Internal controls to ensure privacy and security

The Canada Revenue Agency (CRA) is proud of its reputation as a leading-edge organization committed to excellence in administering Canada's tax system. However, inappropriate or fraudulent activity can occur in the workplace. The CRA has incorporated a broad array of checks and balances to ensure that those who access your information are strictly limited to employees required to do so as part of their job, and to detect misconduct in the rare instances when it occurs.

Monitoring of employees' access to taxpayer information is centralized, ensuring an independent process that enables the CRA to detect and address any suspect transactions in our systems. This provides assurance that authorized users are accessing only the applications and data they are allowed to access based on our business rules

The CRA's Internal Fraud Control Program uses a strategic approach to managing the risk of internal fraud by preventing fraud where possible, detecting fraud when it occurs, and fostering a heightened level of deterrence in the CRA. The program is an important component of the CRA's Integrity Framework and contributes to the range of compliance-based activities that detect and deter fraudulent and unethical behaviour.

The CRA has also strengthened its internal audit processes for small and medium-sized enterprises by creating, in 2013, Business Intelligence and Quality Assurance units. This measure further strengthens the integrity of the CRA's internal processes by segregating the duties of auditors during the audit process to ensure strong independent oversight and review of actions taken on a file, and quality control of the files audited. No one auditor can carry an audit file from start to finish. Similar processes are already in place for audit processes pertaining to large corporations.

In addition to the current personnel screening for appropriate security clearance, additional verifications are also conducted for individuals who hold or apply for positions that require a high degree of public trust.

Internal disclosure

The purpose of the Public Servants Disclosure Protection Act is to encourage employees in the public sector, including the CRA, to come forward if they believe that serious wrongdoing has been done or will take place and to protect them against reprisals when they do speak out. It also provides a fair and objective process for employees against whom allegations are made.

At the CRA, the Internal Disclosures Office is responsible for coordinating the investigation of internal disclosures that fall within the definition of wrongdoing as described in the Act. If CRA employees suspect wrongdoing in the workplace, they have a duty—and a place—to report it. The CRA provides several support measures to help employees in this regard.

Code of integrity and professional conduct

All public servants sign an oath or affirmation stating that they will faithfully and honestly fulfill their public service duties. Upon hire, CRA employees are required to read and acknowledge the CRA's Code of integrity and professional conduct (Code), the Values and Ethics Code for the Public Sector, and the Directive on conflict of interest, gifts and hospitality, and post-employment (Directive). All CRA employees are asked to review and affirm their obligations under the CRA's Code of Integrity and Professional Conduct and the Directive every year.

The Code clearly outlines the expected standard of conduct including the obligation to protect taxpayer information in accordance with section 241 of the Income Tax Act. Unauthorized access to taxpayer information is considered to be serious misconduct, as reflected in the CRA's Directive on Discipline.

The Code and Directive ensure that current and former employees are aware that the obligation to protect taxpayer information continues even after they leave the CRA.

Canadians can trust that their information is accessed on a need-to-know basis for authorized purposes, and that it is handled with the utmost regard for security.

The CRA's Directive on Discipline

The CRA holds its employees in the highest regard. However, in an organization of over 40,000 employees, the CRA must be prepared to address rare instances of misconduct so that we can preserve the integrity of the tax system and remain accountable to the ethics and values that form the heart of our mandate.

The CRA's Directive on Discipline (the Directive) reinforces the expectations outlined in the CRA's code of integrity and professional conduct, the Values and Ethics Code for the Public Sector, the Directive on conflict of interest, gifts and hospitality, and post-employment, and the Income Tax Act. The Directive and its table of disciplinary measures ensure that misconduct is addressed consistently and fairly, depending on its seriousness. Disciplinary measures available range from a verbal warning up to, and including, termination of employment.

In every instance of fraud or employee misconduct, the CRA has not hesitated to investigate and, if appropriate, impose discipline on employees; if necessary, we refer the matter to the RCMP.

Date modified:

2016-06-13