Public Accounts Committee on May 27th, 2015

Thank you for the question. The idea of beyond the border is that collecting information earlier gives us more of an opportunity to assess threats and risks and to ensure that those threats and risks don't actually come to the border. We call it pushing the border out. The concept really is to collect information earlier and to then facilitate the easier flow of legitimate goods and travellers that are low risk or that there is no reason to stop.

As for which projects might be most interesting or helpful, I think of things like the single window initiative, which makes it easier for traders to provide information to federal government entities by putting the information in once and other government departments that need access to it get it. Everything we do that makes it easier for them to interact with us I think makes it easier for legitimate goods to flow across the border. I don't know if you want more on that.

When do we finish everything? There are a couple of dates that haven't quite been identified for 2015 and 2016.

We're even talking about beyond the border 2.0 at some point as well.

To add to what my colleague was saying, it also has a lot to do with trusted travellers and trusted traders in border communities, so that as these people approach the port of entry, we already see them coming before they are there. RFID, radio frequency identification, enables them to access the right booth and the right information. The idea is that for people in those communities that straddle the borders, who cross all the time, the NEXUS program comes to mind and the trusted traders program comes to mind. The FAST program, free and secure trade, allows commercial goods to go through unstopped. It's more about that. It's knowing about who is coming prior to doing all the business at the border which slows the border down.

I think from a NEXUS perspective perhaps that's true. We have more capacity in general to handle our trusted travellers, NEXUS card holders, at the larger ports of entry than we do at the smaller ports of entry.

Before I turn it over, the short answer is yes. I don't know if you want to enlarge on that.

One thing I would say is that we're also caught in midstream on some of these projects. For projects that had already started, we implemented these frameworks, and then the question was how far back in time to go. Some of the issues we confront here, such as benefits realization for a project that was almost done, we had to look at and ask whether it was worth going back to try to figure out how to measure what the benefit would have been if it was already past gate six and was about to be closed anyway.

The service life cycle management framework is not the same framework that changed names along the way. The project management framework was created to manage the projects once we knew we had a project. The portfolio management framework broadened that to include the investment management, what we're talking about, investment and benefits, and realization of that investment.

The key elements of those two frameworks are gates and governance. In other words, we gate all the investments through the seven gates in our framework and then we present information to the governance committees to seek their approvals. The service life cycle management framework takes that further and describes what information should be presented for approval. We had a bit of a gap there in the sense that we said you need to have your requirements presented but we didn't specify from a methodology perspective what the document looked like. Now with the service life cycle management framework we do.

Thank you for the question.

That is actually what I was talking about a little earlier when we were discussing enterprise architecture. It enables us to do our town planning, if I may call it that, to ensure not only that the CBSA systems are interconnected—and there are some challenges with that—but that they are also linked with external partners' systems. Citizenship and Immigration Canada is one of those partners. When we deal with the global air industry, we have to make sure those standards are in place. We are doing that now. It was central to our enterprise architecture. We call it service-oriented architecture, and it's what will enable us—or is already enabling us—to interact with external partners in an effective and secure manner.

I would just add that what we're dealing with here in many cases are legacy systems that don't talk to each other, and a lot of what we're trying to do is overcome those silos. Much of the IT that we have is at least 20 years old and it came from the old Immigration, the old CCRA, Agriculture.... They were all separate systems, so the task before us is to take 40 databases and systems and start to move them together.

They just laid the groundwork for doing what you are talking about.

I would like to specify something about CIC. The relationship is so close that we have an independent governance system with the associate deputy minister. We meet every two weeks to discuss those issues and ways to make the projects operational. We talk about significant impacts at the border. We have to train our staff and the CIC staff. All those issues are discussed at that governance level.

That is our objective, of course.

To make the border more secure, we have to interact with our partners. That means we need another system. However, when we say that, we are not just talking about a system. We are talking about 288 applications and 42 databases. The main challenge is the integration and interaction of those systems.

The system must do everything in an exemplary manner. That is why the architecture is becoming absolutely critical. We have to make sure that it is open, but that we also increase security. That is of the utmost importance.

It is actually the main challenge. The CBSA often decides not to go ahead with a system because it cannot really put the right bolts into the right places to ensure that the system will be secure.

I think that again the agency has put in place an appropriate framework, but in order to ensure that the systems are going to deliver what they're supposed to deliver, that framework has to be operating as intended. There's more than just making sure systems are delivered on time and on budget. There's also making sure that the systems are delivering what they were intended to deliver. That's why we talk in the report about the need to assess the benefits and assess whether the systems are aligned with the objective of the agency.

Again, I think where I would be right now is that they have the tools to try to make sure these systems are appropriately delivered, but they need to really make sure, because we are talking about $1 billion, we're talking about a complex business, and we're talking about complex systems. It's really important to make sure that this framework is rigorously applied in order to get the types of outcome that you're talking about.

I'm afraid I haven't come prepared to speak explicitly to that and I don't come from operations. My colleagues in enforcement and intelligence, I think, are better able to respond to that. I did follow the media, though, and I know that the funding is for us to increase our capacity to follow foreign fighters basically and conduct investigations.

Thank you for the question.

I'll turn to my colleague to describe the current state of play on the FOSS-GCMS transition.

As I mentioned earlier, there are two parts to FOSS. There is the use by our border services officers of GCMS for entering immigration data as they process immigrants as they show up at our ports of entry. That's been operational since last summer. We are tweaking that right now because we have some choke points, namely the large airports. We're tweaking the performance of GCMS to handle the volume before we switch FOSS off.

On the side of the CBSA, the information from GCMS will be made available and located in a high-performance database so that, at primary scan, your passport won't hit GCMS, which is not necessarily the right level of performance for our peak periods. It will hit our database on our servers. Those two pieces are actually developed and in operation right now. What we're working with operations on is the ability to terminate the use of FOSS as a crutch. It's been in use since the 1970s and, as we are about to pull it, there are some concerns whether the other systems can hold their own.

I don't know the answer to that.

Do you know the answer to that?

Well, I'm not sure. I had a hard time hearing, so....