. The Canada Border Services Agency should ensure that

  • targeters consistently document their reasons for all referral decisions,
  • officers document the results of subsequent examinations, and
  • this documented information is used to improve future referrals of people and shipments for further examination.

The Canada Border Services Agency's response. The Agency agrees. The Agency currently has a system in place to document reasons for referral decisions, and has been working for some time on improvements. The Agency has reminded targeters to document reasons for referral decisions. Furthermore, in response to the observation in the marine mode, officers have been instructed to document the results of container examinations or the reasons for non-examination of containers (referred by the National Risk Assessment Centre) to confirm that risks have been mitigated. Monitoring of this activity will be done through the Process Monitoring Framework. The Agency will analyze the results of examinations against referrals to improve future referrals of people and shipments for examination.

5.63 Recommendation. To promote consistency and quality in the targeting process, the Canada Border Services Agency should develop a mandatory training program for all border services officers targeting advance information. The syllabus for the training program should be based on a corporate-wide needs analysis, and its delivery should be monitored, evaluated, and reported on.

The Canada Border Services Agency's response. The Agency agrees. For many years, the Agency has given targeting training to targeters, including intensive training given to targeters at the National Risk Assessment Centre and the Marine Centre of Expertise. In addition, at the Toronto airports, the Agency administers a similar training program for passenger targeting. This training has been given to targeters at other airports across the country. The Agency has started a needs analysis to identify gaps between desired performance and existing training.

The Agency will build upon its existing targeting training program to ensure officers have the necessary skill sets to effectively manage and act on information provided for advance targeting purposes. The Agency will also monitor and evaluate delivery of its targeting training for officers, and will periodically report results.

Control at ports of entry

5.64 To permit the lawful entry of people and goods into Canada, the Agency provides border clearance services at 1,269 locations staffed by about 5,400 uniformed officers. The Agency has a full-time presence at 148 ports of entry, accounting for 92 percent of traffic entering Canada. It has no regular physical presence at the remaining, smaller ports of entry, which are serviced by officers from nearby ports of entry. To eliminate situations where officers work alone, the Agency received $40 million to increase staffing at some ports.

5.65 At ports of entry, the Agency follows a two-stage traveller control process, commonly referred to as primary and secondary inspection. At air and land ports of entry, primary inspection generally involves a line of booths staffed by border services officers, who interview people seeking entry into Canada. Officers at primary inspection either decide to admit an individual into Canada or refer them to secondary inspection for more detailed examination.

Emergency response plans for the border are to be updated

5.66 To respond to an emergency or a terrorist incident, we expected the Agency to have a plan in place that would guide its efforts to keep the border open and secure. We found that, in the event of an incident, the Agency relies on the response plans developed by its three legacy agencies. Other than business resumptions plans now under development, the Agency has not yet developed a response plan to guide all the activities of its new integrated border services and enhanced security mandate.

5.67 Under the Security and Prosperity Partnership of North America, in June 2006 the Agency and US Customs and Border Protection agreed on business resumption planning protocols to be implemented in the event of an incident. The communications and coordination plan has been drafted, and the partners are now working out the details and legal authority for how each border agency would support the other. In January 2007, Canada announced an investment of $24 million to harmonize and strengthen Canadian and US business resumption plans; the aim is to help ensure the continuity of border operations in an emergency.

5.68 Recommendation. The Canada Border Services Agency should implement an emergency response plan for all activities under its new mandate.

The Canada Border Services Agency's response. The Agency agrees. The Agency is in the process of updating its emergency plan, building on existing plans and reflecting the language of the integrated border services functions, for distribution to field offices in the fall of 2007.

In addition, it should be noted that

  • The Agency has existing emergency plans from the legacy organizations that continue to prove effective, as noted during the management of the London bombing incident in 2005, the Lebanon evacuation in 2006, and the anticipated arrival of illegal migrants in Halifax in 2007.
  • The Agency has an active exercise program, working closely with partners involved in border management issues.
  • The Agency has been developing an All Hazards Manual, which is expected to be issued to all field offices in the fall of 2007. It will address the recommendation to update emergency response plans to reflect the integrated border services.
  • The Agency has worked closely with US Customs and Border Protection to develop a communication and coordination plan that incorporates a quick exchange of pertinent information between the two agencies, as well as the trade community, to expedite the implementation of business resumption efforts and ensure continuity of operations at ports of entry during an emergency.

The processes outlined in the anticipated manual build on the existing processes and will continue to be exercised by the Agency under its continuing exercise program.

The Agency has not developed an overall risk management framework for border operations

5.69 Threat and risk assessments are widely recognized as valuable decision-making tools when setting examination priorities. The Agency's intelligence directorate conducts a border risk assessment of its border operations every three years. Under this process, the Agency assesses the risks of smuggling contraband, such as proceeds of crime, child pornography, and illicit tobacco or drugs. The information is assessed and ranked by commodity and by mode of transport. Additional risks of terrorism and missing children were added in 2001, as were chemical-biological weapons in 2004. However, the risk assessment is not complete, since it includes neither risks of irregular or illegal migration of people, nor the movement of food, plants, and animals, now under the Agency's broader mandate. The Agency began to address these risks, which it plans to include in the next version of its border risk assessment.

5.70 In addition, the Agency prepares a national port risk assessment every two years. The Agency assessed the relative risk to 168 ports of entry in 2006 and 220 in 2004. Regional intelligence analysts, in consultation with other sources and port operational staff, complete a questionnaire detailing port demographics, traffic volume, enforcement, and intelligence information. This is combined with the results of the border risk assessment to categorize the ports of entry as high-, medium-, or low-risk. The 2006 risk assessment ranked 23 ports as high-risk (34 in 2004) and included information on suspected criminal and national security risks, as well as the risk of irregular or illegal migration of people. This port risk assessment does not address food, plant, and animal movement, and Agency officials told us that discussions are under way to include these risks in the next questionnaire. Other risk, such as infectious diseases, where the Agency performs activities on behalf of other government departments, were not included in either the border or port risk assessments. In addition to the border and port risk assessment processes, the intelligence directorate provides monthly updates on specific threats and trends in unlawful activities.

