Canadian Police Information Centre (CPIC) Quality Assurance Review (QAR) Process FAQs for CACP

Similar documents
Auditor General of Canada to the House of Commons

AUDIT OF THE NATIONAL ARCHIVAL DEVELOPMENT PROGRAM

Office of the Auditor General of Canada Performance Audit Yukon Housing Corporation February Implementation Plan

4.01. Office of the Public Guardian and Trustee. Chapter 4 Section. Background. Follow-up to VFM Section 3.01, 2004 Annual Report

Performance magazine issue 23. Modernizing mutual fund reporting for today s environment

Reduce cost and streamline lending processes through pre-closing automation

NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE

Chapter. Acquisition of Leased Office Space

Managing a Transition to a New ALLL Process

Alta5 Risk Disclosure Statement

2.1.3 CARDHOLDER DATA SECURITY

Impact on Actuarially Determined Items SEAC Fall Meeting - Atlanta, GA November 19, 2003

A strategic approach to global derivative trade reporting

Oregon Public Employees Retirement System

Financial Transactions and Reports Analysis Centre of Canada

The new revenue recognition standard technology

Follow-Up on VFM Section 3.05, 2014 Annual Report RECOMMENDATION STATUS OVERVIEW

Frequently Asked Questions:

Early on, your needs were simple. The memory of

M_o_R (2011) Foundation EN exam prep questions

Data What guarantees do employers have that the cleansed data will be updated on the MyCSP systems?...4

Clerk of the Court Audit - #767 Executive Summary

SFC reprimands and fines Merrill Lynch Far East Limited & Merrill Lynch (Asia Pacific) Limited $15 million over internal control failures

Meeder Asset Management, Inc.

Conducting a Governance Audit (Canada)

Our value proposition

Simplify, preserve and enhance.

Effective monitoring of outsourced plan recordkeeping and reporting functions

Carruth Compliance Consulting, Inc. Answers to ASBO Questions for Third Party Administrators

AESOP:Guidelines for effective communication between Critical infrastructure operators and the public during crisis situations

Status Report of the Auditor General of Canada to the House of Commons

Title Insurance and Settlement Company Best Practices

CITY OF LONDON STRATEGIC MULTI-YEAR BUDGET ADDITIONAL INVESTMENTS BUSINESS CASE #9

C.A.O. BRIEFING NOTE FAIRNESS AND EQUITY

PBR in the Audit: What to Expect Michael Fruchter, FSA, MAAA Emily Cassidy, ASA, MAAA

Certification of Internal Control: Final Certification Rules

Public Safety Canada. Audit of National Crime Prevention Strategy Program

GENESIS FUND SERVICES LIMITED provides boutique administrative

1 Security 101 for Covered Entities

Financial Services. Highlights

Applying a holistic approach to RIC tax administration

Virgin Islands Port Authority (A Component Unit of the Government of the U.S. Virgin Islands)

Ontario Works Program

Risk Management Operations Audit. August 29, 2012

United States Department of the Interior

Report of the Court on the implementation of International Public Sector Accounting Standards*

SAN IPSE CAPITAL OF SILICON VALLEY

HIPAA 5010 Webinar Questions and Answer Session

Internal Audit Report on. Supervision of Life Insurance Non- Conglomerate Institutions. November 2017

SANTA CLARA COUNTY OFFICE OF EDUCATION Personnel Commission

ISIN. Bulk Pre-Allocation Service


Exchange Settlement Account System

Helping your business with auto-enrolment

Use of Internal Models for Determining Required Capital for Segregated Fund Risks (LICAT)

OVERVIEW OF BUDGETED RESOURCES

Hundred and Thirty-fifth Session. Rome, October Progress Report on Adoption of International Public Sector Accounting Standards

Code of practice for accurate bills

Helping your business with auto-enrolment

Workers Compensation Act Committee of Review

IN FOC Providing industry insight into market trends, best practices, and service solutions

Rapport ECB Recommendation on Security for Internet Payments Swedbank Response Specification/version: v

Executive Budget Summary

FINANCIAL ADMINISTRATION MANUAL

Project Integration Management

Survey. Asset Managers and ESG. Sensing Opportunity, Bigger Firms Lead the Charge. Firms with a formal ESG policy. (by size) 73% 51% 23%

Final Preliminary Survey Report Audit of Budgeting and Forecasting. June 19, Office of Audit and Evaluation

Self-Logging Minimal Risk Instances of Noncompliance

Workplace Safety and Insurance Board

Texas Workforce Commission

BEST FINANCIAL MANAGEMENT PRACTICES SELF-ASSESSMENT INSTRUMENT FOR FLORIDA SCHOOL DISTRICTS

ARE YOU HIP WITH HIPAA?

