2.1 Audit Objectives and Scope
Since 2011, a high percentage of access requests and privacy requests have not been completed in accordance within the legislated 30-calendar-day time limit. In 2016-17, access to information requests had an on-time completion rate of 60% while privacy requests met the deadline 68% of the time.
The objectives of the audit were the following:
- To assess the adequacy and effectiveness of policies, practices, and management controls to support departmental compliance with legislation as it pertains to the processing of access to information and privacy requests.
- To confirm turnaround times and identify opportunities to improve efficiency of the processing of access to information and privacy requests.
Scope
The scope of the audit included the practices in place for the processing of access to information (ATI) requests and privacy requests received by the department between April 1, 2016 and March 31, 2017.
The following elements were excluded from the audit:
- The accuracy and completeness of information provided in response to access to information and privacy requests;
- Access to information and privacy requests directed to the Audit and Evaluation Division;
- Access to information and privacy requests directed to the Office of the Veterans Ombudsman; and
- Privacy protection activities and controls, including IT security.
The privacy protection activities excluded above will be assessed for potential future audit work as part of the annual risk-based audit planning process.
2.2 Methodology
The audit findings and conclusions contained in this report are based on sufficient and appropriate audit evidence gathered in accordance with procedures that meet the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing as supported by the results of the quality assurance and improvement program. The opinions expressed in this report are based on conditions as they existed at the time of the audit and apply only to the entity examined.