5.71 We found that the port and border risk assessment process does not adapt well to changing circumstances. As noted, these assessments are completed every two or three years, meaning that the Agency's risk assessment may reflect risks that were present a few years ago, but not today or next year. The Agency told us that its monthly intelligence updates form a key part of its risk assessment process. As part of updating its port and border risk assessments, the Agency consults with many of its key partners, such as law enforcement and international customs agencies. However, in setting the risk assessment criteria, it did not include all key partners such as the Canadian Security Intelligence Service, Transport Canada, and Health Canada. Without this input, it does not have assurance that it is managing the risks under its own mandate and on behalf of its federal partners in a comprehensive manner. Further, it was not clear how these risk assessments are used in the overall allocation of examination resources and capacity at the border.

5.72 The overall annual number of examinations to be conducted within a region's ports of entry is set out in the Border Management Plan. While Agency officers are instructed to select individual containers and travellers based on risk indicators, the overall level of examinations at the border is largely set by existing capacity, as determined by resources and the examination infrastructure. The Agency has allocated additional resources for new enforcement initiatives to certain ports facing higher risks on a case-by-case basis. However, the Agency does not have a risk-based resource model to determine the resources required across all ports of entry and modes. At the time of our audit, the Border Management Plan was under review to include immigration and food inspection examination targets. The plan for the current fiscal year had not been issued, and officers were instructed to work from the previous year's plan.

5.73 The border also needs to be managed between ports of entry, for which the Royal Canadian Mounted Police (RCMP) has the lead responsibility. In 2002 Integrated Border Enforcement Teams (IBETs) were expanded across the country. These Canada–US inter-agency teams combine the resources of federal, provincial, and state police forces, as well as customs and immigration services. Agency intelligence officers participate in joint force operations and pass on information to border services officers on an as-required basis, which has resulted in interdictions. While the Agency's participation in IBETs has helped it to manage risks at ports of entry, communications could be improved to allow individual ports to better understand the risks in their own local area.

The Agency has added specialized inspection equipment

5.74 To enhance its inspection capabilities and capacity, the Agency has invested more than $70 million over the past five years in specialized equipment to detect contraband and dangerous goods (Exhibit 5.7). The Agency has successfully used this equipment to make high-value contraband seizures. It receives annual funding of $11.8 million to operate, maintain, and replace this equipment, which it has allocated to higher-risk land and marine ports. The most significant investment is in its Vehicle and Cargo Inspection System (VACIS™) units that use gamma-ray imaging to inspect the contents of containers and vehicles. The Agency has deployed 12 mobile VACIS™ units at a cost of $24 million and three pallet VACIS™ machines at a cost of $5 million.

Exhibit 5.7—Examples of the Agency's detection technology equipment

Items

What they do

Vehicle and Cargo Inspection Systems (VACIS™, gamma-ray systems)

Mobile and pallet imaging systems used to detect contraband and dangerous goods in containers, rail cars, passenger vehicles, and trucks.

Ion mobility spectrometry technology systems

Equipment used to identify trace amounts of narcotics and explosives residue in all modes.

X-ray systems

Imaging tools to detect contraband and dangerous goods in baggage and cargo containers for all modes.

Portal radiation detection units

Equipment used to scan containers for the presence of hazardous levels of radiation, now being implemented across ports.

Handheld radiation detection units

Tools used to scan containers and cargo for the presence of hazardous levels of radiation.

Pole cameras and fiberscopes

Imaging tools used to inspect ships, containers, tractor trailers, and aircraft and to view inaccessible areas.

Density meters

Tools used to determine the density of a surface or object.

Remote operated vehicles (ROV)

Equipment used for the detection of contraband and dangerous goods under a vessel.

5.75 The machines have proven successful in detecting contraband; however, the Agency does not have a consistent method of gathering statistics on examination results or usage. The use of mobile VACIS™ units as reported by the Agency was well below its own established standards. As a result, some machines were moved to new locations. Agency officials told us that the mobile units are subject to down-time due to mechanical breakdown, weather conditions, and staff availability.

The level of examination varies across ports of entry

5.76 Requirements for individuals seeking entry into Canada are the same for all ports of entry. At the same time, documentation and targeting vary considerably depending on the mode of transportation used by the traveller—whether highway, air, marine, or rail. Passenger targeting is most intensive at large airports.

5.77 Border services officers at primary inspection points determine whether to refer travellers or their goods for secondary examination. Officers at airports electronically verify passports through document readers. We found that they electronically verified nearly 96 percent of documents and passports of returning Canadians and foreign travellers, a significant improvement over our last audit in 2000. Officers also check databases for any lookout (notification that an arrival should be referred for further examination) or target matching the individual. Taking into account a traveller's declaration and behaviour, the officer decides whether to admit them or require further examination.

5.78 At the land ports of entry we visited that were classified as high-risk by the Agency, we found no document readers in the travellers' primary inspection lane. Instead the Agency has continued to use its Primary Automated Lookout System (PALS) licence plate readers to match travellers to lookouts. Since PALS reads licence plates, it was not designed to identify the driver and passengers of the vehicle. During our visits we noted that officers asked for the identification of vehicle passengers. The PALS system has a poor record of reading plates—requiring officers to make corrections—and its replacement is now overdue. At the time of our audit, the Agency was developing a replacement for PALS that will include document readers at the land borders.

5.79 At land border ports of entry, an officer referring a traveller for secondary inspection gives the traveller a slip of paper. At many locations, there is no clear line of vision between primary and secondary inspection points. On occasion, referred travellers drive straight through without reporting for secondary inspection. In 2006, the Agency documented 1,104 port runners and failures to report at its land borders. While officers do call in their referrals or sound an alarm for port runners, we found that the Agency had insufficient controls in place to ensure that people referred by primary inspection actually underwent secondary examination. For commercial vehicles, we noted that the Agency had introduced a system at certain high-volume locations requiring drivers to enter a code before the barrier rose, allowing them to leave the secondary examination area.

5.80 The Agency has recognized a problem with physical security and the control of referrals from primary to secondary inspection at some of its land crossing points, but it is constrained by infrastructure limitations. Also, it is often the private sector that has authority for the infrastructure at and surrounding the Agency's ports of entry. In January 2006, the Agency started a project to monitor port runners and failures to report. In October 2006, it increased its penalties for non-reporting and it has changed signage and traffic flows. At the busiest commercial land crossing point, the secondary examination facility is several kilometres from the border—as much as 15 minutes' drive. To resolve this problem, the Agency recently introduced mandatory line release for these shipments. In both these cases, the Agency has seen a significant reduction in non-reporting for travellers and commercial shipments at some ports.

