Thank you, Mr. Chair.
I'd like to start by stating clearly that we take this matter very seriously. We are very concerned about any leaks of sensitive information.
Maintaining the integrity and confidentiality of the work of the Auditor General is important, not just to the Auditor General and to Parliament but also to the government. That's why we conducted thorough internal reviews. Before sharing with you the main findings of our internal reviews, let me clarify that we conducted two separate reviews. After the leak of a chapter of the May report, the Auditor General asked departments to conduct individual reviews of document controls. Subsequently, after the leak of a chapter from the November report, the secretariat was asked by the President of the Treasury Board to conduct a review of document controls across the five departments that received draft chapters.
The key findings of our November review were that departments are confident they had in place the appropriate processes and controls to ensure the confidentiality of the draft chapters received from the Auditor General. Departments remind employees who are involved in the audit process, on a regular basis, of the responsibilities for ensuring that the work of the Auditor General needs to be protected. And departments are also putting in place additional measures to strengthen controls.
In short, the departments were confident that they followed the appropriate procedures to protect the confidentiality of draft chapters received from the office of the Auditor General.
Common controls in place in departments include having a central control point to manage documents, measures to control transmission of these documents, and procedures to store documents as well as to recall them.
In terms of the details of the review—and I will be brief, given the time and the fact that I've handed out my remarks—the first review was launched in June 2006 at the request of the Office of the Auditor General and was conducted by individual departments. The second review was launched in late November at the request of the former President of the Treasury Board. The second review was an interdepartmental review, led by the secretariat. It involved the five departments that had accessed the draft chapter of the AG's report on the integrated relocation program.
Both reviews focused on document controls and procedures and on reminding employees of their obligations. Our examination focused in particular on whether the requirements for protected A information—which is a classification assigned to draft Auditor General chapters—were being respected. “Protected A” means that the drafts are considered sensitive and are distributed on a need-to-know basis within departments.
As part of that second review, departments were asked specifically about the receipt and sign-in procedures for documents received; the transmission of these documents; their physical storage; and their recall, return, or destruction. Departments were also asked to identify any actions they were taking to strengthen the security procedures.
In summary, Mr. Chair, we have conducted thorough internal reviews of the processes and procedures. We are confident that we have the controls and procedures required for protected A information, and we will continue to make employees aware of their responsibilities.
In conclusion, I would like to underscore the fact that the government takes the protection of confidential information as a very serious matter.
We're committed to striking the right balance between having the appropriate document controls to ensure the security and confidentiality of the work of the Auditor General and maintaining the operational efficiency of the audit process. We have worked and will continue to work with the Auditor General and her team to achieve these objectives.
Thank you, Mr. Chair.