Integrated Business Statistics Program (IBSP)

Reporting Guide

This guide is designed to assist you as you complete the Survey on Capital and Repair Expenditures Actual 2014.

Your answers are confidential.

Statistics Canada is prohibited by law from releasing any information it collects which could identify any person, business, or organization, unless consent has been given by the respondent or as permitted by the Statistics Act.

Statistics Canada will use information from this survey for statistical purposes.

Table of contents

Data-sharing agreements
Record linkages
Reporting period information
Definition
Industry characteristics

Data sharing Agreements

Data sharing Agreements

To reduce respondent burden, Statistics Canada has entered into data-sharing agreements with provincial and territorial statistical agencies and other government organizations, which have agreed to keep the data confidential and use them only for statistical purposes. Statistics Canada will only share data from this survey with those organizations that have demonstrated a requirement to use the data.

Section 11 of the Statistics Act provides for the sharing of information with provincial and territorial statistical agencies that meet certain conditions. These agencies must have the legislative authority to collect the same information, on a mandatory basis, and the legislation must provide substantially the same provisions for confidentiality and penalties for disclosure of confidential information as the Statistics Act. Because these agencies have the legal authority to compel businesses to provide the same information, consent is not requested and businesses may not object to the sharing of the data. For this survey, there are Section 11 agreements with the provincial and territorial statistical agencies of Newfoundland and Labrador, Nova Scotia, New Brunswick, Quebec, Ontario, Manitoba, Saskatchewan, Alberta, British Columbia, and the Yukon.

Section 12 of the Statistics Act provides for the sharing of information with federal, provincial or territorial government organizations. Under Section 12, you may refuse to share your information with any of these organizations by writing a letter of objection to the Chief Statistician and returning it with the completed questionnaire. Please specify the organizations with which you do not want to share your data.

For this survey, there are Section 12 agreements with the statistical agencies of Prince Edward Island, the Northwest Territories and Nunavut as well as National Energy Board, Natural Resources Canada and Environment Canada.

For agreements with provincial and territorial government organizations, the shared data will be limited to information pertaining to business establishments located within the jurisdiction of the respective province or territory.

Record linkages

To enhance the data from this survey, Statistics Canada may combine it with information from other surveys or from administrative sources.

Reporting period information

For the purpose of this survey, please report information for your 12 month fiscal period for which the final day occurs on or between April 1, 2014 — March 31, 2015.
Here are twelve common fiscal periods that fall within the targeted dates:

  • May 1, 2013 to April 30, 2014
  • June 1, 2013 to May 31, 2014
  • July 1, 2013 to June 30, 2014
  • August 1, 2013 to July 31, 2014
  • September 1, 2013 to August 31, 2014
  • October 1, 2013 to September 30, 2014
  • November 1, 2013 to October 31, 2014
  • December 1, 2013 to November 30, 2014
  • January 1, 2014 to December 31, 2014
  • February 1, 2014 to January 31, 2015
  • March 1, 2014 to February 28, 2015
  • April 1, 2014 to March 31, 2015

Here are other examples of fiscal periods that fall within the required dates:

  • September 18, 2013 to September 15, 2014 ( e.g. ., floating year-end)
  • June 1, 2014 to December 31, 2015 ( e.g. ., a newly opened business)

Definition

Dollar amounts

  • all dollar amounts reported should be rounded to thousands of Canadian dollars ( e.g. ., $6,555,444.00 should be rounded to $6,555);
  • percentages should be rounded ( e.g. ., 37%, 76%, 94%);
  • your best estimates are acceptable when precise figures are not available;

What are Capital Expenditures?

Capital Expenditures are the gross expenditures on fixed assets for use in the operations of your organization or for lease or rent to others.

Include:

  • Cost of all new buildings, engineering, machinery and equipment which normally have a life of more than one year and are charged to fixed asset accounts
  • Modifications, acquisitions and major renovations
  • Capital costs such as feasibility studies, architectural, legal, installation and engineering fees
  • Subsidies
  • Capitalized interest charges on loans with which capital projects are financed
  • Work done by own labour force
  • Acquisitions to work in progress

How to Treat Leases

Include:

  • assets acquired as a lessee through either a capital or financial lease;
  • assets acquired for lease to others as an operating lease.

Exclude

  • assets acquired for lease to others, either as a capital or financial lease.

Information for Government Departments
The following applies to government departments only:

Include

  • all capital expenditures without taking into account the capitalization threshold of your department;
  • grants and/or subsidies to outside entities ( e.g. ., municipalities, agencies, institutions or businesses) are not to be included;
  • Departments are requested to exclude from reported figures budgetary items pertaining to any departmental agency and proprietary crown corporation as they are surveyed separately;
  • Federal departments are to report expenditures paid for by the department, regardless of which department awarded the contract;
  • Provincial departments are to include any capital expenditures on construction (exclude outlays for land) or machinery and equipment, for use in Canada, financed from revolving funds, loans attached to revolving funds, other loans, the Consolidated Revenue Fund or special accounts.

Industry characteristics

Asset codes: Capital expenditures are to be reported by asset type code. The code for each main asset type is located on page 6, 7, 8 and 9 of this guide. These codes are to be used in question 2 column 1, question 3 column 1 and question 7.
If you have purchased more than one asset in a particular asset group, report them separately if they had a different expected useful life (question 2 and 3, column 6), otherwise you may combine the data;
The use of “Other” codes is to be avoided, if possible.
In question 2 and 3, construction and machinery and equipment type of assets are separated. This is not necessary in question 7;
If more lines are required for question 2, 3 or 7, please photocopy the relevant section(s) and attach to the questionnaire.
New Assets: Report Capital Expenditures for acquisitions of new assets including the portion of work in progress for the current year. Include imports of used assets since they represent newly acquired assets for the Canadian economy.

Purchase of Used Canadian Assets: The object of our survey is to measure the acquisitions of new fixed assets separately from used fixed assets in the Canadian economy as a whole. This is because the acquisition of used assets does not increase the total inventory of fixed assets, it only transfers them within the Canadian economy. Report acquisition of used assets separately in this column.

Renovation, Retrofit, Refurbishing, Overhauling and Restoration: Report Capital Expenditures for existing assets being upgraded, renovated, retrofitted, refurbished, overhauled or restored.

Expected Useful Life of Assets: Report the expected life of the asset in years.

Land: Capital expenditures for land should include all costs associated with the purchase of the land that are not amortized or depreciated. Improvements of land should be reported in Non-Residential Construction.

Residential Construction: Capital expenditures incurred during the reporting period for residential structures (on a contracted basis and/or by your own employees).

Include the housing portion of multi-purpose projects and of townsites.
Exclude buildings that have accommodation units without self contained or exclusive use of bathroom and kitchen facilities ( e.g. ., some student and senior citizens residences) and associated expenditures on services.

Non-Residential Construction: Capital expenditures incurred during the reporting period for non-residential building and engineering construction (on a contracted basis and/or by your own employees) whether for your own use or rent to others.

Include:

  • Manufacturing plants, warehouses, office buildings, shopping centres, etc.;
  • Roads, bridges, sewers, electric power lines, underground cables, etc.;
  • The cost of demolition of buildings, land servicing and site preparation;
  • Leasehold and land improvements.
  • Acquisitions to work in progress;
  • Townsite facilities such as streets, sewers, stores and schools;
  • Buildings that have accommodation units without self contained or exclusive use of bathroom and kitchen facilities ( e.g. ., some student and senior citizen residences) and associated expenditures on services;
  • All preconstruction planning and design costs such as engineer and consulting fees and any materials supplied to construction contractors for installation, etc.

Machinery and Equipment

Capital expenditures incurred during the reporting period for machinery and equipment, whether for your own use or for lease or rent to others.

Include:

  • Automobiles, trucks, professional and scientific equipment, office and store furniture and appliances;
  • Computers (hardware and software), broadcasting, telecommunications and other information and communication technologies equipment;
  • Motors, generators, transformers;
  • Any capitalized tooling expenses;
  • Acquisitions to work in progress;
  • Progress payments paid out before delivery in the year in which such payments are made;
  • Any balance owing or holdbacks should be reported in the year the cost is incurred.

Non-Capital Repair and Maintenance Expenditures: This question represents the repair and maintenance of assets in contrast to the acquisition of assets or the renovation of assets.

Include:

  • Gross non-capital repair and maintenance expenditures on non-residential buildings, other structures and on machinery and equipment;
  • Value of repair work done by your own employees as well as payments to persons outside your employ;
  • Building maintenance such as janitorial services, snow removal and sanding;
  • Equipment maintenance such as oil changes and lubrication of vehicles and other machinery.

Work in Progress: Work in progress represents accumulated costs since the start of capital projects which are intended to be capitalized upon completion.

Typically capital investment includes any expenditure on an asset in which its life is greater than one year. Capital items charged to operating expenses are defined as expenditures which could have been capitalized as part of the fixed assets, but for various reasons, have been charged to current expenses.

Cost component of expenditures

Total: These are the amounts to be divided between contractors and company’s own workers.

Value of Work Performed by Contractors: Work performed by contractors are contract billings or equivalent including holdbacks.

Value of Own Account Work: In addition to own account work, include all materials and supplies provided free to contractors and all architects, engineering and consultants fees and similar services.
Salaries and Wages: Show the total value of salaries and wages paid to your employees. Salaries and wages are gross earnings before deductions such as income tax and include incentive bonuses and vacation pay but exclude fringe benefits.

Materials and Supplies: Report total cost of materials and supplies used by your own employees and those provided free to contractors relating to the expenditures reported.

Other Charges: Examples of other charges are insurance, power, telephone and also architectural, legal, and engineering fees considered to be applicable to the expenditures reported.

Operating lease
The lessor bears the risk of ownership and retains a significant “residual” economic interest in the leased property. The lessee has the right to temporary use of the property, for a term shorter than the economic life of the property, in exchange for regular payments. At the end of the lease, the lessee has the option of purchasing the property at fair market value.

Capital or financial lease

These leases are similar in that the lessor in effect finances the “purchase” of the leased property by the lessee and retains a security interest in the leased property. The lessee retains the leased property for substantially all of its economic life. The lessee usually has the option at the end of the lease to purchase the property at a “bargain” price.

Disposal and sales of fixed assets

Selling price

The total value, or the sales of fixed assets which were disposed of or sold, even if traded in for credit in the acquisition or purchase of new fixed assets. When land and buildings are sold together, please report the selling price of the land separately, along with other land sales.

Gross book value

This value should represent total capital expenditures for an asset, at and since the time of original construction or purchase, including all subsequent capital expenditures for the purpose of modernization, expansion, etc. Any subsidies received should not be subtracted.

Age

Report the age of the fixed asset at the time of disposal.
If you have disposed of or sold similar assets of varying ages, report them separately or combine the data and provide a weighted average for the ages.

Non-residential construction

Asset description and codes

The asset items and categories listed below are groupings of fixed assets generally having a similar function which can apply to various industries.

Construction structures should be classified to an asset according to its principal use unless it is a multi-purpose structure where we would like you to separate the components. The cost of any machinery and equipment which is an integral or built-in feature of the structure (i.e. elevators, heating equipment, sprinkler systems, environmental controls, intercom systems, etc.) should be reported as part of that structure as well as landscaping, associated parking lots, etc.

Industrial building

Asset code Description
6221121 Manufacturing plants
6221131 Industrial depots and service buildings
6221111 Farm buildings and structures
6221141 Other industrial sites and structures - specify:

Commercial Building

Asset code Description
6222311 Industrial laboratories, research and development centres
6222321 Warehouses
6222331 Service stations
6222111 Office buildings
6222351 Hotels
6222341 Restaurants
6222211 Shopping centres, plazas, malls and stores
6222361 Theatres and halls
6222363 Indoor recreational facilities
6222372 Other collective dwellings
6222371 Student residences
6222380 Airports and other passenger terminals
6222391 Communications buildings
6222362 Sports facilities with spectator capacity
6222392 Other commercial properties, not elsewhere classified - specify:

Institutional Building

Asset code Description
6223111 Schools, colleges, universities and other educational buildings
6223311 Religious centres and memorial sites
6223211 Hospitals
6223221 Clinics and other medical buildings
6223341 Daycare centres
6223351 Libraries
6223331 Historical sites
6223321 Museums
6223361 Public security facilities
6223222 Nursing homes, homes for the aged
6223371 Other institutional properties - specify:

Marine Engineering

Asset code Description
6231311 Seaports
6231331 Canals and waterways
6231321 Marinas and harbours
6231399 Other marine infrastructure - specify:

Transportation Engineering

Asset code Description
6231211 Parking lots and garages
6231111 Highway and road structures and networks
6231230 Runways (include lighting)
6231221 Railway lines
6231121 Bridges
6231131 Tunnels
6231499 Other transportation construction - specify:

Waterworks Engineering

Asset code Description
6235111 Water filtration plants
6235121 Water supply infrastructure

Sewage Engineering

Asset code Description
6235211 Sewage treatment plants
6235221 Sewage treatment infrastructure

Electric Power Engineering

Asset code Description
6233114 Wind and solar power plants
6233111 Steam production plants
6233112 Nuclear production plants
6233113 Hydraulic production plants
6233121 Power transmission networks
6233131 Power distribution networks
6233119 Other electric power construction - specify:

Communication Engineering

Asset code Description
6234112 Cables and lines - coaxial, copper, aluminum, etc (exclude optical fibre) ( e.g. ., aerial, underground and submarine)
6234114 Optical fibre ( e.g. , aerial, underground and submarine)
6234113 Transmission support structures - towers, poles, conduit
6234119 Other communication construction - specify:

Oil and Gas Engineering

Asset code Description
6232121 Oil refineries
6232122 Natural gas processing plants
6232999 Gas mains and services
6232999 Pumping stations, oil
6232999 Pumping stations, gas
6232999 Bulk storage
6232211 Pipelines
6411111 Exploration drilling
6232112 Development drilling
6232110 Production facilities in oil and gas extraction
6711113 Enhanced recovery projects
6711112 Site development and other pre-mining costs
6411112 Geological, geophysical and other exploration and evaluation costs
6232999 Other oil and gas engineering - specify:

Mining

Asset code Description
6236112 Mine buildings including headframes, ore bins, ventilation structures, backfill plants and other surface buildings
6236113 Mine buildings for beneficiation treatment of minerals (excluding smelters and refineries)
6236113 Mine shafts, drifts, crosscuts, raises, declines, stopping, etc.
6236114 Tailing disposal systems, settling ponds
6412111 Mineral exploration
6711211 Mine-site development

Other Engineering

Asset code Description
6236261 Pollution abatement and control
6236251 Outdoor recreational facilities
6236231 Waste disposal facilities
6236241 Irrigation networks
6112111 Improved land
6236211 Reclaimed land
6236269 Other engineering construction- specify:

Other Construction (not specified elsewhere)

Asset code Description
6241119 Other construction (not specified elsewhere) - specify:

Machinery and equipment

Asset description and codes

The asset items and categories listed below are groupings of fixed assets generally having a similar function that can apply to various industries.
a) Machinery and equipment are generally housed in structures and can be removed or replaced without significantly altering the structure

Transportation Equipment

Asset code Description
4121100 Medium and heavy-duty trucks
4121211 Buses
4111000 Passenger cars, light-duty trucks, vans and SUVs
4121300 Freight and utility trailers
4121221 Special-purpose vehicles
4411200 Locomotives, railway rolling stock, and rapid transit equipment
4211112 Civilian aircraft
4411112 Non-military ships, barges and platforms
4421100 Boats and personal watercraft
4129000 Other Motor Vehicles
3311100 Agricultural, lawn and garden machinery and equipment
4421259 Other transportation equipment - specify:

Processing Equipment

Asset code Description
3453311 Water treatment equipment
3454342 Filters and strainers for fluids and fluid power systems
3454331 Packing, packaging, and bottling machinery
3411100 Metalworking machinery
3321151 Mineral crushing, screening, processing and beneficiation machinery and equipment
3321111 Logging machinery and equipment
3431100 Other industry-specific manufacturing machinery, not elsewhere classified - specify:

Computers, Computer Software and Office Equipment

Asset code Description
3611100 Computers and computer peripheral equipment
4814000 Pre-packaged software
6431119 Custom software developed in-house/own account
6431110 Custom software design and development, contracted out
3421110 Optical and projection equipment, photocopiers, and office machines (except computers and peripherals)
3911400 Office furniture
3622100 Televisions and other audio and video equipment

Telecommunications, Cable and Broadcasting Equipment

Asset code Description
3621200 Broadcast, studio, alarm, and signalling equipment
3621300 Navigational and guidance instruments
3621100 Telephone and data communications equipment
3621419 Other communication equipment - specify:

Production Plant

Asset code Description
3631100 Electric motors and generators
3812300 Switchgear, switchboards, relays, and industrial control apparatus
3452111 Turbines, turbine generators, and turbine generator sets
3812211 Power and distribution transformers
3631230 Instruments for measuring electricity
3453113 Nuclear reactor steam supply systems
3453159 Other boilers, metal tanks, industrial valves and seals

Other Machinery and Equipment

Asset code Description
3911600 Institutional and other furniture, not elsewhere classified (including furniture frames)
3451000 Engines (except gasoline and diesel engines for motor vehicles, and aircraft engines) and mechanical power transmission equipment
3453200 Pumps and compressors
3441100 Heating and cooling equipment (except household refrigerators and freezers)
3454341 Industrial furnaces and ovens, and electric industrial heating equipment
3321169 Other oil and gas field machinery and equipment
3454211 Materials handling trucks and tractors
3321100 Construction machinery and equipment
3321141 Rock drilling machinery and equipment
3321142 Other mining and quarrying machinery and equipment, not elsewhere classified
3321165 Oil and gas field production machinery and equipment
3812220 Other transformers
3631260 Scientific and technical instruments (except electromedical and irradiation equipment)
3631300 Medical and laboratory equipment (except scientific instruments)
3631269 Other measuring, control, and scientific instruments (except electromedical and irradiation equipment)
3454320 Power-driven hand tools (except welding and soldering equipment)
3455110 Industrial moulds, special dies, and patterns
4211111 Military aircraft
4411111 Military ships
4421231 Military armoured vehicles
4751100 Medical, dental and personal safety supplies
3454249 Other materials handling equipment, conveyors, and elevators
4751211 Billboards
4711321 Non-residential mobile buildings
1561111 Waste and scrap of iron and steel
1561211 Waste and scrap of aluminum and aluminum alloy
1561220 Waste and scrap of other non-ferrous metals
3421121 Commercial cooking and food-warming equipment
3421130 Commercial and service industry machinery, not elsewhere classified
3454100 Heavy-gauge metal containers (including intermodal)
3454311 Welding and soldering equipment
9999999 Other machinery and equipment - specify:

How data are used

Statistical information is used to:

  • analyze economic performance
  • develop fiscal, monetary, and foreign exchange policies
  • shape international tariffs and trade negotiations
  • develop policies and programs to assist small businesses
  • support policy development and evaluate government programs on economic and social well-being
  • improve allocation of government program funding by determining their social and economic effects
  • support the regulatory and legislative requirements of government;
  • draw electoral boundaries
  • determine equalization payments and other federal-provincial fiscal transfers
  • adjust inflation-indexed contracts and entitlements
  • develop programs to promote domestic and international competitiveness
  • support immigration policies and programs
  • support tourism strategies and programs
  • assess the cost-effectiveness of health care and education programs
  • monitor the justice system's effectiveness and efficiency
  • select sites for schools and public transportation
  • develop programs such as day care and subsidized housing.

Stakeholders

Statistics Canada's stakeholders include

The Canadian public and media

Statistics Canada's basic information on the Canadian economy and society—economic growth, employment, inflation, balance of payments, population, family income, health, education, justice and many other topics—is communicated to the public largely through the media.