5.81 Recommendation. The Canada Border Services Agency should better develop its risk-based approach for the delivery of integrated border services, and use this as a basis for deploying its resources and focusing enforcement efforts.

The Canada Border Services Agency's response. The Agency agrees and is continuing to develop an Integrated Risk Management Framework (see Recommendation 5.20) for the delivery of border services.

In addition, the Integrated Risk Management Framework will include a Compliance Management Plan (CMP) to be phased in beginning with the 2008–09 fiscal year. This plan will be expanded from existing processes, which predates the creation of the Agency. As a result, broader risk management and compliance activities will be integrated across business lines. This will include the integration of the Agency's responsibilities for enforcement and port-of-entry functions from Citizenship and Immigration Canada and the food, plant, and animal inspection functions from the Canada Food Inspection Agency.

The Agency's existing Border Management Plan will become a component of the CMP. The Border Management Plan establishes the level of examinations required for each port in Canada based partly on the risk associated with individual ports. The new CMP will be used to better deploy our resources and to better manage a comprehensive risk assessment approach to enforcement.

In addition, the Agency has begun to replace PALS (licence plate readers) and installation has been completed at seven highway locations.

The Agency is developing a new policy on lookouts

5.82 An established tool to guide the decision on whether a traveller or shipment will be referred for further examination is the use of lookouts—electronic notifications about potentially high-risk people and shipments. Lookouts may be issued for a number of reasons, including intelligence information, past customs seizures, immigration violations, and national security risks. We found policies and procedures for creating lookouts vary considerably, and the Agency is currently developing a new, integrated policy for issuing lookouts and sharing information. This will meet a 2006 recommendation of the Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar, which called on the Agency to develop clear policies on its use of lookouts.

5.83 The Agency also issues lookouts on behalf of its federal partners and foreign agencies, such as US Customs and Border Protection. In its management of lookouts, we found inconsistency in the way the Agency collects, shares, and monitors lookout information across intelligence units. Receipt of lookouts from partners and other countries has allowed the Agency to intercept and refuse entry to high-risk people and goods. However, we also found varying arrangements in the way the Agency screens lookouts for relevance, accuracy, and reliability. The Agency is subject to legislative requirements regarding the release of information to its partners. We found that it has not always passed on the information obtained from its lookout interceptions to its partners in a timely manner.

5.84 The Agency has automated controls to alert officers that lookouts need to be intercepted and examined. These automated controls also allow management to monitor performance. We noted cases in which lookouts placed on identified high-risk threats were missed at primary inspection. Moreover, these cases are not systematically tracked and monitored at a corporate level to determine the extent of the problem. The National Risk Assessment Centre does keep this information and found that an average of 13 percent of its customs lookouts and 21 percent of its immigration lookouts from January to March of 2007 were not referred for further examination. The Agency investigated some missed lookouts and has acknowledged that improved training of its officers is necessary. In some instances officers received this training.

5.85 Agency officials told us that some lookouts may be missed or admitted to Canada at primary inspection because of incorrect matching of the lookout to a traveller or shipment; at primary inspection, the officer is able to identify the error in matching and therefore does not make the referral for secondary examination. At airports we visited, we found that officers at primary inspection consistently made referrals only when lookouts perfectly matched travel documents. While Agency policy requires officers to also refer near-matches when appropriate, it does not monitor whether in fact they are doing this.

5.86 We also found that the Agency does not consistently monitor the results of referrals to ensure that secondary inspection does in fact take place. In some cases, a border services officer may refer an individual matching a lookout for secondary examination, but the person does not report as required. We observed that some airports now escort referred travellers from primary to secondary inspection, but the Agency does not regularly monitor whether all required examinations are conducted. If waiting lines for secondary inspection become excessively long, the Agency may release individuals without further examination because officers decide that they pose a lesser concern. However, these releases are not documented or tracked.

5.87 Recommendation. The Canada Border Services Agency should continue to develop its policies and procedures for creating and using lookouts. In addition, it should improve its monitoring, documentation, and follow-up of lookouts, and develop measures to ensure that information is collected and shared appropriately.

The Canada Border Services Agency's response. The Agency agrees. To this end, the Agency is continuing to improve its policies and procedures for creating and using lookouts, and is improving its monitoring and follow-up of lookouts. The lookout monitoring program used in some regions to track and reconcile lookouts has recently been implemented in all regions. As the new integrated policy is developed the program will be further modified and expanded.

In consultation with its key partners, the Agency is working to implement an integrated lookout policy by January 2008, which will also address issues raised in this report. In addition, the Agency has initiated a review of current methods to more consistently monitor its lookout practices, and is developing an integrated information sharing policy for intelligence sharing with its partners.

5.88 Recommendation. Canada Border Services Agency officers should consistently document the results of referral decisions and the results of their examinations.

The Canada Border Services Agency's response. The Agency agrees. The Agency currently has a system in place to document results of referral decisions and examinations. Work is under way to improve the access and user-friendliness of this system for officers. It has reminded its officers to record referral decisions and examination results, and will monitor this through controls referenced in its response to Recommendation 5.107.

Processes for seized goods and currency need improvement

5.89 The Agency seizes and detains goods under the Customs Act and under various other statutes, on behalf of federal departments and agencies. Many of the Agency's agreements regarding activities it undertakes for other federal departments need to be updated. Further, border services officers do not have clear authority to search for or seize counterfeit goods. The Agency has established policies and procedures; however, at certain crossings, we noted poor control over the administration and handling of seized goods, such as alcohol and firearms. We observed unrestricted access to seizure rooms at two locations, manual cataloguing of seized goods, and continued storage of several firearms that had been seized years before. In April 2007, the Agency adopted a new policy requiring that bond rooms be regularly monitored to ensure authorized access and handling of seized goods.

5.90 The Agency makes currency seizures under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (2000). Every person is required to report the import or export of currency or monetary instruments worth $10,000 or more. Failure to do so may result in seizure by officers. If there are reasonable grounds for suspecting that the money is the proceeds of crime or terrorist financing, there are no terms of release offered for the amount seized. During our file review we noted that in many cases fairly large amounts of money were seized with terms of release. We found that officers did not always document—with sufficient explanation—their decision to seize with terms of release rather than without terms of release. We also noted that the total number of seizures increased by 23 percent while the number of seizures with no terms of release decreased by 11 percent. Officers at ports of entry told us that the process for seizures without terms of release is cumbersome. Based on the documentation provided, we do not have assurance that border services officers are appropriately seizing proceeds of crime or terrorist financing.

