Audit at a Glance—Special Examination Report—Canadian Air Transport Security Authority

Audit at a Glance Special Examination Report—Canadian Air Transport Security Authority

What we examined (see Focus of the audit)

This audit examined whether the systems and practices we selected for examination at the Canadian Air Transport Security Authority were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively. We selected systems and practices based on our assessment of risks in the following areas:

  • Screening operations;
  • Strategic planning, risk management, and performance measurement and reporting;
  • Procurement and contracting management;
  • Equipment management;
  • Project management; and
  • Corporate governance.

What we concluded

We concluded that, based on the criteria established, there is reasonable assurance that during the period covered by the examination there were no significant deficiencies in the Canadian Air Transport Security Authority’s systems and practices that we selected for examination. The Corporation has maintained these systems and practices in a manner that provides it with reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.

What we found

Screening operations

Overall, we found that the Corporation had systems and practices in place to ensure that the delivery of screening services was effective, efficient, and consistent across Canada, and in the public interest. We also found that the Corporation had systems and practices to ensure that screening services met regulatory requirements. However, we noted weaknesses in relation to the communication of changes in screening procedures to screening officers and the oversight of screening officers’ training.

This is important because the delivery of screening services is at the heart of the Corporation’s mandate and is critical to aviation security in Canada.

Strategic planning, risk management, performance measurement and reporting

Overall, we found that the Corporation defined strategic directions to achieve its mandate, taking into account government priorities, identified risks, and the need to control and protect its assets and manage its resources economically and efficiently. However, we found areas for improvement. The Corporation did not complete branch plans as part of the 2014–15 fiscal year corporate planning process, its risk management practices needed improvement, and the framework around performance measurement was not documented.

This is important because strategic planning, risk management, and performance measurement assist the Corporation in achieving its legislated objectives and mandate. Performance measurement is also important for informed decision making and accountability reporting.

  • The Corporation did not follow its business planning process, but had most elements in place to manage corporate risks

    Recommendation. The Corporation should

    • follow its branch planning process to prioritize projects and develop branch plans that include timing, accountability, and annual targets for key performance indicators within each branch;
    • determine and document its response for all residual risks identified in its Corporate Risk Profile, aligning actions with the Corporation’s risk tolerance;
    • conduct information technology (IT) Threat and Risk Assessments on all critical systems and maintain action plans for each assessment; and
    • update its Business Continuity Plan including a Business Impact Analysis and a Disaster Recovery Plan.
  • The Corporation did not document its performance measurement framework

    Recommendation. The Corporation should document its performance measurement framework. This framework should describe

    • how performance indicators, measures, and targets were established, removed, or changed,
    • the sources of performance management data,
    • the systems used to collect performance data,
    • the frequency of and responsibilities for data collection, and
    • the timelines for achieving performance targets.

    The framework should also indicate when the Corporation should review the quality of performance information.

Procurement and contracting management

Overall, we found that the Corporation had systems and practices in place to exercise effective oversight and due diligence in the structuring, awarding, and approving of contracts, including a clear accountability framework. The Corporation also effectively administered contracts to ensure that third-party service providers complied with contract terms and conditions. We found that the Corporation could improve on some of its procurement and contracting practices.

This is important because the Corporation entered into various types of agreements every year and outsourced to third parties significant services such as screening and equipment maintenance.

Equipment management

Overall, we found that the Corporation had systems and practices in place to effectively and efficiently manage its screening equipment. The Corporation planned for the replacement of its screening equipment, performed operational testing on screening equipment, and monitored the maintenance it outsourced to third parties.

This is important because the Corporation’s screening equipment is critical to delivering its mandate to conduct effective, efficient, and consistent screening that is in the public interest while complying with regulatory requirements set by Transport Canada.

Project management

Overall, we found that the Corporation had systems and practices in place to plan, organize, and control resources to accomplish project objectives and outcomes. However, while the Corporation established project management processes, they were not always followed, and guidance and a methodology on how to carry out projects were not developed. In addition, project management roles and responsibilities were clear, but the oversight of projects needed strengthening in some areas.

This is important because successfully implementing projects often requires rigorous management, a coordinated effort, and significant resources. In particular, joint projects with airport authorities to integrate the Corporation’s screening equipment are typically complex and often cost millions of dollars.

  • There were weaknesses in project management systems and practices

    Recommendation. The Corporation should develop a project management methodology and provide guidance on how to carry out project management activities. It should follow its project management processes and strengthen the oversight of projects in three areas: managing risk, reporting on the status of projects, and monitoring project outcomes.

Corporate governance

Overall, we found that the Corporation had in place key elements of a well-performing governance framework that meets the expectations of best practices in board stewardship, shareholder relations, and communications with the public. However, we found that there was room for improvement in some areas.

This is important because good governance helps ensure that the Corporation can fulfill its mandate and meet the statutory objectives outlined in the Financial Administration Act.

Entity Responses to Recommendations

The audited entities agree with our recommendations, and have responded (see List of Recommendations).

Related Information

Report of the Auditor General of Canada
Type of product Special Examination
Topics
Audited entities
Completion date 14 May 2015
Tabling date 1 June 2015
Related audits Chapter 2—National Security in Canada—The 2001 Anti-Terrorism Initiative—Air Transportation Security, Marine Security, and Emergency Preparedness, 2005 April Report of the Auditor General of Canada

For more information

Media Relations
Tel.: 1-888-761-5953
E-mail: infomedia@oag-bvg.gc.ca

Twitter: OAG_BVG