Advertisement

Halifax police launch investigation after audit finds failure to disclose IT information

Halifax Regional Police stand watch at a crime scene in Oct. 2019. Alexander Quon/Global News

Halifax Regional Police are launching an internal investigation after an audit found it failed to provide accurate or adequate information to the organization charged with administrative oversight.

Halifax police confirmed that it has launched its internal investigation in response to a damning audit that found its management failed to provide the municipality’s Board of Police Commissioners with correct information about its actions regarding an internal information and technology (IT) risk assessment.

“Please note that we take any allegation of this nature very seriously. We go to great lengths to provide thorough and accurate information to the (Board of Police Commissioners),” said Cpl. John McLeod, a spokesperson for the police force on Thursday.

The audit, published by Evangeline Colman-Sadd, the Halifax Regional Municipality’s auditor general, on Thursday, found that Halifax Regional Police (HRP) has failed to effectively manage its IT service to adequately protect against internal-external threats.

Story continues below advertisement

That includes the force’s failure to address series of 67 recommendations made during an assessment by a security consultant in 2016/2017.

“The IT security environment at HRP needs significant improvement, from how risks are identified to how they are ultimately managed,” said Colman-Sadd.

Click to play video: 'Mixed opinions over police body-worn cameras in Canada'
Mixed opinions over police body-worn cameras in Canada

Much of the specifics in the audit aren’t available to the public and that includes details on the 67 recommendations.

The nature of IT information means that some specific could “impact the safety and security of HRP operations,” the report reads.

However, an in-camera version of the audit has been prepared and is available to Halifax officials.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

Board of Police Commissioners given incorrect information

One of the largest concerns highlighted by the audit is that the Board of Police Commissioners was given incorrect information by police management.

Story continues below advertisement

During a Board of Police Commissioner meeting on July 17, 2019 — the first to be held with current Halifax police chief Dan Kinsella — the board was provided with a detailed progress report on the 67 recommendations made in the 2016/2017 consultant’s report.

The board was told that 13 of 67 recommendations had been completed. But the audit shows otherwise.

Six of the 13 recommendations that the board had been told were completed are actually outstanding, the audit found.

Click to play video: 'Federal government halts sale of decommissioned RCMP cruisers in wake of N.S. shooting'
Federal government halts sale of decommissioned RCMP cruisers in wake of N.S. shooting

Another of those 13 recommendations should have been categorized as something the force was not intending to implement. Instead, it was presented to the board as being completed.

An eighth recommendation was related to the Nova Scotia government and should not have been classified as being completed and instead should have been identified as not applying to the force.

Story continues below advertisement

That means only five of the 67 recommendations had been completed at the time the presentation was given to the Board of Police Commissioners.

Auditors also found that in 2018, the board was not briefed on recommendations considered to be part of the consultant’s recommendations made regarding covert systems.

As of October 2020, the board had not been informed of any of the recommendations applying to the police force’s covert systems, the audit found.

Colman-Sadd has recommended that police should implement a process to ensure “only complete and accurate information” on IT operations be provided to the board.

It’s something that the force has agreed to do in a bi-monthly update to the board starting in April.

But the errors highlighted by the auditor general have sparked another issue — the internal investigation by Halifax police.

“We have initiated an investigation and are looking to determine exactly what happened,” McLeod confirmed in a statement.

Limited improvement on consultant recommendations

The limited action taken to improve the police force’s IT security was consistently highlighted throughout the audit including a concerning lapse in reporting.

Story continues below advertisement

Colman-Sadd found that there was insufficient oversight of the covert IT systems.

The staff member who manages that technology was found to be supervised by someone without an IT background and had no reporting relationship with the police force’s information security officer.

Click to play video: 'Halifax councilor talks taxes, 2021 priorities, and kindness meters'
Halifax councilor talks taxes, 2021 priorities, and kindness meters

Although the audit found only limited progress, many of the issues can be corrected by updating policies or modernizing and developing new practices, Colman-Sadd said.

She stressed that there is no major investment in infrastructure required.

“It is important to recognize the potential costs of not investing could include greater risks to information security,” her audit reads.

Story continues below advertisement

Kinsella confirmed he has agreed to all 12 of the recommendations made by auditors.

“HRP will focus immediately on the highest risk categories, and is committed to actioning all recommendations,” Kinsella said in a statement.

“We thank the auditors for their diligence and engagement, and for their focus on bringing important matters to the attention of HRP management.”

Sponsored content

AdChoices