PACP Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Standing Committee on Public Accounts
|
l |
|
l |
|
EVIDENCE
Tuesday, April 9, 2024
[Recorded by Electronic Apparatus]
[English]
[English]
I have a point of order, Chair, before we get started.
It's so good to be back with everyone here this week for an in-person meeting.
I'm going to ask you to get right to the point of order.
If it's meandering, I'll come back to you.
What is your point of order?
The point of order has to do with our agenda today. We've had several amended notices of meeting, so I'd like to understand, given discussions that we had last week, why it is that KPMG is not appearing here today.
I was going to explain that. I will come to that in a few minutes.
[Translation]
Welcome to meeting number 113 of the House of Commons Standing Committee on Public Accounts.
[English]
Today's meeting is taking place in a hybrid format pursuant to the Standing Orders. Members are attending in person in the room and remotely using the Zoom application.
This is a reminder that all comments should be addressed through the chair.
[Translation]
Pursuant to Standing Order 108(3)(g), the committee is resuming consideration of report 1 of the 2024 reports of the Auditor General of Canada, entitled “Report 1: ArriveCAN”, referred to the committee on Monday, February 12, 2024.
[English]
Before I welcome our witnesses, I will be happy to explain the sudden agenda change.
To be efficient, I was trying to schedule as many witnesses as possible. Over the last day, some committee members requested more time, which would have taken us beyond 5:30. Members then highlighted the motion passed by this committee that required a two-hour meeting. I felt it was getting a bit crowded, so in light of the motion that was passed calling for a full two hours with KPMG—
Why don't I finish my explanation, and then I'll hear your point of order.
I decided to put it off and to also schedule a subcommittee meeting to discuss both that motion and future business. That was the decision.
Mrs. Shanahan, do you have a point of order?
Yes.
Without further ado, let me welcome our witnesses.
From Amazon Web Services Inc., we have Nicole Foster, director, global artificial intelligence and Canada public policy; and Nick Markou, head of professional services, Canada public sector.
Welcome, and thank you for agreeing to appear today.
From BDO Canada, we have Mike Abbott, managing partner, markets and industry.
Thank you for being here.
From Microsoft Canada Inc., we have John Weigelt, chief technology officer. Thank you for being here.
I'll flag this up front: You might have experience appearing before a parliamentary committee; if you do, that's great, but if not, that's no problem.
Members will have time to ask each of you questions. In the course of those questions, they might ask for additional information. Committees do have broad powers to summon information. We don't usually go from zero to 60 that quickly. We hope witnesses will agree to provide information. Obviously, if information is sensitive or commercially confidential, we do understand that and we will work with you.
As questions come up, if you feel you're able to assist us, just acknowledge that. If there is some give-and-take, we can look at that down the road. We generally hope witnesses will get back to us within two or three weeks, at which point the analyst will reach out. We'll also keep track of what might be asked of you, so you don't need to scribble it down here. The blues will be made available for the record here.
It's meant to be helpful to the committee, so don't be caught off guard by it. As a first step, you're not expected to reveal all. Having said that, we do hope that witnesses will lean towards accountability and transparency as much as possible.
As you can see, this committee, and indeed all of Parliament, is seized by this study on ArriveCAN. It originated from a motion passed in Parliament.
If you have any questions, feel free to ask me. I do want to be sure that everyone is treated fairly.
I understand there are opening statements of up to five minutes.
Let's begin with Amazon.
Thank you for the opportunity to testify today as part of your study on the Auditor General's report and to assist you in understanding Amazon Web Services' role as a contractor on ArriveCAN.
My name is Nicole Foster and I am the Canada public policy lead as well as director of global AI public policy at AWS.
I'm joined here today by my colleague, Nick Markou, who is the head of our advisory services for our public sector business in Canada.
AWS is the world's most comprehensive and broadly adopted cloud service provider. Millions of customers, including the fastest growing start-ups, the largest enterprises and leading government agencies, are using our services to lower costs, become more agile and innovate faster.
AWS is architected to offer the most secure cloud computing services available today. We support more security standards and compliance certifications than any other cloud provider, thereby helping satisfy security and compliance requirements for virtually every regulatory agency around the globe.
Here in Canada, the Canadian Centre for Cyber Security and the Department of Public Services and Procurement assess our security protocols annually. These agencies have assessed 150 of our services, which have all been deemed compliant as meeting their security requirements.
Mr. Chair, in 2020, AWS was contracted by the Government of Canada through established Shared Services Canada procurement channels to work with the Canada Border Services Agency and the Public Health Agency of Canada.
The objective was to help launch an application that would allow travellers to provide customs information electronically. Given the national emergency created by the pandemic, CBSA and PHAC chose to host the application on the cloud because of its well-known ability to quickly enable innovation at scale.
Our work was focused on the back-end architecture of the system; we did not develop the consumer-facing app. In terms of specifics, AWS's work was confined to the two following areas.
In the first component, AWS provided cloud services to the ArriveCAN program, including data storage, analytics and security services. This also included a variety of off-the-shelf services that we offer, such as translation, as well as text-to-speech technology. The benefits of using cloud for ArriveCAN was speed of innovation, the ability to meet fluctuating demands and only paying for capacity that was used.
In the second component, AWS provided expert advisory services and training to CBSA to establish the cloud environment for the ArriveCAN program. Specifically, we advised and assisted CBSA in leveraging AWS services and security architecture, including design recommendations and code to meet Canada's security requirements. Some specific examples include evidence reports for CBSA audits and compliance with Shared Services Canada guardrails and controls, as well as helping to create data storage architecture for pandemic cross-border traffic.
We also provided architecture design advice and assistance for ensuring the AWS cloud environment could integrate with other components of the project. This actually required quite a bit of complexity. For example, ArriveCAN needed to integrate with the government's firewall configurations and other related security integrations between CBSA and PHAC.
Much of this foundational work to enable digital services at CBSA is considered to be reusable assets and provides the groundwork for other highly secure workloads.
I'd like to reiterate that our commitment to privacy and security is one of the reasons customers choose AWS. Our extensive security technologies, 24-7 monitoring and alerting, and rigorous attention to all aspects of securing AWS infrastructure are designed to ensure that customers' data can be used only by them.
To be clear, AWS did not develop the ArriveCAN app itself and at no point did AWS have access to any personal data from Canadians while working on ArriveCAN.
All of the AWS employees who have worked on ArriveCAN are Canadian citizens and have the necessary security clearance, which is governed by the Treasury Board standard on security screening.
Thank you for this opportunity to speak with you today. Mr. Markou and I will endeavour to answer your questions to the best of our abilities.
Thank you.
Good afternoon.
Let me start by thanking the chair, the clerk and all committee members for the invitation to be here today.
We at BDO Canada appreciate the importance of this issue. That's why we're happy to answer any questions you may have.
My name is Mike Abbott. I'm the managing partner of markets and industry for BDO Canada. I'm a member of our firm's executive, reporting directly to our CEO.
One of my mandates is to head up our firm's industry program, including our public sector business, and all of our federal government work. We provide a variety of services and solutions to government departments, agencies and Crown corporations, in the same manner as we do for private sector organizations. Our work with the Canada Border Services Agency is provided largely through a standing professional services contract awarded to BDO in September 2020, following a competitive procurement process. Under the terms of that contract, CBSA can call upon BDO personnel to provide services in six specific resource categories. The nature of that work includes management consulting, business architecture and design, risk management, and other advisory services for business and technology projects.
This is how we were first engaged directly at BDO to support the ArriveCAN project in November 2020. Overall, our work consisted of two narrowly defined streams. Our primary stream of work, directly for CBSA, was focused on management consulting and strategic advice, contending largely with accessibility issues of ArriveCAN. The government recognized that it needed ArriveCAN to be accessible for Canadians with visual and hearing impairments and other usage challenges. This work was technically complicated, but our team worked with dedication to achieve the requested results. This stream accounted for about 85% of our work on the project.
The second stream was conducted by our Lixar division. That was done as a subcontractor through GC Strategies, which had been contracted by CBSA. This accounted for 15% of our work on the project. This work specifically consisted of getting access to our data scientists, our programming and our application builders around optical reading and reader technology.
In total, BDO's work represented a little less than 5% of the overall total attributed to the ArriveCAN project by the Auditor General. All of this was completed in compliance with applicable terms and conditions based on statements of work and supported by time sheets and other administrative details.
The Auditor General raised no questions with respect to the value for money we provided or with respect to the completeness of our administrative practices or paperwork. It is also true that this work took place under unprecedented conditions due to the pandemic, with an incredible sense of urgency. Having worked with CBSA, we appreciated the vital importance of supporting the safe movement of people and goods in the midst of this health crisis.