5.91 Recommendation. The Canada Border Services Agency should improve the application and monitoring of its controls of seized goods, and improve documentation for its currency seizure decisions.

The Canada Border Service Agency's response. The Agency agrees. There are directives in place, which instruct Agency employees on the proper handling, recording, and disposition of seized goods, and documentation for their currency seizure decisions. In addition, in April 2007, the first phase of the Process Monitoring Framework (PMF) was implemented. The PMF, which will be reported on twice per year, contains a module that outlines how each port of entry must monitor its bond room to ensure authorized access and the proper handling of seized goods. In September 2007, the PMF was further modified to include a section on cross-border currency reporting to ensure officers provided sufficient explanation for seizing currency with terms of release. In addition, an internal audit of detained and seized goods is in the planning phase.

Training of new recruits shows promise

5.92 The Agency has developed a national recruitment program for border services officers and a revised training program for new recruits. All new officers must complete this training before being deployed to the front line—a requirement that addresses a problem we had identified in our previous audit reports. The Agency has also established a new "Frontière/Border (FB)" classification standard for border operations, with generic position descriptions that cover duties performed by the three legacy entities.

5.93 To develop the new training program the Agency formed a Curriculum Advisory Board with representatives from all key functions and the regions. The Board took a competency-based, functionally integrated approach to its work. The program it developed has three stages:

  • an initial online component;
  • a nine-week residential course, graded pass/fail; and
  • further specialized training in the field, depending on work assignments.

At the time of our audit, national standards existed for the online and residential components.

5.94 The cost to train each new recruit for the front line is significant and could range from $14,000 to $19,000, but the Agency has not tracked training costs per recruit. During the 2006–07 fiscal year, the Agency trained 1,184 new recruits. Plans call for training of an additional 600 to 800 new border services officers over each of the next 10 years to deal with attrition, increases in regular staff numbers necessitated by the arming initiative, and the end of work-alone situations.

5.95 The Agency is in the process of integrating existing employees from the legacy organizations by training them in new areas of the Agency's mandate over a four-year period. The Training and Learning Directorate is developing and introducing cross-training modules, to be delivered to national standards. The modules will provide customs training to former CFIA and CIC employees; immigration training to former Customs and CFIA employees; and food, plant, and animal training to former Customs and CIC employees.

5.96 The Agency began collecting data on cross-training in 2006 and has recorded that 1,435 border services officers were cross-trained by 31 May 2007. However, we found no national implementation plan for cross-training of existing border services officers. Each region is approaching the situation differently. Some have actively pursued cross-training and ensured that, after training, the employees are assigned to work in areas that use what they have learned. Other regions have not pursued cross-training, sometimes because of the physical set-up of their ports. It may not be feasible or desirable to cross-train all the officers. Some would have no opportunity to apply what they learned if they always work in a specific area (such as marine, postal, or inland security). However, the Agency has not defined the level of cross-training needed for different operational areas.

5.97 The Agency is a large and decentralized organization with significant learning needs. However, responsibility for training is spread across the organization without consistent corporate oversight. Courses are developed and delivered by branches and directorates that may lack the necessary skills, knowledge, or functional authority for training. The Agency also lacks mechanisms to assess the effectiveness of the training.

5.98 Recommendation. The Canada Border Services Agency should evaluate its training to determine its effectiveness in meeting the Agency's priorities. As well, the Agency should develop a national implementation plan for cross-training border services officers, and monitor its progress.

The Canada Border Services Agency's response. The Agency agrees. As part of the new Port of Entry Recruit Training program design, the Agency is taking concrete measures to evaluate the training program on an ongoing basis through the Curriculum Advisory Board. This includes carrying out regular evaluations to gather data about learner reaction, measuring actual learning during the training, and evaluating performance by recruits once back in the workplace. If this evaluation method proves successful, the Agency will, resources permitting, explore the possibility of applying it to other Agency training.

The 2006–07 version of the recruit training program fully supports the integration of food, plant and animal inspection, and customs and immigration roles at ports of entry. Cross-training for the existing workforce has already occurred in several regions, and, at the national level, efforts continue to repurpose the current recruit training products for specific target audiences, develop instructors, conduct train the trainer sessions, and coordinate and track such courses. In the 2007–08 fiscal year, we will develop a national implementation approach for cross-training border services officers and will find ways to more consistently monitor cross-training activities across the country.

Performance measurement

The Agency needs to improve its performance measurement and reporting

5.99 To gauge its success in applying a risk-based approach to border operations, the Agency needs reliable performance information from the ports of entry for travellers and commercial shipments. By recording and analyzing the results from secondary examinations and enforcement actions, the Agency could determine whether its risk management approach is working. Specifically,

  • it will know whether it is correctly identifying travellers or shipments for further examination; and
  • it will gain information on trends or risks that it could then manage proactively.

5.100 In our April 2000 Report, Chapter 5, Canada Customs and Revenue Agency—Travellers to Canada: Managing the Risks at Ports of Entry, we found that the Canada Customs and Revenue Agency (one of the Canada Border Services Agency's legacy entities) needed to improve its use of random referrals for secondary examination. At the time, the CCRA agreed with our recommendation and stated that it would conduct a detailed analysis of random referral results.

5.101 For pre-arrival targeting of people and goods, we found that the Agency maintains performance indicators on some aspects of its activities. However, it has not developed results-based performance measures to help monitor its automated risk assessment tools. Further, it has not systematically analyzed whether its pre-arrival targeting activities have become more effective since it began to use automated risk assessment tools. It believes the tools are still in the early stages of development and implementation.

5.102 As we said in past reports, the use of random referrals is a means to establish baseline performance information, validate existing risk indicators, identify potential new risks, and ensure program integrity. Random referrals would allow the Agency to determine whether its intelligence and pre-arrival targeting techniques are effective. The referrals would also indicate where to make improvements. The Agency is able to generate random referrals, and its "pier referrals" randomly refer goods for examination in the marine mode. However, the Agency has not designed these random referrals in a way that would help it to improve pre-arrival targeting results for the future.

5.103 In May 2006, the Agency introduced an automated program for tracking referrals and examination results at 40 sites, including airports, bus stations, and some ferry and cruise ship terminals. We found that officers did not consistently use the program to record the results of their secondary examinations. At many sites, they abandoned it because they found it too cumbersome. Consequently, the program has helped little in performance reporting and risk management. The Agency is aware of the problem and told us it is working on a solution.