Corporate and business plan: to

STAFF REPORT. March 19, Audit Committee. Auditor General

REPORT 2015/174 INTERNAL AUDIT DIVISION

An Assessment of the Revisions to the Government s Fiscal Outlook. Ottawa, Canada November 29,

Sampling Methods, Techniques and Evaluation of Results

Ensuring Payer Compliance with Mandatory Insurer Reporting Requirements. A Proactive Approach to Managing Mandatory Insurer Reporting Compliance

Financial Services Authority

Financial Services Authority

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Webinar: How NEST can help you support clients with auto enrolment

The global tax disputes environment

Why Evolution Private Managed Accounts?

Early on, your needs were simple. The memory of

Towards Sustainable Mining Crisis Management and Communications Planning Protocol

Case Study: Rapid Policy Administration Replacement at Philadelphia Insurance Companies July 2011

ASC Releases Results of EMD Sweep and Best Practices and CSA Provides Guidance on Small Firms Compliance and Regulatory Obligations

13. JUSTICE - ALTERNATIVE DISPUTE RESOLUTION PROGRAM FOR COMPENSATION OF VICTIMS OF ABUSE AT PROVINCIAL YOUTH INSTITUTIONS

STATE OF NEVADA. Performance Audit. Department of Business and Industry Division of Mortgage Lending Legislative Auditor Carson City, Nevada

Working Together to Meet Your Investment Goals

FINRA 2018 Annual Budget Summary

Chair s Annual DC Governance Statement 2017

Contents. Introduction. International Transfer Pricing: Advance Pricing Arrangements (APAs)

Frequently Asked Questions

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Affordable Care Act: State Resources FAQ

IDENTIFYING CHARACTERISTICS

North East King County Regional Public Safety Communication Agency (NORCOM)

The University of Texas Southwestern Medical Center Universal Fee Schedule Audit MSRDP. Internal Audit Report 14:08A

Transcription:

Page 1 of 7 Canadian Police Information Centre (CPIC) Quality Assurance Review (QAR) Process FAQs for CACP August 12, 2013 1. What is the Canadian Police Information Centre (CPIC) Quality Assurance Review (QAR) process? The CPIC QAR process is a national risk assessment that starts with the automated review and validation of all records stemming from all 2,300 CPIC data entry and access points. The risk assessment will involve validating all records attributed to a given agency, followed by subjectively assessing pertinent risk factors, such as whether an agency has two factor authentication (2FA) or whether the agency s dissemination of information policy is in line with CPIC s dissemination policy. This comprehensive review process will help individual CPIC agencies identify their greatest risks. Each agency will be asked to take appropriate action to address these risks as each agency is ultimately responsible for the quality of its own CPIC records. 2. When will the new CPIC QAR process be implemented? It is anticipated that the national QAR process will be implemented during the Spring, 2014. As we transition to the QAR process over the coming year, the CPI Centre will be in close contact with its partner agencies both nationally and regionally to discuss these changes, assess each agency s interim needs and provide assistance to ensure those needs are met. A test of the QAR process is currently being conducted on a sample of agencies across Canada. This will be followed by a pilot project to confirm its validity. 3. Why was the QAR process developed? It was developed to improve the accuracy of CPIC data. Discussions about developing a riskbased assessment model began more than a decade ago and were brought to the attention of the CPIC Advisory Committee. These discussions surfaced again in 2010 following an RCMP internal audit. KPMG consultants later confirmed that moving to a risk-based assessment model would be more efficient than continuing with the traditional CPIC audit process. Technological advances have also helped to make the QAR process possible. In recent years, computing capacity has increased to the point where it is now possible to evaluate all CPIC records electronically.