We felt acutely that our work for CBSA mattered. However, none of that meant it had to come at the expense of appropriate controls, and we took steps to ensure that, for our part, it did not.
Again, we recognize the importance of this committee's work in reviewing the Auditor General's study and, in that respect, would welcome any questions you might have.
Thank you.
Thank you very much, Mr. Abbott.
I turn now to Microsoft Canada.
Mr. Weigelt, you have the floor for up to five minutes, please.
Thank you, Mr. Chair and committee members, for the invitation to be here before this committee today.
Microsoft is one of the world's leading public cloud providers. It is also a long-standing technology partner and trusted vendor to the Government of Canada. We are very proud of our social and economic impact in Canada over the past 40 years. Microsoft is built on trust. Integrity and accountability are part of our core company values. We don't just follow and comply with global rules and regulations applicable to us as a service provider; we believe it's our responsibility to establish and model the highest ethical and reporting standards.
We believe we are here today because you are interested in understanding our role as a contractor, as referenced in the 2024 Auditor General's Report 1 on the ArriveCAN app.
Let me be clear: Microsoft Canada was not engaged in the development, deployment or maintenance of the ArriveCAN app. In May 2021, CBSA wanted to build a mobile app for their border security officers to verify vaccination information using a QR code on a mobile phone. We referred to this app as the “BSO app”. This app is separate from the ArriveCAN app. The BSO app was intended to process travellers at primary points of entry into Canada, to display and authenticate traveller data for officers, and to connect that information to the ArriveCAN app.
Think of it this way: The BSO app was intended for border services agents. That's one island. The ArriveCAN app is citizen-facing on another island. Microsoft was contracted to help CBSA build that bridge between the two islands—or apps, in this case. CBSA licensed Microsoft cloud computing services and engaged Microsoft to provide related technical advisory services to support CBSA's development of that bridge, which is a connector between the BSO app and the ArriveCAN app.
The documentation we have regarding service orders specifically attributed to the BSO app does not align with the $3.8 million reflected in the AG's report. Our thorough review of our internal documentation estimates the service orders total approximately $1.3 million. This amount is more in line with the figures reflected in the Office of the Procurement Ombudsman report—otherwise known as the OPO report—rather than the $3.8 million identified in the Auditor General's report. Microsoft has not had access to the documents reviewed by the Auditor General to understand how this overall figure was calculated.
CBSA procured the cloud computing and related cloud advisory services directly from Microsoft using a Government of Canada cloud framework agreement. No part of this work was subcontracted.
Allow me to explain this process.
Microsoft provides limited cloud computing and cloud advisory services to the Government of Canada under a Government of Canada cloud framework agreement. We are one of eight providers that qualified through a competitive procurement process to enter into one of these agreements. Shared Services Canada is the contracting and technical authority for the cloud framework agreement. Government departments and agencies can then select from a catalogue of approved cloud computing services and related advisory services available for purchase, pursuant to a cloud provider's cloud framework agreement. To execute the purchase, the department submits a service order that specifies the quantity and scope of service chosen from the Shared Services catalogue for approval. Once approved, the order is sent to the service provider. The service provider fulfills that order according to the terms and conditions of the GC cloud framework agreement.
Microsoft followed this established process with respect to the cloud computing and related advisory services required by CBSA for the BSO app.
Regarding Government of Canada procurement processes more generally, we feel there's an opportunity to better align with market offerings and evolve alongside technological advancements, in order to deliver on-demand digital services to Canadians. Industry, including Microsoft, has been working in collaboration with Government of Canada officials in Public Services and Procurement Canada, the Treasury Board Secretariat and Shared Services Canada to help modernize procurement practices, especially where they pertain to procurement of cloud services and complex IT solutions. Shared Services Canada is currently working on maturing the GC cloud framework agreement. We are encouraged that it is progressing.
Modernizing procurement isn't just a choice. It's essential for achieving the government's digital ambition securely, as well as for being competitive and interoperable globally.
Thank you, and I welcome your questions.
Thank you all very much.
I will now begin the first round, which will consist of four members asking questions for six minutes each.
Mr. Brock, you have the first slot for six minutes.
Thank you, Chair.
Thank you to the witnesses for your attendance today. It's much appreciated.
The focus on my first round of questioning will be on relationships and, in particular, relationships with the government related to BDO and Amazon Web Services.
The question first to Amazon Web representatives, in relation to the arrive scam, as we call it on this side of the House, is I understand you billed almost $4.3 million to the PSPC. I also understand that at no time were you the actual contractor, you were the subcontractor. Is that correct?
Okay. Did you do any subcontracting with GC Strategies, also known as Government of Canada Strategies, or Dalian or Coradix?
Let's talk about Dalian. Bill Curry, a reporter for The Globe and Mail, last Saturday, April 6, wrote a story. The heading was “Beneath ArriveCAN” and contained within that article is a quote. I'm going to read it out:
Dalian's website gives the impression that it is an independent company. It describes itself as “Aboriginally Owned - Veteran Operated,” and lists several global tech giants as vendors, including Microsoft, Amazon Web Services, and Dell Technologies.
How many contracts did you have with Dalian?
The value? If I can explain the relationship with Dalian, the original mandate that we worked on with Dalian was that we worked for Dalian specifically. That was related to a migration project for the benefit of CBSA.
I don't need to know all those specifics. Two to three, what is it? Two or three contracts with Dalian?
I can provide clarity on this. There were three contracts. One of the contracts was a zero dollar amendment to the end date of the contract.
Okay, so Dalian is the contractor, you're the subcontractor. The value of the two contracts was how much?
To be clear, Dalian was our customer. We did understand that the work was for the benefit of CBSA but it was not a subcontract.
Okay, I'm not going to get into semantics. The ultimate benefactor of your work was the Government of Canada, specifically CBSA.
Let's get to the answer now to my question. What was the value of the two contracts that you worked on with Dalian?
Yes, I am a long-time advocate of women's participation in politics of this country and I do that on a multipartisan basis.
Ms. Shanahan, hold on.
I would like to get us out of here on time or as close as possible.
Ms. Shanahan, that is not a point of order.
One of your members is up next and if there are additional questions you have for Ms. Foster....
None of us in this room think that political participation is a bad thing. In fact, I think we all encourage it.
I will note that you have dined out on a donor card that's been displayed here and I have not stopped you from doing that. So we will continue to hear from Mr. Brock and Ms. Foster, who is doing a fine job answering his questions and will continue to do that. Then it will be one of your members who will have a turn.
Chair, if I may say so, it's the difference between when a witness volunteers information and when a witness is being particularly questioned about their—
No, Ms. Shanahan. The point of this is to ask questions and to get answers.
Mr. Brock, you have a minute and a half left.
Nice try, Ms. Shanahan.
Witnesses, you don't understand, but this particular member went to great lengths to highlight a certain allegiance that one of the previous witnesses had with the Conservative Party of Canada.
Ms. Shanahan, I certainly did not cut you off when you were questioning the witness about donations and membership.
Ms. Foster, there is certainly nothing wrong with being involved. I appreciate your answering the question.
I would ask government members to hold off. In just under a minute and a half you will be able to ask these witnesses all the questions you like.
Mr. Brock, you have a minute and a half.
Ms. Foster, again, I didn't ask you to expand upon why you were donating. I wanted to know whether you donated in September of 2023. You said yes. How much was that donation?
Right.
I understand that since 2005 you've contributed $33,000 to the Liberal Party of Canada.
Does that sound accurate?
Certainly. Okay.
Moving on to BDO, I have similar types of questions.
Did you work with GC Strategies?
With Coradix, I did not. With Dalian for ArriveCAN, I did not.
I'll come back with a specific number. It's in the range of three to four outside the scope of ArriveCAN.
You were the subcontractor, and Dalian was the contractor to a department of the Government of Canada?
I'll give you a ballpark, a rough order of magnitude, which was about $800,000. It could have crept up to $1 million, so I'll give that as the rough order of magnitude for the contracts collectively.
To Mr. Abbott and Ms. Foster, were you directed by any government official to specifically work with Dalian and/or GC Strategies?
Thank you, Mr. Chair.
We've talked a lot about the technology you have provided with respect to ArriveCAN and to support the work of the government.
One of the ideas you brought forward was the notion of modernizing procurement.
Could you explain to us what you see as the current challenges in the way things are done that modernizing procurement would help resolve?
Certainly it could take longer than the six minutes we have available today. It is quite a challenging file that has been under way for many years.
I will highlight a couple of things. One is that it's very challenging to keep up with the ever-increasing pace of technology. Government procurements have often envisioned a 10- to 20-year life cycle for equipment, and that's thinking about trucks or planes. Technology changes far more rapidly than that, and we need a way to keep abreast of that type of change.