Government

Federal, provincial, territorial and municipal governments use our data extensively to develop policies and plan the services from which Canadians benefit every day. These may be social services, education, public transit, urban planning or employment and work force training programs. Governments, like people and businesses, are major data users as well as suppliers.

Businesses and labour unions

Businesses and labour unions are important sources and users of the Agency's information. Reducing the burden of surveys on the business community continues to be an important factor in the design of statistical programs. Many communication channels are maintained with this sector, including close collaboration with small businesses.

The academic sector

For both research and teaching purposes, the academic sector is a significant user of Statistics Canada data. It is also a prime source of advice to the Agency.

Foreign and international bodies

Statistics Canada maintains extensive contacts with international, scientific and intergovernmental organizations, to share professional expertise and to promote common concepts, standards and practices.

Canada's membership in international organizations, such as the United Nations and the Organisation for Economic Cooperation and Development, requires that the Agency's outputs meet international standards, ensuring that Canadian data continue to be comparable with those of other countries. Links to many of these organizations can be found at External links.

Other client groups

There are many other users of Statistics Canada's data whose interests are taken into account, such as regional and local governments, libraries, professional associations, research institutes, special interest and voluntary groups.

Interpretation Policy

An interpretation policy is an overarching document that outlines the commitments, practices, and tools to be applied by a department or agency when providing Canadians and businesses with information and guidance on regulatory obligations to be met. It also identifies the conditions under which written responses to questions will be provided.

Departmental/Agency context

Statistics Canada, a member of the Innovation, Science and Economic Development portfolio, produces statistics that help Canadians better understand their country—its population, resources, economy, society and culture.

Under the Statistics Act, the Agency is required to "collect, compile, analyse, abstract and publish statistical information relating to the commercial, industrial, financial, social, economic and general activities and conditions of the people of Canada.” Statistics Canada conducts the Census of Population and the Census of Agriculture and about 350 surveys on virtually all aspects of Canadian life.

In addition to the Statistics Act, the Chief Statistician of Canada under the authority of the Minister of Industry administers the Corporations Returns Act.The purpose of the Corporations Returns Act is to collect financial and ownership information on corporations conducting business in Canada and to use this information to evaluate the extent and effect of non-resident control of the Canadian corporate economy. The Corporations Returns Act requires that an annual report be submitted to Parliament summarizing the extent to which foreign control is prevalent in Canada.

Statistics Canada is responsible for only one regulation: the Corporations Returns Regulations. These regulations outline the reporting requirements and the various reporting thresholds for the Corporations Returns Act.

Predictability

Plain language commitment

Statistics Canada is committed to communicating with Canadians and businesses in a clear and effective manner. As articulated in the Communications Policy of the Government of Canada, to ensure clarity and consistency of information, plain language and proper grammar are used in all communication with the public. At Statistics Canada, guidance and support on this matter are provided by the Agency's Communications Division.

Correspondence with the public related to the Corporations Returns Act, such as introductory and follow-up letters, are reviewed by communications specialists prior to implementation. In addition, as required by Statistics Canada's Policy on the Review and Testing of Questionnaires, survey forms, questionnaires and schedules are reviewed by the Agency's Questionnaire Design Resource Centre to ensure they are well understood by respondents and written at the appropriate literacy level.

Providing guidance and building awareness

Statistics Canada uses several different tools and approaches to help build awareness and understanding of the regulatory requirements of the Corporations Returns Regulations.

On the Agency's website under the module 'Information for Survey Participants', Canadians and businesses can find information on all surveys conducted by Statistics Canada including information on the Information for Survey Participants - Corporations Returns Act.

In an information package sent to respondents, the Agency includes a user guide which explains the regulatory requirements of the Act, provides instructions on how to complete the forms, and lists contact information.

Finally, Statistics Canada takes a proactive approach in determining who should be reporting information required by the Corporations Returns Act. To assist corporations in fulfilling their responsibilities under the Corporations Returns Act, the Agency uses administrative data and internal survey data to identify which corporations need to report. These corporations are then contacted by Statistics Canada and provided with the necessary forms to be filled out. This proactive approach helps to ensure corporations are able to meet their obligations under the Corporations Returns Act.

Responding to questions

Statistics Canada has established a centralized unit to respond to questions related to the Corporations Returns Act and the Corporations Returns Regulations:

Statistics Canada
C/O Industrial Organization and Finance Division
170 Tunney’s Pasture Driveway
Ottawa ON K1A 0T6

statcan.corpreturnsact-loidpm.statcan@statcan.gc.ca

1-866-825-5957
613- 951-9858

All requests are responded to in accordance with the Agency’s Standards of Service to the Public, and in the manner (by email, letter, telephone call, etc.) requested by the client.

Service

Service commitment

Statistics Canada is committed to providing Canadians and businesses with excellence in service. Requests received from the public are treated in a prompt, reliable, courteous and fair manner. The Agency has established centres of expertise, such as Advisory Services and the Enterprise Portfolio Management Program, to support service requests.

All requests by Canadians and businesses are responded to in accordance with the Agency's established Standards of Service to the Public.

Service accountability

As part of Statistics Canada's efforts to efficiently manage its relationships with businesses, the Agency established the position of an Ombudsman for businesses.

The role of the Ombudsman for businesses is to investigate complaints from business survey respondents, including respondents under the Corporations Returns Act, who believe they are unduly burdened or have been treated unprofessionally by Statistics Canada. The Ombudsman's services are impartial and free of charge.

Business survey participants can contact the Ombudsman for businesses by calling at 1-855-634-236 or 1-800-263-1136 or by emailing statcan.ombudsman-ombudsman.statcan@canada.ca.

Staff training

An ongoing training program ensures Statistics Canada officials have the necessary skills and technical knowledge to provide quality service and accurate regulatory guidance. This training encompasses both subject specific training related to the Corporations Returns Act as well as client service related training.

Stakeholder engagement

Commitment to stakeholder engagement

Stakeholder engagement and consultation are long-standing practices of Statistics Canada. This open and inclusive engagement helps to identify concerns, minimize implementation burden, test and improve solutions and facilitate understanding.

When exploring potential changes to the materials which provide information and guidance on the Corporations Returns Act, including how they are delivered, Statistics Canada actively engages stakeholders to obtain their feedback.

Stakeholder engagement mechanisms

To effectively engage stakeholders in the development and review of regulatory information and guidance, Statistics Canada may use a number of vehicles. These include focus groups, direct consultation with a sample of stakeholders and online response mechanisms.

Improvement

Statistics Canada is committed to working with the Treasury Board Secretariat and the Community of Federal Regulators to improve its interpretation policy services and tools and will continue to liaise with clients and stakeholders on regulatory requirements.

For the collection of information under the Corporations Returns Act, Statistics Canada proactively identifies and contacts businesses which should be adhering to the regulation. The Agency sends a letter of invitation which includes links to guidance materials, Q and As, etc. Respondents are asked to complete and return forms, and to contact the Agency if clarification or assistance is required. The Agency gathers feedback through the comment sections on the paper and electronic questionnaires (EQ) as well as through direct requests for information received by phone, e-mail and regular mail. Statistics Canada uses this feedback to improve its documentation and processes on an ongoing basis.

For the collection period which began in January 2015, the Agency received feedback which was used to improve the way information is collected under the Corporations Returns Act. In particular, the following items related to the Agency's interpretation practices/materials were identified:

  • a new user guide specifically for EQ
  • additional question-level help for EQ
  • additional FAQs responding to specific questions on the scope of the regulation.

Statistics Canada has implemented the following items:

  • a new user guide specifically for EQ. The use of EQ allows Statistics Canada to pre-fill a significant portion of the questionnaire. This reduces respondent burden and it also requires that respondents are provided with more focused guidance when completing EQ. The new user guide incorporates this more focused guidance and will provide considerable assistance to Statistics Canada's EQ respondents.
  • additional question-level help for EQ. Statistics Canada is providing respondents with additional background on the questions asked in order to facilitate the completion of electronic questionnaires. This new resource is in keeping with Statistics Canada's long-standing commitment to maintaining positive respondent relations. Question-level help is found on Schedule I - Ownership Corporations Returns Act.
  • It was determined not necessary to develop additional FAQs. This decision was taken in light of the positive feedback received following the success of Statistics Canada's conversion to the EQ format. All FAQs relating to information collection under the Corporations Returns Act are available on the Information for survey participants — Corporations Returns Act — Frequently asked questions

To measure the effectiveness of these changes, Statistics Canada will systematically monitor feedback through the channels noted above to ensure issues specific to the improvement items decrease in number.

Metrics for evaluating implementation:

  • Number of inquiries related to the use of EQ
  • Number of inquiries related to the scope of the regulation.

Frequently asked questions

The questions below are meant to provide Canadians and businesses with basic information about Statistics Canada's regulations.

The following list will be updated periodically to reflect any new recurring enquiries.

Corporations Returns Regulations

1. What is the purpose of this regulation?

The Corporations Returns Act mandates Statistics Canada to collect information on ownership and control of Canadian businesses for the purpose of determining the level of foreign control in the Canadian economy.

The purpose of the Corporations Returns Regulations is to inform Canadians and Canadian businesses on how the Corporations Returns Act is applied. The Corporations Returns Regulations describe the current financial thresholds under which Canadian businesses are required to file returns containing the information set out in sections 4 and 5 of the Act. This regulation also provides the required forms, Schedule I – Ownership Return and Schedule II – Financial Information.

2. What are the key elements of this regulation?

The Corporations Returns Regulations cover three key elements:

  • the financial thresholds,
  • the schedules (I & II), and
  • the timeline for filing the information.

Canadian businesses are required to file returns if they have:

  • assets of 600 million dollars or more; or
  • revenues of 200 million dollars or more; or
  • debt obligations or equity owning to non-residents of 1 million dollars or more.

Schedule I – Ownership Return is the key component of this Act. The information collected in this return relates to the share capital of the corporation, ownership of the share capital, its directors and officers and its subsidiaries.

Schedule II – Financial Information is a secondary component that must only be filed if such information has not already been provided to Statistics Canada or the Canada Revenue Agency. The information collected in this return relates to financial statements details such as assets, liabilities, operating revenues and expenses, dividends, depreciation and investments.

Businesses have 90 days following their fiscal year end to file the returns.

3. How does this regulation affect Canadian businesses?

Every individual business that is part of a group of commonly controlled businesses is required to file a Schedule I – Ownership Return if they meet one of the following criteria:

  • Has combined assets of 600 million dollars or more; or
  • Has combined revenues of 200 million dollars or more.

In addition, individual business with debt obligations or equity owning to non-residents exceeding 1 million dollars are also required to file a Schedule I – Ownership Return.

Furthermore, Canadian businesses that have not filed a set of financial statements with Statistics Canada or filed their income taxes with Canada Revenue Agency, are required to file a Schedule II – Financial Information Return, regardless of their assets, revenues or debt obligations or equity owing to non-residents.

4. What is the timeline for implementation?

The Corporations Returns Act and the associated regulations are currently in effect.

The Corporations Returns Act, formerly known as the Corporations and Labour Unions Returns Act, was first introduced in 1962 to address concerns of rising foreign control. Since that time, Statistics Canada has prepared annual reports to Parliament monitoring the state of foreign control in the Canadian economy. In January 1999, Parliament officially amended the Act, deleting the requirement of labour unions to report under the Act.

In January 2014, the Corporations Returns Regulations were made by the Governor in Council, and replaced the Corporations Returns and Labour Unions Regulations. These regulations set the new reporting thresholds, renumbered the schedules, and aligned the regulations with the Act. The regulations will be reviewed on a periodic basis to ensure the thresholds and reporting requirements remain valid.

5. Where can I get more information?

Information can be obtained by contacting Statistics Canada at:

Statistics Canada
C/O Industrial Organization and Finance Division
170 Tunney's Pasture Driveway
Ottawa ON K1A 0T6

statcan.corpreturnsact-loidpm.statcan@statcan.gc.ca

1-866-825-5957
613- 951-9858

6. Additional Frequently asked questions (FAQs)

Information for survey participants — Corporations Returns Act — Frequently asked questions

Audit of Research Data Centre (RDC)
McMaster University

July 15, 2014
Project Number: 80590-79

Executive Summary

The McMaster Research Data Centre (RDC) is one of 27 RDCs located on university campuses across Canada. RDCs were established through the efforts of Statistics Canada, Social Sciences and Humanities Research Council, Canadian Institutes of Health Research and university consortia, to strengthen Canada's social research capacity and support the policy research community. The McMaster RDC facility was the first RDC open, and is located on the second floor of the Mills library on the McMaster University campus.

Although the McMaster University RDC is considered a medium-sized RDC facility, the centre has a number of student researchers who require more support than other more experienced researchers. In 2012, the total number of active contracts at the McMaster RDC grew by almost 26%. Of the approximately 111 researchers authorized to access the centre, 45% were students.

RDCs are staffed by Statistics Canada employees and are operated under the provisions of the Statistics Act. As such, RDCs are required to have security measures in place that safeguard confidential data to the same degree as other Statistics Canada offices.

The objectives of this audit were to provide the Chief Statistician (CS) and the Departmental Audit Committee (DAC) with assurance that the McMaster University RDC:

  • Complies with applicable Treasury Board Secretariat (TBS) and Statistics Canada policies and standards regarding Information Technology (IT) and Physical Security, to ensure that confidentiality of data is protected in the delivery of services.
  • Has effective practices and mechanisms in place to ensure that the confidentiality of data is protected in the delivery of services.

The audit was conducted by Internal Audit Division (IA) in accordance with the Government of Canada's Policy on Internal Audit.

Key findings

Roles and responsibilities at both the program level and regional level are defined and communicated. While RDC staff established constructive peer-to-peer relationships with researchers, researcher activities within the facility are not actively monitored. Within this context, it is unlikely that RDC staff would be able to detect, report and mitigate the impacts of confidentiality incidents.

Researchers are required to become 'deemed' employees prior to accessing confidential microdata at the RDCs, in accordance with the Statistics Act. As such, they are subject to the provisions of the Statistics Act and its legal consequences, if a breach of confidentiality occurs. This is a key management control that ensures the confidentiality of microdata within the centres.

Review of the physical security in place at the McMaster RDC found that access to the centre is restricted to authorized personnel. Review of automated and manual access control logs found that these controls are not fully effective as automated controls do not accurately record all activity and manual visitor logs are not used.

Requirements related to the physical setup of researcher workstations in RDCs note that there must be a physical protection of monitors to ensure there is no direct view between workstations. This measure is not in place at the McMaster facility. Additionally, departmental physical security recommendations resulting from the December 2011 inspection have not been formally responded to and the mandatory high-security deadbolt on the RDC entrance was not in place.

IT systems that safeguard records and data are in place and in compliance with applicable laws and Treasury Board policies. Authentication and identification controls in place are effective.

The authority for the administration of the microdata research contracts (MRC) and the confidentiality risk analysis are formally delegated at the program level and operational level. Roles and responsibilities have been formally defined and communicated. Review of the management of MRCs found that values and ethics acknowledgement forms were not in place for some researchers with current MRCs. Additionally, results of certain proposal evaluations for MRCs were not on file in the RDC, and in one case, the contract did not correctly reflect data that had been approved for access. As a result, researchers had access to confidential microdata that had not been approved for the project.

Processes and procedures for confidentiality vetting are in place and requests for vetting are carefully administered and effectively screened by the RDC analyst to confirm that the confidentiality of the data is not compromised. However, data vetting request forms were found to be deleted after data vetting had been completed.

Overall conclusion

Statistics Canada's Research Data Centres were created to provide external researchers with access to Statistics Canada's confidential microdata. To ensure the confidentiality of these data files, program management designed a control framework specifically for the RDCs. Within this context, several control weaknesses were noted during the audit of the McMaster University RDC. Taken individually, these items do not present a significant material risk to the confidentiality of the information held in RDCs. However, when these risks are assessed in aggregate, the risk to the confidentiality of information is increased. Requiring researchers to become 'deemed' employees under the Statistics Act ensures that researchers are aware of their responsibilities and the potential penalties associated with a violation of confidentiality and is a key control used within the RDC environment to mitigate risks to the confidentiality of the information. Nonetheless, greater application of day-to-day monitoring controls within the centre is necessary to ensure the confidentiality of data is protected in the delivery of services. Physical security requirements for the RDC facilities should be clarified and mandatory requirements should be implemented.

Although weaknesses were noted in the physical environment, the audit found that the information technology security within the McMaster University RDC complies with applicable TBS and Statistics Canada policies and standards for safeguarding and protecting confidential Statistics Canada data.

Effective practices and mechanisms are in place to ensure that the confidentiality of data is protected in the vetting of researcher outputs as vetting requests are carefully administered and screened by the McMaster RDC analyst to ensure that confidentiality of data is not compromised. However, completed vetting request forms should be kept on file, even after the vetting has been completed. Contract administration should also be enhanced to ensure that researchers obtain access to approved data sets only, and that all required researcher acknowledgements and affirmations are in place for current contracts.

Conformance with professional standards

The audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada, which includes the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing.

Sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the findings and conclusions in this report and to provide an audit level of assurance. The findings and conclusions are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The findings and conclusions are applicable to the entity examined and for the scope and time period covered by the audit.

Patrice Prud'homme
Chief Audit Executive

Introduction

Background

Decision makers need an up-to-date and in-depth understanding of Canadian society to help them respond to today's needs, and to anticipate tomorrow's. This need is underlined by a growing demand for analytical output from the rich sources of data Statistics Canada collects.

In 1998, the Canadian Initiative on Social Statistics studied the challenges facing the research community in Canada. One of the recommendations of the national task force report on the Advancement of Research using Social Statistics, was the creation of research facilities to give academic researchers improved access to Statistics Canada's microdata files.

The Research Data Centres (RDCs) are part of an initiative by Statistics Canada, the Social Sciences and Humanities Research Council (SSHRC), Canadian Institutes of Health Research (CIHR) and university consortia to strengthen Canada's social research capacity and to support the policy research community. The SSHRC is a federal agency that promotes and supports university-based research and training in the social sciences and humanities disciplines. CIHR is the major federal agency responsible for funding health research in Canada.

The Microdata Access Division (MAD) provides restricted access to confidential microdata through RDCs at universities across the country and the federal RDC in Ottawa. MAD is responsible for ensuring the confidentiality of information provided by Canadians. Currently, 27 RDCs are in the network, all located in a secure setting on university campuses. These RDCs provide researchers with access to microdata from population and household surveys, meaning that researchers do not need to travel to Ottawa to access Statistics Canada microdata. In addition to centres located on campuses, the Federal Research Data Centre (FRDC) in Ottawa provides microdata access to researchers from federal policy departments.

The RDCs provide opportunities to generate a wide perspective on Canada's social landscape, provide social science research facilities across the country in both larger and smaller population centres, expand the collaboration between Statistics Canada, and the stakeholders—SSHRC, the Canadian Research Data Centre Network (CRDCN), CIHR and academic researchers, and train a new generation of Canadian quantitative social scientists.

The RDCs are staffed by Statistics Canada employees and are operated under the provisions of the Statistics Act in accordance with all confidentiality rules and are accessible only to researchers with approved research projects, who have been sworn in under the Statistics Act as 'deemed' employees.

The Statistics Canada Risk-Based Audit and Evaluation Plan requires that the Internal Audit Division completes an audit of one RDC per year. In 2011, the University of Calgary and the University of Lethbridge RDCs were audited and in 2012, the University of Alberta Research Data Centre was audited.

Audit objectives

The objectives of the audit were to provide the Chief Statistician (CS) and the Departmental Audit Committee (DAC) with assurance that the RDC at McMaster University:

  • Complies with applicable TBS and Statistics Canada (STC) policies and standards regarding Information Technology (IT) and Physical Security, to ensure that confidentiality of data is protected in the delivery of services.
  • Has effective practices and mechanisms in place to ensure that the confidentiality of data is protected in the delivery of services.

