Evidence of meeting #126 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
4:55 p.m.
Director, Canadian Government Services, TEKsystems
We review all our fees and contracts to validate that we meet the security requirements, and we met the security requirements for our CBSA contracts.
4:55 p.m.
Liberal
4:55 p.m.
Director, Canadian Government Services, TEKsystems
We hold a security clearance as a company, and we validate the security clearance of the individuals that we place with the Government of Canada.
4:55 p.m.
Liberal
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Mr. Bernard and Mr. Dowdall, did you have any meetings related to ArriveCAN with officials outside of a normal office setting?
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Was KPMG involved in conversations around developing the non-competitive contract between GC Strategies and CBSA?
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Have you spoken to anyone else looking into this issue, like the Auditor General?
4:55 p.m.
Partner, Cybersecurity, KPMG
Me, personally? No, I have not.
I don't know, Lydia, if—
May 30th, 2024 / 4:55 p.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
If I can clarify, the Auditor General did contact KPMG to confirm the information that was about to go out in the report ahead of time, just before the report was released, to confirm the details, and we complied with her request.
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Mr. Bashir, in your opening statement you mentioned that KPMG serves and assists clients with respect to gaps.
Do you feel that was done?
4:55 p.m.
Partner, Cybersecurity, KPMG
If I understand the question correctly, I believe you might have been referring to my statement about closing strategic and operational gaps.
Was that the reference?
5 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Yes. I couldn't remember the exact wording. I wanted to hear more about that with respect to the work you were contracted to do.
5 p.m.
Partner, Cybersecurity, KPMG
Absolutely. Thank you.
Through the chair, I'll answer that, specifically in my field of cybersecurity, a lot of our work ends up being gap analysis type of work. This means assessing the security posture of systems today, assessing where they need to be and providing road maps on how to get to a state that best protects the information being held by the organization. Closing operational gaps.... That's the reference, certainly, with respect to the engagement I worked on.
I'll pass it to Ms. Lee to see if there's anything she wants to add.
5 p.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
As I said before, the last time we were here, the work we did on the Public Health Agency's ArriveCAN program was to help the Public Health Agency understand policy directions they might need to take, change or evolve with the COVID-19 pandemic. We reached out to our global colleagues to find out about global leading practices the Five Eyes or other jurisdictions were doing to help inform those policy directions. That was the nature of the type of support we were providing.
5 p.m.
Conservative
The Chair Conservative John Williamson
That is your time, Ms. Yip.
Thank you very much.
Ms. Sinclair‑Desgagné, you have the floor for two and a half minutes.
5 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Thank you, Mr. Chair.
Mr. Bashir, you've read the Auditor General's report, you've heard, I assume, the various testimonies, and you know that Mr. Firth is under investigation by the RCMP. Would you have done it differently had you known all that?
5 p.m.
Partner, Cybersecurity, KPMG
The first thing to state is that we had CBSA asking us to help them augment the security of a system that stored personal information for Canadians. That is squarely in our wheelhouse. I'm proud to have done that work and would do that particular work again for any government agency.
With respect to the question about GC Strategies, as I stated earlier today, if we were to go through that risk management process again, I strongly suspect flags would be raised and we would not proceed with the engagement through GC Strategies.
However, I don't want to take away from the fact that the work itself, we still believe and I'm proud to say, was useful.
5 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Thank you, but that's not the point of the question.
Mr. Bashir, what do you personally think is abnormal, apart from the red flags that have apparently been raised in the system, now that GC Strategies is under investigation? What do you think is unethical about what happened? Do you think KPMG could have done a better job ethically, knowing now what happened?
5 p.m.
Partner, Cybersecurity, KPMG
When it comes to procurement, we have to follow the direction of the agency conducting the procurement. That is what we did at the time and what we would do going forward, relying on our processes afterwards to dictate whether or not it is acceptable for our firm to go forward with the work.
5 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Listening to you, it sounds as if the partners or those who fill in the various questionnaires—depending on the level within each of the Big Four—don't have the power to decide, and that everything is black or white, depending on what information is put into the system.
I assume that, if you're a partner at KPMG, you have not only the duty, but also the ability to assert your own approach. If you had different sensitivities, if you had wanted to proceed differently or if you yourself had seen that there was a danger or, above all, a risk to KPMG's reputation, I think you would have preferred not to be here today.
I understand what you're saying about the system, but would you, as an individual who is supposed to be intelligent and competent, have done it differently?
5 p.m.
Partner, Cybersecurity, KPMG
Going forward, I think we'll continue to work together as a partner group and make sure we assess the risks of all engagements to the best degree we can with the information we have at the time.
Again, I would point out that, having conducted this risk assessment in October 2021 with the information available at the time, I stand by the decision we made to proceed at that given time. Given the new information that has come to light since then, I suspect our decision would be different.
5 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much.
Mr. Desjarlais, you're up again for two and a half minutes.