We also need to make sure that the way technologies are specified reflects today's technologies and not yesterday's technologies. We find that some of the terms and conditions and the way the requirements are defined are more about people having computers on their desktops instead of in the cloud or being available on demand.
Those are two of the top areas that I think are worth exploring.
Thank you.
You are part of this project that has now received a lot of attention in the public. The Auditor General has questioned the value for money. You are one of the organizations that have been part of developing this.
In terms of your contributions, you mentioned that Microsoft was responsible for building the bridge between the ArriveCAN app and the BSO app, that I am assuming CBSA officers would be using, and I am guessing there is some form of data integration between the two apps.
Do you believe you provided value for money in your contributions to this project?
I might have spoken too quickly over the examples of the different applications. Microsoft was not involved with the ArriveCAN projects or those applications, nor did we build the BSO app.
We worked with CBSA and provided them with cloud computing capabilities. The application let them learn how to build applications and use the cloud services. Then our training and advisory skills helped to really skill CBSA employees to be able to use these tools. They created a pilot connector, that bridge between the two islands. They were able to then use that as an example as they went forward during the COVID crisis and further to be able to then grow on that capability. Absolutely, we feel that we've provided great value to CBSA, to the Government of Canada and to Canadians.
Help me understand. If you had not built that bridge, how would a CBSA officer—you might not be the right person to ask this question of—be able to see the information that's inputted into an app that is not connected to the application in front of them?
The BSO app was intended to be on a mobile phone. It enabled a faster, streamlined approach. For those who were in western Canada, you may recall having a QR code on your phone that enabled you to go into restaurants in a more streamlined fashion. That was to be the same thing, to enable the border services officer to look at the ArriveCAN QR code and then streamline that process. It is our understanding that they had to have two separate applications, which could have potentially slowed that progress across the border.
I'll move to AWS.
You talked about the work you did with CBSA in providing expert advisory services and design advice on architecture.
You talked about reusable assets. Could you explain a bit further what types of reusable assets there are and how they can be applied to support the work of the government?
I think, from a reusable asset perspective, we built out components of the ArriveCAN program along the lines of security, data management and those types of things. When we were working with CBSA, ArriveCAN was one of the many applications and programs that we were working with them on.
The analogy that I like to use, to remove the technicality from it, is that, if you were building a condo building, for instance, you build the foundation once. You don't build a new foundation for every condo that you equip. I would say that would be an analogy for some of the reusable assets that we built.
Ultimately, for CBSA, on things like the authority to operate, they were able to gain the audits that they passed. Those were essentially reusable assets. While they may have been built as part of the ArriveCAN program, they're not necessarily for the exclusive use of the ArriveCAN program. They can, at the choice of CBSA or other parts of government, be used for other components.
Did AWS ever consider developing the actual application itself, like the ArriveCAN app? Is this an area of business that you are involved in?
We are not an application development firm. AWS by definition provides infrastructure and cloud services to organizations globally. We are not in the business of application development.
As you work to develop reusable assets that can be applied across different applications and purposes within the government, how do they coordinate with you in terms of upcoming projects or other applications that are being developed so that those reusable assets can be leveraged?
The contract vehicle, the agreement that we used, was designed by the Government of Canada. It was called the cloud framework agreement, which is the direct vehicle by which the Government of Canada engages our advisory services. Typically, in discussions with our customers—and we do have many departments that are customers of AWS—they may bring this up to us at some point in time. They may or may not engage our services.
Ultimately, from an AWS perspective, what we're trying to do is provide innovation and assist the government through complexity. We then transfer those skills and knowledge to both our government customers and our partners so ultimately they don't need to rely on us to consult with us, let's say, on every single aspect that they want to move ahead on. Our entire program is about enablement.
Thank you. That is the time.
To our witnesses, we take questions and answers in both French and English. Could you prepare your earpieces if you don't speak or understand French?
[Translation]
Next is Bloc Québécois member Ms. Sinclair‑Desgagné. She'll be asking her questions in French, but you can answer in French or English.
Go ahead, Ms. Sinclair‑Desgagné. You have six minutes.
[English]
I'll turn the floor over to you.
[Translation]
Thank you, Mr. Chair. I appreciate that introduction. I'm honoured.
Thank you all for being with us. Today, you're helping us understand what really happened and the various layers of government mismanagement.
Here's one of the biggest questions we have, not just all of us here on the committee, but also many taxpayers in Quebec and Canada: How does the subcontracting process work when businesses are very small and don't actually provide any services? I'm talking about businesses such as GC Strategies, Dalian, Coredal and Coradix, which we heard about earlier.
My first question is for you, Mr. Abbott. You said in your opening remarks that you had carried out a number of contracts and that only one of them was as a subcontractor through GC Strategies.
Is that correct?
[English]
[Translation]
You had entered into contracts directly with the Canada Border Services Agency, or CBSA. Then, GC Strategies asked you to be a subcontractor.
Why didn't you just say that you would deal directly with the CBSA? Why did you agree to let a company earn commission on work that you were actually going to do?
[English]
The contract we had with CBSA direct to BDO was a contracting vehicle for business services, and we were qualified in six specific categories. The categories for what our Lixar team did around data scientists and around part of the application development for the optical reader technology didn't qualify on the contract that we were qualified on with BDO Canada.
By extension, GC Strategies reached out to us. It understood that we had that capability and then asked whether we would be interested in supplying that.
[Translation]
If you had that capability, why didn't you qualify for the contract with the government? Given BDO's size, if you had that capability, you should have already been qualified with the government.
[English]
We acquired Lixar in March 2020. Lixar did not have the prerequisite qualifications as an organization to meet the overall corporate qualifications at that time. Today we would.
[Translation]
Was it the same process that was used for your $800,000 in contracts with Dalian? Was it the same as it was with GC Strategies, where you didn't qualify with the government, so you had to resort to the somewhat sneaky method of going through Dalian?
[English]
That's correct. It was for a technology-specific.... Our contracting vehicles were for business services at the time. At the time, we, as a firm and an organization, did not qualify because we had not had our technology capabilities long enough.
[Translation]
Don't you find it ridiculous that a two-person company that provides no services qualified for a government contract, when a company with the capability to do the work did not qualify? As a result, taxpayers had to pay a two-person company that provides no services but was qualified a commission of 20%, and even 15% to 30% in Dalian's case.
Is there something wrong with the Government of Canada's procurement practices?
[English]
Yes.
How I'll answer that is by saying that we don't always understand how organizations win contracts. We certainly see them published on the Open Government website. In that publication, we don't always see how large the organizations are. What we see is that they are qualified.
Most of us who operate in this will be able to look at the RFPs and see what the qualifications are, but we won't know and won't have access to the specifics of how they qualified.
[Translation]
When you agreed to work with GC Strategies, did a partner at BDO meet with someone from GC Strategies?
[English]
That's correct. There would have been a discussion. I'm just trying to do the timeline of when that discussion would have happened. The work for ArriveCAN was done in the spring of 2021. Our team would have received a call, and did receive a call, from GC Strategies as to whether or not we were interested in supporting a piece of work.
[Translation]
[English]
[Translation]
Did that person discuss the people at GC Strategies with you? Did you do any preliminary research on the people who, at the end of the day, were being awarded the contract for the work you would be doing for the government?
We heard from KPMG executives last week. Generally speaking, firms like that really assess the risks before signing a contract. Did you do any such assessment at BDO?
[English]
Yes. Our assessment of them as an organization certainly would have relied on the government contracting and the fact that they were a qualified vendor, and making sure they had the contract that they said they had. There's a certain amount of faith we would put into that when accepting the engagement. That was a key portion to our acceptance of that.
[Translation]
You don't have a system, then, to check how big the company is, what services it provides or how it landed the contract, even though it had no services to speak of. It was awarded the contracts but didn't provide any services itself. It didn't have the capability you had.
[English]
Our systems certainly would look at the size of the organization—in this case, from a risk perspective. The key question would have been if they held a valid contract and were a valid supplier to the Government of Canada. In this case they were.
[Translation]
Thank you very much, Mr. Chair.
I want to thank the witnesses for being present with us today on what is a terrible instance, I think, of a combination of issues, some being of oversight, accountability, particularly by CBSA.
I note that some of you have read the report. Hopefully, you have all read it. It suggests there was a lack of information and documentation provided to the Auditor General, but that, just within CBSA itself, there was an inability for them to second the documents for the Auditor General to review.
In some of the testimony made in response to some of my colleagues' questions, in particular, Microsoft, for example, responded with the fact that the numbers, the financial invoices, where the money went and how they were accounting for some of those services were different from what the Auditor General found. I wouldn't dispute the Auditor General's finding, because it's obvious that she put a number associated with this work.
