Evidence of meeting #39 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was question.
A video is available from Parliament.
5:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
In light of the fact that the government has guaranteed a $10 billion loan, do you think it really intends to get rid of the pipeline?
5:05 p.m.
Auditor General of Canada, Office of the Auditor General
I encourage you to ask the government that question.
5:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Okay. I'll ask the deputy minister of Finance, who is probably in a good position to answer it.
Mr. Sabia, does the government, which guaranteed this loan, still intend to get rid of the pipeline?
5:05 p.m.
Deputy Minister, Department of Finance
Your question has two parts.
First, you implicitly question the strength of the Trans Mountain project. We considered the cash flow associated with that asset and have done a tremendous amount of analysis on the issue prior to providing the company with a $10 billion loan guarantee. We are quite confident that this corporation will be able to manage such a debt very well, and our department does not believe that this guarantee represents a significant financial risk. We are very comfortable with that.
As for the second part of your question, the construction process is moving along fairly well. The government intends to eventually sell this asset. When the construction of this huge, complex and difficult project is complete, I think the time will come to sell this asset, since the government does not necessarily need to own a pipeline of this kind.
5:10 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much.
Mr. Desjarlais, you have the floor for two and a half minutes.
5:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Wonderful. Well, thank you very much for that.
Is this our last round or second...?
5:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Okay, perfect. In that case, I'd like to finish our conversation and hear your testimony related to the Phoenix pay system.
This is an unsatisfactory resolution for the public service. We know that this continues to happen and has been consistent. I really need to understand how we can make certain that these pay requests actually get finished in an appropriate amount of time, so the Auditor General doesn't come back here in one year or two years with this continuing to happen.
My question was on building a pay system that actually works for folks and actually brings down the level of pay requests. The goal here really is to attempt to try to regulate and give some stability to workers in the pay request area. We need clarity. I need clarity. Canadians need clarity.
It's clear from the Auditor General's report that there has been some effort to actually see a decrease in these pay requests. However, it's not perfect.
What measures is Treasury Board taking to ensure that these numbers continue to decrease so that we don't see a continued pattern of a pay system that's not working for folks and is resulting in really catastrophic results?
5:10 p.m.
Comptroller General of Canada, Treasury Board Secretariat
Thank you for the question.
This a real issue. A lot of effort and resources have been put toward that in the course of the last five to six years. The investments have been kept up to ensure it gets.... It did get better. We have a lot of work to do.
One main driver of the complexity is the web of rules behind the different pay actions. That's driven by the collective agreements and the entitlements the employees have to these collective agreements.
A key action that we're actually trying to do—working with the unions, obviously—is to try to simplify this web of rules. This will obviously help us build a system that will.... There are types of things that are—
5:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Just to be fair, though, it wasn't the collective agreement that did this. It was the Phoenix pay system.
5:10 p.m.
Comptroller General of Canada, Treasury Board Secretariat
It was the Phoenix pay system, but the government is probably the most complex place as it relates to the types of pay actions that we have to deal with. That's a result of, over many years, some of the entitlements that were negotiated through collective agreements
For example, if you're acting for so many days, you're entitled to this and you could be entitled to—
5:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
But that's an effort of.... It's a broken pay system. The system was a failed—
5:10 p.m.
Comptroller General of Canada, Treasury Board Secretariat
There are many issues with the system. I'm not going to deny that. It was not—
5:10 p.m.
Conservative
The Chair Conservative John Williamson
Order, please. That's the time.
I'm going to give everyone another round, Mr. Desjarlais.
Mrs. Kusie, you have the floor for five minutes. Welcome to the committee.
November 22nd, 2022 / 5:10 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Mr. Chair, thank you for your welcome.
I'd like to thank the witnesses for being with us.
Ms. Hogan, I want to talk to you about Report 7 of your independent reports that recently came out, relative to the lack of funding provided, as seen in public accounts 2022, and the impact that it has had on the government's cybersecurity of cloud storage.
In your report, you mentioned that despite Treasury Board releasing a cloud strategy in 2018, they provided no long-term funding model in an effort to implement this.
Do you think that the lack of a long-term funding model for the cloud adoption has impacted departments' ability to maintain security controls?
5:15 p.m.
Auditor General of Canada, Office of the Auditor General
In that audit, we actually found that a few things contributed to the weaknesses that we saw.
It's important to say that the government has controls in place, but we didn't see them being consistently applied or monitored, which is a concern. We raised our concerns because the government is at the early stages of moving to the cloud.
Some of that was a lack of understanding of the roles and responsibilities over who should do that ongoing, continuing monitoring of these. Also, when we spoke to some of the departments, we found that they did not have the funding to maintain them over the long term. When Shared Services was set up, a lot of the funding was moved to Shared Services as all the servers moved to a central location. As you bring some of that management back to the departments, there is the need to support the departments in identifying the long-term operating costs. That's where there is an element missing. Departments are trying to find that in their current funding base.
There needs to be a more long-term, sustainable solution if the cloud is going to be an option for many departments going forward.
5:15 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
In your report, you reviewed a real cybersecurity incident. What issues did you find with the response to that specific security incident?
5:15 p.m.
Auditor General of Canada, Office of the Auditor General
We actually saw that the government did a really good job at responding to it. They identified weaknesses and areas they could improve, and we saw action being taken. We thought it was a good example of the government having a good cyber response plan in place, but it just reinforces the importance of every organization having that plan and actually testing it, because that's the best way to identify some of the pitfalls should an emergency actually happen.
5:15 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Building on that, in your audit you found that two of the three departments lacked funds to implement their cybersecurity management plans.
When departments didn't have sufficient funding for cloud adoption, what aspects of the adoption were typically dropped?
5:15 p.m.
Auditor General of Canada, Office of the Auditor General
I'm not sure I have the granularity of that. What we were trying to highlight there was the importance of trying to find a long-term solution for departments instead of asking them to find it in their existing funding base. It's easy for a large department, but for smaller departments it's a much more difficult task to find those ongoing operating costs to pay for cloud service providers.
5:15 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Do you think the federal departments are successfully equipped to deal with a major cybersecurity incident?
5:15 p.m.
Auditor General of Canada, Office of the Auditor General
We only looked at three departments and the central agencies. As we saw, the three departments had plans. They had tested them. Treasury Board needed to work on testing its plan on a more regular basis. However, cyber-events are ever evolving and extremely sophisticated. You should never sit back and say, “Oh, we're ready,” and stop modifying and testing, so I think they should stay attentive to this risk.
5:15 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Building on that, do you think the lack of coordination among key government departments is making government information and the personal information of Canadians stored on the cloud more vulnerable to a cybersecurity incident?