5.104 The Agency does not perform a systematic analysis of its activities and how they relate to its compliance strategies. For example, from the 2003–04 fiscal year to the 2005–06 fiscal year, there was a 27 percent decline in total enforcement actions for prohibited goods such as firearms and drugs. During the same period, the number of forced payments rose by 5 percent. When asked to explain these trends, the Agency performed a specific analysis of seizure activity, but did not link the result to its overall program objectives. In May 2007, the Agency approved the formation of a task force on performance measurement, recognizing its need for comprehensive measures.

5.105 Concerning examinations of commercial shipments, we found that the Agency does not know whether it is conducting more examinations of high-risk shipments than in previous years, nor does it know whether its enhanced targeting activities have led to improved enforcement actions. Again, the Agency does not collect information that would allow it to answer these questions.

5.106 We found that the Agency was not systematically referring and recording examination results for system-generated random referrals. At the land border we observed that not all random referrals were sent for secondary examination and no statistics were kept on referrals. In fact, one major airport had totally abandoned random referrals because it felt it was already operating at full capacity. The Agency is not systematically examining the results of its random referrals to validate or improve its current examination strategy and report its results.

5.107 Recommendation. The Canada Border Services Agency should implement the necessary controls to ensure that the result of each referral and examination is recorded promptly.

The Canada Border Services Agency's response. The Agency agrees. The initial phase of the Process Monitoring Framework (PMF) was implemented in April 2007 and has modules to ensure that examination reports are reviewed for completeness and accuracy. The PMF also monitors the timeliness of reports where appropriate.

The Agency has reminded its officers to record the reasons for their referrals and examinations promptly.

5.108 Recommendation. The Canada Border Services Agency should develop and implement a mandatory country-wide random examination program for both people and goods that includes examining each more frequently if they pose additional risks.

The Canada Border Services Agency's response. The Agency agrees. The Agency does have an existing Compliance Measurement Program in which random examinations are conducted to measure the compliance of travellers and commercial shipments at large and medium ports. In addition, officers conduct both random and targeted examinations. However, the Auditor General found that this was not operating as it should and the Agency agrees that a more fulsome risk-based random examination program needs to be developed for people and goods. As part of the policy and program design, the Agency will conduct an assessment of whether existing resources would support implementation of country-wide random examinations.

In addition, the Agency anticipates that any random examination program must take into consideration any changes to threat and risk assessments and, in turn, will recommend adjustments to the Compliance Management Plan (see response to Recommendation 5.81) to increase random examinations. Timelines for implementation of recommended changes may be dependent upon availability of resources.

In addition, results from random examinations, as well as program evaluations, will regularly be included in the analysis of results from all examinations. The combined results will be used to validate current risk management procedures, to identify new areas of concern, and to ensure that those who pose greater risks are examined more frequently while low risk individuals and companies are not excluded from examination.

5.109 Recommendation. The Canada Border Services Agency should record the results of its examinations and use them to improve its ability to identify and examine high-risk people and goods.

The Canada Border Services Agency's response. The Agency agrees. The Agency will pursue the development and implementation of a random examination program to identify and examine high-risk people and goods (see response to Recommendation 5.108) and, ultimately, incorporate specific random examination targets into the new Compliance Management Plan (see response to Recommendation 5.81). The Agency anticipates that the results derived from this program will assist with resource allocation decisions, as well as trends analysis. National compliance priorities and compliance management efforts will become risk-based and will allow the Agency to continuously improve its ability to identify and examine high-risk people and goods.

The Agency is working with the US Customs and Border Protection through the Harmonized Risk Scoring Initiative to enhance a shared risk scoring algorithm. Furthermore, in June 2007, an enhancement to the Agency's TITAN systems allowed officers to input marine container examination results, VACIS™ images, radiation examination results, and ION scan results directly into TITAN via laptop from the examination facilities. The Agency will review these results, and recommend changes, as appropriate, to the Compliance Management Plan.

Conclusion

5.110 The Canada Border Services Agency has faced major challenges in combining the operations of three legacy organizations and carrying out an expanded security mandate. It has made progress in establishing a new classification standard to integrate its border services and has recently introduced a promising integrated training program for its new recruits. Nevertheless, it has not made as much progress as we would have expected in risk management. The Agency uses a risk-based approach in many of its decisions. However, it does not have an overall risk management framework in place, even though this is essential for achieving the Agency's mandate. While the Agency's investments in automated systems have been guided by business plans and government priorities, it has invested without the benefit of an overall information technology strategy. In its 2004–05 Departmental Performance Report, the Agency stated that the transition from the three legacy organizations was a top priority. We noted that this transition is incomplete since a transition of this nature can take several years. However, the Agency has not developed a plan to provide integrated border services.

5.111 The volume of trade, including marine containers and air cargo, and its associated data, has increased dramatically in recent years, but the Agency's examination resources have remained relatively constant. This situation highlights the need for risk management. The Agency is spending $150 million on automated risk scoring tools, which are still in the early stages of development and implementation. While the Agency has made some efforts to improve performance, it has not systematically examined whether the introduction of these tools has improved its ability to identify national security risks or prohibited goods or people. Because border services officers perceive weaknesses in the systems, they rely on more traditional examination methods.

5.112 The Agency allows many individuals and companies to enrol in its low-risk programs, with the incentive of reduced waiting times for clearing the border. Road and bridge infrastructure constraints prohibit real reductions in waiting times at some land border crossings, and the Agency is unable to demonstrate whether the programs' benefits outweigh the costs. At many border points, the programs depend mainly on voluntary compliance. Further, the Agency does not use all available information to determine whether applicants are in fact low-risk. With the decreased level of examination, the Agency places more reliance on the voluntary compliance of these people and companies.

5.113 At the border, the rate of examination is based mainly on the capacity of personnel and availability of equipment. However, the type of examination chosen for individuals and shipments upon arrival is based on an assessment of risk indicators and the judgment of border services officers. The Agency does not have a risk-based model to determine the resources required across all ports of entry and modes of travel. It does use intelligence information to determine which people or goods to select for examination. However, the Agency's lookout process, which was intended to identify and intercept high-risk people and goods, has missed some that were identified as high-risk threats. The Agency does not know the extent of this problem. People or goods referred for a more thorough secondary inspection can be released or leave before being examined. The degree of review of documentation presented by travellers varies at different ports of entry. In many highway locations, identification documents are not verified against databases.