However, I would judge—or try to judge, at least—where those invoices came from. It may be the fact that these invoices were billed through GC Strategies, particularly with the work that you've done, and they may have failed to report to the government the true cost.
Is that a potential in any of your minds?
I can answer. We would not have had access to what was ultimately passed through. In our relationship with GC Strategies, we would have billed them as an organization. I certainly don't have the same set of data that the Auditor General had to be able to conclude....
I think the Auditor General highlighted that it would be possible in the report, so I certainly am not in a position to argue with that.
It's not possible in the case of GC Strategies. We have no relationship with them. We have very clear visibility on the work we did with Dalian on CBSA. With the contract I referenced earlier, most of that had nothing to do with ArriveCAN. Exactly $98,000 did have to do with the very initial work on ArriveCAN, which was prepandemic work.
In relation to when you came into contact with Dalian and/or in other instances with GC Strategies, what was known of these two companies by your companies prior to engagement?
Can all companies respond, please?
Certainly. We have absolutely no relationship with GC Strategies. Dalian is registered as a reseller of our surface hardware devices. That's why we believe our icon is on their website. However, we don't have any record of doing business with them. We did do extensive research on that. We don't have a relationship, but we've made money there.
I can speak for the GC Strategies component in BDO. We acquired Lixar in 2020. They had a relationship with Lixar in the past. A piece of work around ArriveCAN was tabled to us, asking us whether we would be interested in providing that service, specifically around our data scientists and around the optical reader component. That skill set is not necessarily easy to get. We were asked whether we would be interested, and we worked through that process to provide them with a proposal at the time.
Some additional context around our engagement with Dalian is that this was before the cloud framework agreement existed. Prior to that time, the Government of Canada really did not have an ability to procure cloud services.
It is quite different from traditional IT procurement, which involves, quite often, the procurement of an actual tangible asset or hardware. In the case of procuring cloud or licensing software, they are very different ways of procuring technology.
We often work with very small companies and very large companies that may, for example, be building applications using the tools they find available to them on the cloud; and there are additional services, for example, that AWS does not provide. We don't provide staff augmentation services. We do have a number of customers that are looking for additional support beyond the advisory services we do provide, and there are a number of companies in Canada and around the world that provide those services.
I understand now. Thank you very much for that fulsome answer.
I would like to come back to Mr. Abbott. With regard to BDO's purchase of Lixar, you're stating your association with GC Strategies comes via that purchase, is that correct?
Was there a risk assessment process done by your company in order to determine the exact contracts it was engaged in? Was your company aware, upon purchase, that it was engaged in work related to this project?
At the time, there was no work related to the project. I can't speak to the extent of every due diligence we did around Lixar, but, certainly, we worked through a valuation. We would not have looked at every contract that existed in the organization. We did not have a direct awareness of the relationship with GC Strategies when we acquired it, no.
I understand.
We had several testimonies at this committee regarding some of the contracting of GC Strategies and the awareness of GC Strategies. We understood there was “a well-known community” that GC Strategies was a part of. Contractors of the government were known to this group.
Were you aware of Kristian Firth or any members of GC Strategies, even without directly working or engaging with them through Lixar?
I can tell you I was not.
From my experience, I had probably seen the name GC Strategies in looking at contracts that had been published on the opengovernment.ca platform over the years, but I didn't have an awareness of him in any way, shape or form.
Thank you, Mr. Chair, and thank you to our witnesses.
Ms. Foster, can you confirm for this committee what Amazon Web Services believe is the accurate figure for how much you were paid for your work on ArriveCAN?
It is admittedly a little bit difficult to confirm in terms of the cloud computing utility amount. It is easier for us to confirm the amount we were contracted for advisory services. That amount was $4.6 million in terms of the advisory services provided.
The estimate from the Auditor General is in the range of being correct. The reason it is difficult for us to determine exactly is that the app continues to run today on the cloud in addition to 40 other workloads that CBSA runs on AWS. We have assigned account numbers for a number of different workloads—
I'm going to cut you off there. I get the sense of where you're going.
Would you be willing to provide to this committee a breakdown of those accounts, and the amounts you see from cloud services up until today's date?
CBSA could provide that detail. It has a number of accounts, and we don't know what the workload is assigned to. We can't see, for example, which.... Due to our security and confidentiality, we actually don't have visibility into what our customers are exactly doing in those workloads. They can tell us there's a workload assigned to CBSA, and we can provide that account number, but we don't have the detailed visibility on which account is doing what.
I may circle back to this, because I think there's a lot more there.
Who at CBSA was the principal contact for AWS?
We had worked with the CBSA technical team. A gentleman named Kien Tsang was, I believe, the director. I don't recall his title exactly. He was the director of the technical team that was leading the ArriveCAN program, amongst others.
AWS is a registered lobbyist with the federal government. When AWS met with Minh Doan in May 2022, what was discussed?
I was not at that meeting, so I can't confirm the details of what was discussed. I would need to verify who was at that meeting.
And the topic that was discussed?
Circling back briefly, CBSA has been accused—specifically Minh Doan—of actually deleting emails. I'm going to go back to you to ask that you provide this committee with as much information as you can about the costing of the cloud for CBSA. Even if you're unable to provide us with specific accounts, we'd be interested in knowing the broad amounts, and what CBSA was charged for cloud services up until the current date. Frankly, we can't trust what CBSA has provided, because of the deletion of documents.
Would you be able to provide us with that?
I will clarify with you what would be useful, but I'm happy to try to be helpful to the committee in their work.
We will circle back through the chair for that information, through our analysts.
Mr. Abbott, can you confirm that, prior to beginning your work with BDO, you spent some time with Deloitte? Is that correct? Was it about 25 years?
While at Deloitte, were you involved at all in, or aware of, a project called CARM, the CBSA assessment and revenue management digital initiative?
In your work on or awareness of that, were there ever any concerns expressed by CBSA about Deloitte's work on the CARM initiative?
I will, for the purpose of ArriveCAN, put it out and say that some of those questions will be best directed towards Deloitte because I'm representing BDO. However, I'll answer from the perspective that there were certainly, like with other large projects, points of contention, things that worked well and that didn't work well. I do not describe it as having points of contention, but certainly, where things weren't working there were meetings of the minds, if you will, to try to clear those up and move forward.
I would say that, similar to any other project where it's large-scale in nature, not everything goes exactly...from the day one plan. I characterize it that way as opposed to saying that there were concerns. I can speak to it from that perspective.
I haven't been part of that project for three years, so I really don't have a perspective to answer on that.
Thank you for coming.
Mr. Abbott, you mentioned in your opening statement that 15% of the business through Lixar had worked with GC Strategies. Can you elaborate on what that was, exactly? Do you believe that was good value for money?
Our team was asked to pull together a team around data scientists and some application developers, specifically to help work through different pictures, and for optical reading purposes, to read text. It started with a proof of concept, and then once that was cleared it moved to a bigger piece.
I would describe it as a fairly technical skill set and capability that, I think, there are generally two reasons that organizations get asked to supply: One is for staff augmentation and the other is to achieve an outcome to acquire a skill. In this case, it was for acquiring the skill set, specifically from the data scientist, and because we did not hold the appropriate contracts and resource categories we could not do that through our own means. However, that was the nature of that work, and it ran from April 2021 throughout 2021.
The Auditor General's report and its commentary around value for money didn't highlight anything specific around the work that we did. It's a very unique skill set that was brought to the table. I certainly do not challenge the Auditor General's report. It's a very well-written report.
Yes, I confirm the number that the Auditor General had. We went back to look at our records and reconcile back to the Auditor General's number, and it matched the number. It included 85% of that number—85% of $2.9 million is $2.4 million—which was direct from BDO through to CBSA, and the remaining $500,000 was through GC Strategies, so $2.9 million.
Thanks.
Have any of you met with Kristian Firth, Darren Anthony or Dalian's—and People's Party of Canada candidate—David Yeo?
The contact would have come through our existing relationship, which was through Lixar. It would have been GC Strategies through to our Lixar team and then from there.
Was BDO involved in conversations around developing the non-competitive contract between GC Strategies and CBSA?
To my knowledge, the answer is no.
I wasn't there, but certainly to my knowledge, the answer is no, we were not.
Because we had two streams of work—one which was directly with CBSA—I have to answer yes because we had a direct contract.
I wouldn't characterize it as bypassing, where we were contracted to deliver work through GC Strategies. We delivered that work through GC Strategies, not directly to CBSA. We would have worked through that relationship.
As it pertained to our other work, we would have worked directly through CBSA because that's where our contracting relationship existed—between BDO and CBSA.
I can say no to Mr. Utano.
In a previous life, I had met Mr. MacDonald in boardrooms and meetings, but not personally.
That is your time, Ms. Yip.
