Background

The Australian Government, through the Department of Immigration and Multicultural and Indigenous Affairs (DIMIA), operates a ‘layered approach' to border control, as shown in Chapter 1—Figure 1.1. That is, the particulars of each traveller are checked against DIMIA systems at several points to ensure the traveller is properly authorised to enter Australia. These ‘layers' of checking include a universal visa system, the Airline Liaison Officer (ALO) network, Advance Passenger Processing (APP) and border processing at entry points at Australian airports and seaports.

APP is the most recent technological evolutionary stage of Australia's border processing. Unique features of APP include that it is interactive with airlines; it is designed to prevent people from boarding who do not have authority to enter Australia or who are adversely recorded by DIMIA ¹, and it allows authorised agencies to examine passenger information before passengers arrive in Australia. The overall effect is to extend the border to the last point of embarkation—the airline check-in point overseas.

CPS Systems Pty Ltd was selected as the prime contractor (the contractor) to develop, implement and provide ongoing support for DIMIA's Electronic Travel Authority (ETA) system after a tendering process in 1995. The relationship between DIMIA and its contractor is covered by the ETA System Agreement, which provides for, among other things, enhancements to the ETA system. APP was developed as an enhancement to the ETA system.

APP links DIMIA with airline departure control systems. It accesses and processes data held on DIMIA's Travel and Immigration Processing System. APP is designed to enable people arriving in Australia to be processed quickly. All information needed for APP processing is collected when a passenger checks in with an airline carrier overseas and is forwarded electronically to Australia using a worldwide communications network and the ETA platform. This confirms the existence of a valid visa or ETA for people requiring an authority to travel ², and confirms the status of Australian and New Zealand passport holders. APP information is then sent to Australia, allowing passengers and crew to be immigration screened in flight. When they arrive, their records are amended to show they have entered Australia.

Prior to 5 January 2003, DIMIA entered into arrangements with airlines to process passengers using APP on a voluntary basis (hereafter referred to as voluntary APP). Following the events of 11 September 2001, the Government decided to make reporting through the APP system mandatory from 5 January 2003, for all passengers and crew of airlines and international cruise ships arriving in Australia (hereafter referred to as mandatory APP). The Border Security Legislation Amendment Act 2002 (Cwlth) amended both the Customs Act 1901 and the Migration Act 1958 accordingly. Appendix 2 provides information about the legislative changes. Airlines and the cruise shipping industry implemented APP incrementally through 2003–04 (see Chapter 2—Table 2.1).

DIMIA's business system³ design for the voluntary APP system⁴ described the most important measure of success of the APP system as ‘the saving in the time to process a cohort of international passengers through the primary line⁵ at Australian borders'. That is, the focus of the business system design was on passenger facilitation. However, in the light of the subsequent requirement that all passengers and crew of airlines and international cruise ships arriving in Australia be processed using APP, the focus of APP was on increased control. This shift is evidenced in comments outlining the benefits to border security of mandatory APP in the Explanatory Memorandum to the Border Security Legislation Amendment Bill 2002, which stated that the introduction of mandatory APP will:

[S]ignificantly enhance the ability of Customs and DIMIA to assess passengers and crew, prior to their arrival in Australia, for the risk they may present in relation to a range of Commonwealth laws.

Air arrivals

The vast majority of travellers arrive in Australia by air, with only a very small number, mostly the crew of commercial ships, arriving by sea. Air arrivals include Australian citizens returning from overseas holidays or time abroad, migrants, tourists, business visitors, temporary residents, people on working holidays, overseas students, diplomats, military personnel and the crew of international airlines. In 2003–04, around 9.3 million people arrived by air, which was 11 per cent more than in 2002–03, when around 8.3 million people arrived.⁶

Sea arrivals
The majority of people arriving in Australia by sea are the crew members of visiting commercial ships, such as container vessels and bulk cargo ships. In 2003–04, around 333 000 people (both crew and passengers) arrived in Australia by sea, a rise of 4 per cent from 2002–03, when around 320 500 arrived. ⁷

Audit objective and scope

Audit objective

The objective of this performance audit was to assess whether DIMIA's information systems and business processes are effective in supporting APP to meet its border security and streamlined clearance objectives. In particular, the audit focused on the following:

• Mandatory APP–Stage 1 (MAPP1) project management;
• MAPP1 IT development and system performance;
• APP performance reporting;
• contract management; and
• financial management.

