The objective of the audit was to assess the effectiveness of the Department of Immigration and Border Protection’s (DIBP) management of compliance with visa conditions. To form a conclusion against this objective, the ANAO assessed whether DIBP:

  • effectively manages risk and intelligence related to visa holders’ non-compliance with their visa conditions;
  • promotes voluntary compliance through targeted campaigns and services that are appropriate and accessible to the community;
  • conducts onshore compliance activities that are effective and appropriately targeted; and
  • has effective administrative arrangements to support visa holders’ compliance with their visa conditions.

Summary and recommendations

Background

1. Australia’s migration programs allow people from any country to apply for a visa1 to migrate to Australia or to enter the country on a temporary basis, regardless of their ethnicity, culture, religion or language, provided that they meet the criteria set out in law. The Migration Act 1958 and associated regulations provide the legislative framework for the administration of Australia’s migration and temporary visa programs; and impose a range of conditions on people issued with a visa, including the duration of their stay and activities they can undertake while in Australia.

2. The Department of Immigration and Border Protection (DIBP) is the policy, program and service delivery entity with responsibility for the administration of Australia’s migrant, temporary visa and citizenship programs. It is also responsible for the security of Australia’s borders through the management of people and goods that cross them. One of the department’s key responsibilities is to manage visa holders’ compliance with their visa conditions.

3. The administration of migration and visa arrangements is a complex area of public service delivery, with over 7.5 million visas being granted in 2014–15 to people travelling from all over the world.2 Arrangements supporting visa administration have undergone significant change in the last ten years, most recently through the integration of the department with the former Australian Customs and Border Protection Service and establishment of the Australian Border Force within the department, taking effect from 1 July 2015.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the Department of Immigration and Border Protection’s management of compliance with visa conditions. To form a conclusion against this objective, the ANAO assessed whether DIBP:

  • effectively manages risk and intelligence related to visa holders’ non-compliance with their visa conditions;
  • promotes voluntary compliance through targeted campaigns and services that are appropriate and accessible to the community;
  • conducts onshore compliance activities that are effective and appropriately targeted; and
  • has effective administrative arrangements to support visa holders’ compliance with their visa conditions.

Conclusion

5. There are weaknesses in almost all aspects of the Department of Immigration and Border Protection’s arrangements for managing visa holders’ compliance with their visa conditions, including in key corporate functions that support the administration of Australia’s migration and visa programs. These weaknesses undermine the department’s capacity to effectively manage the risk of visa holders not complying with their visa conditions—from simple overstaying through illegal working to committing serious crimes.

6. Over the last decade, the department has introduced a series of restructures and reforms designed to address the weaknesses, but there is little evidence of overall improvement, not least as a result of the continual change, with initiatives seldom fully implemented or evaluated. As at July 2015, key aspects of the management of visa compliance examined in this audit were under review by DIBP as part of its integration and reform agenda, and a range of initiatives are intended to address the administrative weaknesses identified in this audit. However, the challenges facing the department should not be underestimated given the extent of the reforms and the longstanding nature of the problems.

Supporting findings

Managing risk and intelligence

7. DIBP does not have comprehensive information about the nature and extent of visa holders’ non-compliance with their visa conditions. For overstayers, data matching provides information on the number of people who have exceeded the allowable duration of their visa. In contrast, the extent of non-compliance with other visa conditions, for example visa holders working illegally, is not well understood. Improvements in the capture and use of the results of compliance related activities would assist the department in developing an overarching perspective of non-compliance.

8. The department does not currently have an effective risk and intelligence function supporting visa compliance. In December 2014, the department’s Risk, Fraud and Integrity Division, established in 2010 to better coordinate and integrate risk and intelligence functions across the department, was abolished, and the functions dispersed to areas across the department and to the Australian Border Force. As at September 2015, DIBP was undertaking a series of reviews of these dispersed functions, to determine its medium to long term approach to managing risks to the integrity of Australia’s migration and visa programs. The functions are to be subject to another restructure within some four years, and significant effort will be required to fully implement the revised arrangements.

Promoting and supporting voluntary compliance

9. DIBP’s information about visa entitlements and conditions is readily accessible to visa holders and the general public, including through social media and on-line and mobile delivery, with the department also providing access to interpreting services and information products in several languages.

10. An external evaluation of the services supporting voluntary compliance, finalised in December 2012, concluded that the services met the objective of reducing the time to resolve clients’ visa status, and reduced the overall caseload. The evaluation report also identified weaknesses in aspects of the administration of the services, and included 13 recommendations relating to, among other things, the governance of the services and the lack of key performance indicators. As at June 2015, the report and its recommendations had not been fully considered by the department, and consequently there is no assurance that weaknesses identified in the report have been addressed.

11. There are shortcomings in DIBP’s management of stakeholder engagement, primarily relating to the lack of a corporate approach and limited analysis of client feedback. To address these shortcomings, the department has recently consolidated its communications and media functions (that were previously fragmented across different areas of the department) in order to provide a coordinated and consistent approach to stakeholder engagement; and commenced the development of a corporate stakeholder engagement plan. A project is underway to improve the department’s management of client feedback.

Visa cancellations and compliance

12. DIBP has well established arrangements to manage the cancellation of visas, including through the introduction of a more efficient business model for visa cancellation teams in early 2015. However, the department has identified the lack of a defined and consistent approach for measuring, monitoring and reporting on the levels of fraud and risk in the visa and citizenship caseload. As at September 2015, a new Caseload Assurance Framework was being developed, which aims to provide a higher level of confidence that known and emerging risks in the visa caseload are managed effectively.

13. The operations of compliance field teams are not well managed. There are weaknesses in almost all aspects of the operations, including the management of information as to which field activities would be undertaken; ad hoc and insufficient use of management reports; an absence of appropriate performance indicators to assess the efficiency or effectiveness of the activities; and variations in the structure and operation of the teams across states and territories. From 1 July 2015, the teams were integrated with similar functions from the (previous) Australian Customs and Border Protection Service under a regional command structure, and a new operating model for the Australian Border Force was being developed.

Administrative arrangements

14. DIBP is currently developing and implementing a range of measures to support the integration and reform agenda, including the rollout of a new governance, planning and reporting framework. Actions taken by the department in the period 2012–15 to address issues relating to the department’s governance and planning functions, identified in the Australian Public Service Capability Review 2012, have been overtaken by the new arrangements, with a substantial program of work required to fully implement the new processes.

15. Appropriate governance arrangements and management oversight of the department’s data, including visa related data, has been lacking over many years. The most recent initiative to improve data quality, a Data Governance Working Group, was discontinued in October 2014, just a few months after it had been established. The department’s capability to capture data and provide reports on most aspects of the administration of migration and visa programs is flawed, with key reports on compliance typically including caveats as to the accuracy of the data. Funding provided under the integration and reform agenda supports a program of work to improve data management and reporting.

16. There are weaknesses in four key corporate functions supporting visa compliance. The department does not have appropriate arrangements for the development and management of the Memoranda of Understanding and other agreements that support the exchange of information and services with other state, territory and Australian Government entities. DIBP does not provide staff with policy and procedural guidance in a format that is readily accessible and up-to-date, and a review of the department’s learning and development capability indicated room to improve all aspects of the function. DIBP’s internal audit reports have identified extensive shortcomings in its capacity to provide a level of assurance, through the implementation of quality management tools and processes, that the department’s decisions and activities are consistent and meet the requirements set out in its policies and procedures. Problems with DIBP’s electronic records management system have been identified for many years, but not addressed. The system now presents a risk to the department as records are difficult to locate or cannot be found.

Future arrangements

17. The department is now in the second year of a transition to integrate DIBP with the (former) Australian Customs and Border Protection Services, involving significant administrative, structural and cultural changes. The establishment of a new operating model for the Australian Border Force, outlined in Appendix 3, aims to leverage intelligence and operational capacity from the integrated entities. Similarly, there should be synergies in the joint intelligence and risk capabilities, with reviews currently underway to determine the medium to longer term arrangements for these functions, outlined in Appendix 2.

18. The department’s integration and reform agenda also supports numerous projects, initiatives, working groups and task forces to integrate and improve the functions supporting the administration of visa compliance, with full implementation of the new arrangements due by 1 July 2016.

Recommendations

Recommendation No.1

Para 2.4

To inform compliance strategies and activities for the migration and visa programs, the ANAO recommends that the Department of Immigration and Border Protection improves its data collection and analysis activities, to gain an overarching perspective on the extent and nature of non-compliance with visa conditions.

DIBP’s response: Agreed.

Recommendation No.2

Para 2.29

To improve the management of allegations concerning possible non-compliance with visa conditions, the ANAO recommends that the Department of Immigration and Border Protection:

  1. increases the proportion of calls to the dob-in phone line that are answered; and
  2. implements standards/processes between the National Allegations Assessment Team/Information Collection Unit and the business areas to which allegations are referred, which set out how allegations are to be assessed, referred and reported.

DIBP’s response: Agreed.

Recommendation No.3

Para 4.36

To support the delivery of compliance activities in line with legislative and procedural requirements, the ANAO recommends that the Department of Immigration and Border Protection mandates and monitors the appropriate documentation of visa compliance activities, including but not limited to the:

  1. conduct of Priority 1 compliance activities;
  2. recommendation and rationale for conducting compliance field activities;
  3. reasons for exercising powers under s.18 of the Migration Act 1958; and
  4. assessment of operational risks to compliance staff.

DIBP’s response: Agreed.

Recommendation No.4

Para 5.47

To support the effective delivery of compliance activities under the migration and visa programs, the ANAO recommends that the Department of Immigration and Border Protection implements initiatives for key supporting governance functions (quality assurance, guidance materials, training, performance reporting and record keeping), with:

  1. clear measures of success and milestones for achieving key deliverables;
  2. senior executive staff with assigned responsibility for successful implementation; and
  3. regular reporting to the department’s executive committees of progress in meeting milestones and success measures.

DIBP’s response: Agreed.

Summary of entity response

The Department of Immigration and Border Protection’s summary response to the report is provided below, while its full response is at Appendix 1.

The Department of Immigration and Border Protection (the Department) acknowledges the findings outlined in the report and accepts all four recommendations.

Considerable work is underway in streamlining the new operating environment following the integration of the former Department of Immigration and Border Protection and the Australian Customs and Border Protection Service, and the establishment of the Australian Border Force on 1 July 2015. The Department is reviewing a number of administrative functions related to managing visa compliance including a review of allegation assessments and compliance processes, intelligence capacity and information management systems. The Department also has a number of broader strategic initiatives underway to address the recommendations in the report including the development of the Information Environment Strategy and the implementation of the ABF operational model and risk management framework.

1. Background

Overview

1.1 Australia’s migration programs allow people from any country to apply for a visa3 to migrate to Australia, regardless of their ethnicity, culture, religion or language, provided that they meet the criteria set out in law. A range of temporary visas also supports people travelling to Australia for specific purposes, including taking up employment, or for training and education purposes. Through the Humanitarian Program, people assessed as refugees may be issued with a visa and be allowed to live permanently in Australia. The number of migration and humanitarian visas issued each year is capped, while temporary visas are demand driven.

1.2 As at 30 June 2015, there were 134 visa classes with 233 associated subclasses across the four categories of visas that support people visiting, studying, working and living in Australia.4 Over 7.5 million visas were granted in 2014–15. The number of visas granted under the largest five visa programs in the period 2010–11 to 2014–15 is set out in Table 1.1.

Table 1.1: Number of visas granted by type, 2010–11 to 2014–15

Visa Type

2010–11

2011–12

2012–13

2013–14

2014–15

Visitor

3 543 883

3 561 794

3 753 819

3 993 406

4 311 498

Student

251 554

254 166

260 303

293 223

300 963

Migration Program

168 685

184 998

190 000

190 000

189 097

Temporary Worker (457)

90 119

125 070

126 350

98 571

96 084

Humanitarian

13 799

13 759

20 019

13 768

13 756

Source: Department of Immigration and Citizenship and Department of Immigration and Border Protection Annual Reports for 2010–11 to 2013–14, and information provided by the Department of Immigration and Border Protection for 2014–15.

1.3 The Migration Act 1958 and associated regulations provide the legislative framework for the administration of Australia’s migration and temporary visa programs; and impose a range of conditions on people issued with a visa, including the duration of their stay and activities they can undertake while in Australia. The Department of Immigration and Border Protection (DIBP)5 is the policy, program and service delivery entity with responsibility for the administration of Australia’s migrant, temporary visa and citizenship programs. It is also responsible for the security of Australia’s borders through the management of people and goods that cross them. One of the department’s key responsibilities is to manage visa holders’ compliance with their visa conditions.

Managing visa compliance

1.4 Visa holders are acting unlawfully where they do not comply with the conditions of their visas, for example by taking up employment where their visa class does not entitle them to do so, and/or by not leaving the country when their visa has expired or has been cancelled (and consequently they have no legal status to remain in Australia—referred to as unlawful non-citizens).

1.5 In relation to the management of visa holders’ compliance with their visa conditions, DIBP has typically differentiated between:

  • maintaining the integrity of visa programs, whereby visas are only granted to genuine applicants, and visas may be cancelled where visa holders are found to be non-compliant;
  • visa status resolution services, where people whose visas have expired are encouraged to voluntarily engage with the department to seek a resolution to their status6; and
  • compliance field operations, where teams of compliance officers identify unlawful non-citizens living in the community, and those who are working illegally.

1.6 The integrated nature of these measures has been recognised by DIBP, with the department advising that:

what happens offshore can play a crucial role in determining the impact of migration onshore. What happens in our visa decision making and integrity checking processes affect compliance activities in the field, and vice versa. Thus, working across integrated business functions is vital to achieving timely outcomes for our clients and the success of all our programs.7

1.7 Consistent with this approach, the department’s Compliance Strategy 2012–15 was based on engagement across the various measures of compliance, with a ‘feedback loop’ established between them.