[Translation]
We now go to Ms. Sinclair‑Desgagné for two and a half minutes.
Thank you, Mr. Chair.
I'm going to be quick.
Mr. Abbott, I am picking up where we left off.
When GC Strategies reached out to you, you said that it already had a contract and that you hadn't bid on that contract together. Why didn't you submit a bid?
How do you explain the fact that GC Strategies already had the contract and then contacted you? That means it landed a contract without having the resources it needed to execute the contract. To your knowledge, what resources did GC Strategies put down in its bid to land such a contract?
[English]
I certainly would not have a line of sight on what GC Strategies would have submitted in its overall contract to win work, so I don't know the answer to that.
[Translation]
We have the contract between the CBSA and GC Strategies, and it contains a long list of resources that have to be available in order to win the contract. A lot more resources were listed than the number of people GC Strategies had.
Here's my first question: How is it that no one at BDO Canada read the existing contract between the CBSA and GC Strategies? Second, how did GC Strategies delegate the work to you, knowing that you may not have even submitted a bid to GC Strategies? Wasn't it really just about personal contacts? The key resources weren't identified, and the company's experience no longer actually counted for anything.
[English]
I certainly understand the type of organization that GC Strategies is. There are generally two reasons why organizations are going to get contracts. One is through staff augmentation and the other is through acquiring a specific skill set.
Certainly, my understanding of the contract that would exist is this was for staff augmentation, which is one that BDO, at the time, would not have qualified for.
Part of the reason why we were interested in a organization like Lixar is that they had some of the deep application resources and data scientists. At the time that contract came out, it would not have fit within our radar because we didn't have the capability. We were a few months into our acquisition of Lixar.
[Translation]
Were you aware that what GC Strategies was doing was staff augmentation, as you called it? Usually, a company has to identify exactly who will be performing the work in question in order to win the contract. In this case, they landed the contract without identifying the staff who would be working on it.
How could the Government of Canada and its procurement authority award contracts without first identifying who would be working on them?
As you said, you were contacted after the contract was signed. That means that the resources had not been identified when the contract was awarded. How do you think that could've happened?
[English]
I have never worked in the staff augmentation business myself. That's not something I've done in my current or previous roles. I have an understanding of how those happen, in general.
Regarding the specifics of what GC Strategies submitted, I haven't seen what that contract is. I would certainly venture the view that they come into agreements with independent contractors. They may have come into agreements with organizations to get the authority to use those resources on their bid.
I haven't seen that contract, so I can't speak specifically on what they submitted. I just wouldn't have access to that.
[Translation]
Thank you very much.
[English]
Next up is Mr. Desjarlais.
You have the floor for two and a half minutes.
Thank you very much, Mr. Chair.
I want to return to a few items from our last rounds of testimony, starting with Ms. Foster.
You mentioned that you were aware of Dalian and that your relationship with Dalian was a customer-client relationship. You denied an accusation from one of our colleagues here related to being a subcontractor. It seems to me that you had awareness of the primary contract or task authorization for Dalian, and you knew they'd become a client of yours for production of work they would use to meet the needs of the task authorization.
Isn't that the same as being a subcontractor?
No, it's not the same as being a subcontractor.
Being a subcontractor means you agree to the terms of the original contract. We're not a subcontractor to the original contract. They provided—
Were you aware of that when you signed the agreement—that this would be the case for subcontractors?
I'll ask it another way for you.
You just agreed that you had knowledge of task authorizations given to Dalian. You knew Dalian was in fact going to look for subcontractors. You can call it a “client-customer relationship”, but you did work for Dalian, which was doing work for GC Strategies.
Is that correct?
Do you believe it was more appropriate to work with this company—which was one person—as opposed to working with the body that would issue that task authorization?
We work with companies of all sizes that produce work. There may be customers of ours that are one person.
In this case, you're calling Dalian a customer, so I'm trying to understand your relationship with Dalian.
What did you know about Dalian, then, when you accepted the work? Was it that they worked for the government?
We understood they needed work from us. They contracted us to do work for the benefit of CBSA, and we performed that work.
You know that, as a public servant, it would be strange. Don't you know that, especially as a person formerly working in this place?
That's exactly why we have this problem. It's because of the way your company is operating—taking advantage of general contractors, in this case, who are taking advantage of us.
Thank you, Mr. Desjarlais. That is your time. You'll have another opportunity.
I'll turn now to Mr. Barrett.
You have the floor for five minutes.
I want to follow up on my colleague's question about Minh Doan, who was the chief information officer accused of destroying documents and records related to Justin Trudeau's $60-million arrive scam. This is something the access to information commissioner is investigating.
Is there any reason that comes to mind why emails and documents from Amazon would be in the destroyed documents?
Can you tell us the total amount in contracts that Amazon has had with the Canada Border Services Agency since 2015?
I don't know the value of the contracts. However, in the last year, we did approximately $20 million in work for CBSA. We expect that number may fluctuate based on usage of cloud computing.
Will you undertake to provide the total amount in contracts that Amazon has had with CBSA since 2015? Can you provide that to the committee?
Nobody on my team, which is the public policy team, had any meetings with any government officials at any level on ArriveCAN.
You had no meetings with government officials, which means no one who worked for the Government of Canada.
We had no meetings with anyone who worked for the Government of Canada at the political level or the bureaucratic level.
Okay.
There was no connection between Amazon, or any of its subsidiaries, and the Government of Canada, or any of its departments or agencies. Were there were no conversations?
Obviously, client engagement conversations took place. Direct work was contracted, so there were interactions at a working level on this work, but there was no lobbying activity on this work.
I understand the committee has become aware of a backpack that was gifted to both staff and officials who had worked on the project. That is all I know of in terms of gifts. It was a small token of recognition at the end of a large project.
We became aware of it, but to your previous answer, there was no lobbying activity. Do you not consider gifts branded with your logo to government officials to be lobbying activity?
You haven't provided any other hospitality. There were free bags, but no drinks, dinners, coffees or anything of that nature.
We do have a corporate policy that outlines the guidelines and training for employees regarding that activity, and yes, we do have a reporting system.
It's part of your business model that there are some gifts and there is some hospitality for government officials and for the private sector. Is that correct?
Are you able to enumerate the occasions on which that occurred with government officials, who the government officials were and what gifts were given?
Thank you very much.
Just to be precise, were there any government officials and Amazon employees who met outside of government offices? If so, can those details be included in your return to the committee?
In the normal course of business, meetings may take place outside of government offices. They may take place in our corporate offices, they may take place—
I understand the concept. I'm asking if you'll provide the details of those meetings in the return that you committed to with respect to your previous answer.
I would have to verify this, but I do not believe we track that information in terms of the locations where meetings take place.
I don't think we have a regular system to track that, but if we do have it, I would be happy to provide it.
Thank you, Mr. Chair.
Thank you so much to the witnesses for coming today.
This question is for the representatives of each of the companies. For the record, how long have you been doing work with the Government of Canada?
I'm not sure if it counts, but I was in uniform with the government from 1986 until 2000, I worked for Treasury Board until 2003 and I've been working at Microsoft for 20 years since then helping the government.
Prior to the framework agreement in 2020, we would have done very minimal work. We launched our infrastructure in Canada in 2012, but it took some time for procurement avenues to become available in Canada.
I just wanted to give you a chance to complete an answer. I think you got cut off before. Could you please expand on the difference between subcontracting and being a customer directly?
It's a legal differentiation. When you're a subcontractor that means you adopt the original terms of the original contract.
In the case of cloud computing that is often very difficult, or was very difficult prior to the cloud framework agreements.
The Government of Canada did not have existing legal frameworks for procuring cloud. As I mentioned before, procuring cloud is very different from procuring hardware or software. Quite often a lot of the terms in traditional IT contracts would be very inappropriate for cloud. We would not have assumed the responsibilities as a subcontractor for those terms and services. Instead, those relationships would have been treated as a customer of ours and not as subcontractor to their contract.
Okay.
I understood from what you said before that the work with the ArriveCAN app still continues and they are still being billed for the cloud. The cloud relationship continues.
Is that like a monthly subscription or it based on the time or the usage?
It's based on consumption or usage. It's actually an ideal application for cloud in the sense that as your usage increases, for example, with increased travellers around holiday times and you reach peak, the system can accommodate those peak usages. When you don't use those peak usages you will only be billed for the use that you require at that time.
The cloud framework agreement is the same agreement that all the cloud service providers have signed, the basics of the agreement. There was a lot of education that had to happen with the Government of Canada to understand how to procure cloud in the lead-up to the signing of that agreement.
CBSA indicated that contractors were selected because they helped produce a faster result. That's been referred to before, to speed things up and build the app faster.
Do you agree that Amazon helped to speed up the process?
If so, how?