Scope

The scope of this audit included a detailed examination of the systems and practices of the RDC in the protection of data, use of technology and the physical security.

The audit focused on the confidentiality vetting of data output by the on-site Statistics Canada employees; 'deemed' employee status and security clearance requirements for access to microdata; research proposal process for RDC; microdata research contracts; physical security of the RDC site in compliance with applicable TBS and Statistics Canada policies and standards and IT protection in compliance with applicable TBS and Statistics Canada policies and standards.

Approach and methodology

The audit work consisted of an examination of documents, interviews with key senior management and personnel, and a review for compliance with relevant policies and guidelines.

The field work included a review, assessment, and testing of the processes and procedures in place to ensure physical security, use of technology and the protection of data at McMaster University. A sample of microdata research contracts (completed, in progress, and microdata research contracts in evaluation) was examined to ensure coverage of contract types, data sources, multiple contract holders and research purpose. A judgemental sample of 32 contracts was selected for testing representing approximately 14% of all microdata research contracts for this RDC.

This audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada, which includes the Institute of Internal Auditors (IIA) International Professional Practices Framework.

Authority

The audit was conducted under the authority of the approved Statistics Canada integrated Risk-Based Audit and Evaluation Plan 2013/14 to 2017/18.

Findings, Recommendations and Management Responses

Objective 1: The McMaster University RDC complies with applicable TBS and Statistics Canada policies and standards' regarding Information Technology Security and Physical Security to ensure that confidentiality of data is protected in the delivery of services.

Control Environment and Physical Security

Roles and responsibilities at both the program and regional level are defined and communicated. While RDC staff established constructive peer-to-peer relationships with researchers, researcher activities within the facility are not actively monitored. Within this context, it is unlikely that RDC staff would be able to detect, report and mitigate the impacts of confidentiality incidents.

Researchers are required to become 'deemed' employees prior to accessing confidential microdata at the RDCs, according to the Statistics Act. This is a key management control relied upon to ensure the confidentiality of microdata within the centres.

Access to the McMaster University RDC is restricted to authorized personnel only and perimeter security and intrusion detection controls in place are effective. Departmental physical security recommendations resulting from the December 2011 inspection have not been formally responded to, and the mandatory high-security deadbolt on the RDC entrance was not in place.

As per the requirements for the physical set-up of researcher workstations in RDCs, there must be a physical protection of monitors to ensure there is no direct view between workstations. This is not in place at the McMaster University RDC.

Review of automated and manual access-control logs found that these controls are not fully effective, as automated controls do not accurately record all activity, and manual visitor logs are not used.

The control environment sets the tone of an organization or program and influences the consciousness of its people. It includes management's philosophy, the organizational structure, the assignment of roles and responsibility as well as the operating style. With respect to RDCs, an effective control environment helps enable the program to achieve its objectives while ensuring the confidentiality of the data held in the centres. Well-defined roles and responsibilities and monitoring of the operating environment should be in place to ensure the security of the facility and the confidentiality of the information held in the RDC facilities.

Control environment

The mandate of RDCs is to promote and facilitate social science research using Statistics Canada's confidential microdata, while protecting the confidentiality of data through effective operational and analytical policies and procedures that create a culture of confidentiality.

For the RDC program as a whole, the audit found that functional authority is formally delegated to the manager/director of the RDC Program. At the regional level, functional authority resides with the RDC regional manager and the day-to-day monitoring of the environment and physical security within the RDC is the responsibility of RDC analysts. RDC analysts administer the operation of the Research Data Centre and ensure that the activities are consistent with Statistics Canada's mandate.

A key management control relied upon to ensure the confidentiality of information within RDCs is the 'deemed' employee status which any researcher must obtain prior to accessing the RDC. In addition to having an approved project, each researcher must undergo a security screening and be sworn in under the Statistics Act. Once completed, the oath sworn is binding for life and researchers are subject to the same penalties under the Statistics Act as Statistics Canada employees. Additionally researchers must attend an orientation session which outlines RDC rules and researcher responsibilities with respect to confidentiality of information.

The McMaster RDC had one full-time RDC analyst, two part-time RDC analysts and one statistical assistant. The regional manager responsible for the McMaster RDC is located at the Western University RDC. All RDC analysts report to the regional manager, and the statistical assistant at the McMaster facility reports to the full-time RDC analyst.

RDCs are managed by RDC analysts, who are Statistics Canada employees and not university staff. This organizational model is used to ensure that operations in the facilities are consistent with Statistics Canada's mandate and policies in order to ensure the security of the centre and confidentiality of the information housed in the RDC facility. RDC documentation notes that,

"the RDC analyst is the primary individual who represents the interests of Statistics Canada in the centre. As such, the analyst has specific responsibilities that are aimed at ensuring the smooth operation of the RDC as well as guaranteeing that the criteria for confidentiality and security are respected by all who access the centre."

Additionally, the annual Management Report on the Canadian RDC Program notes that it is

"important for the RDC analysts to have a peer-to-peer relationship with the researchers working in their centers"

and that RDC staff

"at least maintain, if not advance, their research skills."

At the McMaster University RDC, RDC analysts are also researchers, have an expertise in data analysis and statistical techniques, and have close connection to the research community using the RDC. All RDC analysts at the McMaster facility have post-graduate degrees and three of the four STC employees also conduct research at the facility. This level of knowledge ensures research expertise, and facilitates the research conducted at the centre.

Consequently, RDC analysts are expected to play a dual, but somewhat conflicting, role within the RDC. As Statistics Canada employees, their primary role is to ensure that the criteria for confidentiality and security are respected. Through interviews with RDC staff and observations during the site visit, the audit team noted that RDC analysts' principal focus is to consult with researchers on research techniques and findings, rather than monitoring the ongoing activities in the centre. RDC staff stated that researchers are professionals and because they want a collegial relationship and want to promote the centre, it is not the role of RDC staff to monitor researcher activities within the McMaster facility. This view is in contradiction to Statistics Canada's management expectations for RDCs and likely contributed to several of the following observations.

Vulnerabilities

The audit team noted other potential control weakness during the site visit to the McMaster University RDC. Alone, these items do not present a significant risk to the confidentiality of the information held in RDCs. However, when assessed within the current operating environment at the facility, the risk to the confidentiality of the information is increased.

All printing done by researchers must be examined by RDC staff to ensure no confidential information leaves the facility. Researcher printouts are directed to the network printer which is located in the researcher workstation area. Green coloured paper is used for printing and researchers are able to print directly from their workstation, and have access to printing supplies. Documented procedures for researchers stipulate printing should be done on the network printer under the control of the RDC analyst. Researchers are required to hand in all material printed on green paper, however within the McMaster RDC printing by researchers is not actively monitored by RDC staff.

Additionally, RDC requirements note that hand written notes taken by researchers while in the RDC are subject to the same confidentiality regulations and requirements as analytical output and should not be removed without being checked by RDC staff. The audit observed researchers taking notes and leaving the facility without having these checked.

RDC documentation notes that security measures implemented in the RDCs must be visible and must be seen to protect the information in the centres. For example, RDCs cannot be left unattended. Documentation notes,

"in order for an RDC to be open, a Statistics Canada employee, and not a 'deemed' employee, must be on site."

At the McMaster facility, RDC staff stated that they leave researchers in the centre unattended for short periods of time.

During the 2012 RDC audit of the University of Alberta RDC, documentation related to the use of electronic devices in the RDCs was inconsistent. The audit recommended that policies and directives related to cell phone use and the use of other electronic devices in the RDC be consistent, and clearly outline the approved practice. This has been implemented, and all documentation is consistent and states that researchers may bring electronic devices into the centre, but they must not be operated in the vicinity of researcher workstations. At the McMaster RDC, WIFI is accessible within the facility and can be used with electronic devices; although it is not available on researcher workstations. Given that the McMaster University RDC is a busy facility and researchers' activities are not actively monitored, having WIFI accessibility may elevate the risk to the confidentiality of the information in the centre.

The audit revealed that the control environment within the McMaster RDC has been modified to focus primarily on teaching and facilitation of research within the facility. RDC staff focus on the peer-to-peer relationship with researchers and do not fully understand their primary role as protecting the interests of Statistics Canada nor do they apply the necessary rigour to monitoring activities. Vulnerabilities noted by the audit team, in addition to a lack of monitoring in the centre, elevate the risk to the confidentiality of information. In the absence of active monitoring by RDC staff, it is unlikely that potential confidentiality incidents would be detected or subsequently reported upon.

Physical security

The physical construction and physical security measures required in RDCs are intended to help ensure the security of the information held in the facility. These measures should comply with applicable TBS policies, such as the Government Policy on Security (GPS) and Statistics Canada's Security Practices Manual. In the context of RDCs, physical security should include controls such as perimeter and intrusion detection, physical access, and specific physical site controls.

Perimeter security and intrusion detection controls

The RDC is located on the second floor of the Mills Library at McMaster University. The McMaster University RDC was constructed in compliance with pertinent Statistics Canada's requirements for perimeter security for 'shared floor occupancy' i.e. the surrounding walls of the RDC itself, is either brick or load-bearing walls, or frosted and muted windows (e.g., virtually sound-proof windows, whereby only murmurs can be heard and nothing spoken inside the facility, can be audibly heard outside of the RDC itself).

The procedures document for opening RDCs and branches outline the characteristics considered most important for security. It notes,

"the physical protection of the monitors needs to be maintained, that is, there should not be a direct view from one workstation to another."

At the McMaster RDC, the physical setup of workstations consists of workstations set up on long tables, and there is a direct view between workstations.

Campus security provides 24/7 monitoring of the RDC facilities. They have an access card and the security code to the alarm system. The McMaster RDC has motion sensors and glass break sensors on the windows. The sensor system is activated when the RDC is closed. Additionally, the RDC has a panic button that notifies campus security of incidents during working hours. Outside of working hours, if the alarm or motion sensor system is triggered, campus security would be notified as first response. The academic director and RDC analyst would also be notified.

Access security controls

Physical access in and out of the McMaster University RDC is through a single steel door entrance. The door handle has a keyed lock. The RDC also has a door alarm system and motion detectors, which are functional and safeguard the facility after working hours. Entry to the McMaster RDC is restricted to authorized persons only. RDC staff and campus security have keys to the facility. For all other users of the facility who require access, a generic access card is programmed for their use, which must be provided back to the full-time RDC Analyst, upon contract completion.

According to RDC and STC guidelines, RDCs must have a high-security deadbolt with a one-inch throw in place on steel entrance doors. This has been an ongoing requirement for RDCs. The audit found that the McMaster RDC did not have a high-security deadbolt on the entrance door and that this was noted as a deficiency in the 2011 physical inspection, conducted by departmental security.

RDCs must monitor all access into the facility to ensure the physical security of the centre. At the McMaster RDC, an electronic swipe card access system consisting of an identification card, which contains electronic information identifying the owner, is in place as an access control. The system records all RDC entries and exits, and RDC staff can request these access logs if required. Unauthorised visitors are not allowed past the single entry door of the RDC facility. The audit team examined the access logs for the four days auditors were on site at the McMaster facility. Although these logs had registered entries and exits of RDC and university staff, as well as researchers, the audit noted there was no record for the entries or exits of one researcher observed in the centre several times during the period examined, nor was there a record of the entries or exits of audit team members using the visitor card assigned to them.

A second control required at all RDCs is a visitor sign-in sheet. The RDC visitor protocol notes that visits by 'non-deemed' employees must be pre-planned, and a log including date, time, name of visitor, name of the employee who accompanied the visitor and reason for visit, must be kept for all such visits. The log must be kept and available for audit purposes for at least one year after an entry. Although a visitor sign-in sheet was found inside the entry door to the McMaster University RDC, interviews with RDC staff and examination of the logs found that it is not being used.

Other physical security controls

To help ensure RDC security, IT-related wiring must be channeled through walls and ceilings in secure conduits. The audit team noted that this was in place at the McMaster University RDC. There is a secure server room, which is kept locked and the facility has locked storage cabinets for storing researchers' files to protect confidential, classified, and protected information. Network B access is only available in the RDC analysts' offices. There is a separate conference room with one workstation within the facility for researchers and RDC staff to use. The printer/fax/scanning device is for RDC staff use only and is located in an RDC analyst's office. The network printer used by researchers is housed in the workstation area and researchers are able to print as needed.

Departmental physical security inspections

Departmental Security at Statistics Canada head office provides guidance and directives on physical security requirements. Physical inspections are completed upon initial opening and STC management has recently determined that RDC inspections will take place every four years. Departmental security staff performs the physical inspections, and provide recommendations to the RDC regional managers and head office staff. The last McMaster University RDC physical security inspection was conducted in December, 2011. As a result of this inspection, several recommendations were noted, including the following: installation of a high security deadbolt on the steel entrance door; frosting of the windows in the conference room, which face the researcher workstations; access card reviews to be completed quarterly; and better signage of the centre.

Although the audit found evidence of discussion among RDC analysts, regional managers, and management within Microdata Access Division related to inspection recommendations, there was no evidence of a formal response to departmental security. Better signage had been put into place; however, recommendations related to more frequent card access reviews, the high security deadbolt, and frosting of the windows have not been implemented. RDC staff were unclear as to whether the implementation of security inspection recommendations were mandatory.

Recommendations:

It is recommended that the Assistant Chief Statistician of Social, Health and Labour Statistics should ensure that:

  • The RDC staff at the McMaster centre understand and undertake the role of actively monitoring the operating environment and activities of researchers in the facility to ensure that they adhere to RDC, STC and TBS security requirements and guidelines.
  • Procedures documents related to opening and operating RDCs and branches are clarified to determine what is considered mandatory requirement for the physical setup of researcher workstations to ensure an effective physical control environment.
  • Departmental Security recommendations regarding the Departmental Security led Physical Inspection conducted in December 2011, are formally responded to and mandatory requirements are implemented in a timely fashion.
  • Automated entry logs are validated to ensure they are effective at recording all access to the RDC; and visitor logs are in place and used as required.

Management response:
Management agrees with the recommendations.

  • The director of MAD will better define for analysts what 'actively monitoring' means and provide concrete examples.

    Deliverables and Timeline: Communiqué to all staff on expectations for 'active monitoring'. Follow-up discussions will take place in regional meetings. This will be completed by December 2013.
  • The director of MAD will ensure appropriate staffing levels are in place according to the workload, to ensure time for active monitoring.

    Deliverables and Timeline: Revisit staffing level issue with the Academic Director at McMaster University, as per this year's annual review of staffing levels. This will be completed by January 2014.
  • The director of MAD will review requirements for the physical setup of workstations with physical security with recommendation to use privacy screens rather than physical barriers between workstations where it makes sense to do so.

    Deliverables and Timeline: A sign-off document template is in place. This will be completed by November 2013.
  • The director of MAD will negotiate with Physical Security and IT Security to develop a sign-off document for all RDC inspections and to get the inspection reports in a more timely fashion. This form will require Physical Security and IT Security to sign-off on each recommended action and then final sign-off once all requirements have been met.

    Deliverables and timeline: Sign-off document template. This has been completed.
  • The director of MAD will ensure that there is a review of all automated-entry logs in all RDCs. Through regional meetings RDC management will ensure all RDC staff review the requirements for using visitor logs.

    Deliverables and Timeline: Identify problems with any other automated entry logs and an action plan with universities to rectify these. This will be completed by March 2014.

Information Technology Security

Roles and responsibilities at both the program and regional level related to IT security are defined and communicated.

Information technology access, identification, and authentication safeguard measures are in place and effective.

Information technology security in RDCs should be compliant with applicable TBS policies, such as the Operational Security Standards: Management of IT Security and Statistics Canada's Security Practices Manual. Roles, responsibilities, and accountabilities should be clearly defined and communicated. In the context of RDCs, IT security should include security controls that support the protection of the information system, communications with and within the information system, access controls that ensure the ability to permit or deny user access to the systems and identification and authentication controls that support the unique identification and authentication of these users.

Roles and responsibilities

The audit found that at the program level, functional authority is formally delegated to the manager/director of the RDC Program, at the regional level to the RDC regional manager, and within the actual RDCs the RDC analyst ensures the day-to-day operations. At the McMaster RDC, the IT resources are provided by a university staff member. This staff member responds to RDC analyst support requests and ensures that workstation computers, the RDC server and other IT equipment are configured to adhere to STC directives and policies.

Departmental Security and Information Technology Services at Statistics Canada head office provide guidance and directives on IT and physical security requirements. They perform the physical and IT security inspections of the RDC sites and provide recommendations to the director or manager of the RDC program. The last IT inspection of the McMaster RDC was conducted in December, 2011. Periodic inspections have been scheduled for each RDC every four years.

System and communications protection safeguards

The server at the McMaster RDC has been recently updated and is housed in a secure server room located within the conference room of the RDC. The server is a stand-alone setup with open directories, using Access Control List (ACL industry standard) to grant permissions. Apart from the wide-area network (WAN), the server has no external connection. As a result, remote access to the server outside of the RDC is not possible. The McMaster University is scheduled for migration to the head office domain/interface prior to the end of the 2013/14 fiscal year. Once the migration takes place, user accounts will be managed by the HO RDC Program's Operations Unit. Currently, user accounts are located on servers which are set up by the RDC analysts and managed by the McMaster IT resource.

There are 11 stand-alone workstations available for use by the researchers. An additional workstation, located in the conference room, is used to discuss results for research teams and student researchers. Workstations are not connected to the internet (internet access is only available to RDC employees in the RDC analysts' offices), and data and researcher folders are stored on the server. Software is installed on each workstation by IT support and each workstation has an application which ensures no residual data remains on the computer upon log out.

The audit examined workstation configurations and found the USB ports have been disabled, and the plug and play feature for the keyboard and mouse ports have been configured such that should anything other than the mouse or keyboard be plugged in the port will automatically deactivate. Passwords have been configured to meet Statistics Canada's IT requirements.

Access, identification and authentication safeguards

Procedures specify that user accounts should be created only when a contract is approved and becomes active. Access should be removed upon the expiry date of the MRC and password configuration should meet Statistics Canada standards. Creation of user accounts and the granting of access to microdata files were substantiated by approved active contracts in all sampled contracts.

Administrative privileges rest with the RDC analysts and IT support staff assigned to the RDC. The statistical assistant does not have administrative privileges. IT related tasks have been divided among RDC staff. One RDC analyst assumes primary responsibility for creating researcher accounts and configuring accounts to ensure only data approved in the final contract are accessible. Testing of newly set-up accounts is completed by the analyst to ensure only researchers can access data set out in the MRC. The IT support is responsible for IT troubleshooting, workstation issues and all server related requirements. Although not a STC employee, the IT support is a 'deemed' employee and ensures systems within the RDC are configured to STC requirements. The audit noted that researchers cannot move files between projects and that password configuration within the McMaster RDC complies with Statistics Canada standards.

The audit tested access control in three ways, by examining

  • UserIDs
  • Active Control Listing by survey
  • Active Control Listing by project numbers.

The audit examined 35 researcher userIDs at the McMaster RDC. Of these, 15 were active userIDs, 3 were accounts that had been set up but not yet activated and 17 were inactive and had been disabled. The audit team found that when researchers were associated with more than one research project, a separate userID had been created corresponding to each project.

Active Control Listings by survey name were examined for four microdata sets to ensure that only researchers with MRCs associated with the surveys were validated. The Active Control Listings for these surveys indicated that access was restricted to userIDs associated with authorized researchers only.

Validation of the Active Control Listing by project number was conducted to determine if project numbers had been set up to access only data associated with the project. The audit examined two separate project numbers and the userIDs associated with these projects. The audit confirmed that users would not be able to access data not associated with their project.

The audit determined that applicable IT security measures are in place and adhere to Statistics Canada's standards for safeguarding and protecting confidential data. IT access, identification and authentication safeguard measures are in place at the McMaster RDC and are working as intended.

Objective 2: The McMaster University RDC has effective practices and mechanisms in place to ensure that the confidentiality of data is protected in the delivery of services.

