Public Accounts Committee on March 30th, 2023

If I understand your question correctly—please forgive me if I don't, and re-ask it—the benefits of having a digital service experience for Canadians could probably be best exemplified by the fact that we have Canadians who need to apply in a physical, paper format to get their passports renewed, versus having the opportunity to do that in a fully digitized format, which is what we aspire to.

What it allows for is agility and speed for the person receiving the service, and it reduces the amount of paper and number of forms that government employees need to process. There's an environmental side of that, as well, that I think is obvious.

I don't know, Sony, if you want to add to that.

If I can, Mr. Chair, digital is not an option. It's where we host that data, whether it's a data centre that is controlled by the Government of Canada, or it's the cloud, or in between. The reality is, a lot of the work we are going to do going forward will be hybrid. We are going to leverage traditional data centres for some aspects of the business or the process, and we are going to leverage the cloud for some other aspects. All of this needs to be tightly connected.

The business case that is being done at the beginning is about how we optimally leverage the various hosting options. The cloud, as Catherine said, brings that option to scale up. If there is a peak in demand—think about the tax season or the passport season or the demand at the border—these systems can take much more demand if they are in the cloud, because they can ask for more computing. When there is a peak, we pay more, and when there is a lower demand, we pay less.

If it's run in a traditional data centre that I operate, I need to build a farm of servers to be able to be ready to take peak times, so it might not be cost-effective. When we do the business analysis of that, we also have to look at the cycle that some of these programs or services are going through.

This is when we get to figuring out what is the best digital hosting option. Sometimes, it's a bit in the cloud and a bit in a data centre. It really depends on the business and the type of operation. Catherine gave some examples. Each one has its own cycle and its own demands.

That data needs to be hosted somewhere and the application that computes that data needs to be hosted somewhere, so in each case, we're doing a business case.

I think, first of all, there are funding constraints. We are trying to manage the highest risk systems within government first, and those are big, complex systems. We're talking about immigration systems. We're talking about benefits delivery systems. Those aren't things you do quickly. They take time to do, so that's some of the built-in slowness to the system.

I would also say, putting my private sector hat on for a minute, we are highly risk-averse in government. I think part of the conversation in the digital space needs to shift to the risk of not moving a little more quickly and the risk of doing nothing, if I could be so candid as to say that.

There's a pacing element around the complexity of our systems that is normal and appropriate, and then there is a general heaviness of process and heaviness of risk aversion in the digital space that we need to tackle from a cultural perspective.

That's an excellent question. Thank you.

I think there are things happening right now within the government in some of the committees that help manage this that are trying to move out of the way some of the systemic barriers that exist. We have things around skills and around decision-making, so I do feel we're making some progress there. I think from an overall MP perspective and ministerial perspective, it's just to support the fact that Canada is falling behind globally in digital government delivery and we can't continue to operate with the number of humans we have doing the things we have them doing.

I think as we talk about new policies and programs—and this is the advice I give to the minister whom I have the privilege of supporting—we have to ask the questions around digital-first delivery, and that includes having great digital tools for the public servants who work so hard every day to serve Canadians.

Yes, certainly risk assessments were completed. I can confirm that, and my colleague from SSC is also confirming that.

I think we're also learning about the robustness of those risk assessments as we move to the cloud: Should we ask different questions? Should we look for different information? Certainly with respect to some of the findings by the Auditor General around the implementation of the guardrails, the two big lessons we take away have to do with automation and making sure we have put in place a good compliance framework.

Thank you very much for the question.

The risk aversion I'm pointing to is that it is normal for organizations that are moving through modernization to learn lessons, and we are learning some lessons. What I want to avoid is our pulling back and saying we're going to stop because a couple of things weren't done properly. We're learning from those; we're implementing, and we were thoughtful about not doing our big systems first. For example, the old age security, EI and CPP systems will come later and we will have taken the opportunity to learn from some of the smaller systems that we've moved to the cloud.

I would say your question about a whole-of-government shutdown is absolutely something that is constantly on the minds of those on this team when we think about cyber—and Sony said that very well. The cloud still allows us to have all of the protections that the Centre for Cyber Security provides. This is a unique asset we have for the Government of Canada, one that makes me feel very comfortable—a different type of asset from what I had when I worked in the private sector.

So although we have learned some things, the incredible support that we get from the cyber centre is a “compensating control”, if I can say that.

I would like to talk about this for 40 minutes, but I will do it very quickly, because I know we're tight for time.

We have anywhere from a 25% to a 30% vacancy rate in technical jobs in the government. That is relatively consistent, by the way, across Canada. We are seeing particular pinch points in cybersecurity, cloud computing and architecture. There are a few areas in which we are competing with companies all across Canada.

We need to do a better job of lighting up what technology people in this country do for Canadians. No one gets to do what we do. It is my mission to go out and have many more people come in and do a tour of service within government doing digital work. First of all, I think there would be a different understanding of the complexity within government and the things we need to do. I say that with all humbleness, having worked for 30 years in the private sector. I looked across and said, “What's going on in there?” I came into government and said, “Oh, my goodness, this is very complicated.”

I think it would also be great to have people from government go out into the private sector and learn what it's like to have quarterly shareholder meetings and some of the metrics that drive industry and a lot of the innovation in our country. That is a huge issue, not just for the Government of Canada but also for Canada.

I'll make sure, yes.

Some of our findings relate to the central agencies' rules and the oversight, monitoring and implementation support. I think that, if the central agencies are addressing the weaknesses we found, and filling the gaps we found, we should see some better implementation.

We are planning on following up on this report on a faster basis than we would normally do, because of the fact that these are early stages and there's work to be done.