Cloud in general speeds up the process. For example, if you had to ensure that you had a large enough infrastructure capacity to support 30 million users on a flick of a switch, you really would not be able to do that. Most organizations, including the Government of Canada, may not have enough capacity or servers to service that spike in usage so quickly. Even at an accelerated pace of procurement you have to decide what you are going to procure, you have to order it, then it gets delivered, then you have to install it. All those things take time in a private sector context and in the public sector it may take even longer.
At the time of the pandemic there was also a limited amount of tech supplies available. It was a constrained environment. Amazon, our parent company, invented the cloud because of those challenges. As the company was trying to innovate and build things more quickly and grow, they kept running into the same kind of capacity issues over and over again. As Amazon worked to try to solve that problem for our company and our own usage, that's actually where the cloud business was born; it was that ability to allow others to scale quickly and grow quickly to reach the capacity or scale that they needed in a short amount of time.
This actually is a perfect use case for when you would want to use cloud.
Can you please explain to the committee about the AWS notify system?
Was this part of the ArriveCAN app?
I know you said you didn't actually develop the app, but was the notify system incorporated at all in that?
Travel notification was one of the features that CBSA had designed to respond to policy. It is built on an AWS service called simple notify service. It's a cloud-native service that we provide. We assisted with configuration as it related to the security for CBSA, but it's a service that anyone can purchase commercially or privately on AWS.
That's your time, Ms. Bradford, I'm afraid.
Beginning our third round, Mr. Genuis, you have the floor for five minutes, please.
Thank you, Chair.
There's one thing that I'm quite struck by in today's hearing. We have Amazon, Microsoft and BDO here, three very large and serious companies. It's clear that you're taking this hearing seriously and that you've done a lot of detailed preparation. That's not an endorsement of everything you said necessarily, but you're clearly taking this seriously.
There is a stark contrast between your testimony and the testimony of GC Strategies and Dalian that we've heard before Parliament, two-person companies that specialize only in getting government contracts. They were completely unprepared. They were unable to answer critical questions and badly contradicted themselves, yet the government has gone to GC Strategies to do most of this project, mostly through sole-sourcing, and government officials at one point conspired with GC Strategies to get them parts of this deal. It seems like a big demonstration of problems in our procurement system that the government has repeatedly gone to GC Strategies and Dalian in spite of the obvious problems that have been well on display before committees.
I want to ask if each of you if your company would have had the capacity to build the ArriveCAN app yourself and, if you could have built all of it or at least done more of it, why didn't you? Why do you think it ended up that it was GC Strategies and Dalian instead of some of these names that Canadians would recognize?
We'll start with Microsoft on that. Be as quick as possible.
Absolutely.
Microsoft is a partner-driven company. We have 16,500 partners in Canada that build atop of a platform, so our business model is to enable Canadian organizations to build this type of capability.
Why didn't you? Why didn't you put in a proposal to the government for your partners to build the app?
Our partners would lead that. We would not lead that proposal. We're 100% reliant on partners to build on those specialized solutions.
They certainly haven't seen all of the specs and requirements and stakeholders required for ArriveCAN. I can speak to the piece—
It is, but I can only speak to the pieces that we have seen. I certainly would not second-guess the Auditor General and their findings in terms of what that looked like. I don't have the same level of access to those specifications.
To the question of whether we could have done that, it's speculative. I don't have access to all of the requirements that were there. I realize it's an app, but there are some complicated features, as we found in the optical reader technology—
I get the impression that people don't want to go too far down the road of being critical of the procurement process, and I don't want to press you, but it seems like a clear problem to me that big companies, names that Canadians recognize, didn't even think to bid on this critical project, yet we went to GC Strategies and to Dalian, to these two-person shops that did no work and subcontracted it, with all of the attendant problems.
I'd be happy to share a couple of quick things for your consideration and the consideration of this committee.
AWS would not have been in a contract like this as it is not the kind of work that we do; however, there are two factors that I think the committee may want to take note of. One is the continued underinvestment in improving the digital skills of the public service. That is a long-term systemic problem. Whether or not public servants could build this could be part of the answer, but, in addition, you also don't have procurement officials who understand how to procure these systems properly, design the projects and manage the projects. It's not just hiring builders; it's also hiring a public service and building a public service that has far stronger digital skills than you have today.
Yes, and just to comment on that, the government's position seems to have been that they're not capable of performing a general contracting function for going out and finding the talent to build an app, which is why they contracted to companies that then subcontracted most of the work.
It's clearly a broken system that the government put it out to companies that simply went on LinkedIn. They found people and subcontracted it. I don't know if it's interference or if it's a lack of digital skills or something else, but clearly the system is badly broken.
Thank you, Mr. Genuis. That is your time.
Mrs. Shanahan, you have the floor for five minutes, please.
Thank you very much, Mr. Chair.
I thank the witnesses for being here today.
With regard to that theme, I appreciate, Ms. Foster, your comments regarding the civil service and that there's clearly a lack of capacity there. It's a long-standing problem that has been exacerbated at different points by the cutting of the civil service and certainly alienating people who could contribute to the expertise in this area. I appreciate that, and I think that's probably something that this committee is going to be recommending in the future. I've seen it in other committees, but it's definitely something to be recommended.
I can say that I have a son working for Amazon, and I'd love to bring him back from Seattle to work here in Canada.
Let's go back to the questions that were being asked earlier about the AWS platform. Can you talk to us, Mr. Markou, about the cybersecurity aspects of the AWS platform?
Specific to our work on ArriveCAN, a significant component of it related to security. Security, in the case of the federal government, is defined by the government in terms of the security controls, guardrails, authority to operate and audit criteria. Our work was to configure AWS to comply with all of those regulations and to ensure that CBSA was able to pass those audit checks and requirements throughout the whole process.
As part of our engagement, a minimum of 15% of anything we do we is dictated as being security-related. In this case, it was a far higher ratio than that, just given that we were configuring systems to contain things like vaccine credentials, passport credentials, personal identification, automated purging and destruction of data, and a post-retention period. I would say that the bulk of our work was related to security to meet Government of Canada requirements.
Thank you very much for reminding us that, indeed, it was during a period of high emergency, a critical period. No one knew what was going to happen next as far as the health crisis, the pandemic preparedness and so on. That's why the expertise that your companies were able to provide was critical for us.
That being said, we are where we are today because there was the Auditor General's report and the grave concerns that she had with regard to the value for money. Well, it was not so much about the value for money because it's an enduring application, but it was certainly about the lack of documentation around the contracting and subcontracting that went on.
Have any of you spoken to the RCMP regarding the ArriveCAN app?
That's excellent.
Have any of you spoken to anyone else looking at the issue, like the Auditor General?
The Auditor General did reach out to us to verify the number in her report. That is the extent of our communication with the Auditor General.
We received advance notice from the Auditor General that we would be named in the report. We received advance notice from the ombudsman about the ombudsman's report as well. That was the extent of communication.
We received advance notice from the Auditor General that we would be named in the report, and we were given the dollar value.
That's very good. Thank you for that.
If you're asked, will you co-operate with the ongoing investigations into the ArriveCAN application?
With regard to the work that was done during the pandemic, can you speak, Ms. Foster, to other work that Amazon may or may not have performed during those early days?
I don't have much to add in terms of the work we did on ArriveCAN specifically.
I'll maybe just use the opportunity to promote a report that we worked on prior to the pandemic, in co-operation with the Public Policy Forum, and that looked at strategies the Government of Canada could be using to increase its recruiting and retention of digital talent. I would be happy to table copies of that report with this committee. It included considerations around upscaling current talent and how to actually recruit talent.
It's a highly competitive environment, and there are certainly structural challenges that the Government of Canada has in terms of language requirements, potentially, but also in how jobs are actually classified within the public service. There are some very tangible things that the Government of Canada could do sooner rather than later to start to address the talent gap that we see in terms of digital skills in the public service.
We'd also be really happy—and I know other companies share this desire—to help the Government of Canada through training. All of us offer quite a bit of additional free training that is available not just to Government of Canada employees but to the general public, and we'd love to work more closely with government to further that goal.
Thank you very much.
[Translation]
That brings us back to Ms. Sinclair‑Desgagné for two and a half minutes.
Thank you, Mr. Chair.
I'm coming back to you, Mr. Abbott. Did you read the Auditor General's and the ombudsman's reports on ArriveCAN? Did you read both of them?
[English]
[Translation]
It's stated in a few places that certain resources had been billed to the government at the rate applicable to someone with up to 15 years of experience, when they didn't necessarily have that experience.
Were you aware of that?
[English]
[Translation]
Under the contract GC Strategies had with the government, Cole MacDonald—the name of a resource I'm picking at random—who used to work at Lixar, billed the highest rate for an individual, $1,500 an hour. At the time the contract was signed, he had only six years of experience when 10 years of experience was required.