Administration of Microdata Research Contracts and Confidentiality Vetting

The authority for the administration of the MRCs and the confidentiality risk analysis is formally delegated at the program and operational level. Roles and responsibilities have been formally defined and communicated. The audit found that values and ethics acknowledgement forms were not in place for some researchers with current MRCs.

Results of certain proposal evaluations for MRCs were not on file in the RDC, and in one case, the contract did not correctly reflect data that had been approved for access. As a result, researchers had access to confidential microdata that had not been approved for the project.

Processes and procedures for confidentiality vetting are in place and requests for vetting are carefully administered and effectively screened by the RDC analyst to confirm that the confidentiality of the data is not compromised. Data vetting request forms were found to be deleted once data vetting had been completed.

Administration of MRCs is a combination of assigned responsibilities and procedures that control and protect information held in RDCs. Practices include restricting access to the facility to only those researchers with valid security clearances and current contracts, and ensuring researchers can only access data which have been approved for use for the specific contract, and the establishment and maintenance of an inventory of administrative information related to each research project.

Authority

The McMaster University RDC operates under the provisions of the Statistics Act, in accordance with all the confidentiality rules and requirements that govern Statistics Canada. The RDC is accessible only to researchers with approved projects who have been sworn in under the Statistics Act as 'deemed' employees.

Roles and responsibilities

The roles and responsibilities for the management of the MRCs, access to confidential microdata and confidentiality vetting are defined and communicated to stakeholders in policies, guidelines, standards and detailed guides. At the program level, authority is formally delegated to the RDC Manager in Statistics Canada's Security Practices Manual, which states that the RDC manager

"is responsible for establishing and maintaining an inventory of administrative information on research projects involving deemed employees for Headquarters, the regional offices and the research data centres. Information includes research proposals and other information throughout the life-cycle of the project and certification that required procedures have been followed."

All RDC contract information is stored on the Client Relationship Management System (CRMS). This database is used to manage information about MRC contracts, data sets, proposals and principal researchers authorized to have access to microdata in the RDCs. Information includes contract status, approval dates, names of researchers, reviewers and review outcomes, contract end dates and data approved for access.

Additionally, the Policy on the Security of Sensitive Statistical Information assigns to Directors,

"the responsibility for controlling and protecting all sensitive statistical information obtained or held by their respective areas in the pursuit of their program objectives. When access to sensitive statistical information is provided in a Research Data Centre or equivalent, the Manager, Research Data Centre Program, assumes these responsibilities."

Contract processing procedures

RDCs are operated under the provisions of the Statistics Act, in accordance with confidentiality rules. This mode of access is appropriate when a research question can only be answered using inferential statistical analysis on the confidential microdata. The researcher must also be willing and able to become a 'deemed' employee of Statistics Canada and conduct the data analysis in the RDC secured computer lab.Footnote 1

As per the Policy on the Use of Deemed employees revised in August 2007, researchers wishing to access the RDC are required to become 'deemed' employees and undergo a reliability security screening pursuant to sub-sections 5(2) and 5(3) of the Statistics Act, and take an oath or affirmation of office and secrecy, pursuant to sub-section 6(1) of the Statistics Act. They must also sign an acknowledgment that they have read and understood theStatistics Canada Values and Ethics Code for the Public Service. These actions are to be completed prior to the MRC being signed by Statistics Canada. Once a researcher has successfully completed these requirements and attended an orientation session, they are officially a 'deemed' employee of Statistics Canada. RDC researchers and other 'deemed' employees must reaffirm their oath of secrecy under two conditions: 1) when a researcher wishes to regain data access when there has not been an active contract for one year or more or; 2) when the current security clearance expires.

The audit tested to ensure that all required documentation was in place and valid for 40 researchers associated with 24 sampled contracts. Testing revealed that valid security clearances and oaths of office and secrecy had been signed by all researchers. Testing to ensure that researcher acknowledgements of the Values and Ethics Code for the Public Service found that of the 40 researchers associated with the sampled contracts, 33 had signed this acknowledgement and copies were on file. For another 7 researchers, there was no signed copy of the acknowledgement on file, despite the fact that all 7 of these researchers had contracts dated after August 2007—when the requirement was established. These researchers had however, initialed the Conflict of Interest section of the MRC, indicating that they will conduct themselves in accordance with the principles and spirit of the Values and Ethics Code for Deemed Employees.

The Microdata Research Contract is also signed by Statistics Canada, either by the manager of the RDC program (or her delegated authority), or the director of the survey division. Upon receipt of this signature, a researcher can be given access to confidential microdata approved for their project, and commence data analysis in the RDC. The audit determined that contracts were signed by the appropriate authority at Statistics Canada.

The audit tested compliance of the contract processing procedures by reviewing a sample of twenty-one active and completed contracts associated with the McMaster RDC. The audit noted that for one of the active contracts selected, there had been a misclassification and the contract was held at the Guelph RDC. A second contract was associated with a STC subject matter employee working in the McMaster RDC. All approvals and vetting took place at head office and were not found on file within the RDC. For the remaining 19 contracts - proposals, project descriptions, or course syllabus were found to be in place. Proposal evaluations were found on file at the McMaster RDC except in the case of three contracts. For these contracts, evaluations associated with the Survey of Labour and Income Dynamics (SLID) were not found in the electronic files at the RDC. This information was found on file at head office and one of the evaluations rejected the request for access to the data. This was not reflected in the final MRC and the audit team found during testing of userIDs, that the five researchers associated with this MRC had been given access to this dataset, despite the request being rejected. Internal Audit notified RDC management at head office of the issue and was subsequently advised that the access privileges to the microdata set in question had been revoked and that RDC staff had verified that researchers had not accessed this data.

Contract processing procedures are in place within the RDC program but should be enhanced to ensure that researchers with active contracts complete all the required acknowledgments and affirmations. Additionally, results of proposal evaluations associated with MRCs should be on file and validated against MRCs to ensure researchers obtain access to approved datasets only.

Confidentiality vetting

RDCs are repositories of Statistics Canada microdata files that are accessible to researchers with approved projects. Effective and appropriate processes and procedures for confidentiality vetting should be in place and adhered to in order to significantly reduce the risk of unwanted disclosure. Confidentiality vetting should be carefully administered by the RDC analyst, as per the established protocols, to ensure that confidentiality of data is not compromised.

Confidentiality vetting is the process of screening research outputs, syntax or any confidential data-related material to assess the risk of a prohibited disclosure. This is done by analysing whether obvious identification of individual cases or information about individual cases can be inferred or deduced from the statistical output.

Roles and responsibilities

The RDC Analyst's primary responsibility with respect to confidentiality vetting is to ensure confidentiality is not breached when allowing research outputs to leave the RDC. The analyst should review all materials that the researcher would like to remove from the RDC and the final responsibility and decision to release the output rests with the analyst. At the McMaster RDC, the majority of confidentiality vetting is completed by one of the part-time RDC analysts. This analyst works two days at the McMaster facility (working the three other days at a different RDC in Ontario). This same analyst has been working with the RDC program for several years and, along with having active MRCs, understands Statistics Canada data and the confidentiality requirements.

Confidentiality vetting is conducted using the survey-specific guidelines for all surveys housed in the RDCs. Questions or concerns related to the vetting process or to unfamiliar statistical techniques are addressed by the RDC regional manager or with the RDC Vetting Committee.

During the orientation session, researchers receive training related to the confidentiality vetting process and the required documentation for vetting requests. This documentation includes descriptions of variables, weighted and non-weighted counts, syntax and completion of the disclosure request form for every output request.

Processes and procedures

A detailed draft document entitled, Disclosure Control Rules for Outputs from Survey Data at RDCs provides instructions on how to conduct and perform confidentiality vetting. Guidelines on disclosure risk analysis for various data types and descriptive or tabular output and variance-covariance and correlation matrices, graphs, and models are included.

Confidentiality vetting guidelines and processes are found in the Researcher Guide. An important part of the process is for researchers to complete the 'Vetting Request Form' (formerly known as 'Disclosure Request Form'), which provides the required information for the analyst to conduct and document the vetting request. Information required from the researcher includes:

  • the name of the output file, survey and cycles used
  • characteristics of the population being analyzed
  • the statistical procedure and weights used
  • a description of the variables
  • weighted and unweighted outputs.

Once the vetting is complete, output deemed non-confidential is released to the researcher.

The audit tested 19 active and completed contracts to ensure confidentiality vetting took place and was appropriate. Among the 19 active and completed contracts, no data had been submitted for vetting in 7 contracts. Among the remaining 12 active and completed contracts that required vetting, the audit found evidence that confidentiality vetting took place. However, completed confidentiality vetting forms were not found in files. The RDC analyst noted that, although researchers submit these forms with vetting requests, once the analyst has completed the vetting, forms are deleted or shredded and not kept in the records. Because each subsequent vetting request is dependent upon previously vetted information, the absence of completed vetting forms renders it inefficient and difficult for the analyst to easily determine what has been previously vetted. Moreover, should another RDC analyst take over the confidentiality vetting task, it would be time-consuming to trace back what has been vetted. Despite not having completed vetted forms in place, the audit team was able to determine, using submitted output and other documentation (such as syntax and variable lists), that, of the twelve contracts that required vetting of output, confidentiality vetting took place and was appropriate. 'To be vetted' folders contained syntax files, as well as weighted and unweighted outputs and previously vetted data (where appropriate) was evidenced. Vetted data folders contained evidence that confidentiality vetting was completed for all 12 contracts, including checks of minimum cell counts, removal of unweighted output and suppression of weighted output in cases where confidentiality was at risk.

The audit determined that confidentiality vetting takes place. Completed confidentiality vetting request forms are deleted upon completion of the request, making any subsequent vetting associated with the project inefficient and more difficult to trace back what had been completed.

Recommendations

It is recommended that the Assistant Chief Statistician of Social, Health and Labour Statistics should ensure that:

  • When MRCs are created, updated, revised or extended, RDC staff confirms that researchers meet the all security, confidentiality, conflict of interest, and values and ethics code requirements in place at the time of the new or updated contract.
  • Results of proposal evaluations are on file and validated against final MRCs to ensure that access to confidential microdata is restricted to researchers whose requests for data access have been approved.
  • Completed confidentiality vetting request forms submitted with output for vetting are kept on file for future reference.

Management response:
Management agrees with the recommendations.

  • The Director of MAD has been working with IMD to revise our Microdata Research Contract (MRC) so that we reduce multiple forms with multiple researcher signatures. The new MRC is almost ready and will be standard for CDER, the FRDC and the RDCs. This will clarify what signatures are required.

    Deliverables and Timeline: New Microdata Research Contract. This will be completed by January 2014.
  • The Director of MAD will implement a new procedure to ensure that data sets not approved for access within a larger approved project are better identified for analysts.

    Deliverables and Timeline: New procedure documented and implemented. This will be completed November 2013.
  • The Director of MAD notes that completed forms are already retained with each project, but where they are retained is inconsistent. We will establish a consistent location for all analysts to store vetting request forms.

    Deliverables and Timeline: New procedure documented and implemented. This will be completed in March 2014.

Appendices

Appendix A: Audit criteriaThis table displays the results of appendix a: audit criteria. The information is grouped by line of enquiry / core controls / criteria (appearing as row headers), sub-criteria and policy instrument (appearing as column headers).
Control Objectives / Core Controls / Criteria Sub-Criteria Policy Instrument
1)  The McMaster University RDC complies with applicable TBS and Statistics Canada policies and standards' regarding Information Technology Security and Physical Security to ensure that confidentiality of data is protected in the delivery of services.
Stewardship
1.1 Appropriate physical and IT controls exist. (ST-11) 1.1.1 Logical access controls exist to ensure access to systems, data and program is restricted to authorized users.

1.1.2 Access to the RDC facilities in the region are physically restricted and enforced for the protection of sensitive assets.

1.1.3 Procedures exist and are applied in order to keep authentication and access mechanisms effective.		 TBS Government Policy on Security

TBS Standard on Physical Security

TBS Directive on Departmental Security Management

Statistics Canada Security Practices Manual

Statistics Canada IT Security Policy

Internal RDC physical and IT security documentation

Security of Sensitive Statistical Information

Statistics Act

Discretionary Disclosure Directive

Policy on Deemed Employees
1.2 Records and information and other sensitive assets are safeguarded using information systems which are maintained in accordance with applicable laws and regulations. (ST-12) 1.2.1 Procedures to safeguard and protect the use of assets (i.e. authorized use only) exist and are adhered to.

1.2.2 Physical and IT security measures adhere to applicable TBS policies and Statistics Canada policies and procedures.

1.2.3 Exceptions to required TBS or Statistics Canada policies and procedures are identified and appropriate actions are taken.		 Security of Sensitive Statistical Information

Discretionary Disclosure Directive

Internal RDC physical and IT security documentation

Internal RDC confidentiality documentation

TBS Directive on Departmental Security Management

Statistics Canada Security Practices Manual

Statistics Canada IT Security Policy

TBS Government Policy on Security

TBS Standard on Physical Security

Discretionary Disclosure Directive
1.3 Management has established processes to develop and manage relevant agreements, Memorandum of Understandings (MoUs), and/or contracts, for the purposes of the RDC Program in the region. (ST-22) 1.3.1 The processes governing access to data adhere to applicable TBS and Statistics Canada IT security policies.

1.3.2 For services delivered by external IT service providers, management has implemented a program to monitor their activities.		 Management Accountability Framework

TBS Directive on Departmental Security Management

Statistics Canada Security Practices Manual

Statistics Act

Security of Sensitive Statistical Information

Discretionary Disclosure Directive

Policy on Deemed Employees

TBS Directive on Departmental Security Management

Statistics Canada Security Practices Manual

Statistics Canada IT Security Policy

Internal RDC documentation
1.4 Management has designed and implemented effective general computer controls for RDC systems. (ST-23) 1.4.1 Appropriate levels of management have designed and implemented processes, procedures, and controls for  safeguarding Statistics Canada microdata files including:
  • logical access control – to control access to micro data files according to the terms of the Microdata Research Contracts.
  • computer systems security– to help ensure electronic protection of the data and prevent and detect security vulnerabilities.
1.4.2 Controls for the RDC Program in the region include a mix of automated and manual controls and their operating effectiveness is periodically tested.		 Management Accountability Framework

RDC Security Inspection reports

Statistics Canada Security Practices Manual
2) The McMaster University RDC has effective practices and mechanisms in place to ensure that the confidentiality of data is protected in the delivery of services.
Accountability
2.1 Authorities, responsibilities and accountabilities, are formally defined, clear and communicated. (AC-1) 2.1.1 Responsibilities and accountabilities are formally defined and clearly communicated for Statistics Canada employees, researchers and RDC partners.

2.1.2 All applicable agreements and documents clearly outline each party's roles, responsibilities and accountabilities as it relates to the RDCs, and the confidentiality of Statistics Canada data.

2.1.3 Authority is formally delegated and delegated authority is aligned with individuals' responsibilities. Where applicable, incompatible functions are not combined.		 Management Accountability Framework

Security Practices Manual

Internal RDC roles and responsibilities documentation

Policy on Deemed Employees

Statistics Act

Policy on the Security of Sensitive Statistical Information

MRC contracts templates

Oath / Affirmation of Secrecy

Values and Ethics documents

RDC Researcher Handbook

Policy on the Security of Sensitive Statistical Information

Internal Confidentiality Vetting documents
2.2 A clear and effective organization structure is established and documented for the RDC program. (AC-2,3) 2.2.1 Functional authority for physical and IT security is appropriately vested in and exercised by functional heads, as it relates to the RDC Program both at the program and regional RDC level.

2.2.2 The organizational structure for the RDC program, both at the program and regional level permits clear and effective lines of communication with external partners and reporting regarding confidentiality, IT and physical security		 Security Practices Manual

Policy on Deemed Employees

Procedures for opening an RDC

Procedures for operating an RDC

RDC Organizational documentation and chart

RDC documentation for staff

RDC documentation for Academic Directors

RDC documentation for researchers
Risk Management
2.3 Management identifies, assesses and responds to the risks that may preclude the achievement of its objectives. (RM-2) 2.3.1 Risks are identified at both the program and regional levels, respectively, and take into consideration the internal and external environments of the RDC Program.

2.3.2 Management led - physical and IT security control assessments exist with input from relevant corporate service functions.		 Management Accountability Framework

Statistics Canada Security Practices Manual

Statistics Canada IT Security Policy

RDC Security Inspections
2.4 Management identifies and assesses the appropriateness of existing controls to effectively manage its risks. (RM-3) 2.4.1 Formal processes and guidelines exist to assess the controls in place to manage identified risks. RDC Researcher Guide

Policy on the Security of Sensitive Statistical Information

Internal Confidentiality Vetting documents

RDC Security Inspections
Public Service Values
2.5 Employees formally and periodically acknowledge compliance with Statistics Canada's policies, as it pertains to the confidentiality of sensitive statistical information. (PSV-5) 2.5.1 Upon commencement with the organization, all Statistics Canada and deemed staff are required to sign a statement (e.g. the Statistics Act / Statistics Canada Oath) acknowledging understanding and compliance with relevant RDC Program policy.

2.5.2 Compliance is periodically acknowledged by Statistics Canada employees, deemed employees and external partners, where applicable.		 Statistics Act

Oath of Secrecy

Values and Ethics documents

RDC Researcher Guide

Policy on the Security of Sensitive Statistical Information

Policy on Deemed Employees

Statistics Canada Security Practices Manual

Internal RDC security documentation
Appendix B: Acronyms
Acronym Description
ACL Active Control Listing
CIHR Canadian Institute of Health Research
CRDCN Canadian Research Data Centre Network
CRMS Client Research Management System
CS Chief Statistician
DAC Departmental Audit Committee
DS Departmental Security
FRDC Federal Research Data Centre
ICN Internal Communication Network
IIA Institute of Internal Auditors
IT Information Technology
MAD Microdata Access Division
MRC Microdata Research Contract
PUMF Public Use Microdata File
RAID Redundant Array of Independent Disks
RDC Research Data Centre
SLID Survey of Labour and Income Dynamics
SSHRC Social Sciences and Humanities Research Council
TBS Treasury Board Secretariat
USB Universal Serial Bus
WAN Wide Area Network

Notes

Footnote 1

For a detailed description of the contract processing procedures refer to Appendix A.

Return to footnote 1 referrer

Description for Figure 1 - 2011 Census Field Structure

This figure depicts the 2011 Census Field Structure. It is the shape of a pyramid.

Starting at the bottom and moving upwards there are the:

  • Statistics Act Employees:
    • Enumerators (30,000)
    • Crew Leaders (including recruitment crew leaders) and assistants (2,500 CL, 2,500 assistants)
    • Field Operation Supervisor Assistants (300)
  • PSEA (Public Service Employment Act) Employees:
    • Field Operation Supervisor Supervisors (300)
    • Assistant Managers Field Operations (including First Nations enumeration managers and Collective dwelling enumeration managers)(45)
    • Local Census Office Managers (37)
    • Area Managers (including special population area managers)(14)
    • Assistant Directors - census (5)

Confidentiality of Sensitive Statistical Information

Final audit report
Confidentiality of Sensitive Statistical Information

Internal Audit Services
September 30, 2009

Executive Summary
Introduction

Appendix A - Audit Criteria
Appendix B - Acronyms

Executive summary

Statistics Canada is committed, and legally required, to protect the confidentiality of sensitive statistical information entrusted to the agency under the Statistics Act. It is crucial for the agency to develop and maintain a trust relationship with survey respondents in order to be able to deliver its mandate successfully, and provide Canadians with statistical information of high quality. Confidentiality is the affair of everyone in the organization.

The objective of this audit was to assess whether controls are in place and are effective to protect the confidentiality of sensitive statistical information including:

  • physical access controls,
  • electronic access controls,
  • personnel controls, and
  • operational controls

The controls were examined both at the departmental and selected survey levels.

