Public Accounts Committee on April 3rd, 2024

As I said, we received the letter. We built our estimate on the basis of the documentation and the financial system at the CBSA, among other evidence that we—

In their letter, they did offer to provide us information if we required it. However, as I said, our estimate was based on not just what semantically some contractors are suggesting was the build for ArriveCAN; it was for the entire picture of ArriveCAN.

I'm very happy to explain. I was not personally responsible for ArriveCAN, but as a member of the CBSA's executive committee, I am accountable for the failures. We have already taken note of those failures and we have already started to deal with them.

In terms of ArriveCAN, it was managed by the border task force. Actually, the comptrollership branch was mainly focused on managing the internal task force during the COVID pandemic. These were very, very difficult times. People were crossing the border to return back to Canada, and we were told that we could catch COVID from touching documents. Our number one priority initially, working with PHAC, was to get the e-form up and running. That cost about $80,000. The comptrollership branch involvement in this one was really around making sure we had the funding available for that.

We recognize the comments made by the Auditor General. In year one, we did not have an accounting code, so we were not identifying the ArriveCAN cost separately. That is one of the reasons we have different cost estimates included in the numbers. In fact, that is also recognized in the OAG report itself, in paragraph 1.24. It identifies that $53 million was the estimate for the OAG for the public health component, with a further $6.2 million included for the customs and immigration declaration. We recognize that in year one we did not have the information available to us, so those were estimates in both cases.

That was our primary role in terms of the first year. We were looking after the finances, but we were also working extensively on the internal task force.

The first thing I would say is that we have to look at the two or three lines of defence.

The first line of defence is based within the information, science and technology branch. It was responsible for the ArriveCAN app, for the development and operation of that application. We have over 1,600 delegated financial officers within the agency, and about 900 of those are based at headquarters. Quite a large number of those individuals are based in the border technologies innovation directorate, which was directly responsible for the development of the app and also for the contracting functions, working with PSPC.

What we were doing there was looking at the failures of the first line of defence. We have no doubt that there were failures in the first line of defence in terms of governance, oversight and record-keeping, and all of those things are lessons we have learned. They're also, potentially, subject to investigation to look at whether there was any wrongdoing in some of those failures. We recognize that there were failures, but we're not entirely sure of the exact reasons for those failures—whether they were from the stress of the pandemic or whether there was any wrongdoing included with that. We should wait for the investigations to conclude on that matter.

The second line of defence is where the comptrollership branch is involved. Every year, we take a sample of about 5,000 non-pay transactions to see if they are being properly processed. On average, we find about 9% to 10% have errors. That is not satisfactory to us; our target is less than 5%. We were very disappointed to see the Auditor General's report, which identified that 18% have those errors. We are looking into the reasons for that, and one of those reasons is that there wasn't a separate cost centre code. There was an administrative error in that the individual invoices were not being coded to the right account because we didn't have a separate code.

Those were really the basic functions of the first and second lines of defence.

We take the contracting responsibilities at our office very seriously and we are rigorous with our contracting. What we have learned from this audit and have implemented in our office is more awareness around conflict of interest declarations.

I would also say that we're increasing the awareness of all of our managers of the importance of making sure that documentation is kept in a very accurate way.

Yes, we have.

Indeed, we always have an annual process for conflict of interest declarations. We have increased some of that awareness work by sending out reminders to our staff and by raising with staff the fact that the clerk has issued a report on values and ethics in the public service. There is also training available for our staff that we always encourage.

Thank you very much for your question.

I believe I did my job well during the pandemic. It was a very difficult period in time. I was appointed in January 2018, so I was there for the entirety of the pandemic.

It was a very challenging time for the agency as a whole, as I have said previously. I was responsible for the internal task force, which was primarily based on our employees: making sure they had PPE available to them and making sure that we were managing the work-from-home directive and managing all of the internal functions of the agency.

I was not directly responsible for the border task force. However, I did have oversight in terms of the finances, as I said before. I was responsible for ensuring that we had sufficient funding to manage the border task force activities, and I was also responsible for the second line of defence, as I previously described.

I'm very proud of what we did during the pandemic. I know that we made mistakes and I know that we've learned lessons from those mistakes. They were mistakes in the context of an operational crisis for us, with people coming across the border where we had to manage difficult situations.

There were a number of different questions in there.

We do not have details about other countries, but we do understand there were also significant costs involved in managing travellers across borders in other countries, in particular in the Border Five and the European Union.

I want to come back to the national security exemption letter.

I recognize that I did sign that in June of 2020. That was at the request of PSPC, to allow them to put in place the second contract with GC Strategies. They had already done the first contract with GC Strategies, I think in March, and they needed to do a second contract. As I referenced at the OGGO committee last week, we identified a supplier that had successfully implemented a modern tool for risk assessment. As I identified last week, that was a company called Lixar.

What I have learned since last week is that Lixar was actually working in a strategic partnership with GC Strategies, so I accept that the testimony of the PSPC deputy minister was correct in that this letter directly led to the second contract with GC Strategies. That is what the national security letter was used for. Only one contract was let under that national security exemption letter; the others were let under the PHAC-originated national security exemption letter.

I do, but I would also like to say that I did not in that letter insist on GC Strategies. That was a decision made by the board of technologies and innovation directorate. I was not aware of their name, and actually the letter does not mention the name of an individual company.

I agree. In total, three contracts were issued by PSPC, all through a sole-source agreement under the cover of the national security exemption.

The second one was issued with an initial value of $4.4 million. The total expenditures after contract amendments amounted to $11.1 million.