In assessing DIMIA's financial management relating to APP, the ANAO had regard to the Commonwealth's framework of legislation and policy governing the management of the Australian Government's resources.

Audit scope

During preliminary planning for the audit, DIMIA advised the ANAO that:

• the majority of airlines and cruise ships had implemented APP for all passengers and crew under MAPP1 but the maritime cargo sector had not commenced implementation of APP; and 
• system enhancements (to allow for APP airline crew data to be transferred between Customs and DIMIA systems) planned for Mandatory APP–Stage 2 (MAPP2) were still being finalised.

For these reasons, the ANAO chose to examine DIMIA's administration of MAPP1 for air passengers and crew arriving in Australia, and to exclude the maritime industry. In some instances, the ANAO also examined events relating to voluntary APP, before MAPP1 was implemented, to better understand and assess DIMIA's overall performance in administering the APP system.
The audit does not include the following:

• an assessment of the security of the APP system;
• DIMIA's implementation of MAPP2, as this work was still being completed at the time of the audit;
• DIMIA's Movement Alert List. This topic has been identified as a potential audit in the ANAO Audit Work Programme for 2006–07; and
• the processing of air passengers and crew by Customs and DIMIA once they have arrived at the border. This topic has also been identified as a potential audit in the ANAO Audit Work Programme for 2006–07.

Overall conclusion

The development and implementation of mandatory APP has involved a number of parties, including DIMIA, the Australian Customs Service (Customs), CPS Systems (the contractor) and its subcontractors ⁸, and individual airlines. The introduction of mandatory APP was a major component of the Government's border security response to the events of 11 September 2001. APP was an innovative system and provided a basis for checking whether passengers and crew of airlines and international cruise ships were properly authorised to enter Australia at their point of embarkation prior to arriving in Australia. APP also allows authorised agencies to examine passenger information before passengers arrive in Australia.

Mandatory APP has now largely been implemented.⁹ DIMIA reports that as at 30 June 2005, APP reporting occurred in approximately 98 per cent of passenger air arrivals¹⁰. The purpose of mandatory APP shifted from passenger facilitation to control with the advent of mandatory APP. However, DIMIA's performance information relating to APP is not sufficient to determine whether airlines are using APP as intended. Collecting additional performance information on aspects of airline performance in using APP would assist DIMIA to more effectively monitor individual airline compliance levels. Also, DIMIA can improve its performance measures to better allow it to measure the impact of mandatory APP on border security.

The target implementation date for MAPP1 was 1 January 2004¹¹. DIMIA reported to its Minister that MAPP1 went live on 6 January 2004, but that it would take considerably longer for the airlines to implement it¹². The majority of airlines implemented MAPP1 after May 2004. The ANAO considers that more comprehensive and timely testing of the MAPP1 system with airlines would have assisted the earlier and smoother transition of airlines systems to MAPP1.

It also took considerably longer to remove the need for duplicate reporting by airlines for crew members to both DIMIA and Customs. Even though it was specifically mentioned in the second reading speech for the Border Security Legislation Amendment Bill 2002, DIMIA did not include this functionality in its business requirements for MAPP1 and it was not implemented until February 2005.

Although DIMIA reports APP performance in its Annual Report, it does not provide information that would allow the impact of mandatory APP on border security to be assessed. In particular, it does not report against the intent of the Border Security Legislation Amendment Bill 2002 ‘to assess passengers and crew, prior to their arrival in Australia, for the risk they may present in relation to a range of Commonwealth laws'. DIMIA advised the ANAO that it is working with its contractor to identify APP performance information that would assist DIMIA in this regard. This includes identifying instances where people are denied boarding as a result of using APP.