What do you have to say about that, Mr. Abbott?
[English]
[Translation]
In that case, I have a very specific question. Was it BDO Canada that charged the highest rate, or did GC Strategies do it and keep the difference?
[English]
[Translation]
[English]
[Translation]
This is clearly an example of a bad practice that results in taxpayers having to fork out a lot more than they should. That's just one example. If we go through all the contracts, we'll find a number of resources that were billed to the government at a higher rate than they should have been given their years of experience. Let me be clear that we can comb through the contracts and do that painstaking work.
Ms. Foster, I have the same question for you. To your knowledge, could that have happened at Amazon Web Services? Above all, could it have happened when Dalian was awarded a contract and you ended up doing the work, although not as a subcontractor? Could that have happened at Amazon Web Services?
[English]
[Translation]
[English]
[Translation]
[English]
We don't subcontract, so it would be contracted directly with us, and we have controls in place to make sure that people have the correct qualifications.
[Translation]
All right.
That brings me back to you, Mr. Abbott. If you do review the contracts and you find that BDO Canada did overbill, what will you do? Will you reimburse the government for the difference, the amount you overcharged, or does the government have to ask GC Strategies to pay it back?
[English]
I will comment on the broader question that was just asked as well. We will follow the contracts. We always follow the contracts and bill in accordance with the level of resource.
I really can't speak to whether GC Strategies has done that. I would have no line of sight. As the prime contractor, they would typically be the organization that you would have certainly an issue with....
For sure we'll have a look at what that earlier request was, but I just have to say that from our perspective as BDO Canada, we follow our processes in terms of billings and statements and work in the contract.
[Translation]
Thank you very much, Mr. Chair.
I do want to just summarize the seriousness of today's meeting and how important it is that Canadians get an understanding of how procurement works in Canada. One of the most shocking admissions today, I think, was by Ms. Foster and Amazon Web Services in relation to the fact that you could not be held legally liable or responsible for a contract or task authorization held by Dalian if you were in fact a customer of that company.
This is the first instance of this happening in our committee. I think this is of the utmost importance for our analysts, our study and our report to investigate, in addition to subcontractors, any customers of Dalian and GC Strategies for the production of work related to ArriveCAN. It's a serious issue that I believe requires serious accountability, considering Amazon Web Services are in the top three financial records, according to the Auditor General, at $7.9 million.
This is something that I think the government should be aware of and seized with. It is of the utmost importance that they understand that accountability mechanisms, by and large set to protect the public service and value for money, are not being met. Should a company act like Amazon look at Dalian, do no assessment of that company...which was admitted in this testimony? In addition to having no oversight of the companies they take on, with knowledge that Dalian had in fact had a responsibility to CBSA, they then agreed to continue to work as a customer, knowing that the potential for amendments to task authorizations and the cost effectiveness of those task authorizations could change, ballooning the cost.
The Auditor General makes it very clear in this report that the value for money for Canadians was not achieved, particularly by way of manipulation of the task authorization process. This is quite serious. It is one that I think will require further investigation.
Mr. Chair, I think any information that can be supplied to this committee in relation to the testimony today on the contract between Dalian and Amazon Web Services would be of great importance to this committee and our study on behalf of Canadians on value for dollar.
Would you be willing to submit the contract that you had between Dalian and your corporation, for the purpose of our study, in understanding how or what work you did on behalf of Dalian and its total? Would you be willing to submit the contract?
The contract is available on our website. It is our terms and services. It is a click-through contract. It is the same service terms we use with all customers.
The terms and services of using cloud services do not change regardless of the customer using those services.
But you wouldn't be privy to that knowledge, would you, on whether or not Dalian submitted an amendment to a task authorization based on your work? You would not know that, correct?
Exactly. That's the problem I'm highlighting, Ms. Foster. That is the issue that is present at Dalian and that is the issue that is present for Canadians.
I think there's a slight misunderstanding—
Mr. Blake Desjarlais: No. Please, Ms. Foster—
Ms. Nicole Foster: —about how cloud services—
Mr. Blake Desjarlais: —it's important that—
Ms. Nicole Foster: It is important for you to understand—
Mr. Blake Desjarlais: No, let me describe—
Ms. Nicole Foster: —how cloud services are actually—
Hold on. Let me interject.
Mr. Desjarlais, your time has expired. I listened to you speak, because I wanted to see where you were going with it. As well, the analysts had some questions about your request.
Could you just explain your concern and how you see the committee...?
I don't think I want the witnesses to answer this—
Mr. Blake Desjarlais: Exactly.
The Chair: —but I'd like you to explain your concern, through me, for the analysts.
Thank you, Chair. It's an important question.
The task authorizations, which the Auditor General says there were amendments to, particularly the task authorizations that were amended by Dalian, may in fact implicate additional work done by Amazon Web Services that was not in the initial task authorization, which was one of the recommendations of the Auditor General.
Speaking to the Auditor General's recommendation, and understanding why amendments to task authorizations were taking place without knowledge of where Dalian came up with the need for those amendments, is important to understanding how the costs could increase. As a customer of Dalian, Amazon Web Services....
The problem is that we don't know the relationship between the work they had done, the task authorizations and Dalian. I think this is incredibly important. I think we need information related to the amendments of the task authorizations and their applicability to the work of Amazon as a customer of Dalian.
I hope that was somewhat helpful.
I think we'll pick this up again in the subcommittee.
Ms. Foster, as a start, it's publicly available, but could you submit the contract that is available, nonetheless? If we have further questions, we'll come back to you.
Is that fair enough, for a start?
Through the Chair, it is for the correspondence related to the tasks of Dalian and the outcomes or deliverables related to the work that Amazon Web Services had done that are directly cited in the task authorizations.
For any relevant information that Dalian, through a task authorization, then off-loaded to the work of Amazon, we need to know what that work is.
I'd be curious to get an answer from Ms. Foster, but we might have to circle back around.
Is that something you could provide?
We don't operate under a task authorization system, so no, we wouldn't be able to produce it. It's not how our work is engaged.
Ms. Foster has proven to be a candid witness today.
If we have questions, we'll get back to you and we'll see where we end up.
I do hear what you're saying about the timeline. I'd rather have a longer discussion when we're not on the clock. I have two more members to ask questions. Your concerns have been flagged. We will certainly discuss it and we'll see where it goes.
Is that all right for now, Mr. Desjarlais? Your concerns have been raised and noted.
I'll turn now to Mr. Genuis, who is the second-last member. Mr. Chen will finish up for the day.
You have the floor for five minutes, please.
Thank you, Chair.
Ms. Foster, I want to ask you about the contracts that Amazon had with Dalian. You had said earlier that they were worth $1.1 million in total.
Were all of these contracts ones for which CBSA was the ultimate beneficiary of the work?
Yes. The initial program of work was really related to a migration that had nothing to do.... They needed assistance—
They needed assistance with migrating workloads to the cloud. That support was provided.
It is less than $100,000 of work that we can identify as being related to ArriveCAN. It was a very minimal amount of work.
It was migrating services to the cloud for Dalian, for which CBSA was the ultimate beneficiary.
Were there multiple companies working for Dalian on these projects or were you basically the ones providing that work for Dalian?
For the specific project, you didn't have a line of sight on any other companies involved. They received a contract for CBSA to do what, in general? Was it to do that same migration?
We don't know specifically what their contract with CBSA was for.
In the case of this migration piece of work, we just had our own contract. We were not working with any other firms at the time and had no visibility.
These were CBSA files or CBSA information. It wasn't Dalian's internal files. It was CBSA's information that you were moving to the cloud as part of a contract that you had with Dalian.
Is that correct?
You were moving CBSA workloads to the cloud, but Dalian had hired you to do that.
Dalian is, notionally, an indigenous company, which means it benefits from indigenous set-asides in procurement.
Is Amazon an indigenous company? Were any of the employees who worked on this project for Dalian indigenous?
No, we are not an indigenous company. There may have been employees who were indigenous who worked on the project, but I can't say yes or no.
As a ballpark, is it the same as the proportion in the overall population? Is it a little higher or a little lower?
Okay.
What I'm trying to understand about the procurement system here is that Dalian identifies as an indigenous company. It benefits from indigenous set-asides in getting procurements.
In the case of these projects with CBSA, in the process of getting this contract they may have benefited from that set-aside. You said they hired you to do the work, and you are not an indigenous company.
It seems like a good deal for you. You were hired to do work. It seems like a good deal for Dalian in that they don't have internal IT capacity. They presumably didn't add value to the project. They made money; you made money. However, because of their involvement, taxpayers paid more, and this seems like a pretty significant manipulation of the indigenous set-aside rule.