5.114 A crucial concern is that the Agency has not developed its procedures and systems in a manner that would allow it to determine whether its performance exceeds, meets, or falls short of expectations. In our previous audits, we suggested that border services use performance management procedures and information to monitor operations and help improve them for the future. We have seen little progress in this direction.

5.115 The threat and risk assessments that the Agency has put in place are not satisfactorily supporting its efforts to achieve a border management approach that is based on risk. While the Agency has performed some risk assessments, it has not sufficiently defined and reflected risk in its planning and operations. Further, weaknesses in its operational data prevent the Agency from validating which risks are the most important. The Agency has not established its desired levels of border openness and security and, as a result, cannot know whether it is achieving them. Consequently, the Agency finds itself reacting to a changing environment instead of managing it.

About the Audit

Objective

To determine whether the approach of the Canada Border Services Agency (the Agency) to border management is based on a threat and risk assessment, and achieves the desired balance between an open and secure border for the entry of people and goods into Canada.

Scope and approach

This was the first performance audit looking specifically at the Canada Border Services Agency, which was formed in December 2003. It covered the Agency's operational programs that support a risk-based approach to border management and that are primarily located in Canada. We examined the implementation of the strategic and operational plans to determine the extent to which they establish the desired balance between facilitation and security, and follow a risk-based approach. The audit examined the Agency's programs to facilitate the entry of low-risk people and goods, as well as its analysis of advance information enabling it to identify high-risk people and goods. We examined what the Agency is doing to provide training and resources for border services officers, and the extent to which automated systems support the Agency's information management and technology needs. Some of our audit work involved examining specific files based on specific criteria to determine whether or not key controls were functioning as intended.

The audit did not examine the management of removal orders or other inland enforcement activities for individuals. The role of migration integrity officers was not examined in detail, nor were food inspection activities.

Criteria

The audit was based on the following criteria:

  • The Agency has implemented an adequate strategic planning process that incorporates a risk-based approach.
  • The Agency's operational plans are aligned with its strategic outcomes and organizational priorities. The Agency has articulated the desired balance between security and facilitation as part of its strategic and operational plans.
  • The Agency appropriately measures its progress in implementing its strategic and operational plans, and in achieving the desired balance between security and facilitation.
  • The Agency has a corporate human resources management strategy to allocate human resources on the basis of risk, and has defined its training objectives.
  • The Agency has sufficient capacity for training its border services officers to meet its strategic training objectives.
  • The Agency evaluates the effectiveness of its training programs and uses the results of these evaluations to improve staff training.
  • The Agency's strategic and operational plans for information technology are aligned with and support its operational and information needs for border management.
  • The Agency has risk assessment and targeting processes in place to effectively identify and intercept high-risk people and goods on or before their arrival in Canada.
  • The Agency's automated risk assessment tools help identify security threats in a timely manner.
  • The Agency regularly measures the effectiveness of its pre-arrival targeting activities to improve future performance.
  • The Agency assesses and monitors the effectiveness of training provided in support of its targeting operations.
  • In acquiring and developing the TITAN and PAXIS automated risk assessment systems, the Agency has considered the needs of individual users as well as its own needs. It has also identified risks and risk-tolerance to support its targeting decisions.
  • The Agency pre-approves only people, shipments, and companies presenting a low-risk of contravention.
  • The Agency's pre-approval programs expedite the movement of low-risk people and goods.
  • The Agency's pre-approval programs have allowed it to reallocate resources to higher-risk areas.
  • The Agency's approach to border management is consistent with threat and risk assessments.
  • The Agency maintains links with the policing and intelligence community to support risk-based decisions on the interdiction of people and goods at the border.
  • The Agency has established operational standards and procedures to meet its desired balance between security and facilitation. It regularly evaluates and updates these standards.
  • The Agency has procedures and controls in place to ensure that it is appropriately managing seized and detained goods, as well as the risks arising from the responsibilities it carries out on behalf of other government departments.

Audit work completed

Audit work for this chapter was substantially completed on 31 May 2007.

Audit team

Assistant Auditor General: Hugh McRoberts
Principal: Gordon Stock
Lead Auditor: Carol McCalla

Geneviève Couillard
Lori-Lee Flanagan
Marie-Claude La Salle
Bridget O'Grady
Ben Sladic
Diana Thibeault

For information, please contact Communications at 613-995-3708 or 1-888-761-5953 (toll-free).

Appendix—List of recommendations

The following is a list of recommendations found in Chapter 5. The number in front of the recommendation indicates the paragraph where it appears in the chapter. The numbers in parentheses indicate the paragraphs where the topic is discussed.

Recommendation

Response

The challenge of a new and broader mandate

5.20 The Canada Border Services Agency should complete its development of an Integrated Risk Management Framework to guide the delivery of border services in support of its mandate for public safety and trade facilitation.
(5.14–5.19)

The Agency agrees. The Agency analyzes and mitigates risk regularly and uses a variety of strategies, processes, and tools to do so. Border services officers are trained to identify, mitigate, and address all the various risks they would potentially encounter in their work. As well, the Agency manages risks through initiatives such as its risk assessment programs and risk scoring systems for cargo and travellers, detection tools for contraband and radiation detection technology, and the interceptions of irregular migrants before they depart for Canada. The Agency undertakes regular analysis of threats and risks, including the type of contraband, port, mode, type of threat, and country of origin.

The Agency is working to better integrate these existing strategies, processes, and tools into a comprehensive framework, consistent with the Treasury Board Policy on an Integrated Risk Management Framework (IRMF). The Agency is developing an IRMF that builds on its Enterprise Risk Profile. The IRMF will inform decision making and priority setting and provide for continuous improvement.

Notwithstanding all that the Agency is currently doing, it faces considerable resource constraints. This work on the IRMF could be accelerated if the Agency receives incremental resources to address the gap identified in its A-base review of its ongoing funding requirements.