The audit was conducted by Internal Audit Services in accordance with the Government of Canada’s Policy on Internal Audit.

The audit found that the controls protecting the confidentiality of sensitive statistical information are adequate. Opportunities exist to advance the risk management practices in two areas; however this does not affect the overall assessment. These areas include physical and electronic access controls. Additionally, a divisional best practice was identified.

Physical access controls are satisfactory, but some weaknesses have been identified. Opportunities exist to improve the risk management practices related to securing work areas beyond the baseline level. Also identified were: a postcard type questionnaire requiring confidential information from respondents that is mailed in an open fashion, creating confidentiality issues; the security practices of field interviewers need to be tightened; and divisional employees working in an environment, secured beyond the baseline level, do not lock up confidential information after work hours.

The audit found that electronic access controls contain some weaknesses, and that opportunities exist to strengthen the control framework. The required encryption program to protect the confidentiality of data is not installed on all portables. Managerial monitoring of access rights and permissions to workstations and servers should be improved.

A best practice was observed within the Labour Statistics Division and is worthy of consideration by other divisions. Electronic access rights in the division are closely monitored and reviewed continuously.

The audit found that personnel and operational controls are effective.

Summary Results

The confidentiality of sensitive statistical information is multi-layered and includes controls in the areas of physical and electronic access controls, and personnel and operational controls.

The confidentiality of sensitive statistical information is protected, but opportunities exist to advance the risk management practices related to physical and electronic access controls.

Additionally, a divisional best practice was identified relating to monitoring of access rights.

Introduction

Background

The confidentiality of sensitive statistical information is a key value and a legal necessity at Statistics Canada (StatCan)1. In 2005, a middle management task force was created to recommend measures that would enhance and strengthen the culture of confidentiality within Statistics Canada. The task force made recommendations to increase awareness of risks and responsibilities, and to promote and improve good security practices.

Statistics Canada's mandate derives primarily from the Statistics Act. The Act requires that the Agency collect, compile, analyse and publish statistical information on the economic, social, and general conditions of the country and its citizens. Statistical information is crucial as it enables Canadians to make informed decisions and governments at all levels to develop appropriate policies. Survey respondents range from Canadian households to private and public organizations. Most business surveys require mandatory participation, whereas most of the agency’s household surveys are voluntary (exceptions are the Census of Population and the Labour Force Survey). It is crucial for the agency to develop and maintain a trust relationship with survey respondents in order to deliver its mandate successfully, and provide Canadians with statistical information of high quality. Safeguarding the information provided in confidence is vital, since it is the key factor for obtaining respondents’ cooperation.

Personal and business information is collected using various methods: paper questionnaires, in-person and telephone interviews conducted by agency personnel, electronic data reporting by respondents, and administrative sources. Information collected outside headquarters’ premises is transferred to Ottawa for centralized processing, analysis, and dissemination by different survey and service areas. In addition to agency employees, other external parties also have access to sensitive statistical information under strict conditions described in the Statistics Act. Examples are provincial statistical agencies, sponsoring federal departments, and university researchers. The confidentiality of sensitive statistical information must be protected throughout these various modes, locations, and processes.

The control framework is multi-layered. The first level is the Statistics Act which protects respondents’ information. To support the Act, the agency has put in place a number of policies and practices to manage risks of unauthorised access, loss, theft, disclosure, copying or use of sensitive information. Policies in place include: the Policy on the Security of Sensitive Statistical Information, the Policy on Microdata Release, the Discretionary Release Policy, the Policy on Record Linkage, the Policy on Informing Survey Respondents, the Policy on the Use of Deemed Employees, and the IT Security Policy. Furthermore, Statistics Canada’s Security Practices Manual provides more detailed and complementary information to agency policies and the Government Security Policy. A number of management committees with mandates related to security are also in place: the Confidentiality and Legislation Committee and its Microdata Release Sub - Committee, the Informatics Committee, and the Security Coordination Committee. Finally, the Data Access and Control Services Division provides advice to managers, and serves as the focal point for matters relating to the confidentiality of statistical information.

During the conduct of the audit, Statistics Canada hired a consulting firm to conduct a Threat and Risk Assessment of access to buildings, and to recommend options for the replacement of the existing technical access control system which had been in place since 2002. This assessment did not include the regional offices. The firm presented a report in July 2007 which included a number of recommendations. This document served as additional reference material for the audit.

Authority

The audit was undertaken by the Internal Audit Services, and the Terms of Reference were approved by the Internal Audit Committee on March 28, 2007. The audit was conducted in accordance with the Government of Canada’s Policy on Internal Audit.

Audit Objectives

The objective of this audit was to assess whether controls are in place and are effective to protect the confidentiality of sensitive statistical information including:

  • physical access controls
  • electronic access controls
  • personnel controls, and
  • operational controls

The controls were examined both at the departmental and selected survey levels.

The table found in Appendix A provides a summary of the audit criteria used. These were selected during a pre-planning review with StatCan management, based upon potential risks, and an understanding of the management control framework, Statistics Canada operational requirements, and previous reviews and/or audits.

Scope and Approach

There are three buildings at head office in Ottawa, and three regional offices with satellite offices attached to them. The scope of the audit included an assessment of the three buildings at head office, one regional office ( the Eastern Regional Office in Montreal), and one of its satellites (Sherbrooke).

When the Terms of Reference were approved in March 2007, the Government Security Policy referred to sensitive statistical information as "protected B". This included:

  • data obtained directly from respondents or from third parties in identifiable mode under the authority of the Statistics Act;
  • data holdings stripped of identifiers but held in a detail or geographical structure or format which could permit a direct relation to be established between such data holdings and identifiable units;
  • official statistical information in the pre-release stage.

During the course of the audit, it was determined that paradata2 was included in the above. This change was taken into account during this audit.

Due to operational reasons, official statistical information in the pre-release stage and statistical information in research data centres were not included in the scope. Some of these areas will be covered by other audits found in the 2008-2009 / 2010-2011 Risk-Based Audit Plan.

The audit was designed to gather data on the measures actually used to safeguard the confidentiality of sensitive statistical information, and employees’ awareness of the importance of that confidentiality. The audit was conducted at the departmental level, and at specific survey levels. Five surveys were selected, taking into consideration the collection method, collection period, survey periodicity, and survey type. They were the International Travel Survey, the Labour Force Survey, the National Longitudinal Survey of Children and Youth, the Survey of Environmental Protection Expenditures, and the Trucking Commodity Origin and Destination Survey.

The work included:

  • Conducting personal interviews with all levels of employees in the various divisions at Head Office which were involved directly with the surveys selected, or that provided the agency with central services associated with the security of sensitive statistical information;
  • Conducting personal interviews with all levels of employees at the Montreal Regional Office and the Sherbrooke Call Centre;
  • Reviewing electronic and paper files, including testing of electronic data access and encrypted laptops;
  • Conducting a sweep (physical inspection) of the Head Office locations most likely to have sensitive statistical information from the five surveys; and
  • Analyzing the results of a questionnaire sent to a sample of 59 interviewers, representing all three regional offices.

Findings, Recommendations and Management Responses

I – Physical access controls

Physical access controls include: access to buildings is restricted; access to secured areas within the premises is restricted; information is physically transmitted to, within, and outside StatCan according to approved standards; information is stored, marked and disposed of according to approved standards; physical access to servers and mainframe is restricted; and repair of computer equipment is carried out on StatCan premises by StatCan employees.

The physical access controls were working as intended. Building entrances are secured and information is kept confidential; however, opportunities exist to advance the risk management practices relating to the confidentiality of statistical information. Improving the effectiveness of the confidentiality framework requires management to focus on secured work environments and the safety of information.

Buildings are secure but secured areas within require directives

Statistics Canada’s building access controls, including those at Head Office, the Montreal regional office, and the Sherbrooke location, are effective. The system of controls includes gates, guards and video cameras, including a new security and camera system installed at Head Office in 2008, to enhance monitoring in the buildings.

The audit found that the requirements of Statistics Canada’s policy on Security of Sensitive Statistical Information are met; however, the agency is not compliant to the criteria outlined in paragraph 10.7 of the Government Security Policy relating to safeguard beyond the baseline level3. This paragraph states that "Departments must conduct ongoing assessments of threats and risks to determine the necessity of safeguards beyond baseline levels. They must continuously monitor for any change in the threat environment and make any adjustment necessary to maintain an acceptable level of risk and a balance between operational needs and security". The audit team did not find any monitoring or assessments of threats and risks to support this requirement.

Instances of controls beyond the baseline level were identified, but they are random decisions rather than risk based. For example, secured areas in the Main building are the results of other tenants occupying the premise. Additionally, the decision to secure access to divisions in the other buildings is primarily made by the director, based on perceived risks and funds available. Some areas may be facing higher risks but may not have a secured access.

As an additional control to complement secured areas with baseline level secured entrances, employees are asked to challenge unknown people in their work areas. This control might be effective in small work areas; however, in a building such as the Jean Talon where floors are large and are shared by many divisions with no recognizable perimeter between them, this control has its limitations.

Two divisions handling surveys in our sample did not have secured entrances within the building. The Labour Force Survey (LFS) was in final processing mode during the sweep that we conducted. Additionally, the Survey of Environmental Protection Expenditures was not in production, therefore it was challenging to assess whether a secured work area was necessary. In both cases, a threat and risk assessment to determine the necessity of safeguards beyond the baseline levels would be helpful to advance the risk management practices.

The agency should determine the baseline level of security required in relation to the sensitivity of data holdings. A threat and risk analysis should then be conducted to determine zones exposed to greater risks and requiring enhanced security beyond the baseline level. Based on the threat and risk analysis, areas not at high risk would continue to be protected by baseline security.

The agency faces a situation where an incident could have a significant impact. With the absence of agency guidelines on what areas should be secured beyond the baseline level, and the lack of an integrated approach to managing risks emerging from visitors, employees, other tenants, and potentially contractors, the agency exposes itself to greater confidentiality risks that could lead to loss of reputation. Considering the very high number of people working within the complex, there is a risk that someone could have unauthorised access to an area secured at the baseline level, and to sensitive statistical information.

Recommendation #1

The Assistant Chief Statistician, Corporate Services Field, should ensure that Data Access and Control Services Division (DACS) develop corporate guidelines to ensure a common approach across the agency, and assist the Policy Committee4 through the Security Coordination Committee, in determining the high risk zones by performing threat and risk assessments periodically.

Management Response and Action Plan

Management accepts the recommendation.

DACS proposes a corporate approach to establishing a standard for access control using the "progressive security zones", as per the Policy on Government Security. The standard would be used to approve additional access control devices.

This proposal will be presented to the Security Coordination Committee in the fall.

Deliverable and timeline:
Presentation of directives to the Security Coordination Committee
Results will then be presented to the Policy Committee
Director, Data Access and Control Services – Fall 2009

Safety of information

Sensitive information is physically transmitted inside and outside Statistics Canada according to approved standards, but the audit team found two issues requiring specific attention.

A "postcard" type questionnaire used by the International Travel Survey (ITS), which respondents are asked to mail once completed, is a confidentiality risk. ITS divisional employees ask respondents to complete and mail the postcard. On the postcard, it says "Confidential once completed". This process is ambiguous at best, and does not project an image of discipline and rigour when transmitting information deemed confidential. If this peculiar situation is noticed by the Canadian public, and specifically by the press/media, Statistics Canada’s reputation may be tarnished. The risk is that our respondents may perceive that we do not treat confidentiality with the attention it requires.

It is also expected that sensitive statistical information should be locked up after working hours. An audit test consisting of a sweep of selected areas was conducted after hours on January 28 and 31, 2009. The intent was to determine whether confidential material was locked up using approved containers and locks, and to ensure that keys to containers and locks were properly secured. Usage of A/B switches, and of personal digital assistants, was also verified to ensure compliance with policies.

The sweep results demonstrated that the Operations and Integration Division, which is a secured area with restricted access, was not in compliance with the expectation of adequate storage of sensitive statistical information at the end of the work day.

Management indicated that the area is secured with restricted access, and that storing all sensitive statistical information at the end of each day would be time consuming and counterproductive. Should access to the secured area be breached, there would be no mitigating controls to secure the information. In addition, within the secured area, information should only be made available on a "needs to know" basis. Management of the area is working on an implementation plan that would see the paper questionnaires scanned, with only the electronic version circulating afterwards.

Field interviewers receive strict written directives from Statistics Canada regarding the handling of confidential material such as questionnaires, laptops, and address lists, when working outside the home, and regarding the securing of this material at home. To assess the directives, the audit team conducted a survey of field interviewers. The survey results indicated that field interviewers, when outside the home, ensured the confidentiality and security of material effectively; however, the survey results also indicated that 50% of field interviewers do not lock up their material at home when completing their work day.

Re-enforcement of directives and enhanced attention is required with regards to the storage of confidential material in the home of field interviewers. Loss of sensitive statistical information by field interviewers would affect the confidence of respondents in Statistics Canada, and could prevent the department from attaining its objective.

Recommendation #2

The Assistant Chief Statistician, Social, Health and Labour Statistics Field, should ensure that the Tourism and the Centre for Education Statistics Division, in conjunction with Data Access and Control Services Division, find a solution to the visible discrepancy found on the International Travel Survey postcard.

Management Response and Action Plan

Management accepts the recommendation.

TCESD agrees that "confidential once completed" on the postcard questionnaire is illogical. Since there is no identifiable information on the completed questionnaire, we agree to drop this wording. Furthermore, the issue will disappear with the current redesign of the survey, as we will get rid of the postcard questionnaires.

Deliverable and Timeline:
Revised questionnaire
Assistant Director, Tourism and Centre for Education Statistics Division – August 2010

Recommendation #3

The Assistant Chief Statistician, Census and Operations Field, should ensure that regional office management increase the awareness of field interviewers regarding the importance of the confidential material in their possession as well as their accountability and consequences.

Management Response and Action Plan

Management accepts the recommendation.

We will revise our documentation and interviewer training materials concerning the importance of protecting documents/confidential information, and the various mechanisms to be introduced for this purpose. Accordingly, we will adjust the content of the training manual to reflect what is set out in the Code of Conduct.

When new employees receive basic training, supervisors or managers will ensure that everyone has a good understanding of his/her roles and responsibilities, as an interviewer or senior interviewer, in Statistical Survey Operations relating to confidentiality, protection of information, and security.

Using various means of communication (pamphlets, meeting with employees, etc.), we will further emphasize the importance of confidentiality and data security to employees, and reinforce their accountability with respect to managing information in the collection process.

Deliverable and Timeline:
Reinforcement of confidentiality of information
Revision of our guidelines and preparation of an action plan
Director, Regional Management Services Division - Fall 2009

Implementation
Regional Directors - Winter 2010

Recommendation #4

The Assistant Chief Statistician, Census and Operations Field , should ensure that Operations and Integration Division store the confidential material at the end of the day.

Management Response and Action Plan

Management accepts the recommendation.

OID is in the process of removing the risk for paper questionnaires by moving our imaging equipment to a secured room, with the plan to image all questionnaires at this entry location. Paper questionnaires would then be moved to secure storage until they can be disposed of appropriately. The equipment is to be moved the fall of 2009, and a schedule for converting all paper surveys to digital images will be prepared. This process should be completed within 1 year. All access to questionnaires will be via digital images in the content management system FileNet where access is tightly controlled.

Deliverable and Timeline:
Digital images of all questionnaires
Director, Operations and Integration Division - September 2010

II – Electronic access controls

Electronic access controls include: workstations and servers are configured with access controls; information is transmitted electronically within and outside Statistics Canada according to approved standards; storage of information on removable storage media follows ITSD approved security procedures; information is processed, stored, accessed or transmitted only on Network A; all portable computers have full storage encryption approved by ITSD; and computers are sanitized before disposal using ITSD approved methods.

The audit team observed that workstations and servers have electronic access controls maintained by the Informatics Technology Services Division (ITSD); however, monitoring performed by the divisions to grant or remove permissions is performed sporadically. Furthermore, the audit found that only 75% of non-interviewer laptops had the approved encryption program installed.

Workstations and servers have access controls

ITSD electronically maintains access to workstations and servers; however, the authority to grant and/or remove accesses is the responsibility of the divisional directors. The audit team observed that the managerial monitoring to grant or remove access permissions to workstations and servers vary from one division to the next. Consequently, the monitoring of electronic access to workstations and servers is performed sporadically.

The process for granting permissions is efficient, and runs well. Improvements are required in the removal of permissions when access is no longer required. In most cases, those responsible for removing access rely on the employees who originally asked for access to inform them of changes. Controls are effective for employees leaving their division, but the controls become ineffective for service area users, and other users from outside the division. Management monitoring, consistent with processes in place for the Labour Force Survey (LFS – identified further in this section), would improve the monitoring and risk management of confidential files.

The audit team identified a best practice within the LFS management of access rights. LFS managers assess the electronic files according to risks and confidentiality. Very few employees have access to the most confidential files. To gain access, a request must be submitted through the case management system, and an authorization form signed by the director is required. Upon submitting the request, a password to access the files is issued. Permissions to access the LFS confidential files are given for a three month period, and monitoring of access rights to servers is performed continuously.

Recommendation #5

The Assistant Chief Statisticians, Corporate Services Field and Informatics and Methodology Field should ensure that:

  • Data Access and Control Division, in conjunction with Informatics Technology Services Division, issue clear guidelines relating to the sensitivity of data and the management of permissions to access servers/shared folders;
  • Informatics Technology Services Division will continue to grant and remove access when requested to do so, and to develop tools to further automate this process.

All the Assistant Chief Statisticians must ensure that the guidelines are implemented.

Management Response and Action Plan

Management accepts the recommendation.

Divisional directors are responsible for the implementation of the need to know principle regarding file access. DACS, in collaboration with ITSD, will develop a set of guidelines regarding file access management. DACS will communicate these guidelines to divisional directors. This should be completed by the end of December 2009.

ITSD will continue to grant and remove access to servers and shared folders as per the divisional requests.

ITSD will automatically reset permissions and group access when an employee changes division.

Deliverable and timeline:
Guidelines sent to divisional directors – December 2009
Director, Data Access and Control Division
Director, Informatics Technology Services Division

Installation of Encryption Programs on Portables

Statistics Canada has a directive to have an encryption program installed on all portables. The audit team expected to find the ITSD approved encryption program (Pointsec technology) installed on all portables.

During the conduct of interviews with the LAN administrators and departmental IT security, the auditors were informed that most portables had the encryption program installed. A further audit test was conducted on a judgmental sample of portables. The test results indicated that the majority of portables in the sample had the encryption program installed. Further interviews were conducted with representatives of the departmental IT security; additionally, a comparison of the departmental portable key file with AMMIS (the inventory system) was performed. The results indicated that only 75% of non-interviewer portables have the program correctly installed. It should be noted that all interviewer portables have the encryption program installed. The auditors verified if the encryption program could be deactivated by the employees. The test results demonstrate that the encryption program cannot be deactivated or removed by the employees. IT security has sent an e-mail to directors asking for their support in this matter.

A breach of confidentiality may occur should a portable without an encryption program and containing confidential information be lost.

Recommendation #6

The Assistant Chief Statistician, Informatics and Methodology Field, should ensure that Informatics Technology Services Division security monitor the progression of the installation of the Pointsec technology on laptops, and report the results to the Security Coordination Committee on a quarterly basis until full compliance is achieved.

Management Response and Action Plan

Management accepts the recommendation.

The Statistics Canada laptop inventory can be divided into two broad categories: Those for use by interviewers in the field, and non-interviewer laptops. The interviewer laptops are managed and maintained by Collection and Planning Management Division (CPMD); and as part of their deployment process, all the laptops are encrypted.

