Evidence of meeting #112 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
11:50 a.m.
Conservative
The Chair Conservative John Williamson
Thank you very much. That is the time.
Once again, it's Ms. Sinclair‑Desgagné's turn.
You have the floor for two and a half minutes.
11:50 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Thank you, Mr. Chair.
I'm going to quote the Deputy Auditor General. To summarize the situation, he said previously in committee that he found it confusing that a firm of KPMG's size and reputation had accepted a situation that was highly questionable, to say the least. That surprised a lot of people, myself included. It's very problematic. He said that taxpayers didn't get their money's worth, knowing that KPMG had agreed to a huge profit margin for a third party. As Mr. Brock mentioned, it's almost $20 million in total for an app like ArriveCAN, which is huge. I truly believe that KPMG simply forgot that it had a higher role to play. That role was to ensure that taxpayers get some value for their money, that the government, public servants and all stakeholders obey the law.
I now want to make a very important point. When you did your research and your risk and conflict of interest analysis, it's quite surprising that it didn't come up that Kristian Firth, who Mr. Bashir had several meetings with and contacted a number of times, was in a senior position at Veritaaq when it was accused of rigged bidding by the government and by the Canada Border Services Agency. That should have been part of your risk and conflict of interest analysis.
If it came up and Mr. Bashir decided to ignore it, that's very problematic. If it didn't come up, I think you need to review your risk and conflict of interest analysis, because it should have come up. This individual was a senior officer in a company that had been accused by the government. Judges have even asked that all Veritaaq employees receive training to prevent bid rigging. I'm using the English term because I want to make sure you understand the problematic situation in which Mr. Firth had been involved.
Here's my last question for you today, and I'd like you to choose your words carefully: Do you believe that KPMG has a role to play in helping to enforce the law and in ensuring better value for taxpayers' money? Will you pass that lesson on to your colleagues, particularly Mr. Bashir? I wish he were here today to hear me.
Thank you.
11:55 a.m.
Partner and National Leader, Cybersecurity, KPMG
Thank you for your question.
I'm extremely proud of the work KPMG performed on the cybersecurity request. I think we provided tremendous value to the citizens of this country. Any situation in which we as KPMG can help the government and citizens further safeguard and secure their information and provide them with recommendations that would help them do so is, in my opinion, providing tremendous value. That was exactly what we did. We provided multiple areas of improvement, opportunities for improvement, and that was following the execution of a very robust piece of work that we performed.
11:55 a.m.
Conservative
The Chair Conservative John Williamson
Thank you very much.
Next up is Mr. Desjarlais for two and a half minutes, please.
April 4th, 2024 / 11:55 a.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Thank you very much, Mr. Chair.
I want to follow up on Mr. Nijjar's comment there.
The Auditor General, in finding 1.74, said:
We found that security assessments were completed [by CBSA] for ArriveCAN in a pre-development environment by subcontractors under GC Strategies contracts.
I'm assuming that's you, KPMG, and several others.
However, we found that some resources that were involved in the security assessments were not identified in the task authorizations and did not have security clearance. Although the agency told us that the resources did not have access to travellers' personal information, having resources that were not security-cleared exposed the agency to an increased risk of security breaches.
Mr. Nijjar, that is in stark contrast to your comments about excellent work—beyond the questions Canadians have about value for money, which the Auditor General has been clear ArriveCAN did not achieve. That includes the work of KPMG, which, in many regards, to many Canadians, is a failure.
Being unable to rely on our public service in such a way that.... A private contractor or subcontractor could even refer some work back to the government. This is a process that is in policy in the Government of Canada. Should there be task authorizations that are of lower qualification that the government can do, this could actually be done. It's the responsibility of the government and the contractors to identify those issues and to refer those issues back to the public service. The Auditor General found no instances of that.
There are three major issues when it comes to KPMG, in my mind, after today's hearing.