DIMIA could improve the accuracy and sufficiency of its APP performance information used for airline compliance monitoring and external reporting, including information relating to: code-share arrangements between airlines; passengers crossing the primary line after midnight ¹³; charter flights; system errors; and check-in mistakes. It is also important that all airlines receive APP performance information and that all users of the information are made aware of the factors affecting its accuracy to assist them in understanding to what extent they can rely on the information. DIMIA is working to address deficiencies in its performance information through the development of a system to support a proposed fines regime for airlines that do not process all passengers and crew using the APP system¹⁴.

In the case of APP, it is not apparent that DIMIA had a clearly developed or articulated strategy for managing its relationship with its contractor including contract succession arrangements, so that the Commonwealth's interests were protected. The department advised that it paid for the development costs for the APP system, which is ultimately owned by the contractor.¹⁵ In this context, the business rationale and authority for some of the decisions made by the department was not evident.

Although provision existed under DIMIA's ETA System Agreement with its contractor, to vary the agreement to provide for the development and on-going operation of APP, DIMIA did not establish clearly documented contractual arrangements. Instead, DIMIA has managed its relationship with its contractor relating to APP through correspondence (including letters and e mails) between the parties. The absence of formal contract variation documentation relating to APP increases: the risk of disputation over the scope of what the parties intended to be delivered; the terms on which it would be delivered; and the risk that required approvals under the FMA Act will be overlooked.¹⁶

The terms and conditions that DIMIA had agreed with its contractor relating to the financial arrangements for voluntary APP were unclear. In particular, DIMIA and its contractor have differing positions on the purpose of a $900 000 payment made by DIMIA to its contractor. Essentially, DIMIA considers the payment was made to cover development costs as at 30 June 2001. Whereas DIMIA's contractor considers the payment was made by DIMIA to reduce proposed ongoing APP transaction fees. DIMIA's lack of documentation means that the rationale for its payment of $900 000 to its contractor was not clear nor was the basis for the transaction fee structure for APP. The ANAO considers that in such an environment it is particularly important that business decisions are documented to protect the interests of the Commonwealth and to support transparency and accountability. DIMIA did not do this for key business decisions relating to the financial arrangements for APP. Also, the manner in which DIMIA managed its contractual and financial arrangements with its contractor relating to voluntary APP exposed the Commonwealth to unnecessary risks (see paragraph 48).

ANAO findings in recent DIMIA audits have identified a range of deficiencies in DIMIA's contract management and documentation to support key decisions, and the department has foreshadowed expenditure of $10 million over five years to improve record keeping systems.

DIMIA has a cost recovery arrangement ¹⁷with its contractor designed so that part of the $20 service charge collected by its contractor per ETA application (from the public through the ETA system Internet gateway) is used to offset expenses relating to the operation of the ETA system, including APP. Essentially, individuals from most countries seeking to enter Australia as a visitor can apply for an ETA ¹⁸ via the Internet. Each individual pays a $20 service charge to submit an ETA application via the Internet. DIMIA's contractor receives the $20 service charge and uses part of this amount to offset DIMIA expenses relating to the ETA and APP systems.

DIMIA could remove the potential for misunderstanding by Internet ETA applicants by posting appropriate notices on its website outlining the relationship between itself and its contractor and notifying applicants that any transaction entered into through the Internet interface would be with its contractor and not DIMIA. Also, it would be useful for DIMIA to discuss with Finance, the most appropriate way of managing its cost recovery arrangements with its contractor relating to the Internet ETA fee.

The audit has highlighted weaknesses in the development and operation of mandatory APP, which is now a key system in DIMIA's border control strategy. It is not apparent that DIMIA had a clear strategy for managing its relationship with its contractor including contract succession arrangements, nor did it employ a structured approach to the delivery of APP. In particular, its contractual and financial arrangements were poorly documented and exposed the Commonwealth to risk in the event of a dispute between the parties.

Recommendations and agency response

The ANAO made six recommendations concerning DIMIA's administration of APP. DIMIA agreed with all of these recommendations. DIMIA's full response to the audit is provided below.

The Department welcomes the audit of APP. The findings of the audit will be used to build on the ongoing work to enhance the APP system.

The APP system has operated successfully since 1998 and now has about 99 per cent coverage of airline transactions. It operates globally in a real time environment and has proven to be robust application with an availability factor of above 99.7 per cent.

