|
|
|||
|
|
|||
|
|
|
|
|||||||||||||||
|
1. |
The ANAO recommends that DIAC develop a plan for the population, maintenance and review of the MAL database. This should include, at a minimum: · clarification as to who (within the department and externally, as appropriate) is responsible for MAL data, the quality issues to be addressed and business rules for addressing them; and · a course of action which includes: o arrangements for data entry into MAL that ensures its own business rules and desired quality standards are observed; o instigation of a program, with target dates, for data cleansing its existing stock of MAL records; and o a mechanism for reviewing and reporting progress with this work. DIAC response: Agreed |
|
2. |
The ANAO recommends that DIAC: · clarifies the circumstances in which it can properly record Australian citizens on MAL, consulting other agencies with an interest in MAL as appropriate; · in this light, revises its policy and procedural guidelines for recording Australian citizens on MAL; and · completes its review of records of Australians on MAL, and deletes records of Australians where they are inappropriately recorded. DIAC response: Agreed |
|
3. |
The ANAO recommends that DIAC improves its reporting on the performance of MAL by, where practicable, identifying instances where MAL has alerted its decision makers to information that has been the reason, or part of the reason, for decisions on visa and citizenship applications. DIAC response: Agreed |
|
4. |
To enable DIAC to manage MAL effectively, the ANAO recommends that DIAC seek to measure and report internally on: (a) data quality; (b) MAL’s reliability; and (c) client service, measured by the service level agreements agreed internally with CMAL client areas of the department. DIAC response: Agreed |
|
5. |
The ANAO recommends that DIAC implements a mechanism for providing regular assurance that all key parts of the MAL system are operating satisfactorily. DIAC response: Agreed |
5.8 The Committee held a public hearing on Monday 16 November 2009, with the following witnesses:
n Australian National Audit Office (ANAO);
n Department of Immigration and Citizenship (DIAC).
5.9 The Committee took evidence on the following issues:
n number of Australian citizens on MAL;
n access by external agencies;
n data population;
n quality control of data including who enters the data, who can change the data and who can view the data on MAL;
n measurement and reporting;
n effectiveness of MAL;
n confidence displayed by the users of MAL in the data held on the system;
n child support and abduction; and
n privacy impact assessment.
5.10 The ANAO identified the substantial number of Australian citizens recorded on MAL and recommended that DIAC review the records of Australians on the system, delete those that have been inappropriately recorded and revise its policy and procedural guidelines for recording Australian citizens on MAL.[4] ANAO noted that:
DIAC’s policy on the inclusion of Australians on MAL is not currently coherent or complete. It has not fully clarified its reasons for wanting to list Australians on MAL nor, therefore, identified the specific characteristics that would justify considering Australians for listing on PAL.[5]
5.11 DIAC informed the Committee that following the ANAO’s recommendation it had conducted a thorough review of the listings of Australian citizens on MAL and had reduced the list from 578 individuals to 163.[6] The Committee questioned whether the clean up of the listings may have been a knee-jerk reaction to the Audit Report but DIAC assured the Committee it had been handled responsibly and that the cases that were removed were no longer current or contained unreliable data.[7]
5.12 The Committee asked DIAC to explain the reasons why an Australian citizen would be listed on MAL in the first place. DIAC identified the major reason as involvement in organised immigration malpractice including people-smuggling activities.[8] Other reasons include lost or stolen passports or damaged Australian travel documents.[9] DIAC also indicated that the Australian Federal Police (AFP) and the Australian Security Intelligence Organisation (ASIO) enter data onto MAL regarding issues of national security, criminal activity and child custody concerns.[10]
5.13 The Committee asked DIAC to identify the external agencies that have access to MAL and were told that ASIO is the only external agency currently using the list. The Department of Foreign Affairs and Trade (DFAT) and the AFP previously had access but DFAT has not been re-provisioned with access since the 2009 system release. DIAC has established a Private MAL account for the AFP:
The purpose of a PMAL is to place alerts in a parallel database from the mainstream MAL whereby an activity will trigger a notification for a client against an alert on the PMAL without directly impacting visa, travel or citizenship processing.[11]
5.14 The ANAO noted that there is no systematic approach to populating MAL, particularly with regard to DAL, and that data collection had ‘developed piecemeal with no strategy and no structured or formal approach to other governments or agencies to obtain data’.[12] The Committee inquired whether or not DIAC had sought to obtain formal agreements from other agencies to use its data to populate MAL. DIAC confirmed that it holds a high level agreement with ASIO for the sharing of information and that the system holds national security alerts from this agency.[13] DIAC receives United Nations Security Council Resolutions (UNSCRs) and Travel sanction information from DFAT and Interpol data from the AFP.[14] DIAC told the Committee that these relationships are due for review in the first half of 2010:
As part of a review of the Alert Reason Code owner relationship commenced in December 2009, there will be a number of high level meetings with the external data owners to reaffirm the roles and functions of the stakeholders, and to put in place streamlined data access, data management and referral processes.[15]
5.15 The ANAO expressed concern that not enough care is being taken when data from open sources such as the internet, media and non-government agencies is added to MAL, which could compromise the integrity of the system.[16] DIAC indicated to the ANAO that it is setting up a new body to discuss issues of data ownership and quality.[17] The Committee requested an update on this initiative. DIAC told the Committee that a series of meetings had been convened by the Border Operations Branch (BOB) with the Alert Reason Code owners to review and discuss the current administrative operating model and look at data management. DIAC expects these discussions to ‘determine more clearly the role of the BOB and the alert policy owners’.[18]
5.16 The ANAO noted that the lack of quality control regarding the entry and maintenance of data into MAL seriously compromises the effectiveness of the system and recommended that steps be taken to rectify the deficiencies.[19] The ANAO suggested that a review of a risk-based sample of change/update transactions could be a useful tool to improve quality control.[20]
5.17 The Committee asked how many people are authorised to enter data in the system and DIAC confirmed that just under 4000 departmental offices have authorisation plus a number of external agencies, including the AFP and ASIO.[21] A majority of these officers had the ability and authority to create, review, update and delete alerts and there is significant potential for unnecessary browsing of records.[22]
5.18 To improve quality control, DIAC informed the Committee that since the audit was carried out the Department has implemented quality assurance measures, withdrawing direct access to the system and requiring all new entries by departmental offices to be approved by the Border Operations Branch in Canberra.[23] DIAC told the Committee this formal, secure Remote Input Function (RIF) is operated by a small group of officers:
There are approximately 65 officers within the Border Operations Branch that have access to approve new or altered records to the Movement Alert List. However, only one-to-two officers are required at any one time to action this work queue. The work queue is rotated between day and shift teams so all requests are actioned 24 hours 7 days per week.[24]
5.19 DIAC confirmed that external agencies are also subject to the new quality assurance measures and that ASIO does not have the authority to load alerts directly onto the system. ASIO must use the RIF and go through the operative centre in Canberra if it proposes to create, delete or change a MAL entry.[25] Further, data received from external agencies is also subject to quality assurance through various software programs that element unsatisfactory records.[26]
5.20 The ANAO found that a series of reviews and reports have identified the need for better measurement and reporting on the performance of MAL to improve management of the system.[27] Of particular concern are the occasions when management has been unaware of the failure of parts of the system, occasionally for significant periods of time.[28] The ANAO recommended that DIAC develop the means to measure and report internally on ‘data quality, client services and overall system reliability’.[29]
5.21 The Committee asked DIAC what steps have been taken to implement this recommendation. DIAC replied that the BOB prepares a daily report on processing queues to assess client service and fortnightly reports are generated for the Production Control Authority to ‘identify system availability and performance’.[30] Reports are being identified to help detect transmission failures and ensure system to system connectivity.[31]
5.22 DIAC added that it is developing a range of reporting tools to interrogate the Business Intelligence Warehouse and provide more comprehensive performance information for management:
This will provide a range of routine reports and the mechanism for creating ad-hoc reports to cater for the range of queries with respect to data quality to assist the Border Operations Branch staff and key data owner stakeholder to better identify areas of vulnerability.[32]
5.23 DIAC maintains that MAL is a central element in Australia’s national security and border protection.[33] However, the ANAO found that DIAC collects no information to assess the outcomes of the system.[34] The Committee questioned how the effectiveness of the system is being measured. DIAC explained that it is difficult to assess the specific outcomes from MAL as it is only one of the tools used by decision makers when assessing applications.[35]
5.24 The Committee notes the long standing concern over the lack of measurable performance data from MAL which has been identified over a number of reviews and inquiries. The ANAO has detailed the steps that can be taken to verify the outcomes of the system and provide relevant information that could be used to evaluate its effectiveness.