One, there was clearly no effective value for cost here, something I agree with the Auditor General on. To your own comments, if you actually agree with the Auditor General's report, you would also agree with that. Two, there's a security issue related to the findings of the Auditor General on whether or not certain individuals for a certain task authorization were in fact security-cleared. The Auditor General herself has said that it “exposed the agency to an increased risk of security breaches”. Canadians should be concerned. Finally, there is the lack of principle by KPMG as a contractor of the government to ensure that the public dollar was properly met, and communicating that important need to the government, I think, is also one approach.
I have no further questions, unless, Mr. Nijjar, you want to share any comments on the Auditor General's finding of a security breach potential.
11:55 a.m.
Partner and National Leader, Cybersecurity, KPMG
What I can say is that I think you raise a number of points.
For one, on the value, again, my answer remains the same. I think we provided tremendous value, and we highlighted several areas of improvement that I think speak to—
11:55 a.m.
NDP
11:55 a.m.
Conservative
The Chair Conservative John Williamson
Mr. Desjarlais, your time has elapsed. I'm going to allow the witness to answer, but I would ask, because your time is up, that you not interrupt.
11:55 a.m.
Conservative
11:55 a.m.
Partner and National Leader, Cybersecurity, KPMG
Thank you, Chair.
As I was saying, I think we provided tremendous value in helping safeguard the information of our citizens in this country.
Number two, on the point about security clearance, all of the folks from KPMG who worked on this particular engagement were security-cleared. They had the appropriate level of security clearance, so I do not understand how that is attributed to KPMG. I cannot speak for any other organizations that worked on this on behalf of the government, but everyone from KPMG who worked was security-cleared, and we follow security clearance matters and information security in general. We take that extremely seriously at KPMG.
I don't know if there was a third question in there. I would defer to Ms. Lee if she heard a third question in there.
11:55 a.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
Thank you, Chair.
I would just reiterate that we followed exactly what the government process was for procurement.
In terms of the value of our services, they were pre-evaluated during the CEPS contract, and we held those constant throughout the two and a half years that we supported the work.
Also, just to reiterate, all of our resources who were on the contracts associated both with the Public Health Agency and with the CBSA were security-cleared at the level the government asked of us.
Noon
Conservative
The Chair Conservative John Williamson
Thank you very much.
We have two more slots.
Mr. Nater, you have the floor for five minutes, please.
Noon
Conservative
John Nater Conservative Perth—Wellington, ON
Thank you, Chair.
Thank you to our witnesses for joining us here today.
I want to begin by just making a comment about the concerns we've heard today, and how concerning it is to hear about KPMG, one of the largest firms in Canada at 10,000 employees, being asked by the Government of Canada, by a senior Trudeau government official, to contract through a two-person firm, in a basement, with no IT experience. I can't begin to explain how concerning this is, and it should be concerning for you as well, that you as a—
Noon
Liberal
John Aldag Liberal Cloverdale—Langley City, BC
I have a point of order, Mr. Chair, if I could interrupt.
I'm sorry, Mr. Nater, but I have a question for the chair.
Noon
Conservative
Noon
Liberal
John Aldag Liberal Cloverdale—Langley City, BC
Could you clarify what time we're ending today? I was under the impression that this was a two-hour meeting. I don't know what resources we have. We seem to be at the end of our time. Perhaps you could simply let us know.
Noon
Conservative
Noon
Liberal
John Aldag Liberal Cloverdale—Langley City, BC
Do we have resources to go over the two-hour allotment?
Noon
Conservative
The Chair Conservative John Williamson
It's over to you, Mr. Nater.
You have four minutes and 20 seconds.
Noon
Conservative
John Nater Conservative Perth—Wellington, ON
Thank you, Chair.
How concerning for Canadians really is this lack of value for money in what was undertaken here? It reminds me of when a Liberal MP wanted to move a motion on financial literacy. Of course the PMO got a hold of that and said, “Oh, you can't do that.” So instead, she wasted resources, over a number of Parliaments, trying to change the name of her riding rather than focusing on financial literacy, which I think is unfortunate.
Noon
Liberal
Brenda Shanahan Liberal Châteauguay—Lacolle, QC
I have a point of order, Chair.
I hope I will have a chance to respond to that, because I did that on behalf of my constituents.
But that was a good try, Mr. Nater.