The Department of Immigration and Border Protection’s administrative arrangements for visa compliance

1.8 From 1 July 2015, the structure of DIBP reflects a single agency, following integration with the former Australian Customs and Border Protection Service, and the establishment of the Australian Border Force (ABF)—a single frontline operational border agency with statutory responsibilities to enforce customs and immigration laws—within the department.8 The timeline for the integration of the agencies was set out in Portfolio Budget Statements 2014–15 for the Immigration and Border Protection portfolio:

During financial years 2014–15 and 2015–16, DIBP and the Australian Customs and Border Protection Services (ACBPS) will progressively transition into a single Department of Immigration and Border Protection.

1.9 Over the course of the audit, the structure of the department was evolving as functions in the respective agencies were integrated throughout the first year of the transition. The structure of the department, including the ABF, as at September 2015, is shown Figure 1.1.

Figure 1.1: DIBP organisation chart, as at September 2015

Note: ABF: Australia Border Force. OSB JATF: Operation Sovereign Borders Joint Agency Task Force.

Source: ANAO from departmental information.

1.10 The department is headed by a portfolio secretary and the ABF by a commissioner, a statutory appointment. The secretary reports directly to the Minister for Immigration and Border Protection (the Minister); and the commissioner reports to the Minister on ABF operational matters, and liaises with the secretary with regard to the corporate and support functions provided by DIBP. The ABF Commissioner also holds the role of Comptroller General of Customs, with responsibility for enforcement of customs laws and collection of border related revenue.

Administrative arrangements supporting visa compliance

1.11 Within the new structure, functions that are largely concerned with program integrity and visa status resolution are carried out within the department, and compliance field teams are located in the Australian Border Force. In developing the new structure, DIBP guidance on visa compliance related roles and responsibilities of the department was that:

activity which primarily supports visa decision making should sit within the Visa and Citizenship Service Group (VCSG) and activity that is primarily compliance or enforcement in nature should sit in the ABF. While there may be nuances, the split of responsibility largely seeks to place any activity requiring law enforcement type responses, such as warrants or detention of individuals, within the ABF…Senior executives with responsibility for the various functions will need to work very closely…to ensure joined up operational activity.9

1.12 This new structure has not yet resulted in significant change to the systems and processes supporting visa compliance, other than for the management of risk and intelligence, where key elements have been transferred to different areas of the new department. Significant changes to the business model are to be developed and implemented throughout 2015–16, including a new operational model for front line compliance activities in the Australian Border Force; and a major review of the department’s risk and intelligence functions.

Extent of departmental review and reform

1.13 The new arrangements represent significant reform in the operations of the department, with the entities’ Plan for IntegrationFebruary 2015 stating that it was not just a structural change, but a ‘change in philosophy, approach and accountability’. The reforms have also been accompanied by a significant turnover of DIBP’s Senior Executive Staff.10

1.14 This is the third major reform the department has experienced in less than a decade, including having three different departmental secretaries, precipitated by several high profile reviews in 2005–06, two of which are typically referred to as the Palmer and Comrie reviews11:

  • in 2005–06, the Secretary of the (then) Department of Immigration and Multicultural Affairs introduced a comprehensive agenda of reform and improvement; and
  • in 2009–10, the Secretary of the (then) Department of Immigration and Citizenship announced an ‘ambitious transformation strategy to strengthen Australia’s borders through the delivery of world class migration, visa and citizenship services’, to be rolled out over five years from 2009–10 to 2013–14.12

1.15 Some three years later, a review of the (then) Department of Immigration and Citizenship’s leadership, strategy and delivery capabilities conducted by the Australian Public Service Commission, the Australian Public Service Commission Capability Review 2012, noted that the department’s internal focus in recent years had been on making the necessary changes in response to the findings in the 2005 Palmer and Comrie reports, and that this had involved:

repeated structural changes, changes to process, changes to senior personnel, changes to ICT and other systems, and a sustained effort to change culture. However, in the review team’s view, the department has been only partially successful in developing control mechanisms to reduce the risk of future failures of process.13

1.16 A follow up ‘health check’ conducted by the Australian Public Service Commission in 2014 reported evidence of capability improvement, particularly in terms of the positive impact of the department’s leadership. Initiatives underway in response to the review (and as part of the five-year transformation strategy) have been overtaken by the current integration and reform process. A timeline of major departmental reviews and reforms is set out in Figure 1.2.

Figure 1.2: Timeline of major departmental reviews and reforms

Note: DIMA (Departmental of Immigration and Multicultural Affairs), DIAC (Department of Immigration and Citizenship), and ACBPS (Australian Customs and Border Protection Service).

Source: ANAO.

1.17 In addition to the reviews and reforms, the numbers of illegal maritime arrivals have resulted in considerable media and community scrutiny of the operations of the department over recent years. Managing these arrivals has provided substantial challenges, additional pressures and increased workload for DIBP, while maintaining ‘business as usual’ operations.14

Previous audits

1.18 The ANAO has undertaken a number of related performance audits with regard to compliance with visa obligations, including:

  • Audit Report No. 47 2014–15, Verifying Identity in the Citizenship Program, Department of Immigration and Border Protection; and
  • Audit Report No. 46 2010–11, Management of Student Visas, Department of Immigration and Citizenship.

1.19 These audits found significant shortcomings in key governance structures and processes, including the need to provide clear guidance to decision-makers, develop a risk-based quality assurance program, and develop and report against performance indicators that assess the quality of decisions.

Audit objective, criteria and scope

1.20 The objective of the audit was to assess the effectiveness of the Department of Immigration and Border Protection’s management of compliance with visa conditions.

1.21 To form a conclusion against this objective, the ANAO adopted the following high‐level criteria. The audit assessed whether DIBP:

  • effectively manages risk and intelligence related to visa holders’ non-compliance with their visa conditions;
  • promotes voluntary compliance through targeted campaigns and services that are appropriate and accessible to the community;
  • conducts onshore compliance activities that are effective and appropriately targeted; and
  • has effective administrative arrangements to support visa holders’ compliance with their visa conditions.

1.22 The audit focused on visa compliance activities, including the: management of risk and intelligence; promotion and support of voluntary compliance; and visa cancellation and field activities. It did not address DIBP’s processes in issuing visas. While the audit did not examine the substantial administrative reforms resulting from the integration of the department and the Australian Customs and Border Protection Service, the impact of these reforms on the existing administrative arrangements for visa compliance were acknowledged.

1.23 In conducting the audit, the ANAO: examined DIBP’s policy documents, procedures, operational reports and information technology systems; interviewed relevant departmental staff; conducted field work in the department’s state and territory offices; and analysed a sample of compliance field cases.

1.24 The audit has been conducted in accordance with the ANAO’s auditing standards at a cost to the ANAO of approximately $767 000.

2. Managing risk and intelligence

Areas examined

This chapter examines DIBP’s arrangements for managing the risk of visa holders’ non-compliance with their visa conditions.

Conclusion

DIBP has a good understanding of the number of people who overstay the duration of their visa and do not leave the country when they are required to do so. The levels of non-compliance with other visa conditions, including whether a visa holder is working illegally, are less well understood, and the department undertakes little work to capture and analyse the results of compliance activities.

In December 2014, as part of the new integration and reform agenda, DIBP abolished the arrangements supporting risk and intelligence that had been in place since 2010. Risk functions are now dispersed across the department and in the Australian Border Force. As at September 2015, the department had commissioned several reviews of its risk and intelligence functions, but in the meantime there was no coordinated risk framework or process for visa compliance.

Areas for improvement

The ANAO made two recommendations aimed at enabling DIBP to gain an overarching perspective of the extent of non-compliance with visa conditions, and improving the management of allegations concerning possible non-compliance with visa conditions.

Is the nature and extent of non-compliance with visa conditions well understood?

DIBP does not have comprehensive information about the nature and extent of visa holders’ non-compliance with their visa conditions. For overstayers, data matching provides information on the number of people who have exceeded the allowable duration of their visa. In contrast, the extent of non-compliance with other visa conditions, for example visa holders working illegally, is not well understood. Improvements in the capture and use of the results of compliance related activities would assist the department in developing an overarching perspective of non-compliance.

2.1 Understanding the nature and extent of visa holders’ non-compliance underpins the development of effective measures to prevent and respond to it. While DIBP can readily identify the people who have overstayed their visa (including those who have overstayed for a considerable time, as set out in Table 2.1)15, other measures of non-compliance are more difficult to determine.

Table 2.1: Length of time people have overstayed their visa, 30 June 2011 to 30 June 2015

Length of overstay

2011

2012

2013

2014

2015

1 month or less

1 770

1 580

1 460

1 400

1 420

1 month to 1 year

11 110

10 490

9 840

9 100

8 740

1 year to 5 years

16 640

19 200

20 850

20 030

18 900

5 years to 15 years

15 390

15 210

15 240

15 350

15 550

15 years or more

13 540

14 420

15 280

16 210

17 370

Total

58 450

60 900

62 670

62 090

61 980

Source: DIBP Programme Analysis Report, December 2014, and from DIBP for 2014–15.

2.2 The information that DIBP captures in relation to non-compliance (other than overstaying) is obtained largely from those who have been detected through visa cancellation and compliance field activities. However, the department does not capture all the available information (for example, the rationale for visa cancellation, such as the fraud type or breach of visa condition), and for compliance field activities, the information collected by DIBP relates primarily to the compliance activity, such as the source of allegations for new cases.

2.3 The department has also not used the data that it has collected to estimate the overall quantum of non-compliance with visa conditions, which covers both overstayers and those visa holders not complying with other visa conditions. The absence of this overarching perspective on visa non-compliance makes it more difficult for the department to develop a risk-based compliance regime and to effectively identify and manage the risks to the integrity of the migrant and temporary visa programs.

Recommendation No.1

2.4 To inform compliance strategies and activities for the migration and visa programs, the ANAO recommends that the Department of Immigration and Border Protection improves its data collection and analysis activities, to gain an overarching perspective on the extent and nature of non-compliance with visa conditions.

DIBP’s response: Agreed.

2.5 The department accepts the recommendation and advised of a number of activities already in place and planned, as set out in Appendix 1.

Does the department have an effective risk and intelligence function for visa compliance?

The department does not currently have an effective risk and intelligence function supporting visa compliance. In December 2014, the department’s Risk, Fraud and Integrity Division, established in 2010 to better coordinate and integrate risk and intelligence functions across the department, was abolished, and the functions dispersed to areas across the department and to the Australian Border Force. As at September 2015, DIBP was undertaking a series of reviews of these functions, to determine its medium to long term approach to managing risks to the integrity of Australia’s migration and visa programs. The functions are now subject to another restructure within some four years, and significant effort will be required to fully implement the revised arrangements.

2.6 Understanding and mitigating the risk of non-compliance with Australia’s migration and visa laws is a complex area of public administration. DIBP processes must allow for the efficient entry and stay of people, while targeting those individuals who breach their visa conditions or present a threat to the community. The complexity of identifying, assessing and mitigating risks arises from the scale and diversity of Australia’s visa program, with visa holders travelling from all over the world under one of 134 classes and 233 sub classes of visas. A major challenge for DIBP in managing these risks is to effectively integrate risk and intelligence processes across the department, to enable effective sharing of information and analysis and prioritisation of risk treatments.

2.7 The aim of integrating risk and intelligence functions was outlined in the (then) Department of Immigration and Citizenship’s Client Services Transformation Strategy 2009–1416, which had sought to formally link upfront visa processing with onshore integrity and compliance functions, thereby covering all ‘client life stages’ in their interaction with the department. Prior to this, the relationship between program integrity, status resolution services, and compliance activities had not been fully considered by the department.17 Despite overlap of client life stages, they were managed separately (including in the regions), with separate planning and reporting arrangements, and different lines of accountability.

2.8 To achieve an integrated approach, in 2010 the department established the Risk, Fraud and Integrity Division to ‘detect, measure and recommend treatments to mitigate multiple dimensions of risk across the department’s full operations’, bringing together various risk and integrity functions that had been dispersed across the department. This required a substantial amount of work, as individual teams or branches undertaking visa processing work, including assessing applications and conducting proof of identity checks, had previously prepared their own risk assessments. Many of these assessments were largely unstructured and informal and applied only to the immediate activity, and there was no mechanism to incorporate the results of compliance field activities into the earlier stages of the visa process.

2.9 The ANAO has previously commented on the integration of visa administration processes. In its earlier Audit Report No. 46 2010–11, Management of Student Visas, the ANAO stated that the (then) newly created position of Global Manager Operational Integrity was pursuing a holistic ‘client life’ principle by seeking to develop end‐to‐end visa integrity processes.18 The report further noted that, while program integrity was difficult to measure accurately and systematically, testing the cost-effectiveness of integrity measures as compared with compliance operations would be a useful exercise. This type of comparison would facilitate assessment of the performance of the respective functions, and clarify the dynamics of the relationship between offshore integrity as an ‘upstream’ function and onshore compliance as a ‘downstream’ function.

2.10 The development of the department’s Compliance Strategy 2012–15; the introduction of Integrity Partnership Agreements to coordinate integrity functions for specific visas; and the establishment of a national team to manage allegations of non-compliance, were clearly designed to support a more integrated approach to risk management. The Risk, Fraud and Integrity Division’s A Year in Review 2013–14 outlined the division’s achievements to date (and priorities for the coming year).

2.11 The Risk, Fraud and Integrity Division was abolished in December 2014, as DIBP integrated the risk and intelligence functions of the department with similar responsibilities in the former Australian Customs and Border Protection Service. The division’s functions were dispersed across the department, including to a newly established Intelligence Division, other areas of the department, and to the Australian Border Force. As at June 2015, there was limited evidence to demonstrate progress in linking the various program integrity functions and compliance activities, or more clearly defining the relationship between them.

Compliance Strategy 2012–15: linking integrity functions and compliance activities

2.12 In 2011, the (then) Department of Immigration and Citizenship launched its Compliance Strategy 2012–15. The strategy clearly outlined a compliance model where the stages of visa administration and compliance were presented as a single program or continuum. The compliance model is shown in Figure 2.1.

Figure 2.1: Department of Immigration and Border Protection, compliance model

Source: DIBP Compliance Strategy 2012–15.