Page 2 of 7 4. How is the QAR process different from the traditional audit function? The traditional audit process only allowed for the periodic assessment of a random sample of each partner agency s CPIC records. The QAR process will be far more thorough because it will enable the CPI Centre to review all records held by all agencies and/or their queries. This will help to ensure that the data uploaded to CPIC is timely, accurate and secure. The QAR process will help each partner agency identify inaccurate CPIC data and assess the risk they assume and place on other partners when inaccurate data is entered into the system. 5. Will auditing of CPIC information continue until the QAR process begins? All agencies are encouraged to continue to audit their CPIC information as required to ensure the data they are uploading to CPIC is accurate and timely and that they are following proper and established procedures. The CPI Centre, both nationally and regionally, will be in close contact with partner agencies over the coming year to communicate about the QAR changes, assess each agency s interim CPIC needs and provide suitable assistance to ensure those needs are met as we transition to the QAR process. 6. How exactly will the QAR process work? The QAR process will use automated data analysis and report capabilities to identify risks associated with the quality and security of each partner agency's data and access. The CPI Centre and its Field Service Teams will help partner agencies interpret their data quality and risk reports. The QAR process will work well in conjunction with Phase 3 CPIC, which is being regularly updated with new functions to improve data validation and accuracy. 7. How was the QAR process developed? A number of risk factors and potential data anomalies were identified by a team of CPIC subject matter experts. These risk factors will be used to assess each partner agency s CPIC data management and query practices. A risk matrix was developed that allows for the objective and subjective assessment of all 2,300 CPIC data entry and access points. These assessments are based on three overreaching objectives: a. Public safety b. Officer safety c. Organizational liability

Page 3 of 7 8. Are all risks related to CPIC data entry weighted evenly? No. Some factors are considered less risky than others. A few factors, such as whether a given agency has maintenance capability, or whether they have and follow a Dissemination of Information Policy which is consistent with CPIC s dissemination policy, are considered to be higher risk. 9. Why is Dissemination of Information Policy deemed to be so important? When an agency becomes a CPIC agency and begins uploading private and sensitive information about police investigations, it does so with the understanding that the system is secure and that only CPIC agencies will be accessing their records. CPIC s integrity has stood up to critical analysis and many reviews and court challenges. CPIC s integrity is based on protecting the system s sensitive information from people and agencies that are not privy to such information or have no legislated mandate to access it. CPIC partner agencies trust their information to the stringent security policies and practices that CPIC has established and upheld since its inception. Without these policies and practices, CPIC information would not be trusted by the police officers who depend on it for their personal safety and for the integrity of their investigations, nor could it be trusted by the courts. 10. How often will the CPIC QAR process occur? The CPI Centre will use a system of continuous monitoring to evaluate and reassess the risk associated with each agency s data and queries. Each CPIC partner agency will be responsible for working closely with CPIC staff and contributing to the subjective data associated with this risk analysis. A system of self-audit will complement these efforts and will allow each agency to ensure that CPIC policies and procedures are being adhered to. 11. What is the responsibility of partner agencies in the CPIC QAR process? The current responsibility of partner agencies is to enter, disseminate or query CPIC records as per usual. Over the coming year, the CPI Centre will contact each agency to explain new roles and responsibilities under the QAR process. Specifically, partner agency s responsibilities will evolve according to the need to continuously self-audit and self-report on the data uploaded to CPIC. Specific tasks will involve developing and following policies to support the QAR process, analyzing the risk to CPIC through Unit Level and Agency Level Quality Assurance cycles, and responding to requests from CPIC.