Non-interviewer laptops are maintained by the ITSD Enterprise Desktop Support Section (EDSS). As of July 2009, 84% of these laptops were reported compliant and had their encryption recovery file recorded in ITSD. As for the remainder of the laptops, they are either not encrypted, or they are encrypted and their encryption recovery file simply had not been reported. The following action plan is proposed to address those.

The general tasks include locating each of the laptops, making sure they are encrypted, and copying over the recovery file. The AMMIS system will be used to identify the active laptops. The ITSD EDSS group will work with each Field, and identify a Field representative that will be responsible for ensuring compliance. Reports will be provided to Field representatives to monitor progress.

The Director of ITSD will report to the Security Coordination Committee on a quarterly basis on the progress made on compliancy.

Deliverables and timeline:
Monitoring reports for Field representatives – December 2009
Quarterly report to Security Coordination Committee - Ongoing
Director, Informatics Technology Services Division

III – Personnel controls

Information on confidentiality is regularly communicated to all employees.

Statistics Canada uses a variety of methods to promote security and confidentiality of statistical information. These include training, manuals, e-mails, articles in the @statcan, special events, and posters. The audit team found that the methods used to communicate to departmental and Regional Operations Branch employees in order to promote security and confidentiality are effective. Interviews conducted with employees located in Ottawa, and in the Regions, indicated that security and confidentiality is understood by employees.

The evidence collected indicated that personnel controls are in place and are effective. Accordingly, recommendations are not necessary.

IV – Operational controls

Personal identifiers are removed from statistical master files as soon as no longer required, and breaches of confidentiality are reported to the Chief Statistician.

The audit team expected to find that personal identifiers are removed from statistical master files. The audit test conducted indicated that social surveys identifiers are removed early in the process, while economic surveys personal identifiers are removed much later. Auditors were concerned with this issue and probed further. It was established that economic surveys’ personal identifiers are required throughout the analysis stage, but they are removed when no longer necessary.

There are many sources of information instructing employees to report potential breaches of confidentiality. This includes the 2007 Policy on the Security of Sensitive Statistical Information, the Security Practice Manual, chapter 2 (revised in summer of 2007), and the Confidentiality Awareness Web Site.

Regionally, the risk of having a breach of security is much higher during the collection phase. The audit team found evidence that clear procedures exist to report a breach of security. Interviewers and senior interviewers receive written instructions on how to report any lost confidential material, including reporting the loss or theft of laptops immediately. Ultimately, the regional director is informed, and corrective measures are taken. The audit team observed documented corporate files relating to confidentiality breaches. The procedures in place were followed, and appropriate correctives measures were implemented.

The evidence collected indicated that operational controls are in place and are effective. Accordingly, recommendations are not necessary.

Appendix A

Audit Criteria
Objectives Audit criteria
Physical access controls 1. access to buildings is restricted
2. access to secured areas within premises is restricted
3. information is physically transmitted within and outside StatCan according to approved standards
4. information is stored, marked and disposed of according to approved standards
5. physical access to servers is restricted
6. repair of computer equipment is carried out on StatCan premises by StatCan employees
Electronic access controls 7. workstations and servers are configured with access controls
8. information is transmitted electronically, within and outside Statistics Canada, according to approved standards
9. storage of information on removable storage media follows ITSD approved security procedures
10. information is processed, stored, accessed or transmitted only on Network A to prevent unauthorised access from the public
11. all portable computers have full storage encryption approved by ITSD
12. computers are sanitized before disposal using ITSD approved methods
Personnel controls 13. information on confidentiality is communicated regularly to all employees
Operational controls 14. personal identifiers are removed from statistical master files and stored separately from master files as soon as they are no longer required for data processing
15. breaches of confidentiality, should they occur, are reported formally to the Departmental Security Officer who informs the Chief Statistician

 

Appendix B

 

Acronyms
AMMIS Automated Materiel Management Information System
CAPI Computer Assisted Personal Interview
CATI Computer Assisted Telephone Interview
DACS Data Access and Control Division
DARS Data Access Request System
EDSS Enterprise Desktop Support Services
ITS International Travel Survey
ITSD Informatics Technology Services Division
LFS Labour Force Survey
NLSCY National Longitudinal Survey of Children and Youth
OID Operations and Integration Division
PAPI Paper and Pencil Interview
RO Regional Office
SEPE Survey of Environmental Protection Expenditures
StatCan Statistics Canada
TCOD Trucking Commodity Origin and Destination Survey

 

Note

 

  1. Acronyms are defined in Appendix B
  2. Paradata is information related to a statistical data collection or production process that is linked to an identifiable person, business or organization. Usually this is the type of information that is useful to interviewers (i.e. best time to call, type of respondent, etc.)
  3. The baseline level for Statistics Canada consists of the perimeter security, which includes cameras, guards and gates.
  4. Committee structure is a critical aspect of governance at Statistics Canada. Issues are first discussed at a management committee such as the Security Coordination Committee. The Security Coordination Committee Chairperson(s) will then present the results of the deliberations to the Policy Committee which will render a decision if required. The Policy Committee is chaired by the Chief Statistician and oversees all the committees.

Appendix A
Criteria and Related Controls

Audit Objectives Criteria Control Objectives
1. Ensure that the inventory of capital assets on hand is complete Proper reporting of inventory

Reports are mathematically accurate and coded properly		 Inventory is in place capturing active and non-active assets

Inventory is keep up-to-date reflecting additions and removals

Physical inventory is verified for existence

Coding errors are detected through supervisory review or
reconciliations

Transposition errors or inaccurate entry is detected through supervisory review or reconciliations

Proper measures are in place to correct errors such as correcting journal entries or policy revisions
2. Ensure that controls are in place to safeguard assets from theft or unauthorized access Security in place to protect assets

Proper authorization in place		 Items are identified and tagged

Guards can detect theft of assets at turnstiles

Merchandise is stored in safeguarded areas with adequate locks, cameras and security card access at loading docks

Only authorized people have access to items stored in cages

Access to inventory information is protected with security codes such as passwords and User ID

Hardware is maintained on a regular basis (specifically laptops)

Transactions are authorized via delegation of authorities at each phase of the life cycle

Proper authorities are signing at each threshold

Proper delegation of authorities (segregation of duties) are used where one person will sign off based on Section 33 and another will sign off based on Section 34
3. Ensure that efficient procedures are in place to determine the value, including improvements, amortization and estimated useful life of capital assets Documentation of a life cycle

Proper handling of transactions from accounting point of view		 Life cycle is captured over timeline from A to Z and timeline fits asset class

Assets are properly categorized (i.e. pooled or non pooled)

Assets are properly recorded in accounting ledgers

Assets are properly amortized

Assets are properly disposed of
4. Ensure that procedures in place within Statistics Canada for capital assets are in accordance with TBAS 3.1 - Capital Assets. Compliance with TBAS 3.1 - Capital Assets and with Statistics Canada Policy (Draft) on Internal Controls Proper timelines are reported

Assets are recorded at historical value and transactions are entered for acquisition, disposal, amortization, improvement and impairments of assets

Audit of Central Regional Office (Toronto) Administrative Processes

Final report
Original Report Approved by Internal Audit Committee on August 30, 2006
Addendum Approved January 18, 2008

Internal Audit Division
December 2005

Auditor's statement

We have completed the Audit of Central Regional Office (Toronto) Administrative Processes. The objective was to assess the degree of compliance of financial and human resources processes and practices and other general administrative processes and practices with relevant Government of Canada and departmental regulations, policies and directives. We examined the following areas: accounts payable; interviewer pay; travel, including the use of individual travel cards; procurement; inventory control, namely compliance with the Automated Material Management Information System (AMMIS); selected physical security elements, for example, access controls and the application of basic security measures; human resources (HR) staffing including file documentation; HR modernization training; and information technology (IT) access control. As the same management team is responsible for administrative practices and procedures in both Toronto and Sturgeon Falls, the audit was conducted in Toronto only. This audit concentrated on regular regional office activities and excluded the 2006 Census operations.

This internal audit was carried out in accordance with the Internal Auditing Standards for the Government of Canada. Key activities during the conduct of the audit carried out from November 21 to December 2 in Toronto, focussed on the regional office’s financial, human resources and other administrative operations. The auditors interviewed approximately 30 Statistics Canada employees, 11 interviewers and one security guard, observed practices and reviewed documents.

In examining selected regional office’s financial and human resources processes and practices and other general administrative processes and practices with relevant central agency and departmental regulations, policies and directives, we are satisfied that the areas examined are mainly in compliance. In a few areas, however, the findings indicate that there is a moderate level of risk to the organisation. These include: the lack of evidence that a best price was sought when using Local Purchase Orders (LPO) (page 8); the storage of Protected B information (page 11), and; the management of A/B switches (page 12). The audit report presents recommendations for all the findings identified by the auditors. Managers of the Central Regional Office prepared an action plan to address all recommendations (Appendix B). An audit team will monitor the progress of this plan and report back to the Internal Audit Committee.

These conclusions are based on the assessment of findings against pre-established criteria agreed to by the Internal Audit Committee in October 2005 and reflect the audit work conducted principally between November 21 and December 2, 2005.

The audit team was comprised of Mylène Belzile, Maria Escobar Rivera, Johanne Grégoire, Bev Prentice, Fadi Hélou and Jacques Lepage, who was the principal auditor.

In our opinion, sufficient and appropriate audit work has been performed and evidence gathered to support the conclusions contained in this audit report.

Background

Regional office audits have been conducted in Statistics Canada on a rotating basis since the mid-nineties. Regional offices, like our Head Office, process financial, human resources and administrative activities. The delegation of signing authority chart reflects the unique nature of the regional offices.

From a data collection perspective, the regions (Eastern Region, Central Region and Western Region and Northwest Territories) are responsible for the management of survey operations in eight centres: Halifax; Montreal, Sherbrooke; Toronto, Sturgeon Falls; Winnipeg, Edmonton; and Vancouver. This is done through the hiring, maintaining, training and scheduling of a workforce capable of handling a wide range of continuing and ad hoc surveys; providing cost estimates; providing advice and guidance on local situations; providing and maintaining respondent relations; managing the day-to-day collection operations including expanding and contracting the interviewer workforce as required; keeping within cost, quality, and timeliness objectives; maintaining samples; maintaining local offices; monitoring data quality; and collaborating with Survey Operations Division (SOD) in identifying ways and means to improve survey data collection.

The regions are one of the two main collection arms of the Agency. As such the regions provide a service vital to Statistics Canada's mandate which is to provide Canadians with objective and non-partisan statistics and statistical products, services and analyses on Canada’s economy and society which are relevant, responsive to emerging issues, fulfilling legal requirements and are of high quality. The regions provide data collection services to several divisions responsible for economic and socio-economic surveys.

The Central Regional Office is comprised of the Toronto centre, which also provides administration services for this region, and the Sturgeon Falls centre.

Before initiating the Central Regional Office (Toronto) audit, items audited in previous regional office audits were assessed in consultation with managers from the Communications and Operations Field as well as financial management and human ressources management in terms of threats and risks to the organization. Most financial items included in previous audits have been maintained. New items added to the list cover HR issues.

Objective

The objective of this audit was to assess the degree of compliance of selected financial and human resources management and other general administrative processes and practices with relevant central agency and departmental regulations, policies and directives.

Scope

The audit examined processes and practices followed by the Central Regional Office to ensure that selected financial, human resources and administrative activities comply with Government of Canada regulations, policies and directives as well as with Statistics Canada policies and directives. Areas examined include: accounts payable; interviewer pay; travel, including the use of individual travel cards; procurement; inventory control, namely compliance with the Automated Material Management Information System (AMMIS); selected physical security elements, for example, access controls and the application of basic security measures; HR staffing including file documentation ; HR modernization training; and IT access control. As the same management team is responsible for administrative practices and procedures in both Toronto and Sturgeon Falls, the audit was conducted in Toronto only. This audit concentrated on regular regional office activities and excluded the 2006 Census operations.

Approach

This audit was guided by criteria and review frameworks based on Treasury Board audit guides and analysis. An audit plan was developed and included detailed activities for all components identified within scope.

The auditors made use of administrative databases (e.g. Common Departmental Financial System (CDFS), Automated Material Management Information System (AMMIS), Survey Operations Pay System (SOPS)). The auditors interviewed financial, human resources and administrative staff in the Central Regional Office (Toronto). The test of compliance, in some cases, involved selecting and reworking adequate samples (e.g. travel claims, accounts payable, acquisitions) and recording results on the corresponding data collection tools. The work also involved inspecting files (mainly paper) to ensure that the proper documentation was maintained. Various visual inspections (e.g. work area, procedures, bulletin boards) were also conducted. With respect to security, the auditors conducted interviews with a sample of employees and on-site inspections of the physical security arrangements. Upon their return, personnel screening was conducted in the Head office security office and a review of travel card holders was conducted with the help of administrative files.

Before leaving the Toronto office, the auditors discussed the preliminary findings with the Regional Director and the Management Services and Informatics (MSI) Manager (also acting Assistant Regional Director, Operations).

To ensure that the scope of the audit was properly covered, the audit plan was comprised of a number of sub-objectives. These were:

  • To ensure that accounts for payment and settlements are verified in a cost effective and efficient manner while maintaining adequate controls
  • To ensure that procurements of goods or services are made in the most cost efficient manner while maintaining proper financial controls
  • To ensure that travel is effectively managed and controlled
  • To ensure the economical and efficient use of individual travel card (ITC)
  • To ensure that inventories are properly managed
  • To ensure that interviewer pay is properly managed
  • To ensure the security of regional employees, information and assets
  • To ensure that staffing for open and closed competitions are in accordance with Section 10 of the Public Service Employment Act, that acting appointments and extensions are in accordance with Section 7 of the Public Service Employment Regulations and that term extensions were made pursuant to Section 7 of the 2003 Term Employment Policy
  • To ensure that key STC Staffing Guidelines for Statistical Survey Operations have been applied for hiring interviewers from outside, for promotions from interviewer to senior interviewer and for acting assignments and extensions of Statistical Survey Operations (SSO) employees.
  • To ensure that managers and HR personnel are being prepared for the introduction of HR Modernization

The sub-objectives, their accompanying criteria and results are listed in Appendix A.

Results

Overall, the audit confirmed within the defined scope that the Central Regional Office (Toronto) financial and human resources processes and practices and other general administrative processes and practices are mainly in compliance with relevant central agency and departmental regulations, policies and directives. In a few areas, however, the findings indicate that the organisation could be at risk. The findings include:

  • The auditors found no physical evidence that the best prices were obtained when using LPOs. We expected to find at least two quotes in the files. There were none, so it was impossible to know if the best price was sought (page 8).
  • The users of A/B switches had not signed the declaration. We did not find an A/B switch on machines that would normally contain confidential information but there were no signed declarations by the users (page 12).
  • Protected B information must be stored carefully after working hours and according to proper practices. We noticed survey and personnel-type information not stored securily after working hours (page 11).

All the findings are discussed in greater detail in the findings and recommendations section of this report.

Some of the sub-objectives examined for travel, the use of individual travel cards, and HR modernization training were found to be fully compliant.

Findings and recommendations

The criteria used for the audit are listed by sub-objective in Appendix A. In this section of the report, findings and recommendations are presented by groupings of sub-objectives. The report only presents findings that are accompanied by recommendations.

Accounts payable and procurement

Many criteria in these two sub-objectives were analyzed with the help of samples of transactions that were run through templates. The samples were selected at random within stratified lists.

Results of the samples run through the template are presented in the following tables. Please note that only the criteria that were verified with the template and that were not 100 percent compliant are shown (a complete list of the criteria can be found in Appendix A). Recommendations often group more than one criterion and are presented after the description of findings.

Accounts payable

A number of criteria measured with the help of the template were found to be 100 percent compliant. These include:

  • The documentation shows compliance with section 34 (signed by officer with delegated authority)
  • Financial coding is correct (FRC, authority, line object, and project code match the section 34 stamp)
  • Invoices for payment received in the mailroom are date stamped and promptly forwarded to finance where they are stamped again.
  • Invoices are matched to purchase order forms to verify that prices match those quoted in the purchase order.
  • PST exemptions are taken and GST calculation is correct.
  • Requests for payment are signed off by Financial Officer under sect 33 of the Financial Administration Act (FAA). No person shall exercise signing authority pursuant to both section 33 and 34 of the FAA with respect to a particular payment.
  • Payments are promptly processed through CDFS by Finance. Cheques should be sent to the employee's home address or company's direct address.
  • Transactions must follow a logical flow (i.e. purchase order, application & appraisal forms dated before invoice date).

Other criteria, not measured with the help of the template, were also met. These include:

  • Signature forms showing delegated authorities are maintained and kept in a locked cabinet. The new forms must be filled and signed by October 31, 2005.
  • Access to supplier files is restricted and files are kept under lock and key
  • Acquisition cards monthly statements are reconciled with individual purchases and paid promptly to avoid payment of interests.
  • There is a separate file maintained for the acquisition card.
Criteria in the following table were not compliant
Criteria (criteria number in Appendix A) Compliant (N) Total (N) Percent compliant
Acquisitions are signed off by officer with delegated authority1. (1.2) 23 33 70
The release date of the payment should be 30 days after the receipt of the invoice (right away for employees), or acceptance of the goods/service, whichever is later. The invoice should be date stamped upon receipt and when payment is processed. The invoice receipt date should match CDFS receipt date. (1.10) 6 40 15
Files of all suppliers are maintained and contain all supporting documents for all acquisitions (Order form (including Local Purchase Order (LPO)), Invoice, Bill of Lading, Packing Slip with evidence that it was verified). (1.11) 23 33 70
Invoice date and number are entered correctly on CDFS. (1.16) 6 40 15

These findings and associated recommendations are discussed after the procurement sub-section.

Procurement

A number of criteria measured with the help of the template were found to be 100 percent compliant. These include:

  • Standing offers or contracts if amount exceeds $5K for goods and $25K for services have been negotiated with principal suppliers
  • Invoices or packing slips when separate are verified for accuracy of quantities and quoted prices
  • Managers sign off under sect. 34 confirming receipt of goods or services
  • Stamped invoices and packing slips are promptly forwarded to Finance for payment

Other criteria, not measured with the help of the template, were also met. These include:

  • There is a designated officer responsible for all acquisitions
  • Procedures exist for the receipt and verification of goods or services received
  • Refer to payables criteria for Finance responsibilities prior to payment
  • There is designated co-ordinator for the use of acquisition cards (Master Card) who is not the purchasing officer. The cards are in the name of current employees within the administration unit and must be used by the cardholder only for official government purchases only and must be kept in a secure location with controlled access when being used.
  • The co-ordinator is fully responsible for all acquisitions using the card and there is a signed agreement to that effect. Each cardholder must sign a written acknowledgement.
  • A separate log or inventory exists for all acquisitions made by LPO, standing offer and acquisition card.
  • The card is not used for certain type of acquisitions specified by TB Policy e.g. travel related expenses, repairs, cash advances or interdepartmental transactions (this was verified with Sub-Objective 1 Accounts payable).
  • Payments to the credit card company are made promptly to avoid interest payments.
Criteria in the following table were not compliant
Criteria (criteria number in Appendix A) Compliant (N) Total (N) Percent compliant
When Local Purchase Orders (LPOs) are used, there is evidence that the best prices were obtained (4.3) 0 15 0
Internal request forms and LPOs are signed by officer with delegated authority2 (4.4) 23 33 70

Acquisitions (including with Local Purchase Orders (LPO)) not always signed by officer with delegated authority (criteria 1.2, 1.11 and 4.4 in Appendix A)

The MSI and the financial officer stated during their respective general interview that internal request forms and LPOs were signed by an officer with delegated authority or that an e-mail was sent to the purchasing officer. The purchasing officer stated the same thing but admitted that he did not keep a copy of the e-mail in his files (either electronic or paper). This was confirmed by the sample analysis (see template results above).