2.13 As at 1 July 2015, the strategy had lapsed, having been in place for around 18 months. There was no evidence to indicate that it had been implemented beyond articulating the concept of an integrated and ‘joined-up’ approach to compliance—the strategy was referred to by compliance field teams, but there was no area of the department with overall responsibility for it. Specifically, the department had not outlined how ‘feedback’ would be collected across the four stages of compliance identified in the model, or how results in each stage, and across the continuum, would be measured.

Border Continuum Model

2.14 Subsequent to the abolition of the Risk, Fraud and Integrity Division, and the lapsing of the Compliance Strategy 2012–15 from 1 July 2015, DIBP’s approach to administering Australia’s migration, temporary visa and customs legislation has been based on a Border Continuum Model. The model aims to identify and mitigate risks of non-compliance: offshore, when people apply for a visa or to import goods to Australia; at the border, when people or goods enter the country; and onshore, where visa holders are required to comply with the conditions of their visa, including leaving the country when their visa expires.

2.15 The concept of a border continuum—recognising the relationship between upstream decisions on visa applications and enforcement activity after a visa has been granted—is not new, but the department is developing new structures and capabilities to implement the approach. The DIBP Corporate Plan 2015–19 refers to the department adopting an ‘intelligence led, risk-based approach to focus on mitigating the risks, including security risks, posed by the complex composition of temporary and permanent visitors’19; and the implementation of a departmental risk management policy and framework, in accordance with section 16 of the Public Governance, Performance and Accountability Act 201320 and the Commonwealth risk management policy. Appendix 2 presents DIBP’s advice about its intended approach to managing border related risks.

Coordinating risk functions through Integrity Partnership Agreements

2.16 Integrity Partnership Agreements were established by the Risk, Fraud and Integrity Division as the primary contact and coordination point for the identification and management of risks across the range of visa administration activities.21 The agreements were introduced in 2013–14, to provide ‘end-to-end’ coverage of the risks associated with the visa and citizenship programs, and to be the main mechanism to identify and mitigate those risks. The agreements, developed in conjunction with risk owners and other departmental risk management stakeholders, establish a risk profile for a visa program; identify a Risk Management Group; and facilitate six-monthly risk review reports to support decision making on risk settings.

2.17 As at 1 July 2015, six agreements had been established22 since early 2014, covering more than 80 per cent of visas in terms of volume. The value and effectiveness of these agreements in managing non-compliance risk has not been evaluated, nor have the outcomes of compliance field activities been factored into the risk assessments for established agreements.

2.18 The ANAO has previously commented on the Integrity Partnership Agreement that had been established for the Citizenship Program. The ANAO noted that, prior to the implementation of the agreement, DIBP did not have a systemic approach to identifying, analysing or responding to risk specific to the Citizenship Program, and that:

The introduction of the Integrity Partnership Agreement [IPA] is a useful first step in providing DIBP with a more structured approach to managing the risks to the Citizenship Program. However, it will be important that the IPA is tailored to the Citizenship Program. DIBP informed the ANAO that ‘further development is required to ensure that the IPA is sufficiently broad and correctly linked to new stakeholders to support the citizenship program’ and that it will be reviewed in light of the departmental restructure.23

2.19 As at September 2015 the department advised that work was underway to review all agreements, now referred to as Risk Partnership Agreements, and their application will be extended to cover all temporary and permanent visa programs. A new Caseload Assurance Framework is also being developed24: the draft document clearly identifies the issues impacting on the department’s capacity to achieve a level of confidence that risks in the visa programs are being effectively managed, and how these issues will be addressed.25

Establishing a national team to manage allegations of non-compliance

2.20 The National Allegations Assessment Team is responsible for the centralised management of all allegations (received from members of the public, other government entities, or from other areas of the department) concerning possible fraud and non-compliance with visa conditions. The team was established in 2010–11, drawing staff from the Compliance Information Management Units located in each state and territory office, to provide a more coordinated function. Staff are located in Melbourne, Adelaide and Brisbane, but operate under national procedures.

2.21 Allegations can be lodged through several channels, including a dedicated free-call phone line, referred to as the ‘dob-in’ line. There are two discrete functions within the National Allegations and Assessment Team: the processing of written allegations, and a separate team, referred to as the Information Collection Unit, responsible for allegations received by phone. The number of allegations recorded by channel is shown in Table 2.2.

Table 2.2: Allegations received by channel, 2010–11 to 2014–15

Channel

2010–11

2011–12

2012–13

2013–14

2014–15

Web form1

N/A

5 577

11 267

12 384

14 901

Phone

8 660

7 040

6 558

6 537

5 031

Email

4 098

3 627

4 314

5 918

5 156

Mail

1 683

1 966

2 598

3 228

2 968

Fax

890

547

335

245

178

In person

259

198

105

122

54

Total2

15 590

18 955

25 177

28 434

28 288

Note 1 Introduced in 2011, the web form is an online reporting format available to the public via the department’s website.

Note 2 The data in the table reflects the number of: written allegations (irrespective of whether or not they are referred for further action); and the number of phone allegations that are referred for further action (no record is kept of those that are not referred).

Source: DIBP, Programme Analysis Report, September 2014, p. 15.

Receiving allegations

2.22 Allegations received by web form and email are subject to an automated word filter that sorts them into two queues, standard or sensitive, where sensitive includes allegations with a high priority such as threats to national security or public health.26 These allegations are given a Priority 1 classification and should be entered and referred within two hours of having been received. The standard for other allegations is that they are attended to within seven days. However, the National Allegations Assessment Team operates within standard weekday business hours, making the two hour standard effectively unachievable outside of these hours.27 The team also does not collect data on the extent to which Priority 1 allegations are referred against the standard.

2.23 Allegations received by phone are directed initially to the DIBP Service Centre and, subject to their content, may be transferred to the Information Collection Unit, other business areas, or to another entity. A large number of calls to the dob-in line are subsequently abandoned by the caller during this process. In the period 1 July 2014 to 30 June 2015, of the 27 561 calls to the dob-in line: 8298 (30 per cent) were abandoned before being answered by the Service Centre or during the transfer to the Information Collection Unit. The data is shown in Figure 2.2.

Figure 2.2: Dob-in line outcomes, 1 July 2014 to 30 June 2015

Note 1: Of the 9727 calls answered by the Information Collection Unit, 4760 (49 per cent) were recorded and referred for further action. No record is kept of allegations that are not referred for further action.

Source: ANAO, from data provided by DIBP.

2.24 There is no Service Level Agreement between the DIBP Service Centre28 and the Information Collection Unit setting out respective service levels and expectations. The rationale for directing calls to the dob-in line through the Service Centre in the first instance has not been documented, and there is no monitoring of the type or content of calls that are not transferred. As a consequence, the department does not have visibility of the potential intelligence from a large number of calls made to the line.

Analysing and referring allegations

2.25 A Fraud Allegation Referrals Matrix (the matrix) is used by the National Allegations Assessment Team and Information Collection Unit to direct the analysis, classification and referral of allegations, where sufficient information has been provided to identify a person or organisation of interest. The matrix is a stand-alone, spreadsheet-based tool developed in 2011, and maintained by the National Allegations Assessment Team. It consists of a series of worksheets by the category or subject matter of the allegation, for example, people working illegally or threats to national security. Each worksheet details the circumstances that determine when to use that category; its priority and service standard for recording and referral; and information about the business area to which it should be referred.

2.26 A breakdown of referrals for 2014–15, is provided in Figure 2.3. Of the 15 400 referrals in the reporting period, the most common areas receiving the referrals were Compliance Status Resolution (35 per cent), Operational Integrity (22 per cent) and Visa Processing (13 per cent).

Figure 2.3: Referral of allegations, 2014–15

Note: ‘Operational Integrity’ consists of referrals to Visa Cancellations and Program Integrity Units; ‘Compliance Status Resolution’ includes referrals to compliance field teams. ‘Character’ refers to the character cancellation team.

Source: DIBP, National Allegations Assessment Team (NAAT) Dashboard Report, June 2015.

2.27 While the matrix provides guidance for staff processing allegations, it has been developed and is maintained in isolation from the business areas to which allegations are referred. This is despite operating procedures stipulating the establishment of formal agreements with referral areas, and the need for improved communication being raised in a 2013 internal audit.29 As at June 2015, no formal agreements had been established, and communication between the National Allegations Assessment Team and referral areas was essentially an ad-hoc exchange of emails and occasional meetings. Consequently there was no mechanism to assess the extent to which referrals were appropriate, or were useful in achieving compliance outcomes.

2.28 As at 1 July 2015, options to integrate the management of allegations with a similar service in the former Australian Customs and Border Protection Service were being considered. While this may change existing work flows and processes, allegations are an important source of information and intelligence for the department in addressing non-compliance with visa conditions, and there is scope to improve the operations of the function.

Recommendation No.2

2.29 To improve the management of allegations concerning possible non-compliance with visa conditions, the ANAO recommends that the Department of Immigration and Border Protection:

  1. increases the proportion of calls to the dob-in phone line that are answered; and
  2. implements standards/processes between the National Allegations Assessment Team/Information Collection Unit and the business areas to which allegations are referred, which set out how allegations are to be assessed, referred and reported.

DIBP’s response: Agreed.

2.30 The department accepts the recommendation and advised of a number of activities already in place and planned, as set out in Appendix 1.

3. Promoting and supporting voluntary compliance

Areas examined

This chapter examines DIBP’s approach to promoting and supporting visa holders’ voluntary compliance with their visa conditions.

Conclusion

DIBP has established appropriate arrangements to ensure that information relating to visa conditions is readily accessible to visa holders, and initiatives underway aim to improve the department’s stakeholder engagement more broadly.

An evaluation of services supporting people who voluntarily engage with the department about their visa status was conducted in 2012. While the evaluation found that the services were broadly meeting their objective, the department is yet to finalise its response to the report and its 13 recommendations related to important aspects of the program’s administration.

Can visa holders readily access information about their visa conditions?

DIBP’s information about visa entitlements and conditions is readily accessible to visa holders and the general public, including through social media and on-line and mobile delivery, with the department also providing access to interpreting services and information products in several languages.

3.1 In 2008–09, the (then) Department of Immigration and Citizenship made a significant investment in the information and services available to visa holders, in response to the (then) Government’s major reforms to Australia’s immigration detention policy, New Directions in Detention. The reforms promoted visa-holders’ voluntary compliance with their visa conditions, placing more emphasis on preventing and deterring people from becoming ‘unlawful’ with regard to their visa status (rather than detaining and removing them as the default position).30 As part of these reforms, the Community Status Resolution Service was established in December 2008, and the sources of information available to promote and support voluntary compliance were expanded.

Information about visa conditions on-line and through social media

3.2 Information about Australia’s migration and visa programs is available on the DIBP website, and the department maintains an online ‘self-service’ environment that provides public access to a range of services. Notifications sent to visa applicants and employer sponsors about the grant of their visas include information about visa conditions. Within Australia, access to the department’s website and free-call telephone services is available through self-help facilities in the department’s state and territory offices. There is also access to free phone-based translation services for people from non-English speaking backgrounds.

3.3 DIBP maintains six social media accounts that broadcast specific messages about migration and temporary visa conditions, aimed at different audiences.31 The department has also made the material available to people from non-English speaking backgrounds, for example selected YouTube videos are available in around 16 languages.32 The information provided via social media complements periodic campaigns that are promoted in newspapers and online advertising, bulk mail-outs to individuals and organisations, and community information sessions aimed at raising awareness of particular issues.

Self-help: Visa Entitlement Verification Online

3.4 The Visa Entitlement Verification Online (VEVO) service allows the majority of visa holders to check their visa details and associated entitlements, including whether they are permitted to work. Organisations with an Australian Business Number and registered migration agents can also register for an account to access VEVO and, with the visa holders’ permission, check their entitlement to live, study or work in Australia.33

3.5 In 2014–15 the top two VEVO checks completed by organisations concerned visa holders’ entitlement to work (60 per cent) and to study (seven per cent). The VEVO service is well used.34 The number of organisations registered, and the number of checks by organisations and individuals for the period 2010–11 to 2014–15, is set out in Figure 3.1.

Figure 3.1: VEVO service: numbers of checks and registered organisations, 2011–12 to 2014–15

Note 1: The number of ‘checks’ reflects each time an organisation or individual has accessed VEVO.

Source: ANAO, from DIBP information.

Do DIBP’s services effectively support voluntary compliance?

An external evaluation of the services supporting voluntary compliance, finalised in December 2012, concluded that the services met the objective of reducing the time to resolve clients’ visa status, and reduced the overall caseload. The evaluation report also identified weaknesses in aspects of the administration of the services, and included 13 recommendations relating to, among other things, the governance of the services and the lack of key performance indicators. As at June 2015, the report and its recommendations had not been fully considered by the department, and consequently there is little assurance that weaknesses identified in the report have been addressed.

3.6 The services available to visa holders who voluntarily engage with DIBP about their visa status are:

  • Compliance Counter, which is designed for clients who require little or no intervention to resolve their immigration status;
  • Community Status Resolution Service, which is designed for clients who require some assistance to resolve their immigration status; and
  • Case Management Teams, which engage with vulnerable clients, or those with complex issues who require a level of individual support and intervention to achieve a timely immigration outcome.

Evaluation of the services supporting voluntary compliance

3.7 In 2011, DIBP commissioned an external evaluation of the services supporting voluntary compliance, Evaluation of the enhanced Compliance Status Resolution Program.35 The evaluation team was tasked with examining the: Compliance Counter, Community Status Resolution Service, Community Assistance Support Service (now referred to as Case Management) and Assisted Voluntary Return Service.36

3.8 The report of the external evaluation, provided to the department in December 2012, concluded that ‘the enhanced Compliance Status Resolution Program was largely on track to achieving program objectives’ referring to the:

underlying program approach (which is based on early intervention, active client engagement and assessment of need, clear identification and communication of client pathways and where eligible, client referral to appropriate support services) aims to create an environment that is conducive to client engagement and voluntary compliance.37

3.9 This positive overall conclusion was based largely on analysis of measures showing that more resolutions had been achieved in a shorter period of time and the entrenched client caseload had reduced.38 The report made 13 recommendations, including that the services supporting voluntary compliance could be better integrated within the broader compliance program (and included a draft program logic and performance indicators in the report). Similarly, the Australian Public Service Commission Capability Review 2012 commented that the (then) Department of Immigration and Citizenship lacked a common definition and understanding of program management, which led to confusion about accountability and responsibility for programs as opposed to structural lines of business.