Facilitating low-risk travellers and goods

5.35 The Canada Border Services Agency should establish controls and monitoring for its pre-approval programs to ensure that members who are assessed above low-risk at the time of admission, based on reasonable and credible information, are monitored and their participation in the program is reviewed to ensure that their net risk level is reduced to low.
(5.21–5.34)

The Agency agrees. It has developed a risk-based protocol to direct the monitoring and re-assessment of CSA carrier participants. The backlog of files to be risk-assessed in the NEXUS program has been addressed and monitoring procedures are now in place. The Agency will review its controls and monitoring for all pre-approval programs. In addition, it should be noted that the expansion of the NEXUS program is ongoing and is currently in place at seven international airports and 11 land border sites.

Targeting high-risk people and goods

5.61 The Canada Border Services Agency should design and implement a risk management framework for its pre-arrival targeting activities that links the identified risk with the level of examination.
(5.36–5.60)

The Agency agrees. The Compliance Management Plan element of the new Integrated Risk Management Framework (see response to Recommendation 5.20) will include a component on targeting. This will link targeting decisions, including prescribed levels of examination, to identified levels of risk.

In addition, the Agency recently established an analytical unit at the National Risk Assessment Centre to track containers "loaded without authorization" including their subsequent assessment and examination results. As well, local officers have been advised to report on the examination results of NRAC referrals.

5.62 The Canada Border Services Agency should ensure that

  • targeters consistently document their reasons for all referral decisions,
  • officers document the results of subsequent examinations, and
  • this documented information is used to improve future referrals of people and shipments for further examination.
    (5.36–5.60)

The Agency agrees. The Agency currently has a system in place to document reasons for referral decisions, and has been working for some time on improvements. The Agency has reminded targeters to document reasons for referral decisions. Furthermore, in response to the observation in the marine mode, officers have been instructed to document the results of container examinations or the reasons for non-examination of containers (referred by the National Risk Assessment Centre) to confirm that risks have been mitigated. Monitoring of this activity will be done through the Process Monitoring Framework. The Agency will analyze the results of examinations against referrals to improve future referrals of people and shipments for examination.

5.63 To promote consistency and quality in the targeting process, the Canada Border Services Agency should develop a mandatory training program for all border services officers targeting advance information. The syllabus for the training program should be based on a corporate-wide needs analysis, and its delivery should be monitored, evaluated, and reported on.
(5.36–5.60)

The Agency agrees. For many years, the Agency has given targeting training to targeters, including intensive training given to targeters at the National Risk Assessment Centre and the Marine Centre of Expertise. In addition, at the Toronto airports, the Agency administers a similar training program for passenger targeting. This training has been given to targeters at other airports across the country. The Agency has started a needs analysis to identify gaps between desired performance and existing training.

The Agency will build upon its existing targeting training program to ensure officers have the necessary skill sets to effectively manage and act on information provided for advance targeting purposes. The Agency will also monitor and evaluate delivery of its targeting training for officers, and will periodically report results.

Control at ports of entry

5.68 The Canada Border Services Agency should implement an emergency response plan for all activities under its new mandate.
(5.64–5.67)

The Agency agrees. The Agency is in the process of updating its emergency plan, building on existing plans and reflecting the language of the integrated border services functions, for distribution to field offices in the fall of 2007.

In addition, it should be noted that

  • The Agency has existing emergency plans from the legacy organizations that continue to prove effective, as noted during the management of the London bombing incident in 2005, the Lebanon evacuation in 2006, and the anticipated arrival of illegal migrants in Halifax in 2007.
  • The Agency has an active exercise program, working closely with partners involved in border management issues.
  • The Agency has been developing an All Hazards Manual, which is expected to be issued to all field offices in the fall of 2007. It will address the recommendation to update emergency response plans to reflect the integrated border services.
  • The Agency has worked closely with US Customs and Border Protection to develop a communication and coordination plan that incorporates a quick exchange of pertinent information between the two agencies, as well as the trade community, to expedite the implementation of business resumption efforts and ensure continuity of operations at ports of entry during an emergency.

The processes outlined in the anticipated manual build on the existing processes and will continue to be exercised by the Agency under its continuing exercise program.

5.81 The Canada Border Services Agency should better develop its risk-based approach for the delivery of integrated border services, and use this as a basis for deploying its resources and focusing enforcement efforts.
(5.69–5.80)

The Agency agrees and is continuing to develop an Integrated Risk Management Framework (see Recommendation 5.20) for the delivery of border services.

In addition, the Integrated Risk Management Framework will include a Compliance Management Plan (CMP) to be phased in beginning with the 2008–09 fiscal year. This plan will be expanded from existing processes, which predates the creation of the Agency. As a result, broader risk management and compliance activities will be integrated across business lines. This will include the integration of the Agency's responsibilities for enforcement and port-of-entry functions from Citizenship and Immigration Canada and the food, plant, and animal inspection functions from the Canada Food Inspection Agency.

The Agency's existing Border Management Plan will become a component of the CMP. The Border Management Plan establishes the level of examinations required for each port in Canada based partly on the risk associated with individual ports. The new CMP will be used to better deploy our resources and to better manage a comprehensive risk assessment approach to enforcement.

In addition, the Agency has begun to replace PALS (licence plate readers) and installation has been completed at seven highway locations.

5.87 The Canada Border Services Agency should continue to develop its policies and procedures for creating and using lookouts. In addition, it should improve its monitoring, documentation, and follow-up of lookouts, and develop measures to ensure that information is collected and shared appropriately.
(5.82–5.86)

The Agency agrees. To this end, the Agency is continuing to improve its policies and procedures for creating and using lookouts, and is improving its monitoring and follow-up of lookouts. The lookout monitoring program used in some regions to track and reconcile lookouts has recently been implemented in all regions. As the new integrated policy is developed, the program will be further modified and expanded.

In consultation with its key partners, the Agency is working to implement an integrated lookout policy by January 2008, which will also address issues raised in this report. In addition, the Agency has initiated a review of current methods to more consistently monitor its lookout practices, and is developing an integrated information sharing policy for intelligence sharing with its partners.

5.88 Canada Border Services Agency officers should consistently document the results of referral decisions and the results of their examinations.
(5.82–5.86)

The Agency agrees. The Agency currently has a system in place to document results of referral decisions and examinations. Work is under way to improve the access and user-friendliness of this system for officers. It has reminded its officers to record referral decisions and examination results, and will monitor this through controls referenced in its response to Recommendation 5.107.