In 10 cases (30%), there is no evidence on file of an internal requisition form, a Local Purchase Order (LPO) signed by an employee with delegated authority under section 32 of the FAA or an e-mail sent to the purchasing officer. In the case of the print shop, the current procedures are not congruent with requirements. Currently, print jobs are ordered on an ongoing basis, often more than once a day and records are not kept of the quoted prices or of the approval by an officer with delegated authority.

Recommendation 1: The MSI manager should establish proper acquisition procedures to ensure that an officer with delegated authority signs an acquisition form or sends an e-mail before any acquisition is made.

Invoices almost always paid before 30 days (criteria 1.10 and 1.16 in Appendix A)

We found that there was no problem with payments due to employees or with the application of stamps on the invoices. All invoices contained the proper stamps. The travel sample indicated that the employees travel claims are processed when received in the finance section of the regional office as they should be. Other employee claims, such as petty cash, were also handled in a timely fashion by the financial section.

However, invoices from suppliers are almost always paid before the required 30 days (85%). The invoice receipt date seldom matched the CDFS receipt date. Suppliers are paid before the required 30 days, contrary to the Policy on Payment Requisitioning and Payment on Due Date. In order for this to happen, the invoice date must be incorrectly entered in CDFS. This is done deliberately. Originally, this procedure was applied so that suppliers, especially small ones, get paid before 30 days. However, the evidence shows that now this practice extends to all suppliers (small and large).

Recommendation 2: The Director should take immediate steps to stop the early payment practice. He should ensure that clear procedures are in place that respect the 30 day release date for payments required under the Policy on Payment Requisitioning and Payment on Due Date and he should monitor the situation to ensure that this has been corrected.

No evidence that the best prices were obtained when using LPOs. (criterion 4.3 in Appendix A)

We expected to find at least two quotes per purchase in the files. The files did not show any quotes. LPO transactions did not have any bid documentation or any evidence that the best price was researched. Both the MSI and the financial officer stated during their respective general interview that bids were being sought when using LPOs. The purchasing officer stated the same thing, but he admitted that he did not keep this information in his files (either electronic or paper). This was confirmed by the sample analysis (see template results above). 

Recommendation 3: The MSI manager should establish a set of procedures that would ensure that the best prices are obtained when using an LPO. The results of this process must be kept on file. Such procedures could include the pursuit of bids for each LPO. The MSI manager must also monitor the situation regularly to ensure that these new procedures are followed and that the problem has been corrected.

Inventories

A number of criteria were fully met. These include:

  • An officer is identified as being responsible for the safe custody of the inventory of high value items and there is formal acceptance of that responsibility.
  • Periodic stocktaking is performed
  • Inventories are properly safeguarded

Accurate records not maintained for all items in the inventory and written procedures lacking (criteria 5.2 and 5.6 in Appendix A)

Inventory for which there are screen charges (PC) or which are important to manage from an operational point of view (laptops) are accurately recorded, as are monitors which generally work in conjunction with PCs. Inventory for A/B switches is not maintained and this represents a security concern which will be discussed with security findings below. The printer inventory is not accurate.

AMMIS is the only inventory used for non-computer items and locally-acquired items are not reliably entered. Accurate records are not maintained for this part of the inventory as a number of items do not have a C number. The persons responsible for maintaining inventory items do not have access to AMMIS.

Recommendation 4: We recommend that the MSI manager provide the individuals responsible for inventory items (both computer and non-computer) with written procedures and Read-only access to AMMIS should also be provided. In the case of non-computer inventory, the procedures should include a step that requires obtaining a C number before any equipment is deployed. The MSI manager should regularly monitor and provide feedback as required to the persons responsible for inventory items.

Interviewer pay

A number of criteria were fully met. These include:

  • Managers conduct a verification of pay and expense claims (section 34 of FAA) before forwarding to finance
  • Financial officer is exercising its responsibility to ensure that a system of account verification exists
  • There is a process to follow up on overpayments (to do so requires an accurate records system and capacity to identify errors)
  • Expense elements of interviewer pay correspond to the appropriate line items in CDFS

Tighten interviewer pay procedures for data collection managers (DCM) (criterion 6.1 in Appendix A)

We found written procedures and directives related to the method to process an interviewer pay claim. For example, there is a draft SOPS (Survey Operations Pay System) User Guide, dated December 2004 that explains the technical steps. It is not however designed to address section 34 responsibilities. There is also an ROB procedure for the payment of overtime. We were shown the PWGSC on-line pay site used by regional HR compensation advisors as a key tool.

One cannot write a standard recipe for all DCM to follow—there isn’t a mechanical set of steps that will apply generally. However, there should be procedures to remind DCM of their responsibilities. As a minimum, it should contain basic checks to perform when verifying pay claims. 

Different levels of authorization exist in SOPS (recommendation by senior interviewer, approval by DCM, review by project managers (PM4)) and various edits are built in the process. There seems to be enough checks to satisfy the requirements and assure the financial officer that section 34 is being handled properly. However, there are no written directives covering this issue.

Recommendation 5: Regional Office Branch (ROB) should prepare guidelines for data collection managers (DCM) on their section 34 responsibilities and for the financial officer regarding section 33 and interviewer pay.

Physical security

A number of criteria were fully met. These include:

  • Emergency numbers are posted in central locations where staff can easily find them
  • Strangers are challenged
  • Staff members wear their ID according to security directives
  • Procedures are in place to ensure that employees do not receive a user ID granting access to Network A or confidential information until personnel screening is completed
  • A Committee on Occupational Safety and Health is established and is operational Meetings are conducted on a regular basis
  • There are trained personnel on first aid and their names are posted
  • Fire extinguishers are in place and there are signs clearly indicating their locations
  • Employees have been trained on the procedures to follow when the alarms go off
  • Signs are posted indicating the location of emergency doors which are easily accessible

Storage of protected B information (criterion 7.4 in Appendix A)

Security measures described in the Security Practices Manual are not always applied when it comes to storing protected B files after hours. While the risk of outsiders seeing protected information is low because of perimeter security, access to information is on the basis of a "need to know", which is respected when documents are properly stored. Confidentiality is a key value for all Statistics Canada employees who have to protect information received from respondents as well as any other protected information.

We noticed that protected B files (e.g. survey data, personnel-type) were left on desks after employees had left for the day. Some cabinets were unlocked overnight and some employees with offices with doors choose not to lock them, even though protected information is kept in the office and not stored in cabinets. Regarding personnel-related information, the Human Resources section is located in the MSI area which has controlled access, but personnel files should not be left unlocked overnight. This type of information should be treated with the same care as survey data.

We also noticed that all the filing cabinets used to store protected B information are not meeting the standards described in the Security Practices Manual.

Recommendation 6: The Regional Director takes action to ensure that employees appropriately secure protected B data after hours, whether this is information provided in confidence, sensitive statistical information or other types of protected information such as personnel files. We also recommend that the RO either purchase a number of filing cabinets suitable for storing protected B information or consult with HO security to see how the present cabinets can be retro-fitted to meet security requirements.

Personnel screening falls short (criterion 7.7 in Appendix A)

As part of the physical security sub-objective, personnel screening was reviewed. The criterion is taken directly from the Government Security Policy. This can be considered as a follow-up to the 2002 Personnel Screening audit that covered the entire department.

During the current audit, on the employee side, we concentrated on new hires over the past year (November 2004 to November 2005) excluding Census employees. There were 18 names on our list and our findings indicate that 3 of these employees started to work without a valid security clearance. In addition, only one of the three signed the security clearance form before starting to work. The two others signed their forms after their first day of work (one and ten days).

For interviewers, the same time period was used and is summarized:

  • No security clearance
  • Obtained after starting work
  • Compliant
  • File not located
  • Total
  • 6
  • 38
  • 48
  • 1
  • 93

The results indicate that 44 (6+38) out of 93 interviewers, or 47%, did not comply with the Government Security Policy at the time of the audit. This can be considered as an improvement over the results of the 2002 Personnel Screening Audit, but requires some specific action to rectify the situation.

The risk to the agency is that someone without proper security clearance is hired. The degree of risk is not high, but could become a problem in the long run if rules are not adhered to. Should an event occur, the impact on the reputation of Statistics Canada could be significant.

Recommendation 7: The director should introduce procedures to ensure that employees and interviewers be security cleared before they start working for the RO. This should be monitored on an ongoing basis to ensure full compliance.

Conditions for A/B switch use should be improved (criterion 7.9 in Appendix A)

The MSI manager noted that all requests for A/B switches must be approved by a senior manager and that the distribution was very limited. During inventory work, we did not find an A/B switch on machines that would normally contain confidential information.

We were told that employees who use A/B switches are not required to sign a declaration in advance. This declaration is required as described in the EDP Security Policy, Appendix A section 11 ii. There is no list of who has an A/B switch within the RO.

Having signed declarations shows that employees understand their obligations and a complete list of who has switches helps ensure that they are not left inadvertently where they do not belong.

Recommendation 8: The IT manager should maintain a list of A/B switch users and declarations should be filled out in accordance with the EDP Security Policy, Appendix A section 11 ii. This practice should be monitored on an ongoing basis.

Staffing under the Public Service Employment Act (PSEA)

The following was met but documentation can be improved (see below):

  • Open and closed competition files contain all the key documents listed in the PSC Staffing Manual, Chapter 8. Key documents are duly completed and signed and show evidence that a process took place to apply relative merit, pursuant to the PSEA, section 10 (1). Gate-keeping and Senior Personnel Review Committee (SPRC) approvals have been obtained when necessary.

Documentation can be improved for open and closed competitions (criterion 8.1 in Appendix A) and files on actings, actings extensions and term extensions are hard to locate (criteria 8.2 and 8.3 in Appendix A)

For closed and open competitions, we found most of the evidence required to demonstrate that processes have been carried out properly.

However, steps that managers are to carry out are not always done; for example, signing board member statements and screening selection forms, and in one case, documenting that a candidate met qualifications even though that person was the only candidate.

Recommendation 9: The HR function should not issue competition results before all required documents are received from managers.

For other forms of PSEA staffing - term extensions, acting appointments and acting extensions - we are not able to draw a conclusion since an insufficient number of staffing files in our sample could be located. We found that the filing system is not in good order due to moves and scarce resources being placed on priorities such as current staffing actions, including census staffing.

Recommendation 10: The HR manager should ensure that the filing system is put into proper order and maintained.

Staffing under the Statistics Act for Statistical Survey Operations (SSO) (criteria 9.1 and 9.2 in Appendix A)

We expected to find that competitive processes in keeping with the merit principle are being used for employees hired under the Statistics Act, and that interviewers hired had passed a selection test. We found that the interviewer selection test is administered and that qualified candidates obtained at least 65%. However, we were unable to locate enough of the information required to draw a conclusion on the extent to which SSO competitive processes have taken place to establish merit. What we were told indicates that the merit principle is being applied, but there is insufficient evidence on which to base a conclusion.

Our difficulties stem from the fact that there are no centralized staffing files and standards about information to be kept on file for employees hired under the Statistics Act, similar to those that exist for public servants hired under the Public Service Employment Act.

Recommendation 11:  The Assistant Director, Operations should create and maintain a central filing system and associated procedures for SSO staffing actions. Doing this in conjunction with Regional Office Branch headquarters would foster consistent standards across regional offices.

There have been changes in the HR employee complement and responsibilities since many of these staffing actions were completed. This, coupled with file location problems and the desire of the director to ensure that staffing is carried out according to standards, as well as an invitation by the director to return, suggests that Internal Audit Division should consider more audit work in this area in its next multi-year audit plan.

Appendix A

Criteria by sub-objective and result

Sub-objective 1: To ensure that accounts for payment and settlements are verified in a cost effective and efficient manner while maintaining adequate controls
Criteria Summary result
1.1 Signature forms showing delegated authorities are maintained and kept in a locked cabinet. The new forms must be filled and signed by October 31, 2005. Yes
1.2 Acquisitions are signed off by officer with delegated authority. Not met.
(see recommendation (rec 1)
1.3 The documentation shows compliance with section 34 (signed by officer with delegated authority) Yes.
1.4 Financial coding is correct (FRC, authority, line object, and project code match the section 34 stamp) Yes.
1.5 Invoices for payment received in the mailroom are date stamped and promptly forwarded to Finance where they are stamped again. Yes.
1.6 Invoices are matched to purchase order forms to verify that prices match those quoted in the purchase order. Yes, when a purchase order is present. (see criterion 1.11)
1.7 PST exemptions are taken and GST calculation correct. Yes.
1.8 Requests for payment are signed off by Financial Officer under sect 33 of the FAA. No person shall exercise signing authority pursuant to both section 33 and 34 of the FAA with respect to a particular payment. Yes.
1.9 Payments are promptly processed through CDFS by Finance. Cheques should be sent to the employee’s home address or company’s direct address. Yes.
1.10 The release date of the payment should be 30 days after the receipt of the invoice (right away for employees), or acceptance of the goods/service, whichever is later. The invoice should be date stamped upon receipt and when payment is processed. The invoice receipt date should match CDFS receipt date. Not met. (see rec 2)
1.11 Files of all suppliers are maintained and contain all supporting documents for all acquisitions (Order form (including LPO), Invoice, Bill of Lading, Packing Slip with evidence that it was verified). A unique CDFS ID must be recorded on the invoice. Not met. (see rec 1)
1.12 Transactions must follow a logical flow (i.e. purchase order, application & appraisal forms dated before invoice date). Yes.
1.13 Access to supplier files is restricted and files are kept under lock and key Yes.
1.14 Acquisition cards monthly statements are reconciled with individual purchases and paid promptly to avoid payment of interests. Yes.
1.15 There is a separate file maintained for the acquisition card Yes.
1.16 Invoice date and number are entered correctly on CDFS. No, date entered to effect early payment. (see rec 2)

 

Sub-objective 2: To ensure that travel is effectively managed and controlled
Criteria Summary result
2.1 All travel is approved in advance and signed by officer with delegated authority or a current Blanket Travel Authority form exists. Yes
2.2 Travel Advance and Approval forms are completed and include purpose of travel Yes
2.3 Amounts requested are reasonable and given to the traveller within a reasonable timeframe (2 days before trip).  Yes
2.4 Expenses identified are within those described and allotted in TB Directive Yes
2.5 A Blanket Travel Authority to travel if used is included in the employee file Yes
2.6 Emergency travel situations are post approved and include an explanation on the expense claim Did not occur in sample 3
2.7 Expense claim forms are completed within an acceptable timeframe and signed by an officer with delegated authority  Yes
2.8 Claims include required receipts and there is evidence that Finance as reviewed the claim (red tick marks) Yes
2.9 It is the responsibility of supervisors to authorize taxi use for employees travelling on official government business. Vouchers cannot be used when travelling to or from an airport, bus terminal or train station for trip related purposes, or while at the duty travel location. The use is to be monitored. Yes.
2.10 Consultants and other persons performing work on behalf of the government are not to be supplied with taxi vouchers Yes
2.11 When taxi vouchers are made available instead of cash, departments and agencies are to use the standardized government-wide voucher (GC 89). Yes
2.12 All air fare and rail bookings should be completed through AcXess Voyage. Yes
2.13 Travellers’ cheques must be used for authorized travel on an exceptional basis only. Yes
2.14 A travellers cheques custodian and a backup have been appointed Yes
2.15 Travellers cheques are stored in a safe or locked cabinet with restricted access Yes
2.16 The custodian is responsible for processing transactions and for procuring, protecting, controlling and handling the cheques. Yes
2.17 The custodian signs off replenishments after verifying amounts received Yes
2.18 A log is maintained and includes the name of the travellers and amounts provided in the denominations given Yes
2.19 There is sign-off by the traveller confirming the amounts received with a copy on file and another for the traveller Yes
2.20 The custodian has reconciled the inventory Yes
2.21 The inventory matches the amounts on hand Yes
2.22 American Express invoices are paid promptly Yes
2.23 Amounts received by the travellers are supported by Travel Advance and Approval and Travel Expense Claim Forms duly signed by officer with delegated authority Yes
2.24 Travellers cheques are not used for salary advances or loans Yes

 

 

Sub-objective 3: To ensure the economical and efficient use of individual travel card (ITC)
Criteria Summary result
3.1 The cards are assigned by an officer with delegated authority who is identified as the regional co-ordinator Yes
3.2 The ITCs are used for government business only and for approved expenses i.e. accommodation, car rental Yes
3.3 Travellers have prior approval using the Travel Advance and Approval form or have a blanket travel authority on file Yes
3.4 Non standard type of expenses have been approved by an officer with delegated authority e.g. rental of meeting rooms, hospitality Did not occur in sample.
3.5 Procedures are in place for authorising and issuing the card Yes
3.6 Procedures are in place for retrieving and cancelling the cards when an employee leaves the department or assumes a new position Yes but improvement possible (memo4)

 

 

Sub-objective 4: To ensure that procurements of goods or services are made in the most cost efficient manner while maintaining proper financial controls
Criteria Summary result
4.1 There is a designated officer responsible for all acquisitions Yes
4.2 Standing offers or contracts if amount exceeds $5K for goods and $25K for services have been negotiated with principal suppliers Yes
4.3 When Local Purchase Orders (LPOs) are used, there is evidence that the best prices were obtained Not met (see rec 3)
4.4 Internal request forms and LPOs are signed by officer with delegated authority Not met. (see rec 1)
4.5 Procedures exist for the receipt and verification of goods or services received Yes
4.6 Invoices or packing slips when separate are verified for accuracy of quantities and quoted prices Yes
4.7 Managers sign off under sect. 34 confirming receipt of goods or services Yes
4.8 Stamped invoices and packing slips are promptly forwarded to Finance for payment Yes
4.9 Refer to payables criteria for Finance responsibilities prior to payment Yes
4.10 There is designated co-ordinator for the use of acquisition cards (Master Card) who is not the purchasing officer. The cards are in the name of current employees within the administration unit and must be used by the cardholder only for official government purchases only and must be kept in a secure location with controlled access when being used. Yes
4.11 The co-ordinator is fully responsible for all acquisitions using the card and there is a signed agreement to that effect. Each cardholder must sign a written acknowledgement. Yes
4.12 A separate log or inventory exists for all acquisitions made by LPO, standing offer and acquisition card. Yes but improvements possible (memo)
4.13 The card is not used for certain type of acquisitions specified by TB Policy e.g. travel related expenses, repairs, cash advances or interdepartmental transactions (this will be verified with SO 1 payables). Yes
4.14 Payments to the credit card company are made promptly to avoid interest payments. Yes

 

 

Sub-objective 5: To ensure that inventories are properly managed
Criteria Summary of results
5.1 There is an officer identified as being responsible for the safe custody of the inventory of high value items and there is formal acceptance of that responsibility. Yes
5.2 Accurate records are maintained of all items in the inventory Not met. (see rec 4)
5.3 Periodic stocktaking is performed Yes
5.4 There are procedures in place to account for and report losses or damages for write-off Not met. (memo)
5.5 Inventories are properly safeguarded Yes
5.6 There are documented departmental and regional instructions for the maintenance of inventory records and these are known. Not met. No documented regional instructions. (see rec 4)

 

 

Sub-objective 6: To ensure that verification of interviewer pay is properly managed, a process exists to follow up on overpayments, and expense elements are accurately coded
Criteria Summary result
6.1 There are up-to-date procedures outlining the responsibilities of managers and finance for the verification of interviewer pay claims Partial, some procedures exist (see rec 5)
6.2 Managers conduct a verification of pay and expense claims (section 34 of FAA) before forwarding to finance Yes
6.3 Financial officer is exercising its responsibility to ensure that a system of account verification exists Yes
6.4 There is a process to follow up on overpayments (to do so requires an accurate records system and capacity to identify errors) Yes
6.5 Expense elements of interviewer pay correspond to the appropriate line items in CDFS Yes

 

 