3.10 A summary report on progress in addressing the recommendations of the external evaluation was produced in May 2014. Similar to many departmental documents reviewed throughout this audit, the summary report did not include any information as to the document’s status, including whether the content of the report had been considered and or approved by the department’s executive.39

3.11 While the teams and executive positions with responsibility for responding to the evaluation and its recommendations were abolished in early 2015, the department provided a final report on the evaluation to the ANAO on 22 July 2015, with advice that:

Due to the extended time required to finalise this report…a review of the department’s implementation of the report recommendations, as suggested in the May 2014 Summary Report, has not been conducted.

Consistent with earlier observations, there was no evidence that this report had been considered and/or approved by DIBP’s executive.

Is there a coordinated approach to stakeholder engagement to inform visa compliance?

There are shortcomings in DIBP’s management of stakeholder engagement, primarily relating to the lack of a corporate approach and limited analysis of client feedback. To address these shortcomings, the department has recently consolidated its communications and media functions (that were previously fragmented across different areas of the department) in order to provide a coordinated and consistent approach to stakeholder engagement; and commenced the development of a corporate stakeholder engagement plan. A project is underway to improve the department’s management of client feedback.

3.12 In its review of the (then) Department of Immigration and Citizenship, the Australian Public Service Commission Capability Review 2012, the Australian Public Service Commission noted that the Senior Executive staff of the department:

has a strong but internally focused culture, which reduces opportunities to draw on the insights and support that other agencies and stakeholders could provide, including the identification and management of risks; [and] close collaboration with external partner agencies and stakeholders is increasingly critical to the department’s success in contributing to its social, economic and national security objectives, and building joint capabilities with ever decreasing resources.40

Managing stakeholders

3.13 Communication strategies to promote voluntary engagement and status resolution services were developed and delivered in the absence of a broader departmental stakeholder strategy. The Australian Public Service Commission Capability Review 2012 of the (then) Department of Immigration and Citizenship identified stakeholder management as one of six functional capabilities requiring improvement. Specifically, the review noted that the ‘department lacks a planned approach to stakeholder relationship management’ and that:

there is no corporate guidance on how to manage stakeholders, nor was there a list of current stakeholders, nor is it easy to identify current DIAC stakeholders, their interests and lead points of contact within the department. Currently, stakeholder management is fragmented across business areas with varied approaches to relationship management.41

3.14 In response to the findings of the capability review, DIBP developed a Stakeholder Engagement Strategy 2014–2016 and supporting documentation, but the strategy had not been implemented prior to the announcement of the current integration and reform agenda. From 1 July 2015, teams responsible for departmental communications and media, including the team with responsibility for status resolution communication, have been integrated into a central unit. An exercise to map key stakeholders across the new department has been completed, and the development of a new plan for stakeholder engagement, incorporating work already undertaken by the two entities, is underway.

Assessing client feedback

3.15 DIBP maintains a Global Feedback Unit, established in 2007, as the central point for receiving, tracking and responding to client feedback from overseas and within Australia. In 2014-15, the department received 16 898 client comments, of which 12 488 (74 per cent) were received through a web form. Of these, 9468 were complaints, 1108 compliments and the remainder general enquiries or requests. The Australian Public Service Commission Capability Review 2012 noted that:

on a day-to-day basis, managers report that evidence-based business decision-making is impeded by a lack of timely and reliable data. In some cases data that is captured (for example, complaints and compliments data) is reported statistically but not evaluated to inform policy development. The outcomes of complaints are not centrally tracked to identify trends that might influence policy decisions and business strategies.42

3.16 The Global Feedback Unit aims to resolve client feedback when it is first received, but where this is not possible, the feedback is referred to the relevant area in the department for a response. As at February 2015, quarterly reports are provided to Senior Executive Staff on feedback received relevant to their business line, providing information on the number and category of comments received, and how many of them were handled by the unit. The policy for managing feedback, introduced by the (then) Department of Immigration and Citizenship in 2012 states that managers are expected to analyse feedback and use it to identify issues relevant to their business, and any emerging trends or problems.

3.17 However, while the Global Feedback Unit tracks the timeliness of the department’s responses to feedback cases, it does not monitor the responses for quality or consistency of message. Some three years after the capability review, there was no evidence of a department level mechanism to ensure that the feedback is analysed to identify emerging issues, or actioned appropriately.

3.18 In July 2015, the Global Feedback Unit and the Complaints and Compliments Management Unit from the (previous) Australian Customs and Border Protection Service, were integrated as phase 1 of a project to improve the management of feedback. Phase 2 of the project, to be completed by December 2015, focuses on improving the operations of the unit and planning for the third phase, scheduled for implementation in 2016, will further develop a single work flow for the integrated units.

4. Visa cancellation and compliance

Areas examined

This chapter examines DIBP’s measures to enforce compliance with visa entitlements through visa cancellation and compliance field activities.

Conclusion

The department has well established arrangements to manage the cancellation of visas, but shortcomings in the processes to measure, monitor and report on the levels of fraud and risk in visa administration reduce the level of confidence that visa cancellations are an effective compliance measure. As at September 2015, a new Caseload Assurance Framework was being developed across the Visa and Citizenship Group that is designed to provide a higher level of confidence that known and emerging risks in the visa caseload are being managed effectively.

The operations of compliance field teams are not well managed. There is considerable variation in the structure and operation of these teams, and few performance indicators, quality assurance processes or management reporting arrangements to support an assessment of the quality, efficiency and effectiveness of their work. From 1 July 2015, the teams were integrated with similar functions from the (previous) Australian Customs and Border Protection Service.

Area for improvement

The ANAO has made one recommendation aimed at improving the maintenance of records and documentation of compliance field activities.

Does DIBP have appropriate arrangements for cancelling visas?

DIBP has well established arrangements to manage the cancellation of visas, including through the introduction of a more efficient business model for visa cancellation teams in early 2015. However, the department has identified the lack of a defined and consistent approach for measuring, monitoring and reporting on the levels of fraud and risk in the visa and citizenship caseload. As at September 2015, a new Caseload Assurance Framework was being developed, which aims to provide a higher level of confidence that known and emerging risks in the visa caseload are managed effectively.

4.1 Under various sections of the Migration Act 1958, the Minister or delegate has the power to cancel visas where visa holders fail to meet the conditions of their visa, including on character grounds. The cancellation of visas is mostly undertaken by the two sections in the Character Assessment and Cancellations Branch—the National Character Consideration Centre and the General Cancellations Network. This branch, which was previously part of the Risk, Fraud and Integrity Division, is now located in the Community Protection Division of DIBP.

4.2 Visa applicants identified to be of potential character concern are referred to the National Character Consideration Centre for character assessment. The (then) Department of Immigration and Citizenship’s administration of character requirements was examined in two previous ANAO audits, and not further examined in this audit.43

General Cancellations Network

4.3 The General Cancellations Network comprises the Cancellation Allocation and Support Team, and visa cancellation teams in each state and territory office. The number of visas cancelled in 2013–14 and 2014–15 is set out in Table 4.1. The majority of voluntary cancellations relates to clients requesting cancellation of their visas in order to access their outstanding superannuation entitlements.44

Table 4.1: Visa cancellations, 2013–14 and 2014–15(1)

Category

2013–14

2014–15 (Jul–Mar)

457 visa cancellations

26 978

21 967

Student visa cancellations

8 021

6 477

Cancellations on fraud grounds

1 059

932

Voluntary cancellations

14 238

14 106

Note 1: A cancellation may be recorded in several categories (for example, a student cancellation may also be a fraud cancellation). For this reason, the table does not contain a total.

Source: Data provided by DIBP.

Cancellation Allocation and Support Team

4.4 The Cancellation Allocation and Support Team is the central point for the collection and assessment of all information (other than on character) related to visa holders who may no longer be entitled to hold their visa. Cases are referred by the National Allegations Assessment Team, from other areas of the department, and from Commonwealth, state and territory entities. The team receives around 130 referrals each month, with approximately 50 per cent from the National Allegations Assessment Team. These cases are assessed manually using the Complex Visa Cancellation Priority Matrix, which was developed by the team, as well as any additional risks identified through regular meetings with General Cancellations Network managers to determine priority processing. As at June 2015, DIBP advised that the matrix was under review.

4.5 The Cancellation Allocation and Support Team is also responsible for taking action on the monthly Targeted Cancellation Reports for student and temporary worker (457) visa streams (provided to them as part of the Integrity Partnership Agreements, discussed in Chapter 2). These reports typically include thousands of potential visa cancellations.45 Cases included in the reports are prioritised by risk prior to being sent, and the team usually does little other than assign the work to state or territory-based cancellation teams to be actioned, although the department advised that a considerable amount of work is undertaken by the support team to improve the accuracy of the data to increase the utility of the reports.

4.6 The team can, however, adjust risk ratings to reflect emerging risks and the section’s own priorities, but it is not clear how these adjustments relate to the risk ratings assigned through the Integrity Partnership Agreement processes (which provide a departmental view of risk) or in the new Caseload Assurance Framework, discussed in Chapter 2.

Actioning visa cancellations

4.7 The process to cancel a visa includes: issuing a Notice of Intention to Consider Cancellation; notifying the client of the decision; and outlining their options (such as appeal). Following a departmental review of the management of cancellations conducted in December 201346, a new business model, the Collective Case Management Model, for cancelling visas is being rolled out across the visa cancellations network from May 2015. Under this model, groups of case officers focus on specific stages of the cancellation process replacing the previous model, the Total Case Management model, where four specialist Visa Cancellation Units, operating independently of each other, managed workloads for each of student and 457 visa streams, voluntary cancellations and complex cancellations.

4.8 DIBP considers that these revised arrangements have the potential to deliver greater flexibility in managing priorities, with the ability to transfer work around the network at short notice. Earlier trials had also shown that managers have greater visibility of the quality of record keeping and decisions of individual visa cancellation officers, but this has still to be fully determined in regard to cancellations work.

Are compliance field activities well managed?

The operations of compliance field teams are not well managed. There are weaknesses in almost all aspects of the function, including the management of information as to which field activities would be undertaken; ad hoc and insufficient use of management reports; an absence of appropriate performance indicators to assess the efficiency or effectiveness of the activities; and variations in the structure and operation of the teams across states and territories. From 1 July 2015, the teams were integrated with similar functions from the (previous) Australian Customs and Border Protection Service under a regional command structure, and a new operating model for the Australia Border Force was being developed.

4.9 Where visa holders do not comply with their visa conditions, enforcement action may be taken by DIBP’s compliance field teams. The teams are based in the capital cities in each state and territory (with staff also based in Cairns). The teams focus largely on locating unlawful non-citizens and people working illegally, and also conduct outreach visits, including to regional and remote locations, advising communities on migration and visa matters. Compliance field activity is managed through the Compliance, Case Management, Detentions and Settlement (CCMDS) portal.

Structure and operation of compliance field teams

4.10 Compliance field teams analyse information about non-compliance and, based on the results of the analysis, conduct compliance activities. The teams operate with a departmental framework set out in policy and procedural guidance, but have a considerable degree of autonomy in how they are structured and how they manage their work. Variations across state and territory teams include:

  • Victoria is divided into three geographical regions; NSW operates as a single team; and teams in Western Australia are structured around industry groups;
  • the use of the CCMDS portal’s reporting and query capability to manage inputs and workflow varies, with one team highly engaged in using the capability and another not using it at all;
  • one team uses the Overstayers Report (to assist in the planning of compliance activities) while another considers that the report provided little value; and
  • arrangements with state and territory jurisdictions, including with police forces, differed.47

4.11 While acknowledging that each state and territory presents different challenges for compliance teams, necessitating some tailoring of approaches to address risk, DIBP was not able to demonstrate the rationale for, or effectiveness of, the various structures and approaches.48 Shortcomings in measuring the effectiveness of compliance field activities were highlighted in the DIBP internal audit, Identification and Management of Visa Overstayers (December 2013), which found that DIBP:

had limited key performance indicators (KPIs) to measure the effectiveness of the Compliance Strategy and Compliance Field activities; and was exposed to risk as, without appropriate performance measures in place, DIBP is not in a position to assess the effectiveness of its approach and activity to managing visa overstayers, and compliance activity more broadly.

4.12 As at June 2015, an evaluation of the effectiveness or efficiency of compliance field operations had not been conducted. The department advised that a performance evaluation section is to be established within the Australian Border Force, to develop appropriate performance arrangements at all levels of the Australian Border Force’s operations by June 2016.

Conducting compliance field activities

4.13 Information about non-compliance is received by compliance field teams from several sources, including the National Allegations Assessment Team. Based on analysis of this information, compliance field teams may:

  • take no further action, where there is insufficient evidence;
  • take administrative action that may involve, among other things, contacting a person or organisation of interest via phone or email; or
  • conduct a field activity, in the form of an observation, non-warrant activity or warrant activity.49

4.14 Between 1 April 2014 and 31 March 2015, 10 141 compliance activities were finalised by compliance field teams, of which there were: 3228 cases where no further action was taken; 2551 administrative actions; and 4362 field activities (3485 non-warrant and 877 warrant). The ANAO selected a random sample of 371 of these activities and assessed them for adherence to the department’s policies and procedures50, as well as the extent to which the activities were recorded in the CCMDS portal. Table 4.2 summarises the nature and results of this testing.

Table 4.2: Summary of the ANAO’s testing of compliance field activities

Test

Test results

What sources of information are used to determine compliance field activities?

Information from community sources (mainly dob-ins) is the main driver of compliance activities.

How are compliance field activities prioritised?

The Compliance Field Prioritisation Matrix 2013–15 sets out the priorities for compliance field activities. The rationale for the prioritisation of risks is not defined and not linked to risk assessments in the broader visa program.

Are compliance field activities finalised in a timely manner?

As at April 2015, 46 per cent of active compliance field jobs (that is jobs that are open and not finalised) had been active for more than one year.

Is the rationale for undertaking specific compliance field activities properly recorded?

In the majority of cases tested there was no rationale recorded as to why a compliance field activity was undertaken.

Are the requirements under section 18 of the Migration Act 1958 and associated departmental guidance (for obtaining information about unlawful non-citizens from third party entities), fully met?

In approximately 25 per cent of cases tested, records did not demonstrate compliance with the legislation.

Are the required approvals obtained for compliance field activities (non-warrant and warrant visits)?

Records indicated that the necessary planning and approval had been obtained in 99 per cent of cases.

Are operational risks for compliance field activities properly assessed?

The approach to the assessment of risk for conducting compliance field activities was inconsistent. However, the guidance provided to staff is not prescriptive.

Is established guidance for recording compliance field activities (where an unlawful citizen is located and may be detained) fully complied with?

In seven of the eight activities sampled, the conduct and assessment of these activities was not fully recorded.

Source: ANAO analysis.

Sources of information about non-compliance

4.15 The ANAO’s analysis, set out in Figure 4.1, shows that reacting to information from community sources, or dob-ins, is the main driver of compliance field activities. This result is consistent with the DIBP internal audit, Identification and Management of Visa Overstayers December 2013, which found that ‘dob-ins’ were the primary source of compliance activity, and that the department could make better use of intelligence information in planning compliance field activities.

Figure 4.1: Compliance activities from source information

Note: Community source information is primarily received via the National Allegations Assessment Team and Information Collection Unit. Departmental information is primarily generated via the overstayers list and individuals who have disengaged from the Community Status Resolution Service. Other entity information is primarily referred from police, courts and prisons.

NFA (No Further Action): NFA may be recorded when no compliance action is taken as a result of insufficient evidence, insufficient resources or insufficient priority.

Source: ANAO analysis of 371 cases.

Prioritising compliance field activities

4.16 The Compliance Field Prioritisation Matrix 2013–15 (the matrix) provides guidance to staff on how information about non-compliance should be prioritised:

  • Priority 1 cases are those presenting risks of significant harm or a threat to national security, where action is not discretionary—planning should be undertaken immediately and action taken as soon as possible;
  • Priority 2 cases include cases where individuals have disengaged from the Community Status Resolution Service, or where illegal work of a more serious, organised and ongoing nature is identified. A response must be planned within seven working days and action taken as soon as practicable;
  • Priority 3 cases involve long-term overstayers or form part of a larger campaign to address a specific geographical or industry risk. Both the plan to respond and response is determined by available resources; and
  • Priority 4 cases are the least serious cases involving allegations of non-compliance (illegal work or overstayers). Both the plan to respond and response are determined by resources and/or other capacity.

4.17 The four priorities are supplemented by 13 tactical considerations, including: staff safety in undertaking an activity; the quality of information or information source; and available detention centre capacity. DIBP provided the ANAO with four versions of the matrix, the Priorities Matrix, Onshore Compliance Program 2006–07 and Compliance Field Prioritisation Matrix 2011–12, 2012–13 and 2013–15. The later versions are similar, with minimal change in the types of cases included under each of the four priorities.

4.18 The department was unable to provide documentation to explain how the priorities were established. While it is clear that threats to national security or public safety would be a first priority, the rationale for the other risks is not defined: for example, the basis on which a person who has disengaged from the status resolution process is considered a higher priority (Priority 2) than a long-term overstayer (Priority 3) is not explained. Further, DIBP has not analysed the results of compliance field activities as part of its broader assessment of non-compliance risk and, as previously discussed, compliance field activities are not considered in the development and maintenance of Integrity Partnership Agreements.

Finalising compliance activities in a timely manner

4.19 During the course of the audit, the department commenced reporting on the number of compliance field jobs that had not been finalised as at the date of the report: the Compliance—Active Work Report. The ANAO’s analysis of the April 2015 report shows that, of 3258 active jobs at that time, 1495 (46 per cent) had been active (that is open and not finalised) for more than one year. The department had not analysed the data to determine why there was such a large number of active compliance jobs. Departmental advice indicated that the results may reflect poor record keeping, or that the jobs are in fact still active. However, particularly for Priority 1 jobs, where the requirement is that they are attended to within two working days, the results should be analysed and addressed. The data is set out in Table 4.3.

Table 4.3: Compliance field jobs that were active for more than one year, as at April 2015

State/territory

Priority 1

Priority 2

Priority 3

Priority 4

Total

NSW

46

256

627

223

1152

Victoria

9

29

9

43

90

QLD

8

28

19

33

88

WA

23

20

13

31

87

SA

3

5

9

8

25

NT

0

2

11

8

21

ACT

1

7

2

11

21

TAS

0

2

8

1

11

Total

90

349

698

358

1495

Source: ANAO analysis of DIBP data; and the Compliance—Active Work report, compiled by DIBP’s Operational Strategies Branch. The report provides information about the number of jobs that have been referred to compliance field teams and not finalised at the time of the report.

Documenting the recommendation and rationale for undertaking compliance field activities

4.20 Departmental guidance requires staff to record their recommendation for field actions and the rationale for that recommendation in the CCMDS portal. The results of the ANAO’s analysis of the documentation of the rationale and recommendation for 371 cases are presented in Table 4.4. Of the 371 cases examined, only 159 cases (43 per cent) had both a rationale and recommedation recorded in the CCMDS portal.

Table 4.4: Recommendation and rationale for compliance field activity following analysis of source information

Criteria

Yes

No

Total

Was a recommendation recorded following the analysis of source information regarding the type of compliance activity to be undertaken?

173

198

371

Where a recommendation was recorded, was a rationale for that recommendation documented?

159

14

173

Source: ANAO analysis of 371 cases.

4.21 With regard to the instances where no recommendation or rationale was recorded, there was no other record outlining why a certain compliance activity was selected. Further, in relation to cases where there was no further action or administrative action (where no rationale was recorded) there was no evidence of quality control mechanisms, such as supervisor approval, being required to finalise a case. The absence of a rationale creates a gap for information analysis and a risk for review in decision making.

Obtaining information about unlawful non-citizens from third party entities

4.22 Under s.18 of the Migration Act 1958, the Minister or delegate has the power to obtain information and documents about unlawful non-citizens from third party entities. The Act requires that any s.18 notice (requesting information) must be in written form and, in exercising this power, delegated officers must satisfy the concept of ‘reasonable belief’.

4.23 DIBP’s PAM3, Gathering and Assessing Information, states that ‘officers must have a concrete basis that leads to the belief. A strong feeling, suspicion or speculation is not sufficient for using the s.18 power’. That is, officers must have reason to believe that the:

  • person of interest is an unlawful non-citizen;
  • organisation, agency or person subject to the s.18 request can provide information and/or documents about the person of interest; and
  • information and documents are relevant to ascertaining the identity or whereabouts of the person of interest.

4.24 The s.18 power was used in 102 of the 371 cases (27 per cent) sampled by the ANAO, with the results summarised in Table 4.5. While positive results have been achieved by use of the s.18 power, there were instances of poor record keeping and procedures not being followed. In particular, in 25 per cent of cases examined the reasons for exercising the power had not been documented, and in 33 per cent of cases examined notices were not signed by the delegate.

Table 4.5: Exercise of the s.18 power to obtain information and documents about unlawful non-citizens from third party entities

Element

Yes

No

Total

Is the reason for having reasonable belief documented?

77

25

102

Is the s.18 notice attached to CCMDS or stored in TRIM?1

85

17

102

Is the notice signed by the s.18 delegate?

57

28

85

Are the results of the s.18 check recorded?

99

3

102

Did the s.18 check return a positive result?

83

16

99

Note 1: DIBP’s guidance in relation to s.18 requests does not specify where s.18 notices are to be stored, but states that information and documents received in a response to a s.18 notice should be recorded in CCMDS and any copies placed on the unlawful non-citizen’s file in TRIM (DIBP’s electronic records management system).

Source: ANAO analysis of 102 cases.

4.25 Of the 77 cases where the reason for exercising the s.18 power was documented, 61 cases (79 per cent) returned a positive result, in terms of obtaining information and documents about unlawful non-citizens from third party entities. In comparison, of the 25 cases where the reason for exercising the power was not documented, 16 cases (64 per cent) returned a positive result. This finding highlights the benefit of DIBP staff documenting reasons for having ‘reasonable belief’ in order to reduce the unproductive application of the s.18 power.

Approval of compliance field activities

4.26 Compliance field teams are required to seek formal approval prior to undertaking a field activity. In relation to observations, the compliance policy section in DIBP advised that this approval may take the form of an informal discussion and may not be documented, but processes for non-warrant and warrant visits are clearly defined.

4.27 For non-warrant visits, approval is documented through the completion of a Compliance Visit Application, and for warrant visits approval is documented in the mandatory control point one (MCP1), of the Control Framework for Detention Related Decision Making. The approval process for warrant visits is particularly important. The DIBP internal review, Warrant Application—MCP1 and Report on the Use of a Search Warrant—MCP2; Process Quality Assurance Review (September 2012), stated that:

The department’s situation is unusual, in that warrants executed by law enforcement agencies for criminal prosecution purposes require approval by a Magistrate, whereas departmental warrants are executed for administrative purposes and so the department is able to approve its own warrants. Consequently the department needs to apply the highest standards to the management of s251 warrant applications, in order to manage the risks to the department and to staff of inappropriate use of this power.

4.28 The ANAO examined the planning and approval processes in the 156 field activities (133 non-warrant activities and 23 warrant activities) identified in its sample. The examination found a high level of adherence with the approvals process: of the 133 non-warrant activities examined, 132 (99 per cent) had the required application completed and approved prior to undertaking the non-warrant activity; and all 23 of the warrant activities assessed had an MCP1 completed and approved prior to undertaking the warrant activity.

Assessing operational risks

4.29 Compliance staff are required to undertake a risk assessment relating to safety of staff for each field activity. Available guidance refers to the consideration of ‘operational risks’ and possible work health and safety risks, but does not explicitly state how they are to be assessed. The guidance is principles-based, specifying that: large scale or high profile operations must include a formal written risk assessment, and for smaller operations the risk assessment may be undertaken less formally (but does not state what this would require).

4.30 DIBP has also developed a: spreadsheet that lists 41 risks; reference card that provides a risk matrix and associated consequence ratings, from low to extreme; and risk assessment template in the CCMDS portal, which provides 10 automatically populated risks that require assessment for the individual operation. Notwithstanding the range of material available to compliance field officers, appropriate and/or required risk planning and mitigation for compliance field activities had not been clearly outlined, including as part of the department’s activities to support compliance with work health and safety legislation.

4.31 In practice, DIBP’s approaches to assessing and documenting risks for both non-warrant and warrant activities were not consistent. The approaches ranged from risk assessments being completed and recorded in the CCMDS portal, to no assessment being completed at all. The ANAO’s analysis of 156 cases from the sample that involved warrant or non-warrant compliance field activities is presented in Table 4.6.

Table 4.6: Assessing operational risks of conducting non-warrant and warrant activities

Was a risk assessment completed?

Description of risk assessment

WHS1 risk

Non-WHS risk

Yes

There was either:

  • a brief assessment in the field activity application, stored in CCMDS and tailored to the individual field activity; or
  • an assessment against a standard set of risks for the activity in the CCMDS portal.

49

36

No

There was either:

  • no evidence of a risk assessment being conducted; or
  • a statement in the field activity application that the operation would be conducted in accordance with Standard Operating Procedures, but no indication as to what was actually done.

107

120

Total

 

156

156

Note 1: WHS—Work, Health and Safety.

Source: ANAO analysis of 156 cases.

Finalising compliance activities

4.32 Compliance activities are either undertaken within the office environment (administrative actions) or outside of the office environment (field activities). Compliance field officers record information relating to compliance activities, including finalisation actions, in the CCMDS portal.

4.33 Of the 95 administrative actions assessed by the ANAO, the type of administrative action and outcome of that action was recorded for 75 actions (79 per cent). For the remaining 20 actions, although the type of action undertaken was recorded, the outcomes were not clearly documented, limiting the extent to which analysis of these actions could be examined, including if the action was appropriate.

4.34 The established guidance for recording field activities is more prescriptive, given the nature of the actions and the potential to detain a person. The ANAO identified specific instructions for officers in undertaking those activities, and assessed the extent to which they had met these requirements. An overview of the criteria and results are presented in Table 4.7.

4.35 The data shows that in seven of the eight activities sampled, the conduct and assessment of these activities was not fully recorded. While acknowledging that records were incomplete in only small number of instances (with exception of the timeliness standard for acquitting reports) the importance of field activities (including completing a client interview and retaining the notice that an individual has been provided with information about detention) necessitates sound operational and administrative practices in this area of activity.

Recommendation No.3

4.36 To support the delivery of compliance activities in line with legislative and procedural requirements, the ANAO recommends that the Department of Immigration and Border Protection mandates and monitors the appropriate documentation of visa compliance activities, including but not limited to the:

  1. conduct of Priority 1 compliance activities;
  2. recommendation and rationale for conducting compliance field activities;
  3. reasons for exercising powers under s.18 of the Migration Act 1958; and
  4. assessment of operational risks to compliance staff.

DIBP’s response: Agreed.

4.37 The department accepts the recommendation and advised of a number of activities already in place and planned, as set out in Appendix 1.

Operating model for the Australian Border Force

4.38 On 1 July 2015, DIBP’s management structure supporting compliance field operations changed. Compliance field teams are now part of the Strategic Border Command Division within the Australian Border Force, reporting to state and territory based Regional Commanders. The compliance functions and arrangements that were introduced as part of DIPB’s transformation strategy, which commenced in 2009–10, have been abolished, and replaced by a central command and control model for all operational activity.

4.39 As at October 2015, while there had been a change of management structure, compliance field teams were essentially still working in the same way, while a new operating model for the Australia Border Force is fully developed and implemented. An outline of the operating model, provided by DIBP, is at Appendix 3.