Page 4 of 7 12. How will the CPIC QAR process affect partner agency CPIC personnel? We hope the CPIC QAR process will help partner agencies to sharpen their awareness of CPIC data. CPIC personnel will continue to be highly aware of the records they enter into CPIC, ensuring that each record is current, complete and accurate. When working on a file, CPIC personnel must remain aware of the quality controls that are in place and must monitor for any record deficiencies that could pose risks. CPIC personnel should review each file as a whole and help to identify other employees working in the various partner agencies who are also responsible for the quality of CPIC records. CPIC personnel are encouraged to communicate with CPIC s Field Services staff on a regular basis to ask questions, confirm information and share best practices. 13. How will agencies handle this additional work on top of the other responsibilities? That will be a matter for each CPIC agency to decide. The Commissioner of the RCMP is the ultimate authority for CPIC, while the National Police Information Services Advisory Board monitors the integrity of the CPIC system. This can t be done properly if the risks that jeopardize CPIC are not identified. The CPI Centre strives to identify factors that can cause medium to high levels of risk and follow through with steps to help agencies minimize those risks. How this fits into each agency s priorities is a matter for individual agencies to determine. 14. Will the CPI Centre be providing tools to help agencies with the QAR process? Yes. Validation reports will be provided to help agencies assess their CPIC records with the goal of identifying invalid data and/or anomalies. A review guide will help agencies conduct local quality assurance reviews, determine best practices, identify user groups, conduct training, produce annual reports and more. As we progress through the implementation of the QAR process, we expect to develop and provide additional electronic tools to help agencies fine-tune their reviews and assessments. 15. Will training be available to help partner agencies with the QAR process? Yes. We are currently working with several police training institutions to ensure that instruction on the new CPIC QAR process will be available for CPIC operators and users.

Page 5 of 7 16. How will the QAR process improve the quality of CPIC records? It will help by ensuring that CPIC data is as accurate as possible. If each agency uploading data to CPIC is continually reviewing its records, CPIC can more quickly identify and fix potential problems. Clearly, this will improve the quality and reliability of CPIC records for all partner agencies. 17. Will there still be CPIC Field Operations in partner agency regions? Yes, local CPIC Field Operations Officers will remain key contacts in the QAR process. Their understanding of each agency s local needs is essential. 18. How can partner agencies obtain more information about the QAR Process? They can contact their local CPIC Field Operations staff to ask questions, confirm information and share best practices.

Page 6 of 7 Vintage CPIC 19. What s meant by the term Vintage CPIC? Vintage CPIC refers to outdated interfaces with agency s record management systems (RMS) that are not compliant with Phase 3 CPIC. In November 2006, CPIC transitioned to the Phase 3 platform, a software upgrade. Phase 3 provides CPIC users with improved functions that are important to police investigations and public safety. It was expected that all CPIC agencies would migrate to the Phase 3 platform in a timely fashion but that hasn t happened. The NPIS AB endorsed a final sunset date of December 31, 2014 for Vintage CPIC. To date, only 10 interfaces of partner agencies remain to be upgraded and these agencies are on target to meet this sunset date. 20. How is the CPI Centre dealing with the issue of Vintage CPIC? The CPI Centre maintains two different versions of CPIC: Phase 3 and Vintage. Twice each year, new functions are added to Phase 3. The Vintage CPIC system has not had any new functions added since 2006, but programmers still have to assess the impact that changes to Phase 3 will have on Vintage CPIC. As of December 31, 2014, Vintage CPIC interfaces will no longer be maintained and supported by either the CPI Centre or the CIO sector. 21. Why is it so important to eliminate Vintage CPIC now? The Vintage CPIC needs to be eliminated because the new QAR process won t be able to properly assess Vintage CPIC records. The QAR will rely heavily on technology to inform CPIC agencies of their data errors. Agencies that use Vintage CPIC will not be able to take full advantage of the QAR process and will therefore be much more susceptible to data errors, which will compromise the integrity of the entire CPIC system. 22. How is Vintage CPIC limiting the agencies that use it? Agencies using Vintage CPIC are limited in many ways. Here are just a few examples: - They cannot access information from the INTERPOL database or Transport Canada's pleasure-craft licensing database. - They require substantially more space to enter information about release conditions imposed by court orders. - They cannot query logs to determine whether a subject or vehicle has been queried in the past 120 hours. - They cannot access many enhancements made to the MISS and BODY categories. 23. Will the Vintage CPIC system continue to be supported with the implementation of the new QAR process? No. With the unanimous endorsement of the NPIS AB, a final date for the use of Vintage CPIC has been set for December 31, 2014. After that date, the CPI Centre will no longer support

Page 7 of 7 Vintage CPIC. CPIC system changes made after December 31, 2014 will not take the impact on Vintage CPIC users into consideration. This could mean that previously valid Vintage CPIC transactions may then be rejected. Partner agencies using Vintage CPIC would be required to update their own RMS and /or their computer-aided dispatch systems to accommodate the new version of CPIC.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback