CODI Instructions for the OAG’s External Parties

PDF (768 KB)

  1. Introduction
  2. Technical requirements
  3. Key steps and dates for the electronic delivery of the OAG controlled document
  4. Working in the document offline
  5. What to do if external parties are experiencing problems working with the document
  6. Adding and sharing comments in the controlled document
  7. Providing comments on documents to the OAG team
  8. Revoking access
  9. User feedback

Appendix A—User registration and activation process

Appendix B—Opening a document

I.  Introduction

Certain documents prepared by the Office of the Auditor General (OAG) are classified by the Office as controlled documents. These documents are confidential and subject to restrictions and controls when distributed outside the Office.

The Office distributes these documents in electronic format using the Controlled Document Interface (CODI). All of the OAG’s external parties (for example, external advisers and other third parties under contractual agreement with the OAG) are expected to maintain the confidentiality of OAG protected documents entrusted to their care. None of the information in OAG documents can be copied or reproduced either in whole or in part without the prior written consent of the OAG.

II.  Technical requirements

Recipients of electronic controlled documents need an email address, a browser, and Adobe Reader to access the documents. Adobe Reader version 11 is strongly recommended. Recipients will not be able to access the documents with Adobe Reader version 10.1 or with previous versions.

III.  Key steps and dates for the electronic delivery of the OAG controlled document

Step

Details

Time frame

The OAG team requests email addresses of the external parties who need access to the document.

The OAG team sends an email to each external party to request an email address.

2 weeks before delivery of document

The OAG team emails a registration request to external parties, followed by a second email to activate their account.

External parties will receive a generic “do not reply” email inviting them to register by providing their first and last name, and by creating a password.
Immediately after registration, users will receive another email to activate their account.

See Appendix A for examples of these steps.

During an audit, external parties need to register only once in the CODI system. Once registered, they will enter the same username and password to view any protected OAG document sent to them via the CODI tool. They should be sure to remember their username and password.

For security reasons, external parties who remain registered in the CODI system for more than one year will automatically be sent an email asking them to re-register and create a new password.

1 week before delivery of document

The OAG team emails the document to all registered external parties.

External parties will receive an email with the password-protected document attached. When they click to open the attachment, they will be asked to enter their username and password.

External parties will also be asked if they wish to view the document offline. They should click Yes if they want to have this option. Doing so will mean that, for limited periods of time—usually three days—they can view the document when they are not connected to the network.

See Appendix B for examples of these steps.


Forgot your password? If external parties forget their password, they can contact the OAG audit team to request a password reset. External parties will then receive an email inviting them to re-register in the system, which will allow them to reset their password.

Day of delivery of document

IV.  Working in the document offline

To work offline with the document, users must first open it at least once on the same device that they used for registration, while it is connected to the Internet. This confirms that the user has access to the document on this device and starts the clock for offline use. After this, for the entire period of authorized offline use, the document can be opened and closed without entering a username and password. Note also that each time the document is opened while the device is connected to the Internet, the offline access period restarts and permits another three days of offline access.

V.  What to do if external parties are experiencing problems working with the document

  1. If the problem is related to knowledge about how to use Adobe Reader, external parties should consult Adobe support information online.
  2. If the problem is related to the registration process or access to the controlled document, external parties should contact the OAG team member(s) identified in the relevant email.

VI.  Adding and sharing comments in the controlled document

The document will be in a read-only mode and protected to prevent copying, printing, and unauthorized sharing. However, Adobe Reader versions 10 and higher allow comments to be entered into the document. To learn more about how the commenting function works, external parties should consult Adobe support information online.

VII.  Providing comments on documents to the OAG team

External parties should provide their comments to the OAG by embedding the final comments in the protected draft, saving and attaching it to an email to the OAG audit team, or by preparing a separate, unprotected document. If the latter approach is used, we remind external parties that none of the information in OAG controlled documents can be reproduced. Therefore, any references to OAG draft content should be limited to paragraph or page numbers.

VIII.  Revoking access

Access to controlled documents will normally be revoked the day after the report is tabled in the House of Commons or, for Special Examinations, the day after the report is provided to the Board of Directors. The OAG reserves the right to revoke access sooner.

We recommend that external parties delete the copy(ies) of password-protected OAG documents after revocation, as they will no longer be accessible.

IX.  User feedback

To improve this tool, the OAG would appreciate any feedback you may have. Please share any comments with your OAG audit team contact.

Appendix A—User registration and activation process

Registration email

User registration

Activation email

Appendix B—Opening a document