APP is a key component of Australia's layered approach to border control. This means that Australia does not rely on any one system but uses a variety of checks and balances to weave the strong fabric of its border control. For example, a visa is a fundamental requirement for access to Australia and persons making applications are checked against an extensive ‘watch list'. At international hubs airport liaison officers check passenger documentation. APP provides a further check to ensure the person is properly visaed for entry. Face-to-face checking then takes place at the border which now also includes automated document checking.

The development of the APP system was, and remains, leading-edge technology. No other equivalent system has been developed although a number of countries are now using the system designed for Australia. The introduction of such technology required an evolutionary approach to the technology which lacked some of the specificity of other IT development processes.

At the same time, there clearly needed to be good governance around such arrangements and a range of measures were set in place in 2004 to ensure tighter contract administration and some of the associated issues which are also identified in the report. A draft Deed of Variation to the contract was passed to CPS in 2005 which should clarify residual contractual issues.

This action has been further supported by a wide range of measures announced by the Minister in October 2005 to improve administration within the Department as part of Government's response to the Palmer and Comrie reports. These measures included significant organisational changes, including the introduction of a centre of excellence for contract and procurement processes within the newly established Legal Division.

The APP system has benefited all parties. It provides greater border security, it resolves many issues around the ‘credentialing' of passengers before they arrive at the border and it has reduced the cost to airlines and shipping companies of arrivals without proper documentation. For example, in 2000–01 fines totalled around $23m but are estimated to be around $3m in 2006–07.

As recommended by the ANAO, more detailed monitoring of airline compliance is being developed, as is a more specific system performance reporting regime for the service provider. More detailed APP performance measures relating to border security are also currently being developed.

Key findings

Implementation of Mandatory Advance Passenger Processing Stage 1 - MAPP1 (Chapter 2)

The development and implementation of mandatory APP has involved a number of parties, including DIMIA, the Australian Customs Service (Customs), DIMIA's contractor and its subcontractors¹⁹ , and individual airlines. The introduction of APP on a mandatory basis was a major component of the Government's border security response to the events of 11 September 2001. Its introduction was subject to time imperatives and risks, including that of delayed introduction. The target implementation date for MAPP1 was 1 January 2004. DIMIA reported to its Minister that MAPP1 went live on 6 January 2004 but that it would take considerably longer for the airlines to implement it.²⁰ The ANAO found that the majority of airlines implemented MAPP1 after May 2004.

While DIMIA had estimated some costs for the project, the costing was incomplete. There was no overall picture of the total cost of the project (for DIMIA and its contractor). In addition, DIMIA was unable to provide evidence that it had approved a project budget or developed a basis to manage expenditure. Furthermore, DIMIA was unable to provide evidence that it had recorded expenditure against a project budget or provided project budget reports to DIMIA senior management.

DIMIA applied limited attention to defining the quality requirements for MAPP1, which reduced their ability to identify and apply adequate quality controls. In particular, DIMIA documentation did not address IT requirements relating to the quality of the products to be delivered. DIMIA did not address important criteria such as reliability, usability, accuracy and performance. Also, the document outlining the test strategy was not comprehensive (it covered only user acceptance testing) and was not finalised.

The ANAO suggests that, in order to fully assess the effectiveness of the implementation, DIMIA complete a review of MAPP1 to identify any outstanding issues not already addressed through subsequent work completed for MAPP2. Such a review would provide assurance that expected benefits have been achieved without any unintended adverse effects on stakeholders or on other systems.

Mandatory Advance Passenger Processing - Stage 1 (MAPP1) IT Development and System Performance (Chapter 3)

DIMIA and its contractor jointly implemented the MAPP1 project to enhance the existing APP system to provide functionality including advance information for: airline crew; cruise ship passengers and crew; transit passengers; and an estimated one per cent of passengers not required to obtain a visa.

In undertaking the MAPP1 project, it was important for DIMIA and Customs to coordinate their efforts in a timely manner to implement a solution that avoided duplicate reporting by airlines, consistent with the second reading speech for the Border Security Legislation Amendment Bill 2002 (delivered by the Attorney-General on 12 March 2002^)21. However, DIMIA's business requirements for MAPP1 did not address this requirement. Subsequent to the audit, DIMIA advised the ANAO that MAPP2 (incorporating the necessary changes to Customs and DIMIA systems to remove the need for duplicate reporting by airlines for crew members) was implemented on 23 February 2005.

The majority of airlines had not completed MAPP1 testing prior to the system going live and therefore did not cut over to MAPP1 until after the go live date. A major airline carrier into Australia indicated that the test scripts supplied did not allow for full testing of all error responses, which resulted in modifications to their system after having gone live.

When MAPP1 went live on 6 January 2004, there were several outstanding issues in end-to-end testing. DIMIA's contractor subsequently delivered the associated functionality as agreed by June 2004. DIMIA was unable to provide evidence, however, that it had subsequently conducted testing to confirm complete system functionality.

An examination of outage statistics for APP, provided to DIMIA by its contractor, shows a high level of availability, although in some months the target of 99.7 per cent was not met.

Although DIMIA had data on APP availability from its contractor's perspective, it could not provide evidence that the Department's Entry Operations Centre recorded and monitored statistics relating to outages reported by airlines. The ANAO found that although DIMIA receives system availability statistics from its contractor, it does not analyse these statistics or data supplied by airlines to the Entry Operations Centre, to identify causes of airline outages, that is, connectivity problems to the APP system.

Advance Passenger Processing (APP) Performance Reporting (Chapter 4)

DIMIA publicly reports, at an aggregate level, information about APP relating to air and sea arrivals in its Annual Report and in departmental publications such as Managing the Border: Immigration Compliance.

In its Annual Report 2003–04, DIMIA reported that some 96 per cent of air arrivals were processed by APP at June 2004, an increase from 94 per cent in 2002–03, and 65 per cent in 2001–02. ²²

The ANAO reviewed the accuracy ²³, relevance ²⁴and sufficiency ²⁵of DIMIA's APP performance information used for external reporting and airline compliance monitoring. DIMIA's APP performance information used for compliance monitoring and external reporting is relevant. However, inaccuracies in DIMIA's APP performance information mean that DIMIA's monitoring of airline compliance and its external reporting on the aggregate number of airline passengers arriving in Australia, that have been processed by airlines using APP, is unreliable to some degree.

These inaccuracies are a consequence of the following:

• code-share arrangements between airlines;
• passengers crossing the primary line after midnight;
• charter flights;
• system errors; and
• check-in mistakes.

Because DIMIA has not yet been able to quantify the impact of the abovementioned factors on the accuracy of its APP statistics, it is unable to quantify the degree to which its monitoring of airline compliance and its external reporting is accurate and therefore reliable. A lack of accurate performance information reduces DIMIA's ability to monitor whether airlines are using APP, as required by legislation, to enable DIMIA to assess passengers and crew, prior to their arrival in Australia, for the risk they may present in relation to a range of Commonwealth laws.

DIMIA is working to address deficiencies in its performance information through the development of the APP Infringement Reporting System. This is expected to improve the accuracy of its APP performance information used for external reporting and airline compliance monitoring, and support a proposed fines regime for airlines that do not process all passengers and crew using the APP system.

The ANAO also found that DIMIA's APP performance information is not sufficient to determine whether airlines are using APP as intended. Collecting additional performance information on aspects of airline performance in using APP would assist DIMIA to more effectively monitor individual airline compliance levels.

Although DIMIA reports information relating to APP in its Annual Report, it does not provide information that would allow the impact of mandatory APP on border security to be assessed including:

• the number of non citizens who were not allowed to board an aircraft to travel to Australia, as a result of being processed by APP, owing to the risk they may present in relation to a range of Commonwealth laws; and
• the number of non citizens who were refused entry at the Australian border, owing to the risk they may present in relation to a range of Commonwealth laws, that should (or could) have been detected at the point of embarkation using APP.

In particular, including the above-mentioned performance information in its Annual Report would assist DIMIA in reporting its performance in respect of the strategy of extending the border to the last point of embarkation as discussed at paragraph 1.12.

DIMIA advised the ANAO that it is working with its contractor to identify the number of instances where a person was denied boarding as a result of processing using APP²⁶. This information would assist DIMIA to report its performance relating to the impact of mandatory APP on border security as discussed above.

Contract Management (Chapter 5)

DIMIA's management of its contractual arrangements with its contractor for delivering APP has exposed the Commonwealth to unnecessary risks. In particular, DIMIA has not properly protected the interests of the Commonwealth by:

• establishing clearly documented contractual arrangements with its contractor for the delivery and ongoing operation of APP including service standards against which contractor performance can be monitored²⁷. The absence of formal contract variation documentation relating to APP increases: the risk of disputation over the scope of what the parties intended to be delivered; the terms on which it would be delivered; and the risk that required approvals under the FMA Act will be overlooked;
• identifying its contract management risks relating to APP, analysing the risks, implementing treatments, and monitoring and reviewing the success of its controls. For example, a typical internal contract management risk is that contract outputs are not identified. This risk materialised because DIMIA did not enter into a contractual arrangement with its contractor that clearly specified the development work to be completed by its contractor, associated quality standards and a timeframe for delivery prior to its contractor commencing work on developing voluntary APP;
• managing its contractual arrangements with its contractor. In particular, DIMIA was unable to provide evidence that it has specified performance level standards relating to its contractor's delivery of APP. Also, DIMIA was unable to demonstrate that it had measured and monitored contractor performance against agreed performance levels, including identifying any deficiencies for remedial action. Although DIMIA agreed to devote appropriately trained and experienced resources to managing its contract with its contractor in its response to a recommendation contained in ANAO Audit Report No. 3 1999–2000, Electronic Travel Authority, it was not until July 2004, that DIMIA engaged an officer to oversee all contractual matters related to the contract;
• addressing succession planning for its contract with its contractor relating to APP to assist in achieving a smooth transition to a new contract after 3 February 2007. In particular, DIMIA has limited performance information to assist it in assessing the success of its contractual arrangements as a basis for succession planning.

Since July 2004, DIMIA has engaged an officer to oversee all contractual matters related to the contract. This is an ongoing role and is the major component of the officer's duties. Also, DIMIA has engaged a consultant ²⁸to review and update the contract. In June 2005, DIMIA forwarded to its contractor a draft Deed of Variation to the contract for comment. The draft Deed of Variation addresses system enhancements, service levels and changes to the financial arrangements since 1996 that have been implemented through exchanges of correspondence. ²⁹

DIMIA's review of its contractual arrangements with its contractor also provides DIMIA with the opportunity to address contract management issues raised as part of this audit.

Financial Management (Chapter 6)

The terms and conditions that DIMIA had agreed with its contractor relating to financial arrangements for the management of APP were unclear. Correspondence from DIMIA to its contractor in June 1997, suggests that DIMIA agreed to ‘to cover (APP) development costs to allow work to progress'. In this context, DIMIA wrote to its contractor explaining that an enclosed cheque for $500 000 was to be repaid to DIMIA and that DIMIA was amenable to its contractor's proposed reduction of check-in transaction fees from the commencement of APP until such time as the funds were repaid in full. However, in 2001, DIMIA decided to pay its contractor $900 000, in lieu of the $500 000 originally agreed. DIMIA and its contractor have differing positions on the purpose of the $900 000 payment and its relationship to the APP transaction fee structure. The actual position is unclear, however a reconstruction of key events (with ANAO comments) is shown in Table 1.

Table 1 APP development costs and transaction fee structure

Source: ANAO analysis

The ANAO considers that in such an environment it is particularly important that business decisions are documented to protect the interests of the Commonwealth and to aid transparency and accountability. As indicated in Table 1 above, DIMIA did not do this for key business decisions relating to the financial arrangements for APP.

Under FMA Regulation 13, a person must not enter into a contract, agreement or arrangement under which public money is, or may become, payable unless a proposal to spend public money for the proposed contract, agreement or arrangement has been approved under FMA Regulation 9 and, if necessary, in accordance with FMA Regulation 10.

DIMIA was unable to provide evidence that a proposal to spend public money had actually been approved under FMA Regulation 9 to cover APP development and transaction costs of approximately $10 804 555³⁰. Under FMA Regulation 13 this should have taken place prior to DIMIA entering into an arrangement with its contractor under which public money would become payable. The absence of evidence of an approval in accordance with FMA Regulation 9 means that DIMIA is unable to demonstrate that a delegated officer had formed a view that the expenditure incurred under its arrangements with its contractor represented efficient and effective use of the public money involved.

DIMIA has a cost recovery arrangement with its contractor designed so that part of the $20 service charge collected by its contractor per ETA application (from a visa applicant through the ETA system Internet gateway) is used to offset expenses relating to the operation of the ETA system, including APP. Essentially, individuals from most countries seeking to enter Australia as a visitor can apply for an ETA via the Internet. Each individual pays a $20 service charge to submit an ETA application via the Internet. DIMIA's contractor receives the $20 service charge and uses part of this amount to offset DIMIA expenses relating to the ETA and APP systems.

DIMIA could remove the potential for misunderstanding by Internet ETA applicants by posting appropriate notices on its website outlining the relationship between itself and its contractor and notifying applicants that any transaction entered into through the Internet interface would be with DIMIA's contractor and not DIMIA.

Although DIMIA has sought legal advice from the Australian Government Solicitor relating to its accounting treatment of Internet ETA receipts, DIMIA has not consulted with Finance on this issue consistent with Attorney-General's Department ‘Legal Services Directions'. It would be useful for DIMIA to discuss with Finance the most appropriate way of managing its cost recovery arrangements with its contractor relating to the Internet ETA fee.

DIMIA's contractor owns the intellectual property relating to the ETA system (including APP and the Internet ETA systems ³¹). Although DIMIA's contractor has commercialised the APP system ³², DIMIA has not received a return on its investment in APP. This is because all commercialisation has occurred outside the period during which DIMIA was entitled to commercialisation returns under the ETA System Agreement.

Agency response

The ANAO made six recommendations concerning DIMIA's administration of Advance Passenger Processing. DIMIA agreed with all recommendations. DIMIA's full response to the audit is provided at Appendix 6. The focus of the audit primarily involves DIMIA. However, as the Australian Customs Service utilises Advance Passenger Processing, it has been included within the scope of the audit. Customs' full response to the audit is provided at Appendix 7.

Footnotes

1 There will be occasions when a person becomes ‘of concern' after a visa has been granted. In such circumstances, DIMIA's systems are designed to identify that the person holds a visa and, in nearly all cases but particularly where there are security concerns, the person's visa will be cancelled immediately. This person would then receive a ‘Do not board' directive from APP at check-in because they have inadequate documentation.

2 There is also a check against DIMIA's Movement Alert List, a computer database that stores details about people and travel documents of immigration concern to Australia. The database is a key element of Australia's national security and border integrity, and is integrated with DIMIA's visa issuing and border entry processes. The ANAO has identified the Movement Alert List as a potential audit topic in its Audit Work Programme for 2006–2007.

3 CPS Systems, Advance Passenger Processing, Business System Design, Version 1.4, 26 November 1998, pp 1–4.

4 A limited version was successfully trialled with Singapore Airlines in 1998. A subsequent version was progressively rolled out to Air New Zealand, Cathay Pacific, Qantas, Japan Airlines and Singapore Airlines, with British Airways coming online in April 2002 and China Airlines in June 2002.

5 Customs officers, both for Customs and Immigration purposes, process passengers arriving in Australia at the primary line. Customs officers may subsequently refer passengers to DIMIA officers at the secondary line for further immigration processing.

6 DIMIA, Managing the Border: Immigration Compliance, Canberra, May 2005, p. 14.

7 Ibid.

8 Société Internationale de Télécommunication Aéronautiques (SITA)—network service provider; First Data Resources; Sterling Software; IBM Australia; and Oracle Systems (Australia).

9 DIMIA has proposed that the Government give consideration to a fines regime to allow DIMIA to fine airlines that do not process all passengers and crew using the APP system. DIMIA is also developing performance reporting modules for APP.

10 DIMIA, Annual Report 2004–05, Canberra, 2005, p. 101.

11 DIMIA's Migration Series Instructions provided for the implementation of mandatory APP as follows: Migration Series Instruction 3.13A requires that information about passengers and crew be given to DIMIA before the arrival of an international passenger aircraft, commencing 5 January 2003; Migration Regulation 3.13B requires that information about passengers and crew be given to DIMIA before the arrival of an international passenger cruise ship, commencing 1 January 2004; and Migration Regulation 3.13C requires that information about passengers and crew be given to DIMIA before the arrival of an international cargo ship, commencing 1 July 2005.

12 Airlines needed to modify their systems to connect to MAPP1.

13 The incorrect recording of the date passengers arrive in Australia can adversely affect the accuracy of DIMIA's APP processing statistics. This type of error can occur, for example, if a flight arrives in Australia before midnight but passengers do not cross the primary line until after midnight. In this event, passengers are recorded by DIMIA as having arrived the day after the flight actually arrived in Australia. The recorded arrival is then inconsistent with airline and APP flight arrival information and complicates the calculation of airline take-up rates relating to APP processing.

14 Although the Migration Act 1958 imposes a requirement on carriers to ensure that non-citizens brought to Australia are properly documented, there is no infringement regime for aircraft or ship operators that do not process all persons travelling to Australia using the APP system. However, DIMIA is proposing that the Government give consideration to a fines regime as part of the Border Integrity Bill 2006, which is intended to be introduced into the Senate during Parliament's 2006, autumn sitting. If passed, a fines regime will be introduced in late 2006, to allow DIMIA to fine airlines that do not process all passengers and crew using the APP system. DIMIA expects this regime to provide a more meaningful incentive for airlines to comply.

15 The ANAO notes that Schedule 13 of the Contract provides that on the expiration or termination of the Contract, DIMIA's IT system contractor grants to DIMIA an irrevocable, perpetual, non-transferable, royalty free licence to use the Request Processing System (Application Processor) Software source code and supporting material.

16 Since July 2004, DIMIA has engaged an officer to oversee all contractual matters related to the contract. This is an ongoing role and the major component of the officer's duties. Also, DIMIA has engaged PSI Consulting to review the contract. In June 2005, DIMIA forwarded to its contractor a draft Deed of Variation to the contract for comment. The draft Deed of Variation addresses system enhancements, service levels and changes to the financial arrangements since 1996 that have been implemented through exchanges of correspondence.

17 Cost recovery is the recovery of some or all of the costs of a particular activity. Used appropriately, cost recovery can improve economic efficiency. Cost recovery may also have equity effects. It may improve equity by ensuring that those who use regulated products bear the costs.

18 Visitor visa (subclass 976) or short validity business entrant (subclass 977). No visa application charge is payable for these visa subclasses.

19 Société Internationale de Télécommunication Aéronautiques (SITA)—network service provider; First Data Resources; Sterling Software; IBM Australia; and Oracle Systems (Australia).

20 Airlines needed to modify their systems to connect to MAPP1.

21 Prior to the development and implementation of MAPP1, duplicate reporting by airlines to both DIMIA and Customs was necessary to achieve efficient processing using APP for airline crew members. However, this was not the case for airline passengers.

22 DIMIA, Annual Report 2003–04, Canberra, 2004, p. 74.

23 Measuring accurately what the agency sets out to measure.

24 Ensuring measurement of what users are interested in.

25 An adequate amount of performance information.

26 Excluding instances where persons were initially denied boarding as a result of processing using APP, because of, for example, data entry errors but were subsequently allowed to board after further processing using APP.

27 DIMIA advised the ANAO that, although formal contract variations had not been completed in accordance with the provisions of the contract, variations to the contract had taken place through correspondence between the parties.

28 PSI Consulting.

29 Also included was a redrafted Schedule 1 (Specifications of the Supported Systems), an updated Schedule 3 (Pricing and Payments), an updated Schedule 4 (Operational and support Services) and a new Schedule 17 (Application Support).

30 Development costs of $1 849 555 ($900 000 relating to voluntary APP and approximately $949 555 relating to mandatory APP); and up to April 2005, approximately $8.955 million for APP transaction fees.

31 The ETA and APP systems share the same platform.

32 For example, New Zealand implemented APP in February 2003 and Bahrain implemented APP in December 2003.