The objective of the audit was to assess the effectiveness of DIAC's management of MAL. The scope was confined to DIAC's management and use of the system: it did not examine the work of others with an interest in the system, such as security agencies