Public Accounts Committee on Feb. 26th, 2008

Coming up with an answer to that question is one of the goals of our action plan. Most of the 8,500 projects I spoke about deal with things like home roofing. We are looking to find an answer to that question.

That is correct, sir.

That's correct.

Yes, sir.

Earlier last year the facility was occupied by the military members from the Canadian Air Defence Sector. They are conducting the NORAD mission from there. The United States Air Force and the Department of Defense in the U.S. did their own independent inspection of the facility to warrant that it was suitable for the installation of their sensitive information systems, as is the norm in any of the facilities they use that we share in the domestic role. They did their inspections, they were satisfied, and they have given us the authority to operate their systems within the NORAD facility in North Bay.

Yes. Essentially, yes, from now on. We started that some months ago through an amendment to our form. They have to clearly indicate that in this contract there is no requirement. Before, that was not done, and it led to confusion. This is now done systematically.

Actually, I would answer the following way.

Departments have to comply with the government's security policy that my colleague Mr. Cochrane spoke about. So it outlines the requirements. They have to have a departmental security officer, we heard in DND, and it's the same thing for Public Works and any other department. So it essentially sets the framework against which they have to be doing business as it relates to security requirements.

We in Public Works generate our own contracts, about 1,500 per annum. Therefore, it is a side of my department in proceeding with contracts—so-called contract authority—that this person has to say there is a requirement. When the requirement is identified, it goes to the industrial securities program segment of my department and things are done.

We also carry out so-called assessment work for departments for about 500 contracts. So per annum overall, for 2,000 contracts, 1,500 were generated by Public Works, and in 500 a department tells us it has a security requirement and would like the industrial security program to carry out the work needed to clear these individuals or companies.

That relationship, by the way, can exist between me and DCC. If DND flags a requirement and DCC says it will look into it, it can do it or come to me and I'll do it on its behalf. That is a sub-segment of the so-called 2,000 contracts we do per annum.

The point I'm making here is that departments have responsibilities under the government security policy. They can come to us in certain cases and we will do it. I generate a fair amount of work myself through the contracts that I issue.

Yes, essentially the terminology we use in government is the departmental security officer, and when we deal with a company we call them company security officers. So it has essentially, as an image, pretty much the same responsibilities. When there's a requirement for a company to meet certain demands, we as Public Works expect those demands to be carried out as a point of entry through the company security officers.

So that's the relationship that exists.

Yes, I understand your question.

Essentially the point you're making speaks to our enforcement and compliance responsibilities, which are discharged in part through inspections. It's not only that, frankly. The Auditor General did also pick up on certain documentation that was missing. When you look at it, we had an onus to ask the company to provide this information. I'm thinking about the security briefing, the so-called security agreement, but it's also the onus of the company to provide this information proactively.

So I'm not going to start sharing blame here. These documents should have been on file.

Normally our inspections allow us to make sure that the company security officer meets the requirements. I will give you examples. Certain sections of the company, where sensitive information may be dealt with, would have padlocks. Their ID systems will be pressure-tested to certain standards. There will be security officers with badges. I'm giving you examples of requirements that may be part of a contract clause, and we expect the company to discharge that. Our way to check this is through inspections to make sure things are happening the way they should. In the past we've carried on inspections, and we are augmenting that in other inspections that we're carrying on.

This has been at the core of the issues we face in this audit.

To be very clear with you, the basic financial base of that program is about $6.7 million per annum. In my career I've rarely seen a program being doubled by reallocation within a department. I guess someone can point to an exception, I'm sure, but normally a reallocation to a program is a top-up. You add 10% or a 20% because of workload, complexity, or a special project being asked of the manager.

In this case the reallocation, on average, in the last couple of years was $6 million--a $6 million reallocation, a $6.7 million base. What it speaks to is two things. First of all, the program experienced a significant workload increase as a result of 9/11. The second point is more contracting activity as a result of the economy growing.

Nobody should be surprised by that. I don't know what the curve is, but it's normal that as you have a growth in economy you can have more contracts, more activities. So that's another element.

This is compounded by the fact that if you reallocate, you reallocate on a yearly basis. So if I am the manager, I have my base of about $6.7 million, and the department, through the deputy minister, reallocates on a yearly basis about $6 million, but I can't use that base, which is a reallocation, to plan long-term staffing. It creates a vicious circle. The cash is there. The cash can be used, but you're trying to attract talent. You say, “Well, yes, I would like you to come over. We have good important work. It's actually interesting work, to be honest, but I'm giving you 12 months because we're trying to stabilize the workforce and the budget.” So it creates a bit of a conundrum, where we try to staff and people come. Because it is a 12-month assignment with a potential window--it's a 12-month assignment vis-à-vis the budget you have that year--people do come and leave.

Secondly, some people have other options than having to work for 12 months. That's another thing. With people leaving, you lose corporate memory. You train them, you prepare them, they do good work, and then they potentially leave. The numbers that the Auditor General picked up are accurate: 28%, 29%, 30%. It's a significant part of the workforce that is unstable, if you wish, in the sense of contributing in a steady fashion to the outcomes they're trying to achieve.

I'm trying to explain here the dynamic vis-à-vis the resources. Now, the answer for me as the accounting officer is to work hard at getting a stable long-term multiple-year base. I've been working at this with Treasury Board, at Privy Council Office.