Thank you very much, Mr. Chair.
I want to follow up on Mr. Nijjar's comment there.
The Auditor General, in finding 1.74, said:
We found that security assessments were completed [by CBSA] for ArriveCAN in a pre-development environment by subcontractors under GC Strategies contracts.
I'm assuming that's you, KPMG, and several others.
However, we found that some resources that were involved in the security assessments were not identified in the task authorizations and did not have security clearance. Although the agency told us that the resources did not have access to travellers' personal information, having resources that were not security-cleared exposed the agency to an increased risk of security breaches.
Mr. Nijjar, that is in stark contrast to your comments about excellent work—beyond the questions Canadians have about value for money, which the Auditor General has been clear ArriveCAN did not achieve. That includes the work of KPMG, which, in many regards, to many Canadians, is a failure.
Being unable to rely on our public service in such a way that.... A private contractor or subcontractor could even refer some work back to the government. This is a process that is in policy in the Government of Canada. Should there be task authorizations that are of lower qualification that the government can do, this could actually be done. It's the responsibility of the government and the contractors to identify those issues and to refer those issues back to the public service. The Auditor General found no instances of that.
There are three major issues when it comes to KPMG, in my mind, after today's hearing.
One, there was clearly no effective value for cost here, something I agree with the Auditor General on. To your own comments, if you actually agree with the Auditor General's report, you would also agree with that. Two, there's a security issue related to the findings of the Auditor General on whether or not certain individuals for a certain task authorization were in fact security-cleared. The Auditor General herself has said that it “exposed the agency to an increased risk of security breaches”. Canadians should be concerned. Finally, there is the lack of principle by KPMG as a contractor of the government to ensure that the public dollar was properly met, and communicating that important need to the government, I think, is also one approach.
I have no further questions, unless, Mr. Nijjar, you want to share any comments on the Auditor General's finding of a security breach potential.