Recommendation 10 |
|
|
|
The Committee recommends that the Department of Immigration and Citizenship (DIAC) report back to the Committee on the effectiveness of the Movement Alert List (MAL) after implementing Recommendation Number 3 from the Australian National Audit Office Report No. 35 2008-09 which requires DIAC to identify instances where MAL has alerted its decision makers to information that has been the reason, or part of the reason, for decisions on visa and citizenship applications. The report from DIAC should be presented to the Committee within six months of this report being tabled. |
5.25 The Committee asked if users had confidence in MAL considering the problems identified with regard to data quality and the lack of evidence of the systems effectiveness. DIAC maintained that there is confidence in the system as demonstrated by the continuous use of the data by departmental offices and external agencies such as the AFP, ASIO and the Australian Custom and Border Protection Service (Customs).[36] The ANAO confirmed that the system is used extensively by DIAC officers and the external agencies.[37]
5.26 The Committee asked for clarification of the role played by MAL with regard to the AFP and implementation of the Hague Convention on the Civil Aspects of International Child Abduction and prohibition orders in relation to child support. DIAC explained that the AFP operates Departure Prevention Orders (DPOs) and Departure Authorisation Certificates (DACs) issued by the Child Support Agency (CSA) through the PACE/EPAC system. In the past AFP have monitored the movement of DPO and DAC cases through MAL but at present this facility is not being used. DIAC facilitates CSA access to MAL as required.[38]
5.27 With regard to the Child Custody Concerns of foreign children, DIAC informed the Committee it facilitates ‘any court order received through a credible source up to the child’s 18th birthday.’ Credible sources include Interpol Yellow Notices and the Australian Chief Lawyer, Governance and Legal.[39] DIAC has no involvement with Australian child custody as the Family Court deals directly with the AFP who will list the child on PACE/EPAC.[40]
5.28 Although the ANAO acknowledges that DIAC is aware of its obligations under the Privacy Act 1988 and related legislation, the report found that no Privacy Impact Assessment (PIA) had been carried out on MAL or CMAL.[41] A PIA is considered sound practice for any agency handling personal information as it will determine the effect of the agency’s actions on individual privacy and help to identify potential problems.[42] The ANAO suggested that DIAC conduct a PIA and the Department agreed to the suggestion.[43]
5.29 The Committee asked for an update on the implementation of a PIA and if there had been any findings. DIAC informed the Committee that it has sort advice from its own internal Privacy Section and the Office of the Privacy Commissioner and will engage a consultant to undertake the PIA in the first quarter of 2010.[44]
5.30 The Committee is concerned by the number of Australian citizens on MAL and is satisfied that DIAC has substantially reduced this number since the audit. The Committee urges DIAC to implement the ANAO recommendation to revise its policy and guidelines regarding the recording of Australian citizens on the system, to ensure a consistent approach is taken in future.
5.31 The Committee finds it difficult to assess the effectiveness of MAL and the contribution it is making to Australia’s national security and border protection strategy due to the lack of performance data available. The Committee notes DIAC’s response to the ANAO Recommendation No. 3 and looks forward to seeing more concrete measurement of effectiveness in future.
5.32 The Committee notes that DIAC is taking steps to improve the quality control of data on MAL and is satisfied that relevant stakeholders have confidence in the system. However, the Committee is concerned at the lack of systematic control over data input and maintenance and the potential inconvenience or harassment that Australian citizens and visitors may suffer due to misinformation or incorrect information being entered into the system.