5.91 The Canada Border Services Agency should improve the application and monitoring of its controls of seized goods, and improve documentation for its currency seizure decisions.
(5.89–5.90)

The Agency agrees. There are directives in place, which instruct Agency employees on the proper handling, recording, and disposition of seized goods, and documentation for their currency seizure decisions. In addition, in April 2007, the first phase of the Process Monitoring Framework (PMF) was implemented. The PMF, which will be reported on twice per year, contains a module that outlines how each port of entry must monitor its bond room to ensure authorized access and the proper handling of seized goods. In September 2007, the PMF was further modified to include a section on cross-border currency reporting to ensure officers provided sufficient explanation for seizing currency with terms of release. In addition, an internal audit of detained and seized goods is in the planning phase.

5.98 The Canada Border Services Agency should evaluate its training to determine its effectiveness in meeting the Agency's priorities. As well, the Agency should develop a national implementation plan for cross-training border services officers, and monitor its progress.
(5.92–5.97)

The Agency agrees. As part of the new Port of Entry Recruit Training program design, the Agency is taking concrete measures to evaluate the training program on an ongoing basis through the Curriculum Advisory Board. This includes carrying out regular evaluations to gather data about learner reaction, measuring actual learning during the training, and evaluating performance by recruits once back in the workplace. If this evaluation method proves successful, the Agency will, resources permitting, explore the possibility of applying it to other Agency training.

The 2006–07 version of the recruit training program fully supports the integration of food, plant and animal inspection, and customs and immigration roles at ports of entry. Cross-training for the existing workforce has already occurred in several regions, and, at the national level, efforts continue to repurpose the current recruit training products for specific target audiences, develop instructors, conduct train the trainer sessions, and coordinate and track such courses. In the 2007–08 fiscal year, we will develop a national implementation approach for cross-training border services officers and will find ways to more consistently monitor cross-training activities across the country.

Performance measurement

5.107 The Canada Border Services Agency should implement the necessary controls to ensure that the result of each referral and examination is recorded promptly.
(5.99–5.106)

The Agency agrees. The initial phase of the Process Monitoring Framework (PMF) was implemented in April 2007 and has modules to ensure that examination reports are reviewed for completeness and accuracy. The PMF also monitors the timeliness of reports where appropriate.

The Agency has reminded its officers to record the reasons for their referrals and examinations promptly.

5.108 The Canada Border Services Agency should develop and implement a mandatory country-wide random examination program for both people and goods that includes examining each more frequently if they pose additional risks.
(5.99–5.106)

The Agency agrees. The Agency does have an existing Compliance Measurement Program in which random examinations are conducted to measure the compliance of travellers and commercial shipments at large and medium ports. In addition, officers conduct both random and targeted examinations. However, the Auditor General found that this was not operating as it should and the Agency agrees that a more fulsome risk-based random examination program needs to be developed for people and goods. As part of the policy and program design, the Agency will conduct an assessment of whether existing resources would support implementation of country-wide random examinations.

In addition, the Agency anticipates that any random examination program must take into consideration any changes to threat and risk assessments and, in turn, will recommend adjustments to the Compliance Management Plan (see response to Recommendation 5.81) to increase random examinations. Timelines for implementation of recommended changes may be dependent upon availability of resources.

In addition, results from random examinations, as well as program evaluations, will regularly be included in the analysis of results from all examinations. The combined results will be used to validate current risk management procedures, to identify new areas of concern, and to ensure that those who pose greater risks are examined more frequently while low-risk individuals and companies are not excluded from examination.

5.109 The Canada Border Services Agency should record the results of its examinations and use them to improve its ability to identify and examine high-risk people and goods.
(5.99–5.106)

The Agency agrees. The Agency will pursue the development and implementation of a random examination program to identify and examine high-risk people and goods (see response to Recommendation 5.108) and, ultimately incorporate specific random examination targets into the new Compliance Management Plan (see response to Recommendation 5.81). The Agency anticipates that the results derived from this program will assist with resource allocation decisions, as well as trends analysis. National compliance priorities and compliance management efforts will become risk-based and will allow the Agency to continuously improve its ability to identify and examine higher risk people and goods.

The Agency is working with the US Customs and Border Protection through the Harmonized Risk Scoring Initiative to enhance a shared risk scoring algorithm. Furthermore, in June 2007, an enhancement to the Agency's TITAN systems allowed officers to input marine container examination results, VACIS™ images, radiation examination results, and ION scan results directly into TITAN via laptop from the examination facilities. The Agency will review these results, and recommend changes, as appropriate, to the Compliance Management Plan.


Definitions:

Enterprise Risk Profile—A document, also called a corporate risk profile, that sets out the results of an organization's environmental scans, risk assessment, and analysis, and identifies areas for risk management strategies. Organizations have developed various ways to present results, including matrices, risk maps, and reports with summaries by risk area. (Return)

General aviation—The Agency defines this as registered private or company-owned or leased aircraft, carrying no more than 15 passengers including crew members. (Return)

Lookout—Identification of a person, corporation, conveyance, or shipment that, according to risk indicators or other intelligence information, may pose a future threat to the health, safety, security, economy, or environment of Canada and Canadians. (Return)

Integrated Border Enforcement Teams (IBETs)—This is an intelligence-led Canada–US law enforcement initiative. IBETs are comprised of federal law enforcement, customs, and immigration partners who share information and work together with provincial, state, and local enforcement agencies on issues relating to national security, organized crime, and other cross-border illegal activities between ports of entry. (Return)

Port runners—Individual travellers or drivers of commercial or private vehicles who intentionally go through a designated border crossing, but do not stop or do not complete the full Canada Border Services Agency clearance process. For example, arrivals who do not stop for primary inspection or who are referred for secondary examination but keep driving past the compound or around the pylons or barricades to avoid the border clearance process. (Return)

Failures to report—Individual travellers or drivers of commercial or private vehicles who have crossed the border without the knowledge of Agency officials. Examples include travellers arriving outside regular hours of operation or at a non-designated port of entry. These occurrences are usually discovered after the fact, for example, when tracks are identified in the snow the following morning. Unintentional cases occur when travellers mistakenly fail to report due to confusing signage or road configuration. (Return)

Mandatory line release—At the Ambassador Bridge port of entry, commercial shipments may only enter Canada when advance information has been provided, or under streamlined clearance options for low-risk companies. Incoming shipments are processed for release upon arrival at the port, making release decisions more timely. (Return)

Forced payments—The collection of duties and taxes lawfully owing on goods in lieu of taking seizure action when the importer did not voluntarily declare goods. Also referred to as forced collections. (Return)