Visa system flaws see user run amok

Serious flaws in the Department of Immigration Multicultural and Indigenous Affairs (DIMIA) IT systems has led to users creating their own information silos - on high-risk visa applicants - that do not tie in with the main enterprise systems.

An Australian National Audit Office (ANAO) report has revealed that DIMIA is experiencing significant difficulties in integrating data between its onshore and offshore visa application processing system and its client database, with users running amok.

The report, entitled Management of Selected Aspects of the Family Migration Program, has found that local and regional managers, unable to create their own reports from the department's main systems, have resorted to database do-it-yourself (DIY), creating more problems as they go.

As a result, DIMIA now has a fragmented landscape of dislocated databases which fail to either update or tie into either of the main enterprise systems: the Immigration Records Information System (IRIS) and the Integrated Client Services Environment (ICSE).

"For the most part, each database has developed in isolation from the other," the report said, adding that users were doing this "to overcome difficulties in timely and effective data exchange between offices".

Some of the isolated databases are understood to contain detail on high risk visa applicants, and the report notes that at present there is no centralised database to assist staff in identifying potentially high-risk migration agents.

Data corruption incidents are also proving a headache, with one highlighted case of database pollution managing to create no less than 57 of 202 applications for the wrong sort of visa sub-class, with the problem "compensated for manually". The report notes this may be the tip of the iceberg: "There are approximately 3000 people in the onshore section of this queue and resources do not permit detailed checking of this listing."

Duplicate entries are also on the increase, resulting in headaches for staff and visa applicants alike. The report warns risks associated with duplicate data may include inaccurate performance reports and "confusion in the finalisation of applications".

Intriguingly, the ANAO report also notes the profile of the rogue user, not by job function but by their use of preferred application.

"In general these databases take the form of locally constructed Microsoft Access databases or Excel spreadsheets that, to a large extent, duplicate information already held and therefore involve significant additional workload and an increased risk of error and security breaches."

The report concludes with the suggestion that, "DIMIA embed a data integrity checking program in the existing quality assurance processes to assist in monitoring and controlling data integrity."

A spokeswoman for DIMIA said there is concern about accurate record-keeping, pointing out a central database is in place and both enterprise systems, IRIS and ICSE, are being utilised.

She said DIMIA continues to assess its data processing system requirements against the needs of its clients, staff and legislation framework.

While not responding to specifics in the ANAO report, DIMIA did provide a statement to Computerworld stating that DIMIA's "Visa application and border management systems have continued to evolve in order to meet the increases in traffic while at the same time ensuring integrity in processing."

The statement also said the department is investigating the use of biometric identifiers in order to combat identity fraud and streamline border processing.

The spokeswoman said options for new initiatives including global processing and border management systems are being reviewed by DIMIA's information technology governance committee.

"DIMIA is considered to have one of the most advanced immigration processing systems in the world. The suite of systems supporting visa processing has evolved over time and is tightly coupled through backend data processing and integration," she said.

Developed in the late 1990s, she said the ISCE has allowed DIMIA to integrate services over the Web as well as the development of a data warehouse to support integrated management information reporting.

Copyright © 2003 IDG Communications, Inc.

Shop Tech Products at Amazon