Table 4.7: Assessment of the conduct and finalisation of compliance field activities

Criterion

Yes or N/A

No

Total

Were clients assessed for notification errors or case law?

Individuals who are targeted in field activities should be assessed for notification errors and/or case law.

155

1

156

Was a compliance client interview undertaken and completed for each person of interest located?

An interview is undertaken including to: assist officers to establish the individual’s identity and immigration status; document the interview about the individual’s personal circumstances; and inform the decision as to whether to grant of a visa or detention is the most appropriate strategy to assist in the resolution of a person’s status.

154

2

156

Was the very important notice issued, signed and attached to the individual’s file (if individual detained)?

Individuals who are detained should be issued with the notice which provides the individual with information about his/her detention. The detainee should sign the notice to indicate that they have received and understood it.

152

4

156

If applicable, were the reasons for issuing a Bridging Visa E documented?

An individual can only be granted a Bridging Visa E under certain circumstances, and the reasons should be recorded.

155

1

156

Was a detention note completed (if individual detained)?

The detention note (MCP4) documents the reasons for the ongoing detention of an individual.

155

1

156

Was the detention note completed in the required timeframe?

MCP4 should generally be completed within 24 hours.

156

0

156

Was an acquittal report of the field activity completed?

Following field activities, compliance field teams are required to complete reports detailing the activity.

154

2

156

Was the acquittal report completed within the required timeframe (14 days from the date of the field activity)?

129

27

156

Source: ANAO analysis of 156 cases.

5. Administrative arrangements

Areas examined

This chapter examines key management and administrative arrangements that support DIBP’s promotion, support and enforcement of visa holders’ compliance with their visa conditions.

Conclusion

A range of weaknesses in DIBP’s key management and administrative arrangements have been identified over many years in internal and external reviews, and are again highlighted through the work being undertaken as part of the current integration and reform agenda. The problems relate to core aspects of effective administration, such as visa compliance, and include: the lack of an effective governance, planning and decision-making framework; inadequate data governance, including issues with the integrity of data; the complexity surrounding policy and procedural guidelines; poor learning and development capability; ad hoc and incomplete measures to assess the quality and consistency of decisions and adherence with procedures; and acknowledged problems with the systems established to manage departmental documentation.

Area for improvement

The ANAO has made one recommendation aimed at improving key corporate functions.

5.1 The administration of migration and visa arrangements is a complex area of government service delivery. As at 1 July 2015, there were 11 Acts and associated regulations relevant to the Immigration Portfolio. The legislative framework is also subject to ongoing change: in the period from 1 July 2012 to 30 June 2015, there were 30 Bills that passed through Parliament and received Royal Assent, which amended or established migration related portfolio legislation.

5.2 It is also a highly litigious area of public policy, with numerous challenges to the minister’s and the department’s decisions. According to departmental systems, between 1 July 2012 and 30 June 2015 there were 12 026 matters relating to migration decisions brought before the courts and the Administrative Appeals Tribunal. Within this environment, DIBP’s core management and administrative arrangements are integral to the efficient and effective operation of migration and visa programs, including compliance functions.

Has the department an effective governance, planning and reporting framework?

DIBP is currently developing and implementing a range of measures to support the reform and integration agenda, including the roll out of a new governance, planning and reporting framework. Actions taken by the department in the period 2012–15 to address issues relating to the department’s governance and planning functions, identified in the Australian Public Service Capability Review 2012, have been overtaken by the new arrangements, with a substantial program of work required to fully implement the new processes.

Appropriate governance arrangements and management oversight of the department’s data, including visa related data, has been lacking over many years. The most recent initiative to improve data quality, a Data Governance Working Group, was discontinued in October 2014, just a few months after it had been established. The department’s capability to capture data and provide reports on most aspects of the administration of migration and visa programs is flawed, with key reports on compliance typically including caveats as to the accuracy of the data. Funding provided under the integration and reform agenda supports a program of work to improve data management and reporting.

Governance, planning and reporting framework

5.3 Notwithstanding measures introduced by DIBP since 200551 to strengthen its governance arrangements, the Australian Public Service Commission Capability Review 2012 was critical of the (then) Department of Immigration and Citizenship’s (DIAC’s) arrangements, indicating that:

DIAC has most of the corporate policies and procedures that would be expected of a large, mature and professional department. However, they are not well integrated or consistently driven by senior governance committees and the SES. Many staff members and some external stakeholders say that DIAC has a ‘culture of plans, not planning’ and that measuring and reporting on organisational performance are viewed as ‘getting in the way of real work’… [and] there is a lack of clarity regarding accountabilities and responsibilities in many areas of the department. In both internal and external interviews, people said that they were not always sure who to go to and that ‘there are so many fingers in the pie that no-one owns the problem’.52

5.4 Actions taken in response to the capability review have been overtaken by the current integration and reform agenda. Under the new arrangements, the department advised it is actively reviewing its overall approach to governance, to better enable the department to measure and report on its performance, including to meet the requirements of the Public Governance, Performance and Accountability Act 2013.

5.5 DIBP has launched two key planning documents: Strategy 2020 (launched in January 2015) and the Corporate Plan 2015–19 (available on the DIBP website from September 201553), that the department advised form part of a planning, performance and accountability framework setting out a revised business planning and reporting cycle, as set out in Figure 5.1.

Figure 5.1: DIBP’s Planning, Performance and Accountability framework

Source: DIBP, September 2015.

5.6 The Strategy 2020 and Corporate Plan 2015–19 provide information, at a strategic level, of the department’s directions. With regard to risk and visa compliance, the Corporate Plan 2015–19 sets out the department’s risk management vision to ‘embed at all levels a robust risk management framework54’, and has appointed a Chief Risk Officer to support a mature and positive risk culture. Performance indicators for visa compliance are at a similarly high level, including that ‘voluntary compliance is maintained as the primary approach to resolving breaches’ and the ‘immigration status of the majority of non-citizens located in the Australian community for breach of migration law is resolved in a timely way’.55 More detailed performance indicators for visa compliance would be expected to be included in departmental business plans.

5.7 As a key element of DIBP’s new planning, performance and accountability framework, DIBP advised that the Secretary and the Commissioner of the Australian Border Force will, from this financial year forward, issue annual Charter Letters to DIBP’s group heads and Deputy Commissioners. The letters will outline key responsibilities and accountabilities as well as priorities across the organisation in 2015–16 to help ensure portfolio outcomes are met. The letters complement individual performance agreements with senior executive staff.

Managing data and producing reports

5.8 DIBP maintains a number of information and communication technology (ICT) systems that support the administration of Australia’s migration and visa programs. Through these systems, DIBP receives large volumes of information from its clients, other entities and service delivery partners. The department uses this data for a range of visa compliance purposes, including to: assess applications for visas and citizenship; determine the lawful status of a client; conduct integrity checks; manage border operations; establish bona fides; and verify identity.

Improving data quality: establishing a Data Governance Working Group

5.9 In April 2014, DIBP established a Data Governance Working Group to improve the quality of data held by the department. The terms of reference developed for the Group include that:

this asset [data] is impaired when data is incomplete, incorrectly entered and/or formatted, subject to outdated or inaccurate business rules and processes, or captured in systems which are not easily accessed, have poor usability and poor integration with other systems. Manual work around or ad hoc remediation is required after data management problems have been identified.

5.10 The document refers to more than 26 reviews56 of the department’s ICT capability (dating back to 2005) that have confirmed poor outcomes in enhancing data quality, and the need for improved governance at a whole-of-department level. Broadly, the common findings from the reviews about the impacts of the department’s data management capability include:

  • inaccurate client information which hampers: accurate and lawful decision making; efficient client service; effective risk analysis; and reporting;
  • critical decision-making information is held in multiple systems and hard copy, and is not easily accessible; and
  • some risk remains of a high profile failure of the department tied to availability and quality of client information.

5.11 These issues are reflected in a review of DIBP’s data management maturity indicators, undertaken in 2014 (as shown in Figure 5.2).

Figure 5.2: Enterprise Data Management Maturity Indicators

Note: BI—Business Intelligence; CDM—Corporate Data Model; DGF—Data Governance Framework; EDW—Enterprise Data Warehouse; ETL—Extract, Transform and Load.

Source: DIBP.

5.12 As at June 2015, the working group had met on six occasions between April and October 2014. There have been no further meetings and none are scheduled, and actions included in the terms of reference, such as providing a six-monthly report on planning, work underway and benefits realised, and to review the effectiveness of the group, have not commenced.

Producing reports

5.13 The department uses a business intelligence model that allows staff to access data from the Enterprise Data Warehouse to create a range of reports. A diagrammatic presentation of the transfer of information from a number of systems to the warehouse and the use of the warehouse to produce reports is set out in Figure 5.3.

Figure 5.3: DIBP’s reporting processes and data warehouse

Note: B.O.—Business Objects; SIEBEL—Source System for CCMDS (Compliance, Case Management, Detentions and Settlement) Portal; EDW—Enterprise Data Warehouse; ICSE—Integrated Client Services Environment; TRIPS—Travel and Immigration Processing System; GVP—Generic Visa Portal; ICUE–Immigration and Citizenship Unified Environment.

Source: ANAO.

5.14 DIBP’s reporting capability is provided through a business intelligence tool, Business Objects—essentially a ‘window’ to the various sources of information contained in the Enterprise Data Warehouse. As at July 2015, Business Objects supported:

  • at least three public data marts (including for Borders and Illegal Maritime Arrivals) that provide the business area with data, which according to the department is high quality, reliable, reconciled, and historically persistent, or repeatable; and
  • ten ‘sandpits’57 that support a prototyping phase where business areas can simulate reporting outcomes (to meet their business needs) and inform the formulation of business rules for reporting purposes. The intent of these arrangements is that they would be time limited, and funding would then be available to incorporate ongoing reporting requirements into a public data mart.

5.15 The ‘sandpits’ are part of the department’s Distributed Reporting Capability Strategy, established in October 2012, by the (then) Department of Immigration and Citizenship to improve its reporting functions. The strategy aims to leverage the technical skills and program expertise available across the department through Operational Level Agreements between the central corporate reporting unit and program areas. As at 30 June 2015, nine agreements were in place, including one with the Programme Analysis Section (established in May 2012) that produces compliance and status resolution services reports. The work of the Compliance Data Integrity Team (shown in Figure 5.3) is not a recognised ‘sandpit’ and there is no agreement supporting this reporting activity.

Compliance reporting

5.16 As at June 2015, the key reports providing information about compliance activities (integrity functions, status resolution and enforcement) were:

  • Compliance Status Resolution Program: Community Status Resolution Service and Compliance Counter Monthly Outcomes Report, which provides information on the outcomes achieved by the respective services;
  • Programme Analysis Report, which is produced each quarter and provides high-level data on status resolution and compliance field activities, including detention; and
  • Overstayers’ weekly extract, which provides information on individuals who have overstayed their visa.

5.17 These reports are produced through the ‘sandpit’ managed by the Program Analysis Section. Section staff advised that the capacity to provide these (and other) reports has been built up over the last two years and is ongoing, with considerable resources allocated to ‘cleansing’ the raw data extracts on which the reports are based, consistent with the prototype facility or ‘sandpit’ status of report production. Despite the ‘cleansing’ that is undertaken, data integrity issues remain and the Programme Analysis Reports routinely include caveats.58 The existence of data integrity issues in these reports is problematic as they are the source of data used in ministerial and parliamentary briefings.

5.18 Compliance related reports are also prepared by the Compliance Data Integrity Team, with business areas in the department to identify their reporting needs. Funding that was provided in June 2012 enabled the development of a Business Objects reporting platform for this work. As a result, more than 200 reports are now available, including, from April 2015, a monthly outcomes report for Compliance Counter and Status Resolution Services.

5.19 While the reports produced by the Compliance Data Integrity Team provide considerable data on aspects of compliance activities, the department has not documented the rationale for: funding being provided to this team outside of the established Distributed Reporting Strategy; and reports being developed in the ‘sandpits’ not having been funded to support mainstream production, consistent with the intent of the strategy.

5.20 Looking ahead, the Australian Border Force is forming a performance evaluation section within the Border Management Division to establish effective operational performance reporting arrangements. DIBP anticipated that implementation of these arrangements would be completed by June 2016 (discussed further in Appendices 2 and 3).

Does DIBP have effective administrative functions supporting visa compliance?

There are weaknesses in four key corporate functions supporting visa compliance. The department does not have appropriate arrangements to support the development and management of the Memoranda of Understanding and other agreements to support the exchange of information and services with other state, territory and Australian Government entities. DIBP does not provide staff with policy and procedural guidance in a format that is readily accessible and up-to-date, and a review of the department’s learning and development capability indicated room to improve all aspects of the function. DIBP’s internal audit reports have identified extensive shortcomings in its capacity to provide a level of assurance, through the implementation of quality management tools and processes, that the department’s decisions and activities are consistent and meet the requirements set out in its policies and procedures. Problems with DIBP’s electronic records management system have been identified for many years, but not addressed. The system now presents a risk to the department as records are difficult to locate or cannot be found.

Managing agreements

5.21 DIBP maintains strategic and operational relationships with key state, territory and Australian Government entities, and relevant foreign entities, to exchange information and data to support visa compliance activities. While these arrangements generally take the form of a Memorandum of Understanding (MoU), they can take other forms.

5.22 In late 2014 DIBP established a project to identify and review MoUs, collectively referring to MoUs, treaties and other co-operative agreements across DIBP and the (former) Australian Customs and Border Protection Service. The project was designed to, among other things: ensure compliance with changes to the portfolio’s legislative framework coming into effect on 1 July 2015; and consolidate and create a MoU database that would be centrally maintained. The project also aimed to develop guidance and procedures for DIBP staff on establishing and maintaining agreements.

5.23 Prior to this, there was no central repository for agreements and no team assigned responsibility for managing them. Many DIBP staff interviewed by the ANAO were unaware of the agreements that were in place, including those that supported compliance activities. There was also no guidance available to staff on developing and managing agreements, including the role of the department’s legal division as to their content or format.59 The department advised that periodic attempts over the years to collate and better manage MoUs had never been completed.

Project to manage agreements

5.24 On commencement of the project in December 2014, in excess of 900 agreements were identified in the draft register: 378 for DIBP and 537 for the Australian Customs and Border Protection Service.60 As at 29 June 2015, the project had been closed, with a number of proposed deliverables not achieved but continued to be progressed through business-as-usual processes, including:

  • the central MoU register was still under development. While a consolidated list of MoUs from DIBP and the Australian Customs and Border Protection Service was compiled through the MoU project, the list remained incomplete; and
  • a new policy to provide direction on the creation and maintenance of MoUs was yet to be developed, and a unit to oversee the processes for developing and maintaining MoUs, was yet to be established.61

Policy and procedural guidance for staff

5.25 Since 2007, two executive instructions have provided direction for the development and maintenance of departmental policy instructions: Chief Executive Instruction—Departmental Policy Instructions (CEI 30) issued 8 May 2007; and Secretary’s Instruction 7 (SI 7), that replaced CEI 30 on 1 July 2012. Both instructions contained hyperlinks to policy documents62, stored in the department’s document management system. However, the department informed the ANAO that the links in both instructions had been lost and the policy documents could not be located.

Maintaining and accessing policy and procedural guidance

5.26 DIBP maintains an online SharePoint database, LEGEND, that is the department’s single repository for the legislation, regulations and policy advice (set out in policy advice manuals) relating to Australian migration, temporary visas and citizenship. LEGEND is accessible through the department’s intranet; and commercial access, including for migration agents and lawyers, is available by subscription.63

5.27 As at April 2015, there were in excess of 850 individual policy advice manuals64 in LEGEND, covering all aspects of the department’s migration and visa operations, including compliance. The policy advice manuals are large online documents containing a mix of high level policy principles with procedural guidance for operational staff, either in the documents or in linked files held in the department’s electronic document management system. The manuals are challenging to navigate, notwithstanding recent upgrades to functionality, and training on the system is available for staff.

5.28 Some DIBP staff had developed their own ‘check sheets’ or procedural guides, with the risk that they may not reflect the most recent legislation, or support consistency across different areas of the department, an issue also identified in the department’s internal audits.65 As at March 2015, the department advised that the use of locally developed products had been phased out, with staff now routinely referring to LEGEND, although it is not evident how this was assessed.

Policy and procedural guidance for compliance activities

5.29 There is no single policy or procedural document that supports the work of compliance field teams.66 As outlined earlier in Chapter 4 DIBP identified 30 documents—accessible through LEGEND and available via the CCMDS portal, or stored in the document management system—that provided policy advice, templates and guidelines relevant to compliance field activities. The currency of some documents was not evident. The Compliance Field Guidelines (last updated in January 2012), for example, were available as a link in the policy advice manual, providing operational guidance and a step-by-step guide on the use of the CCMDS portal. During the course of the audit, DIBP advised that the guidelines were no longer current, adding a note to this effect in the electronic version of the document.67

Learning and development

5.30 As part of the current reform agenda, DIBP commissioned external audits of the (then) Australian Customs and Border Protection Service’s and DIBP’s learning capability, with the final reports delivered in February and December 2014 respectively. Findings in these reports included that the department’s learning capability maturity was ‘basic to average’ and did not adequately support the department’s needs, or allow for efficient operations and resource allocation.

5.31 Similar findings were included in the Australian Customs and Border Protection Service audit report, describing the service’s learning capability maturity as ‘basic’, not adequate to support the service’s needs, and insufficient to realise reform. Both reports also identified the lack of a mandated entity-wide learning strategy and governance framework, resulting in an inability to: direct a consistent approach to learning and development; provide an accurate view on the total cost of learning; or allow efficient resource allocation, management and reporting.

5.32 While the overall assessment of DIBP’s learning capability as at December 2014 was ‘basic’, the department advised that training in relation to identified compliance activities was more developed. In response to the Palmer and Comrie reviews, the department had received additional funding in the 2005–06 Budget of more than $230 million over five years, for a broad range of initiatives, including to improve training.

5.33 Notwithstanding this investment in improving training, a DIBP internal audit Detention-Related Decision Making, March 2014, identified further instances where training was inadequate:

  • officers carrying out compliance activities without having undertaken the requisite legal training, including a number of officers taking up to 24 months from the commencement of their duties to obtain the necessary Certificate IV in Government (Statutory Investigation and Enforcement) Training Program; and
  • warrant-issuing officers, under section 251 of the Migration Act 1958, not understanding the legal requirement to have a ‘reasonable belief’ in the warrant issuing and enforcement process.
New arrangements supporting learning and development

5.34 From May 2015, DIBP has initiated several projects supporting the department’s learning and development capability68, in conjunction with the Australian Border Force College.69 Under the new arrangements, from 1 July 2015 DIBP and Australian Border Force staff are encouraged to manage their careers within five vocational streams: border force; policy and regulation; intelligence; client services; and enabling/support.

5.35 A new Learning Management System was rolled out to all departmental staff as part of the 1 July 2015 integration. This system enables staff to view and enroll in courses, obtain their manager’s approval, complete e-learning modules, and track their progress. This is the fourth Learning Management System used by the department within the last 10 years.

Quality assurance arrangements

5.36 DIBP has a range of quality assurance processes, which aim to support effective risk and program management and decision making in relation to visa issue, cancellation, compliance field and enforcement activities.

5.37 Two papers about the department’s Quality Assurance processes were prepared for the DIBP Audit Committee meeting in December 2014:

  • the first consolidated the findings from the department’s Internal Audit Program, July 2013 to December 2014, and concluded that:
    • numerous internal audits have found gaps in the way that the department manages quality through its delivery of programs [and issues predominantly highlighted] were a lack of consistency in approach, immature sampling methodologies and a focus on process quality and process compliance.
  • the second related to a review of Secretary’s Instruction 8 found that, in its current form, the instruction provides70:
    • insufficient support and coordination from the centralised function to ensure consistency, cross pollination or quality within individual lines of business.

5.38 Most recently, the DIBP internal audit report, Health Check of Quality Assurance Across the Department (April 2015), concluded that the:

  • analysis and reporting of quality assurance results does not always provide management with a view of quality, nor is it used to inform process improvement; and
  • skills and capabilities required by staff undertaking quality activities have not been defined, nor is there always guidance to assist staff undertaking this role.

5.39 As at September 2015, DIBP was drafting a Quality Management Strategy, which outlined a staged approach to the development and implementation of a Quality Management Framework designed to embed quality management processes and tools in all levels of the department’s operations.

Quality assurance of status resolution and compliance activities

5.40 Consistent with DIBP’s assessment of quality assurance processes across the full range of departmental activity and internal audit findings related to compliance, measures to assess the quality and consistency of compliance decisions and adherence with procedures were ad-hoc and incomplete.

5.41 Specifically, reviews and conformance checks undertaken by the Program Evaluation and Review Section provided little assurance about the quality of compliance field activities. Established in 2012 to evaluate programs, and conduct quality assurance and reviews on the efficiency, effectiveness and/or appropriateness of compliance and status resolution functions, executive comments on the section’s Annual Work Plan 2014–15, included that:

Due to the current process for determining the work priorities and the adherence to the Quality Management Policy…the work undertaken in the section has been diverted from investigating current risks and issues to a series of conformance checks which have discovered little of substance and added little value for the programme. In addition, the nature in which the work plan has been developed has led to an ambitious list of projects unable to be fulfilled, which has left the team unable to deliver on commitments and done little to give the evaluation and review process credibility.

5.42 The Program Evaluation and Review Section was abolished in July 2015, with the evaluation function moving to the Policy Research and Statistics Branch and the quality assurance and conformance functions moving to the Australian Border Force.

Maintaining departmental records

5.43 In the late 1990s, the (then) Department of Immigration, Multicultural and Indigenous Affairs introduced the HP TRIM Document Management System (TRIM), an electronic data and records management system. It remains DIBP’s primary records management system, including for all compliance related documents.

5.44 As at June 2015, the system had been in operation for some 18 years and held in excess of 100 million records. No documents have been deleted or archived since the system was established.71 There have been five major reviews of the department’s operation of TRIM dating from 2006, all with similar findings.72 The most recent review, HP TRIM Health Check Report, 22 October 2013, stated that:

information is being captured from (then) DIAC business systems at over 50 000 records per day. However, with a lack of governance over this information, it will never be able to be destroyed or transferred to the National Archives of Australia, resulting in an ever expanding system, creating great difficulty in the management and maintainability of the system, and presenting as system slowness and difficulty in search and retrieval.

5.45 Throughout the course of the audit, and consistent with the reviews of DIBP’s records management, departmental staff had difficulty in locating many of the documents requested by the ANAO. It is particularly difficult for departmental staff to identify the status of documents that had no version control and/or date that the documentation was endorsed.

5.46 As at 30 June 2015, there were 16 300 TRIM user licenses in DIBP, including an additional 4500 licenses purchased with the integration of the Australian Customs and Border Protection Service. DIBP recognises that there are a range of problems relating to the department’s use of TRIM, over and above the large volume of records, and that these problems will be exacerbated by the increase in the volume of records and the number of users through the integration of the entities. As part of the integration and reform agenda, the Shared Services Program within the department has taken ownership of records management, with staff and funding transferred with the function. A project to integrate Australian Customs and Border Protection Service records was established in February 2015.

Recommendation No.4

5.47 To support the effective delivery of compliance activities under the migration and visa programs, the ANAO recommends that the Department of Immigration and Border Protection implements initiatives for key supporting governance functions (quality assurance, guidance materials, training, performance reporting and record keeping), with:

  1. clear measures of success and milestones for achieving key deliverables;
  2. senior executive staff with assigned responsibility for successful implementation; and
  3. regular reporting to the department’s executive committees of progress in meeting milestones and success measures.

DIBP’s response: Agreed.

5.48 The department accepts the recommendation and advised of a number of activities already in place and planned, as set out in Appendix 1.

Appendices

Appendix 1

Please refer to the attached PDF of the report for Appendix 1 (entity response).

Appendix 2: DIBP advice about its proposed approaches for managing compliance risks

DIBP, 20 September 2015

The Department will manage border-related risks by integrating intelligence, analytics and enforcement statistics into high quality actionable information. It will make ongoing improvements to manage risks ahead of the border. The enhanced integrity of the visa framework will ensure travel movement risks are addressed offshore. Strategic border intelligence assessments provide insight into new or changing threats and the Senior Executive and the ABF use intelligence assessments to inform operational priorities and actions. These form part of the intelligence-led, risk-based approach to strategic decision making and operations.

DIBP’s Security Referral Service (SRS) enables the transfer of security referrals and information requests between the Department, Australian Security Intelligence Organisation (ASIO) and Department of Foreign Affairs and Trade (DFAT). SRS captures and transmits referrals used in the assessment of PIC 4002 and PIC 4003(b) requirements for temporary and permanent visa subclasses. DIBP also relies on information from the public and other agencies to identify potential compliance risks and will make better use of this information as part of its intelligence-led, risk based approach.

The ABF Performance Unit within the Border Management Division will work with other areas of the ABF and portfolio to establish operational performance measures for enforcement strategies, stand-alone operations and business as usual activities. It will analyse performance against measures in consultation with relevant stakeholders to understand variations from anticipated outcomes and determine the quality of inputs into the supply chain such as information from Intelligence Division and other sources. Intelligence gleaned from operations will also inform the assessment of compliance risks.

The Department undertakes targeted research into potential areas of emerging risk as the need is identified during the development of strategic priorities and/or enforcement strategies. The recent deep dive analysis of visa overstayers to inform DIBP’s approach to this area of emerging concern is an example of this.

The Operational Risk Management Section will support the Commissioner to manage risk within the ABF by determining, articulating and developing mitigation strategies for ABF operational risks in alignment with the Department’s risk appetite and tolerances, within the Department’s Risk Management Framework. The team is also responsible for reporting key risks to the Accountable Authority and assisting the Commissioner to champion the implementation of a risk framework throughout the ABF.

Appendix 3: DIBP advice about the operational model for the Australian Border Force

DIBP, 20 September 2015

From 2015–16, the Strategic Command Group (SCG) will be responsible for setting the strategic direction for the ABF. This is enabled by input from the Minister, Executive Committee and other areas of the DIBP. The Border Management Division will work with relevant areas of the Department and the Australian Border Force (ABF) and, where applicable, external agencies to translate these operational priorities into practical actions captured in Enforcement Strategies and associated intelligence, disruption, enforcement and compliance (IDEC) Plans.

Each Enforcement Strategy will include (but is not limited to) defining specific requirements for the activities that the ABF will deliver to achieve the desired outcome. The Enforcement Strategy also includes a number of performance measures to be monitored throughout the financial year. The Chair of the Strategic Tasking and Coordination Group (STCG) will direct the completion of Enforcement Strategies and IDEC Plans. The chair will also allocate responsibility of each Enforcement Strategy and IDEC Plan to relevant members of the STCG for activities within their span of accountability.

Operational Commanders will complete an Operational Action Plan each month covering activities within their scope of authority analysing the implications of the Enforcement Strategies and IDEC Plans, providing prioritisation, advice and guidance to tactical commanders. Operational Action is endorsed and coordinated at the STCG. Tactical Commanders will complete Tactical Action Plans to provide detail on how the Operational Action Plan will be achieved. Tactical Action Plans are coordinated at the Tactical Tasking Coordination Group.

The Border Management Division will look to realise a positive performance management culture across the ABF and meet the measurement and reporting requirements of the Public Governance, Performance and Accountability (PGPA) Act. This includes the application of the portfolio’s quality and performance management frameworks and is designed to instil confidence in the ABF’s delivery of products and services; management of operational risks; and drive for continuous improvement in the delivery of operations. This is to be fully implemented by June 2016.

The Immigration Compliance Branch was established in July 2015. The branch is responsible for driving a nationally consistent, intelligence-led, risk-based approach to ensuring compliance with those requirements stated in the Migration Act 1958 within Australia’s border. This involves working proactively with a range of Commonwealth partners and law-enforcement agencies, both domestically and internationally, to maximise opportunities of voluntary compliance and to address serious issues of non-compliance and fraud. The branch sets the national program of immigration compliance activity, develops and implements a range of compliance measures, and undertakes compliance monitoring, analysis and reporting.