Sub-objective 7: To ensure the security of regional employees, information and assets
Criteria Summary result
7.1 A security officer is appointed and staff know who and where person is located Not met (memo)
7.2 Procedures are in place for granting access to employees and visitors during and after regular hours Met, with reservations.
The issue was that the new magnetic doors were not functioning properly. This was addressed and resolved.
7.3 Emergency numbers are posted in central locations where staff can easily find them  Yes
7.4 Staff has been trained on security measures and know what procedures to follow under different circumstances e.g. gas smell, stranger in area Not met (see rec 6)
7.5 Strangers are challenged Yes
7.6 Staff members wear their ID according to security directives Yes
7.7 Personnel screening procedures are in place to ensure that new hire employees are cleared in advance of beginning work (checked using tool for HR staffing) Not met (see rec 7)
7.8 Procedures are in place to ensure that employees do not receive a user ID granting access to Network A or confidential information until personnel screening is completed. Yes
7.9 Management controls are in place to ensure that A/B switches are not in use by those accessing information provided in confidence Not met. (see rec 8)
7.10 A Committee on Occupational Safety and Health is established and is operational Yes
7.11 Meetings are conducted on a regular basis Yes
7.12 Minutes and decision records are posted in key areas and or E-Mailed to all staff Not met. Not posted and not all staff has access to e-mail. (memo)
7.13 There are trained personnel on first aid and their names are posted Yes
7.14 Fire extinguishers are in place and there are signs clearly indicating their locations Yes
7.15 Employees have been trained on the procedures to follow when the alarms go off Yes
7.16 Signs are posted indicating the location of emergency doors which are easily accessible Yes

 

 

Sub-objective 8: Staffing under the Public Service Employment Act
Criteria Summary result
8.1 Open and closed competition files contain all the key documents listed in the PSC Staffing Manual, Chapter 8. Key documents are duly completed and signed and show evidence that a process took place to apply relative merit, pursuant to the PSEA, section 10 (1). Gate-keeping and Senior Personnel Review Committee (SPRC) approvals have been obtained when necessary. Yes but items coming from managers could be improved
(see rec 9)
8.2 Staffing files for acting appointments and extensions of acting appointments (more than 4 months) contain key documents signed by delegated authorities, and show evidence that a process took place to apply relative merit, pursuant to the PSEA, section 10 (1) and PSER, section 7. Gate-keeping and SPRC approvals have been obtained when necessary. Cannot conclude due to insufficient information.
(see rec 10)
8.3 Term extensions files contain key documents signed by delegated authorities and show evidence that a right of appeal has been issued and that the 3-year cumulative period policy requirement has been applied, pursuant to section 10 (2) of the PSEA and section 7 of the 2003 Term Employment Policy. Gate-keeping and SPRC approvals have been obtained when necessary. Cannot conclude due to insufficient information.
(see rec 10)

 

 

Sub-obje ctive 9: Staffing for Statistical Survey Operations (SSO)
Criteria Summary result
9.1 Staffing files show evidence that a competitive process to establish merit took place for all external appointments, internal promotions, and long-term acting assignments, pursuant to the Staffing Guidelines, sections 2 and 5. For the records examined, there is evidence that key elements of a competitive process are used but cannot conclude due to insufficient information. (see rec 11)
9.2 The interviewer selection test has been administered during new hires staffing and all qualified candidates have obtained at least 65% on the test, pursuant to the Staffing Guidelines, section 5.2.4. For the records examined, a selection test is administered but cannot conclude due to insufficient information. (see rec 11)

 

 

Sub-objective 10: To ensure that managers and HR personnel are being prepared for the introduction of HR Modernization
Criteria Summary result
10.1 The HR manager is aware of the new accreditation requirements. Yes
10.2 Training requirements are identified. Yes
10.3 An HR learning plan is in place for HR personnel and managers. Yes
10.4 HR personnel have received basic training. This could include Accountabilities & Responsibilities (P101), Enabling Skills for PSMA (P102), Preparation for PSMA Trainers (P103), PSEA – online (P106), Staffing for experienced staffing specialist ((P110) PSC ready in Sep) and Integrated HR & Business Planning (P100) (PSC ready in Oct). Yes
10.5 Managers have or will receive basic training before the new policy. Yes

 

Appendix B

Management Action Plan
Recommendations Action Plan or Explanation of No action on the Recommendations Responsible for Action Estimated Completion Date Status
The MSI manager should establish proper acqusition procedures to ensure that an officer with delegated authority signs before any acquisition is made: MSI Manager has prepared proper procedures. The Finance Officer will perform periodic Audits to ensure compliance and will report these to the Director Gary Dillon   Completed
The Director should take immediate steps to stop the early payment practice. He should ensure that clear procedures are in place that respect the 30 day release date for payments required under the Policy on Payment Requisitioning and Payment on Due Date and he should monitor the situation to ensure that this has been corrected: The Director has taken action to ensure that existing PDD procedures are followed where possible. We maintain that there continues to be an issue with the larger companies (e.g. Bell Canada) that charge us interest when we apply PDD for their invoices. In light of our responsibility to manage Public Funds in the most cost efficient manner, we believe we should continue to pay some invoices as soon as they are received. Doug Newson   Completed
The MSI manager should establish a set of procedures that would ensure that the best prices are obtained when using an LPO. The results of this process must be kept on file. Such procedures could include the pursuit of bids for each LPO. The MSI manager must also monitor the situation regularly to ensure that these new procedures are followed and that the problem has been corrected: The MSI Manager has prepared a set of procedures outlining the process to be taken when acquisitioning goods through an LPO process and reflect the PWGSC guidelines that the “use of Standing Offers is Mandatory”. To ensure that these procedures are followed, all LPO must be signed under section 33 of the FAA by the Assistant Directors or the Regional Director. The Finance Officer will review files periodically to ensure compliance Gary Dillon

 

 Completed
We recommend that the MSI manager provide the individuals responsible for inventory items (both computer and non-computer) with written procedures and Read-only access to AMMIS should also be provided. In the case of non-computer inventory, the procedures should include a step that requires obtaining a C number before any equipment is deployed. The MSI manager should regularly monitor and provide feedback as required to the persons responsible for inventory items: The responsibility of computer Inventories and A/B switches has been negotiated with ITSD. A signed SLA effective April 1st, 2006 establishes their responsibility. The MSI Manager has advised the ITSD representative of these findings and had them prepare procedures. As of April 24th, 2006, all persons responsible for Computer Inventories have access to AMMIS. As to non-computer equipment, the MSI Manager has prepared written procedures for purchasing and inventory control. The MSI Manager will monitor on a quarterly basis and access to AMMIS has been obtained for the Purchasing Clerk. Gary Dillon   Completed
Regional Office Branch (ROB) should prepare guidelines for data collection managers (DCM) on their section 34 responsibilities and for the financial officer regarding section 33 and interviewer pay: This has been referred to ROB for a national approach. Manager, MS Summer 2006  
The Regional Director takes action to ensure that employees appropriately secure protected B data after hours, whether this is information provided in confidence, sensitive statistical information or other types of protected information such as personnel files. We also recommend that the RO either purchase a number of filing cabinets suitable for storing protected B information or consult with HO security to see how the present cabinets can be retro-fitted to meet security requirements: All filing cabinets will be retro-fitted to meet security requirements May 5th, 2006.
The Director has sent a note reminding all staff of their responsibility to ensure that protected B data is secured appropriately after hours. The Security Officer will carry out periodic inspections to ensure compliance.		 Doug Newson   Completed
The director should introduce procedures to ensure that employees and interviewers be security cleared before they start working for the RO. This should be monitored on an ongoing basis to ensure full compliance: Staffing Guidelines dated October 2005 had been distributed to all staff. Part of the Guidelines dealt with Security Clearances (in bold lettering) emphasizing that no one was to be hired without an Enhanced Reliability Check. These will be re-distributed under the Director’s Signature with an emphasis on Security Clearances. The HR Consultant will audit a sample of files to ensure compliance Doug Newson   Completed
The IT manager should maintain a list of A/B switch users and declarations should be filled out in accordance with the EDP Security Policy, Appendix A section 11 ii. This practice should be monitored on an ongoing basis: This responsibility for issuing and maintaining an inventory has been moved to ITSD through the SLA. The MSI Manager has ensured that all existing users of A/B switches sign the declaration. Gary Dillon   Completed
The HR function should not issue competition results before all required documents are received from managers: Discussion on this procedure has taken place with the employees who are responsible for staffing. Reminder has been sent to Managers, and will continue to communicate on an on-going basis as new competitions are undertaken Heather Jefferys   Completed
The HR manager should ensure that the filing system is put into proper order and maintained: System has been established. HR employees are in the process of implementation. Student is being hired to complete this project Heather Jefferys Fall 2006 Partially Completed
The Assistant Director, Operations should create and maintain a central filing system and associated procedures for SSO staffing actions. Doing this in conjunction with Regional Office Branch headquarters would foster consistent standards across regional offices: Our position is that this responsibility belongs to the HR unit. The HR Consultant will create and maintain a central filling system, prepare a “check List” for staffing files in conjunction with HO and the other Regions to develop procedures and offer guidance to the Operations staff to ensure compliance Heather Jefferys Fall 2006 Partially Completed

Addendum – September 2007

HR staffing

Following the approval of the original report and subject to a paragraph 5 found on page 15 of the report, internal audit revisited the two HR staffing sub-objectives. These sub-objectives are: Staffing under the Public Service Employment Act, and Staffing for Statistical Survey Operations (SSO). These are listed as sub-objectives 8 and 9 respectively in the report.

The criteria have changed slightly to reflect the new Public Service Employment Act and accompanying Regulations.

Criteria

Staffing under the Public Service Employment Act

  1. Key documents are duly completed and signed and show evidence that a process took place to apply merit, pursuant to the PSEA, section 30. Gate-keeping and Senior Personnel Review Committee (SPRC) approvals have been obtained when necessary.
  2. Staffing files for acting appointments and extensions of acting appointments (more than 4 months) contain key documents signed by delegated authorities, and show evidence that a process took place to apply relative merit, pursuant to the PSEA, section 30 and PSER, section 12 to 16 inclusively. Gate-keeping and SPRC approvals have been obtained when necessary.
  3. Term extensions files contain key documents signed by delegated authorities and show evidence that a right of appeal has been issued (the 3-year cumulative period policy requirement, pursuant to section 7 of the 2003 Term Employment Policy, does not apply here). Gate-keeping and SPRC approvals have been obtained when necessary.

Staffing for Statistical Survey Operations (SSO)

  1. Staffing files show evidence that a competitive process to establish merit took place for all external appointments, internal promotions, and long-term acting assignments, pursuant to the Staffing Guidelines, sections 2 and 5. Key documents are duly completed and signed.
  2. The interviewer selection test has been administered during new hires staffing and all qualified candidates have obtained at least 65% on the test, pursuant to the Staffing Guidelines, section 5.2.4.

Scope and approach

The scope and approach for the HR staffing portion were unchanged from the original report. Please see page 4 of the original report for a description.

Findings

In this section only findings that are accompanied by recommendations are presented. Findings and recommendations that are minor or technical have been dealt with in a management memorandum.

Staffing under the Public Service Employment Act

We found that the regional office was mainly compliant with this sub-objective. The few items that require attention have been dealt with in a management memorandum.

Staffing for Statistical Survey Operations (SSO)

The present filing system for the SSO staffing process has recently been put in place in the Toronto regional office. This is in response to recommendation 11 of the original report which read "The Assistant Director, Operations should create and maintain a central filing system and associated procedures for SSO staffing actions. Doing this in conjunction with Regional Office Branch headquarters would foster consistent standards across regional offices."

We found that the files had been centralized. There was evidence of competitive processes and that merit was applied. There was also evidence that qualified candidates had obtained 65% on the test. We also found that the staffing file for the latest senior interviewer process was complete.

We expected to find that key documents for each staffing process would be duly completed and signed. We found that many documents listed in the PSC Staffing Manual, Chapter 8 6, were not in the staffing files that we looked at (except for the latest senior interviewer process as noted above). These include:

  • There was no documented request to initiate a staffing action (initialization). The manager determines how many new interviewers are required when a new contract comes in and an analysis of interviewers on hand is done. The requirements are then forwarded to the project managers and senior interviewers informally. A record of how many can be hired is not kept on file.
  • A copy of the letters of offer is not kept in the central staffing files key documents. The offers are kept in the personnel files (in the pay unit).
  • Personnel screening and verification of security status are not well documented.
  • The merit criteria are not in the staffing files.
  • The personnel screening consent form is not in the staffing files (at the present time some (about 50%) can be found in the personnel files)
  • The qualifying lists are not signed by the manager or board members depending on the process.

It is our understanding that a working committee has been tasked with developing and identifying the key staffing documents that will be required when conducting each SSO staffing process. We were also told that a focal point has been assigned to ensure that staffing is conducted consistently across the region and that SSO staffing files are in order.

We also found that the competitive processes were not advertised.

The causes are various but the main one is, as noted above, the central filing system which is fairly new. It has been introduced in the last few months in response to a recommendation found in the original report. It is still a work in progress and the HR personnel trying to maintain and improve the files are at the mercy of the operation supervisors running the SSO competitions.

The request to initiate a staffing action (initialization) is absent because this is how the operations people have been working for a long time. Very often the exact number of new interviewers required can only be determined late in the process.

The competitive processes are not advertised because the regional office receives unsolicited résumés all the time.

The impact of incomplete documents in the staffing files is fairly minor. In the case of SSOs there is very little chance that the department could lose its delegation authority since it is a separate employer. Incomplete files, however, tend to make the staffing process riskier. It could also be perceived that we are not as transparent as we should be.

The fact that the competitive processes to hire new interviewers are not advertised could be perceived as if the organisation is showing favoritism. However, a recently activated electronic application system that forms part of the public service recruitment site allows job seekers to apply on-line for SSO positions. We were also told that, when required, vacancies are advertised through local media as well as posted in public locations (e.g. post office, library). This new process resolves the potential perception of favoritism.

Recommendation

The focal point must pursue the file centralizing work started just a few months ago. The newly formed working committee must determine the key staffing documents required when conducting each SSO staffing process. Educating and persuading operations managers on the file requirements and the benefits that will result must be pursued. Monitoring the implementation of the improved SSO staffing process should be conducted regularly to provide managers with an assurance that it is proper.

Management Action Plan (addendum)
Recommendation Action Plan or Explanation of No action on the Recommendations Responsible for Action Estimated Completion Date Status
The focal point must pursue the file centralizing work started just a few months ago. The newly formed working committee must determine the key staffing documents required when conducting each SSO staffing process. Educating and persuading operations managers on the file requirements and the benefits that will result must be pursued. Monitoring the implementation of the improved SSO staffing process should be conducted regularly to provide managers with an assurance that it is properly implemented. The Central Region assigned the responsibility of SSO staffing to a single focal point who works with both the Human Resources function and Operations. This individual is responsible to ensure that staffing is conducted consistently across the region. She ensures that all the staffing files and paperwork for hiring SSO staff (CATI & CAPI) are in order.

A national working committee headed by Connie Graziadei has been tasked with developing and identifying the key staffing documents that will be required when conducting each SSO staffing process. This will represent a consistent national approach.

It is anticipated that the committee will soon be able to finalize their recommendations and guidelines which will be implemented nationally. The next step in this process will be to educate operational managers and supervisors on the new requirements. Human Resources will be responsible for the provision of training, and coordination of these staffing actions.		 Connie Graziadei
Heather Jefferys		 June 2008  

 

Notes

 

  1. Purolator, Canada Post and Bell Canada were left out of the analysis for this criterion because one would not expect to find a signed form at the regional level for these contracts.
  2. Purolator, Canada Post and Bell Canada were left out of the analysis for this criterion because one would not expect to find a signed form at the regional level for these contracts.
  3. Due to the wide usage of blanket travel authorities, emergency travel situations seldom occur.
  4. A number of findings, due to their minor nature, were discussed in a management memo. These findings are associated to the following criteria: 3.6, 4.12, 5.4, 6.2, 7.1 and 7.12.
  5. "There have been changes in the HR employee complement and responsibilities since many of these staffing actions were completed. This, coupled with file location problems and the desire of the director to ensure that staffing is carried out according to standards, as well as an invitation by the director to return, suggests that Internal Audit Division should consider more audit work in this area in its next multi-year audit plan."
  6. There is no legal obligation to apply the PSC Staffing Manual here but it was used as a proxy since no document stating the required documents was available at the time of the audit.

RDC proposals requesting Census or National Household Survey (NHS) data

Following the release of a Census file, the RDC program experiences a high volume of data access applications. Please anticipate longer than average review times for proposal approvals.

Please include the following information in Census/NHS proposals:

  • Clearly explain the topic being examined and use specific terms (e.g. demographic research by way of variables related to age, sex, marital status and language)
  • List the census years required
  • Describe the level of geography required including the lowest level (e.g. census tract)

Providing this detailed information will facilitate the timely evaluation of the proposal

Notes:

  • For the 2011 National Household Survey, tabular output at the Dissemination Area (DA) is not allowed
  • Concepts change over time and researchers should expect some variations in variable definitions between censuses (and the NHS). Please consult the appropriate documentation
  • Researchers should review with their RDC analyst the confidentiality vetting guidelines associated with the census and NHS

Additional information for the 2011 Census and 2011 National Household Survey (NHS)

When applying for RDC access to the 2011 Census or the 2011 NHS, researchers should consider how these files differ.

The 2011 Census was a mandatory questionnaire sent out to all private and collective occupied dwellings. It had a final national response rate of 97%. The Census enumerated the entire Canadian population and Canadian citizens and landed immigrants who were temporarily outside the country on Census Day. Information was collected on demography, family and family composition, dwellings and language. The RDC Census file comprises a sample of 20% of all households from the 2011 Census. (The entire Census master file was not made available to the RDCs). The 20% sample represents just over 7.5 million respondents. Census geography variables ranging from the province to the dissemination area are included in the file. The Census file is hierarchical allowing for analysis of 5 distinct levels: persons, census families, economic families, households and dwellings. Weights are included in the file to enable calculation of estimates for the total population.

The 2011 National Household Survey (NHS) was a voluntary questionnaire which replaced the former mandatory (e.g. 2006) Census long-form questionnaire. The sample frame was one-third of all Canadian households and achieved a response rate of 69%. Unlike the Census, Canadian citizens and landed immigrants living outside the country were excluded from the NHS (Collectives were also excluded). The NHS collected information from households on a wide range of topics including labour market activities, education, income, dwellings, place of birth and immigration, Aboriginal populations, ethnicity and visible minority status, journey to work, religion, activity limitations, and mobility. It is important to note that there is overlap between the 2011 Census and NHS master files in that all of the variables contained in the Census (demography, family and family composition, dwelling and language) are also available in the NHS. The NHS master file has just over 6.7 million respondents. It includes most levels of census geography ranging from the province to the dissemination area. Like the Census, the 2011 NHS master file is hierarchical allowing for analysis of 5 distinct levels: persons, census families, economic families, households and dwellings. Two composite weights are included in the master file to enable calculation of estimates for the total population living in private households.

Comparing the Census and NHS

It is possible that differences exist between the 2011 Census counts and the NHS estimates. Two reasons can explain these differences:

  1. The definition of the population of each data source: the target population for the 2011 Census includes usual residents in collective dwellings and persons living abroad, whereas the target population for the NHS excludes them.
  2. The variability of the estimates for the NHS: the NHS estimates are derived from a sample survey and are therefore subject to sampling error; they are also subject to potentially higher non-response error than in the census due to the survey’s voluntary nature.

Comparing the Census sample and the published counts

It is also possible that differences exist between the 2011 Census counts and the estimates obtained with the Census sample. They are due to sampling error.

Record Linkage

Any form of record linkage or matching of respondents between the 2011 Census and 2011 NHS RDC master files is not possible or permitted.

Additional Information

Contact your local RDC for further information and public documentation relating to the Census and NHS.

Report a problem or mistake on this page
Date modified:
Subscribe to
Date modified: