HMRC Report

Document Title

Control of Investigation Documents & Processes in States of Jersey Customs and Immigration Service (SJCIS)

Version

Final Report Version 1.0

Version Date

12/02/2008

Owner

CJES Assurance Branch

File Reference

LE550050700008

Produced By

Dave Nicklin, Tony Higginbotham, Cheryl Burge & Gareth Neaves

Reviewed By

Gary Lampon

Date

16/01/2008

Gary Lampon

Date

12/02/2008

Date

Distribution

Final Report for issue to SJCIS

System or Process

This report examines the investigation documentation, processes and methodologies adopted by SJCIS and tests their compliance with legislation, policy and instructions.

Findings

Strengths

• SJCIS has a fully engaged senior management team who oversee all aspects of investigation activity within the organisation.

• Investigation instructions are clear and SJCIS staff understand and comply with published operating procedures.

• There is an effective training programme in place which offers accreditation where appropriate.

• SJCIS is held in high regard by the States of Jersey prosecuting authority who have commended the quality of case papers and the diligence of the case referral process.

Weaknesses

• The organisation requires a high-level investigation strategy document to define and clarify the key roles, responsibilities and priorities of SJCIS.

• Audit trails are fragmented due to a lack of documented decisions made in relation to case adoption and progression.

• The control of sensitive surveillance equipment and non-cash valuables e.g. credit cards needs to be more robust.

Recommendations

Recommendations have been made to improve the control weaknesses identified above. These include the adoption of investigation Case Decision Logs and designation of a Property Officer. In addition, recommendations have been made to improve the recording of Management Assurance checks and review Security Vetting arrangements.

Conclusion

No serious control weaknesses have been identified and the review team is content with the majority of processes and procedures currently in place. However, a number of gaps are evident and the implementation of the above recommendations will help to improve an already impressively run business. There is currently a low risk of exposure to the organization in relation to the control of Investigation documents and processes.

6.  MAIN FINDINGS

The team concentrated on the 9 assurance objectives stated in the Terms of

Reference as follows:

1.  Standing instructions and standard operating procedures

Investigation staff have full access to a comprehensive set of instructions

dealing with all key aspects of their work. The HMRC Enforcement Handbook

instruction manual is also made available to provide further guidance as

required. Responsibility for maintaince of SJCIS investigation instructions is

currently shared within the team and an informal process exists for staff to

raise issues or concerns. However, to improve controls in this area a new post

has recently been created to take overall charge of this activity and ensure

instructions and documents are regularly reviewed and updated.

2.  Investigation case adoption criteria and case continuance

arrangements

Investigation cases are selected by the team following an assessment of the

seriousness of the offence under consideration and the evidence and-or

intelligence available. Regular casework meetings are held between

Investigation and Intelligence managers to critically evaluate progress and the

prospects for a successful prosecution. However, it is difficult to provide

satisfactory assurance of this process as there are no published criteria

detailing SJCIS investigation priorities and decisions made on case adoption

and continuance are not always fully documented .

R1: We recommend SJCIS produce a formal investigation strategy

document detailing the roles, responsibilities and priorities of the

organisation

Adopted cases are managed using the electronic CLUE' database which

provides a formal record of case progress. This system is supported by an

electronic schedule of events and actions maintained by the investigation

team. However, SJCIS do not currently use a checklist of important tasks

similar to the Operational Checklist used in HMRC. Such checklists act as a

reminder to staff of key case requirements and help to assure the quality of an

investigation case by providing evidence that all aspects have been fully

considered.

S1: We suggest SJCIS consider adopting an Operational Checklist

similar to that used by HMRC

3.  Case team structure and responsibilities

The investigation arm of SJCIS is split into two teams dealing with target

operations and referred casework. Each team is made up of a small number

of trained investigators who support each other as necessary. Communication

both up and down the management chain is viewed as strong. It is an aim of

the organisation for all staff to be capable of supporting investigation activity

and this enables prompt assistance to be deployed as necessary.

4.  Decision making processes and policy books

SJCIS recognise that there is an emerging need to ensure the reasons for

important case decisions are fully documented. This is to ensure:

 the investigation complies with legal obligations and SJCIS internal

standards

 an audit trail exists in the event that particular aspects of a case are

challenged during subsequent prosecution or review

 individuals making difficult or finely balanced decisions have a

contemporaneous record of the impact factors and constraints

Such a record needs to be in a robust and durable format which is able to

withstand internal and external scrutiny. An extension of the electronic case

schedule (section 2) could offer a solution but a separate Policy Book or Case

Decision Log is the preferred practice for law enforcement agencies across

the UK. The adoption of a Case Decision Log similar to that used in HMRC

would greatly enhance the controls in this area.

R2: We recommend that SJCIS adopt a Case Decision Log similar to that

used by HMRC

The CDL forms part of a suite of controlled documents used by HMRC which

includes Notebooks and Daybooks.

S2: We suggest that SJCIS consider adopting an investigation Daybook

similar to that used by HMRC

5.  Risk Assessments and Operational Security

There is a high level of awareness for the need to have a risk assessment in

place for each operation. Although generic templates are used, they are

adapted for each case and situation. We were impressed with the quality of

the assessments examined and are satisfied that they provide sufficient

safeguards for staff on operational duty.

The organisation has graded levels of security for IT access and these are

closely controlled and monitored by managers. Control of general equipment

is adequate but the same level of access is afforded to sensitive surveillance

equipment and we feel this creates an unnecessary risk to the organisation.

Equipment such as Vehicle Tracking Devices (VTD) should be closely

controlled and only issued with proper safeguards and records in place.

R3: We recommend that sensitive equipment is stored in a secure area

and access is restricted. A movement log should be adopted similar to

that used by HMRC

The control of evidence, in particular drugs and cash, is adequate but access

to exhibits needs to be restricted where appropriate. We note that access to

items such as credit cards and passports are not controlled in the same way

as cash and we see this as a potential risk to the organisation. We are aware

that KPMG have recently reviewed the storage of evidence and drugs but we

have not had the opportunity to see their emerging findings. We therefore

make the following recommendations for consideration after the KPMG

findings are published.

R4: We recommend a designated property officer be appointed to

control and monitor access to evidence

R5: We recommend that access to non-cash valuables such as credit

cards and passports be afforded the same level of security as cash

6.  Preparation of investigation case files for the Law Officers' Department

We interviewed two senior members of the Law Officers' Department who

were full of praise for the quality, depth and presentation of prosecution files

from SJCIS. In particular, they were impressed with the checks carried out by

the senior manager before they were submitted. Such checks appear to be

similar to the pre-trial Butler 21' checks applied in HMRC. However, we

established that the records to authenticate the work undertaken by the

manager were insufficient to robustly support his actions.

S3: We suggest SJCIS adopt a formal certification process to confirm

the completion of pre-trial checks on investigation cases  

Discussion also took place around the Disclosure process. Although there is

currently no legal statute relating to Disclosure in Jersey, the principles of

CPIA are followed. A request was received from the lawyers for further advice

on Disclosure and how it may affect the legal process in Jersey in the future.

This matter is being addressed separately by CJES.

7.  The control and security of sensitive intelligence

Following a recent break with the States of Jersey Police Service, the former

joint intelligence team with responsibility for control and security of sensitive

intelligence has been disbanded. An absence of sensitive intelligence support

is the main reason for a recent downturn in delivery by SJCIS. A new in-house

team is in the process of development but will not be fully effective for some

time.

S4: We suggest the control of sensitive intelligence (including CHIS) is

subject to independent review by CJES during 2008-09

8.  Training and accreditation

We are particularly impressed with the planning and delivery of training within

SJCIS. Staff felt they had received good training and in most cases it had

been delivered at the correct time. Staff receive accreditation in some aspects

of their work. We are satisfied that staff are properly trained to do their work

and that training features highly in the organisations objectives.

9.  Internal management assurance processes

All managers have responsibilities for assurance laid to them and it was

evident that checks were being done. However, we established that not all

managers were recording the checks carried out. The Enforcement areas of

HMRC have recently established a formal management assurance framework

[EMAF] in order to focus staff attention on the highest risks and structure the

recording of assurance checks. EMAF is managed by CJES Standards

branch and SJCIS may wish to consider adopting certain aspects of that

system.

R6: We recommend that SJCIS adopt a formal management assurance

programme similar to the EMAF process used by HMRC

Other issues

a)  Surveillance documentation

We were asked to consider and examine documentation relating the Directed

Surveillance (DS) carried out under the Regulation of Investigatory Powers

Law 2005 (RIPL). To date there have been 10 cases requiring a DS authority

and we examined 4 of them in detail. The authorising officer (AO) was acutely

aware of a pending visit by the Office of Surveillance Commissioners (OSC)

and welcomed our comments on the veracity and quality of the

documentation. Full details can be found at Annex A but the suggestions

made are as follows:

S5: We suggest SJCIS adopt a new set of forms similar to those

currently used by HMRC

S6: We suggest SJCIS adopt a system of DS authority sign-off by

surveillance staff similar to that used by HMRC

S7: We suggest that SJCIS seek written permission from property

owners in relation to requests for covert access or assistance

ANNEX A

Comments and Suggestions in Relation to Directed Surveillance

Documentation and Processes

 DS forms in use did not appear to be an up to date version. This

issue became particularly noticeable when examining the

authorities and reviews. In early cases the AO had not understood

the guidance on the authority form and had not dealt with the

proportionality issue correctly. Although this was improved in later

cases, the most recent versions of the forms make it clearer what

the AO is required to comment upon. The reviews did not detail the

results of surveillance activity carried out to that point which made it

more difficult for the AO to fully consider the future potential of a

case.  

S5: We suggest SJCIS adopt a new set of forms similar to those

currently used by HMRC

 Applications were well written but applicants need to give more

consideration to the necessity aspect, in particular what other

methods of intelligence gathering had been considered or

exhausted.

 Applications lacked a robust and fully supported proportionality

statement. In particular, although applications made reference to

the objectives of the surveillance, these were not linked to or

supported by the proportionality assessment. In addition, general

reference in statements to the seriousness of the potential offence

i.e. serious crime had been questioned by the OSC during their

recent visit to HMRC. SJCIS may wish to discuss this issue with the

OSC inspectors to establish a definitive policy.

 All authorities had been wet ink' signed and the originals returned

to the team. However, it was noted that the team appointed to carry

out the surveillance had not signed the back of the form to

acknowledge sight of it (see Regina v Sutherland). This would

undoubtedly be good practice for the future.

S6: We suggest SJCIS adopt a system of DS authority sign-off by

surveillance staff similar to that used by HMRC

 Beware of the use of jargon. Ensure abbreviations are properly

described.

 Collateral Intrusion comments were particularly good. In three of the

cases examined, a full assessment of intrusion and a clear

statement referring to the management of it had been made.

However, in the fourth case, a reference to small low level risk in a

public place' seemed out of line with the potential for intrusion.