The branch provides a link between policy and operations in determining appropriate treatments and, by developing and reviewing practices and procedures undertaken by operational areas, ensures that immigration compliance policy objectives and ABF operational priorities are achieved and the settings are correct.

Footnotes

1 A visa is an endorsement made by an authorised representative of one country upon a passport issued by another, permitting the passport holder entry into or transit through the country making the endorsement.

2 DIBP, Compliance Statistics, 22 September 2015.

3 A visa is an endorsement made by an authorised representative of one country upon a passport issued by another, permitting the passport holder entry into or transit through the country making the endorsement.

4 In recognition of the complexity of the visa framework, successive governments since 2008–09 have supported a rolling programme of visa simplification and deregulation, with the aim of reducing the overall number of visa subclasses by almost 50 per cent. At the start of the project in 2009, Australia had 149 visa subclasses, many of which contained similar provisions, eligibilities and entitlements.

5 Under the Administrative Arrangements Order of 18 September 2013, the Department of Immigration and Citizenship was renamed the Department of Immigration and Border Protection.

6 Since 2008–09, the department’s approach to compliance is based on the premise that most people will comply with their visa conditions if they understand their responsibilities and the consequence of non-compliance. This approach is maintained in the key performance indicators set out in DIBP’s Portfolio Budget Statements, 2015–16.

7 DIBP: Risk Fraud and Integrity Division, Year in Review, 2013–14. p.7.

8 The arrangements were legislated under the Australian Border Force Act 2015, which received assent on 20 May 2015.

9 Australian Border Force, Weekly Update, 15 May 2015.

10 As at 14 July 2015, of the 133 SES officers in DIBP (excluding the ABF), 59 had joined the department in the previous 12 months, including 39 who had moved from the Australian Customs and Border Protection Service.

11 Palmer M. J., Inquiry into the Circumstances of the Immigration Detention of Cornelia Rau, Canberra, July 2005, also referred to as the Palmer Report; Commonwealth Ombudsman, Inquiry into the Circumstances of the Vivian Alvarez Matter, Canberra, Report No. 03/2005, also referred to as the Comrie Report; and the Commonwealth Ombudsman, Department of Immigration and Multicultural Affairs: Report on referred immigration cases: Mr T, Canberra, March 2006.

12 The strategy included three streams: Client Services Transformation; Business Services Transformation; and Visa Simplification and Deregulation.

13 Australian Public Service Commission, Capability Review: Department of Immigration and Citizenship, July 2012, p. 8.

14 The term ‘illegal maritime arrivals’ has been used by the Government since late 2013 to describe asylum seekers who enter Australia by boat, without holding a valid visa. The terms ‘Irregular Maritime Arrivals’ and ‘Unauthorised Boat Arrivals’ have previously been used.

15 DIBP data indicates that each year around 99 per cent of over 5.5 million temporary entrants comply with the requirement to maintain their lawful immigration status, or to leave Australia before their visa expired.

16 The Client Services Transformation Strategy was one component of the department’s broader transformation strategy, referred to in Chapter 1.

17 Cancelation of a visa was previously regarded as an ‘integrity’ function rather than a compliance activity, and ‘compliance’ referred primarily to enforcement action.

18 ANAO Audit Report No. 46 2010–11, Management of Student Visas, p. 101.

19 DIBP, DIBP Corporate Plan 2015–19, 22 September 2015, p. 12.

20 The Public Governance, Performance and Accountability Act 2013 replaced the Financial Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997 on 1 July 2014. As the primary piece of Commonwealth resource management legislation, the PGPA Act establishes a system of governance and accountability for public resources, with an emphasis on planning, performance and reporting.

21 As at 1 July 2015, the section with responsibility for Integrity Partnership Agreements is located within the Caseload Assurance Branch of the Community Protection Division, within the Visa and Citizenship Services Group.

22 Agreements have been established to support the administration of the: subclass 457 visa stream—Temporary Skilled (no record of endorsement); Family Program, endorsed 26 May 2014; General Skilled Migration Program, endorsed 8 May 2014; Citizenship Program, endorsed 5 May 2014; Visitor Program, subclasses 600, 601, 602 and 651, endorsed 26 September 2014; and Student Visa, endorsed 26 February 2014.

23 ANAO Audit Report No. 47, 2014–15, Verification of Identity in the Citizenship Program, p. 19.

24 DIBP, Caseload Assurance Framework, draft as at 7 September 2015.

25 The issues identified are: the lack of a defined and consistent approach for measuring, monitoring and reporting on the levels of fraud and risk in the visa and citizenship caseload; an absence of structure and coordination surrounding the numerous activities undertaken across the Visa and Citizenship Group; and the lack of a common language used across the department to discuss ‘fraud’, ‘risk’, ‘integrity’ and ‘assurance’.

26 As at March 2015, while the list of sensitive words reflects topical concerns, there was no formal process for review or amendment to the word filter, and its effectiveness is yet to be evaluated.

27 As at September 2015, callers who call the dob-in line out of normal business hours were referred to the web form.

28 In 2013–14, there were 2 167 087 calls presented to the DIBP Service Centre. DIBP, Annual Report, 2013–14, p. 3.

29 The DIBP internal audit, Identification and Management of Visa Overstayers, December 2013, identified duplication of activities between the National Allegations Assessment Team / Information Collection Unit and compliance field teams, with no feedback loop in place for Compliance to advise of information requirements or quality concerns. The report recommended improved communication, feedback and collaboration between the National Allegations Assessment Team / Information Collection Unit and referral areas.

30 A ‘risk-based’ detention model was also introduced, whereby unlawful non-citizens would be managed in the community while their immigration status was resolved, with detention the option of last resort.

31 As at 30 June 2015, the social media channels were: Twitter, Facebook, LinkedIn, Instagram, the YouTube channel BorderTV, and a migration blog.

32 The department reports monthly on the reach and engagement generated from its social media accounts, and changes in followers. In January 2015, for example, the department recorded 241 353 ‘likes’ on a Facebook post for a video ‘Live the life in Australia’ providing details about skilled migration; and 78 433 views of DIBP information videos, with ‘Coming to Australia’ the most watched, with 8888 views.

33 Organisations need to obtain a visa holder’s name, date of birth, passport or immigration card number, and country of passport, before they can access details on VEVO. Visa holders may email their visa details (as displayed on VEVO) to anyone they choose, for example an employer or landlord who is not registered for VEVO. New apps specifically designed for mobile services, myVEVO, were released in mid-2015, available as a free downloads.

34 ImmiAccount, launched in December 2013, is an online system for visa holders and organisations to create and manage visa and citizenship applications, and negates the need to access VEVO. DIBP advised that the launch of this service has contributed to the slight reduction in individuals’ use of VEVO since 2012–13.

35 Courage Partners, Evaluation of the enhanced Compliance Status Resolution Program, 2012.

36 The Assisted Voluntary Return service, through the International Organization for Migration, provides assistance to non-citizens who are unable to return to their home country without assistance.

37 Courage Partners, Evaluation of the enhanced Compliance Status Resolution Program, p. 7.

38 This assessment showed that in the period 2006–09: the average time to resolve a status resolution case was 431 days, dropping to 372 days after the program commenced; and the entrenched client caseload (that is, clients who had held a bridging visa for more than five years) had been reduced.

39 The steering committee for the review, which comprised departmental senior executives, had not met in over two years and there was little evidence of executive level involvement. Anecdotal evidence from staff with responsibility for progressing the department’s response to the evaluation was of a lack of executive engagement supporting the initiative.

40 The Australian Public Service Commission, Capability Review, Department of Immigration and Citizenship 2012, pp. 18 and 22.

41ibid., p. 27.

42 The Australian Public Service Commission, Capability Review, Department of Immigration and Citizenship 2012, p. 25.

43 The audits were ANAO Audit Report No. 55 2010–11, Administering the Character Requirements of the Migration Act 1958, and ANAO Audit Report No. 56 2010–11, Administering the Character Requirements of the Australian Citizenship Act 2007. The department agreed to the seven recommendations included in the audits, and advised that they were reviewed and endorsed for closure by the Departmental Audit Committee between March 2012 and February 2014.

44 Visa holders who have worked legally in Australia may have had superannuation payments paid by their employer into a superannuation fund on their behalf, which they can claim after leaving Australia and satisfying specified criteria.

45 In May 2015, the temporary worker (457) report had approximately 2700 cases listed, and the report for students had approximately 17 200 cases listed.

46 DIBP, Operational Integrity Strategic Review—Cancellation Activity, 15 December 2013.

47 For example, a Memorandum of Understanding with the NSW State Police Force supported an out-posted DIBP officer. This arrangement was established during the 2000 Olympic Games and left in-situ, providing access to information not available in other states or territories, where no such arrangements were in place.

48 NSW, for example, has the largest proportion of illegal maritime arrivals living in the community on a bridging visa; while the geography of Western Australia presents specific challenges.

49 In conducting observations, there is no intention to interact with a person of interest or enter private premises. Non-warrant activity can involve visits to a house or business, but not the use of powers of entry, search or seizure. In conducting a warrant activity, s.251 of the Migration Act 1958 allows officers to enter and search premises without the authority of the lawful occupier of the property.

50 The policies and procedures that guide the conduct of field activities are set out in a number of policy advice manuals and associated documents. In developing the test plan, the extent of the advice rendered it difficult to identify procedures. The department provided a list of 30 documents in the form of manuals, guides and various templates and forms—with some of them out of date or no longer in use (discussed in Chapter 5).

51 As discussed in Chapter 1, DIBP has been subject to considerable changes to governance, planning and decision making processes, in response to several high-level reviews of the operation of the department.

52 Australian Public Service Commission, Capability Review: Department of Immigration and Citizenship, July 2012, p. 10.

53 DIBP website, available from <https://www.border.gov.au/ReportsandPublications/Documents/corporate-pla...> [accessed 28 September 2015].

54 DIBP, DIBP Corporate Plan, 2015–19, p. 28.

55ibid., p. 32.

56 The reviews include a DIBP internal audit, Review of Data Quality, April 2013, which concluded that: ‘data quality remains a significant challenge for the department and represents a significant area of risk given the critical role data plays in supporting the operations of the department.’

57 A ‘sandpit’ is an arrangement that allows the business area to manipulate data and to trial various reporting formats.

58 These caveats include: an error rate is calculated to compensate for known errors in raw data about unlawful non-citizens remaining in Australia at a given date; and there are known data integrity issues in relation to the resolutions systems data—as a result current figures are not reliable and may be subject to further change.

59 Since 2004 the department has maintained a MoU with the Australia Taxation Office (current version signed in 2012) that supports quarterly data matching to assist in the location of people identified by DIBP as having overstayed the duration of their visa. Each quarter, a list of around 86 000 suspected unlawful non-citizens is sent to the ATO and matched against data held on the ATO’s systems. The power to obtain information and documents about unlawful non-citizens from a third party is provided through s.18 of the Migration Act 1958, with the legislation including specific requirements for the use of this power. DIBP could not confirm if conditions on the use of the s.18 power were appropriately covered in the MoU, and had sought legal advice.

60 MoUs include a range of bilateral and multilateral agreements with domestic and international parties. Domestic parties include other Federal government agencies and state and territory agencies, private sector entities and other domestic entities. International parties include foreign governments and agencies, as well as international organisations such as the United Nations.

61 On 18 March 2015, the Government announced changes to the 457 skilled visa program, including that there would be increased information sharing among key government agencies, in particular the ATO. As at 10 June 2015, the department advised that there had been no progress on these initiatives.

62 DIBP: Procedures for Departmental Policy Instructions and Guidance for Departmental Policy Instructions.

63 Publication of the database meets the department’s obligations under freedom of information legislation. The Freedom of Information Act 1982 requires an agency to publish its operational information, and ensure that the information published is accurate, up-to-date and complete.

64 Policy advice manuals provide guidance on all aspects of legislation relevant to the Immigration and Border Protection portfolio. The manuals vary in length and complexity, subject to the policy matter.

65 DIBP internal audit reports: Review of Decision Making and Quality Assurance over Student Visas, April 2013; and Detention-Related Decision Making, March 2014.

66 The (then) Compliance and Case Resolution Division’s PAM Reform Project 2010–11 aimed to: redesign the program’s 60 plus policy advice manuals into ‘a more cohesive instruction that accords with the requirements of CEI 30 [that] will deliver consistency and integration of advice across all aspects of the program’s activities’. As at April 2015, the department could only provide incomplete and draft documentation about this reform project that had been stored in a local share drive. No final and approved documentation could be located in the department’s records management system.

67 In April 2015, a note on DIBP’s intranet states that ‘due to the difficulty of maintaining accurate guides across a continually evolving business environment, these step-by-step guides will no longer be maintained and will be replaced by the relevant functional guides as discussed above. Users should check the TRIM Date Created date to get an idea of how dated they may be’.

68 Projects include the development of a: People Capability Framework; Learning Framework; and Learning and Development Portfolio Strategy.

69 The Australian Border Force College aims to develop a nationally standardised approach to learning and development across the integrated department, to ensure our people have the right experience and skills needed to excel in their jobs, both now and into the future.

70 Secretary’s Instruction 8, issued 1 July 2012, provides direction relating to the principles, responsibilities and implementation of the department’s (then) Quality Management Framework policy.

71 The ANAO cross-agency Audit Report No. 53 2011–12, Records Management in the Australian Public Service, states that: agencies need to develop records management frameworks and systems designed to ensure that records are appropriately managed. This commences with the creation and subsequent capture of records in records management systems, through to their maintenance and use, and ultimately their transfer to the National Archives of Australia or destruction.

72 The four other reviews were: National Archives of Australia, Recordkeeping in DIMA: A Strategic review, February 2006; Review of the support for the TRIM Application within DIAC, 3 September 2008; ANAO Audit Report No.53 2011–12, Records Management in the Australian Public Service; and Ernst and Young, Management Initiated Review of Freedom of Information, September 2011.