Evidence of meeting #112 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
10:20 a.m.
Conservative
The Chair Conservative John Williamson
Thank you, Ms. Bradford. That is the time.
Coming up next is our Bloc Québécois member. You might want to get that earpiece ready, if you haven't already.
We take both official languages seriously here.
Ms. Sinclair‑Desgagné, you have six minutes.
10:20 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
By the way, if there are any delays because of interpretation, I’d like to be given a few more seconds to avoid losing speaking time for francophones listening to us.
10:20 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Thank you, Chair.
Good morning, everyone. Thank you for joining us.
First of all, I’d like to mention that I spent my career at the “Big Four,” which are the major auditing firms Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers, those four renowned auditing firms. I’m quite familiar with how things work. You’ll agree with me that, human capital aside, what matters most to the Big Four is reputation. Right now, KPMG’s reputation, at least on this committee and in the Auditor General’s report, is shaky to say the least. That’s why I would ask you to answer the questions directly. There’s no need to thank us for our questions; that won’t be necessary. We thank you for your answers.
My first question is about the contract for which you were a subcontractor for GC Strategies. Who within the government asked whom at KPMG to agree to be a subcontractor for GC Strategies?
Please provide a quick and brief response.
10:20 a.m.
Partner and National Leader, Cybersecurity, KPMG
KPMG was contacted by a CBSA official. His name is Mr. Antonio Utano.
10:20 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
It was this person who asked KPMG, a company with 10,000 employees—as I know—to agree to subcontract, and therefore lose a profit margin that you could have made directly with the government. It was Antonio Utano who asked KPMG to be a subcontractor for GC Strategies.
First of all, why did you agree to this?
10:20 a.m.
Partner and National Leader, Cybersecurity, KPMG
KPMG would have charged the government the same amount it charged GC Strategies for the work it actually performed.
With respect to the work, we were asked to submit a proposal to GC Strategies. Our assumption was that when KPMG was asked to submit a proposal, others were also asked to submit a similar proposal, and that the proposal that was ultimately the best was awarded the work.
10:25 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Thank you, I know quite well how it works, but I’d like you to answer my question and tell me why you agreed to be subcontractors for a two-person company. Of course, you did the work and you may have charged the same amounts, but you knew very well that something was amiss.
Let’s take risk factors, for example. You’re partners, so you know that any consultant who signs a contract with someone else has to fill out risk assessments. In this case, going through a contractor like GC Strategies carried a risk, even for KPMG’s reputation, knowing that it was a two-person company that provided no services. KPMG should have seen that. The partners assigned to the project should have noticed that there was a significant risk in going through a two-person company that provided no services.
It was a reputational risk for KPMG. You’re proving it today.
10:25 a.m.
Partner and National Leader, Cybersecurity, KPMG
As indicated earlier, KPMG does follow rigorous client acceptance processes.
At the time, GC Strategies was an organization that had been successfully working in the government sector for a number of years. They had a large government contract, and they were well known in the government sector.
Our checks did not indicate any adverse implications of engaging with GC Strategies. Furthermore, KPMG was directed to do so by the government. We understood that the government had followed its own processes to vet GC Strategies as well.
10:25 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
All right.
If you agreed and you knew GC Strategies’ reputation, you knew GC Strategies. You mentioned that you didn’t know the two people in question.
Who knew GC Strategies and therefore agreed to be a subcontractor for GC Strategies?
10:25 a.m.
Partner and National Leader, Cybersecurity, KPMG
KPMG as a whole agreed to work with GC Strategies. We deployed an engagement team to work directly with CBSA once we had been notified that the proposal was successful. We then submitted our engagement letters to GC Strategies. Once they informed us that the engagement letters were approved, we worked directly with CBSA.
10:25 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
You say it was KPMG as a whole, but one person, a partner or a senior manager, regardless of rank, agreed and was in contact with GC Strategies. An entire team probably worked at least to provide the work to GC Strategies so that subsequently that company would provide the work to the government.
Can you tell me how many people were on that team and who was in direct contact with GC Strategies, again? At KPMG, who was in contact with GC Strategies and was aware of GC Strategies’ reputation?
10:25 a.m.
Partner and National Leader, Cybersecurity, KPMG
There was a full team deployed—security cleared at various different levels, from partner all the way down to senior consultant level—to complete the work in the time that it took.
In terms of the contract itself, it was signed by a partner in our cybersecurity team in Ottawa. He engaged directly with GC Strategies just for the contract. Once that was done, we had very little to do with—
10:25 a.m.
Bloc
10:25 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Why isn’t he here today, since he’s the one who dealt with GC Strategies? He should be here today to answer questions from the Standing Committee on Public Accounts.
10:25 a.m.
Partner and National Leader, Cybersecurity, KPMG
The reason I am here today is that I'm the national leader of cybersecurity. Any work that we perform underneath cybersecurity falls within my purview and my responsibility.
10:25 a.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
There are empty chairs beside you. He should have been present to answer questions about his relationship with GC Strategies. That’s what we requested. When we ask to speak to KPMG, we are also asking to speak to the people who are connected to the ArriveCAN matter, and in this case, to the partner or person in charge who was in contact with GC Strategies.
There are people who come with entire delegations. You should have known that the empty chair next to you should have been occupied—
10:25 a.m.
Conservative
10:25 a.m.
Bloc
10:25 a.m.
Conservative
The Chair Conservative John Williamson
Very well, thank you.
Next up is Mr. Desjarlais.
Mr. Desjarlais, you have the floor for six minutes. Go ahead, please.
10:30 a.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Thank you very much, Mr. Chair.
I want to thank the witnesses for being present with us today.
I want to turn to a few topics that I think Canadians are most concerned about in relation to KPMG's work and the work of GC Strategies, the Public Health Agency of Canada and CBSA.
What is becoming clear in this is that there is certainly a network operating when government contracts are disposed of by way of individuals within CBSA, as we saw with ArriveCAN, who have largely, in some ways, influenced the decision of contractors.
Mr. Nijjar, you just mentioned that GC Strategies was well known as a government contractor and a trusted source. Why is it that you've come to that conclusion in relation to GC Strategies? Who told you that they were trusted? How long have they been in your network to suggest that they're a trusted partner of the government or of KPMG?
10:30 a.m.
Partner and National Leader, Cybersecurity, KPMG
In terms of GC Strategies' being well known in the community, they had worked in that particular industry sector for a number of years—well over five years—and that was known among folks who worked in that community, within the federal government space.
10:30 a.m.
NDP
10:30 a.m.
Partner and National Leader, Cybersecurity, KPMG
I'm sorry. Could you repeat the question?