Do you have a sense of why Amazon didn't just get this contract directly to move those files to the cloud? Is it because of a requirement around indigenous procurement, or is there some other reason why you didn't get that contract directly?
We don't have this ability on what the overall scope of work was that Dalian was hired to do by the Government of Canada. There could have been a much broader scope of work that included other potential elements that were delivered as part of their contract with the Government of Canada. There is a lot of information that we don't have to confirm some of your suspicions.
In terms of why the Government of Canada did not procure with us directly, at the time the government did not have the ability to procure cloud services. They did not have—
However, that seems like a bizarre and arbitrary barrier.
You're the ones who could do the work, they needed you to do the work, but for some bureaucratic and technical reason they decided they had to go through Dalian when they could have just called you and hired you.
I think you are pointing to some of the elements of why having really good procurement policies in place is really important.
Having appropriate practices and policies in place to buy the technology that you need is an extremely important element in thinking about any digital transformation initiative, whether you're a government or a private sector enterprise. There are elements you have to have in place in order to do things well.
The first one of those, which I mentioned earlier, is the appropriate kind of talent and workforce to actually lead the project.
The second really important element is the ability to actually procure what you need, and have the right rules around the procurement of that technology.
The third is an extremely important element for the people in this room, and that is leadership. These are change management projects. They require leadership in order to drive and ensure that they're able to be executed. Change management is extremely difficult in any organization, and it's especially difficult in a public sector one.
The fourth is understanding how to actually budget for operational expenses in an IT environment. Traditional IT procurement is for capital assets, and most organizations are still grappling with how to budget for those expenses in an operational sense.
There are a number of elements of what the Government of Canada and all organizations are grappling with in order to have those elements of how to do digital transformation appropriately. Not having those policies in place is a key element of the challenge—
Ms. Foster, I'm going to stop you there, but I am sure our next member will probably ask you to continue if they are of interest. I am just way over the time for Mr. Genuis, but that was interesting.
Mr. Chen, you have the floor. Of course, you're welcome to pick it up with any questions, or allow Ms. Foster to continue her answer. I will let you decide that. You have five minutes, sir.
Thank you very much, Mr. Chair.
I will ask Ms. Foster to finish, but I will preface that by saying I appreciate the presence of all the witnesses here today. You have shed light on the relationships—or lack thereof—you have with Dalian and with GC Strategies, and you have been dragged into this conversation around ArriveCAN.
To me, the most intriguing part of what you have discussed is what I see as the larger project, as Ms. Foster is alluding to, of digital adoption and transformation within government. It certainly is a monumental task, but this ArriveCAN situation, I believe, has certainly provided important lessons that government can take forward as we continue down a road of increasing technology.
Ms. Foster, your job title includes “artificial intelligence”. That certainly is high on the radar, as are the challenges you have highlighted with respect to the leadership that's needed for change management, for modernizing procurement, which was raised earlier, and certainly for building the understanding of technology and the capacities within government itself.
Ms. Foster, please continue with your testimony.
I was getting very quickly to wrapping up my point, but these are the four pillars that organizations need to consider as they embark on digital transformation projects.
The other thing I would love to leave this committee with is that we know Canadians are eager to interact with their government and to access government services on a digital basis. The experience of the pandemic also accelerated some of these things out of necessity and the need to social distance, but we know that Canadians have become very accustomed to accessing services digitally, whether it's buying things on Amazon, listening to music on Spotify or applying for a driver's licence.
Canadians want to be able to access these services digitally, and it is extremely important that the government also be able to undertake these projects in the way that Canadians expect in terms of accountability and due diligence and a very high bar on security. We wholeheartedly support that, but we have to make sure the systems we're working on are actually designed for the purpose and the objectives we're trying to meet on behalf of Canadians. It's always difficult when a major project doesn't go as well as people would like. Many of us have been involved in both successful projects and projects that we have learned a lot from, and we have to ensure that we don't give up on trying to achieve those goals.
I appreciate your focus as companies that provide cloud services and the advisory services that go along with them. I'm sure you have worked on many different projects that involve third party application development integrated with your cloud services.
How common is it that you see situations like that of ArriveCAN, in which costs balloon and there seems to be a lot of chaos in transforming a paper-based process? Of course, this was done on a very tight timeline under the very unusual circumstances of a pandemic. What is your assessment of how bad it got with the ArriveCAN situation compared to what you normally see in very traditional organizations as they try to take a big step forward?
There are a couple of things I can share for consideration of the committee.
We have a whole stream around cloud economics, so understanding how you build and then how you optimize that over time is a process for most organizations. When an organization starts to migrate workloads to the cloud, and that could be our cloud or other clouds, you generally see the initial stages of that really spiking in cost. This is because as organizations are building, they're using more services, they're accessing professional services to support that, and learning as they go, and you see a stark climb in the beginning of those efforts.
Then as customers become more sophisticated about their use of services, we see a process of optimization. The trend is that customers become more sophisticated at how to use those services. We work very closely with customers to try to reduce their costs, so it's part of what we do. In addition to that, our company has reduced costs over 130 times since we launched our business in 2006.
We're always trying to find those efficiencies within what we do, but we're also working with customers to find those as well.
Nick, maybe you can talk a little bit about some of the specifics in the work that you do around that.
To answer your question around how we engage, and what we're seeing globally, clearly there's a global trend towards digital innovation, we see it every day in terms of AI and several technologies.
The reason we have a public sector-focused business in Canada, as AWS, is to enable this in Canada. We, as well, are a partner-driven organization. Certainly you can hire and access AWS engineers, which was the case in our team, to help accelerate, and to help identify and demonstrate new technology.
Our advice was, and will remain, that Canada should continue to push forward on innovation and employ the organizations that are leading this innovation globally.
Thank you, that is your time.
Thank you, representatives from Amazon Web Services, BDO Canada and Microsoft Canada for your testimony today and participation in this study in relation to the report 1 of ArriveCAN.
I know that there are some follow-ups as well, and we look forward to receiving those.
You are all excused. We're going continue with some committee business here.
I'll suspend for two minutes.
I call the meeting back to order.
Right off the top, I have some housekeeping items and some budgets to adopt for future studies.
The budget of $1,500 for “Report 2—Housing in First Nations Communities” has been sent to you. Could I have approval for this budget, please?
Some hon. members: Agreed.
The Chair: The budget for “Report 3—First Nations and Inuit Policing Program” is again $1,500.
Some hon. members: Agreed.
The Chair: The budget for “Report 4—National Trade Corridors Fund—Transport Canada” is for $1,500. Is that approved?
Some hon. members: Agreed.
The Chair: Thank you very much.
Very good. We're going to go over the subcommittee meeting we had recently. Of note, I'm negotiating with the subcommittee members for a follow-up meeting, based in part on any feedback out of this, to plan the next steps.
I will say off the top that the deadline for ArriveCAN witnesses, as per my email, is tomorrow at noon. Given that it's a caucus day, that probably means tonight for most members because we're locked up without our devices—at least some of us are—for caucus meetings. I will just flag that to you and your teams.
Could I ask the subcommittee members to meet me right after the meeting so that we can try to agree on a time for the next meeting?
I'll go through this and see if I have it more or less correct. Then we'll pick it up from there. There are about eight points.
On March 21, your subcommittee met to discuss and prioritize upcoming business and to review the calendar. We will have a meeting on the 11th on “Report 2—Housing in First Nations Communities”. We'll have a meeting on the 16th on “Report 4—National Trade Corridors Fund”.
We will then have Ms. Anand in the first hour on the 18th. This is per a motion that was passed by this committee but was also discussed, approved and reinforced in the subcommittee. We'll have the Auditor General on the main estimates in the second hour. This was again discussed in the subcommittee. It's also something that we as a committee do automatically.
On April 30, we'll meet on the topic of “Report 3—First Nations and Inuit Policing Program”.
These studies reflect the priorities, alongside ArriveCAN, as provided by the parties of the committee. I think everyone agreed that there were a number of top priorities, and I would say that we settled on everyone's top two. Some parties had a longer list. Others were quite focused, so what I did with the calendar was to fill up what was agreed to.
There was a request from Mr. Desjarlais for possible additional studies on the indigenous studies. Before going too far down that path, Mr. Desjarlais agreed to first have these meetings, and then we would come back to the subcommittee to discuss next steps.
The clerk and I are still working to find a date for Minister Blair, as per a motion that was passed by this committee.
We've scheduled, as per the study on Public Accounts 2023, with the Bank of Canada and the CPP Investment Board. This had previously been agreed to as part of a broader study on Public Accounts 2023. We were able to hear from witnesses from the government members, as well as the Bloc Québécois. These last two are for the Conservatives and the NDP.
We will also be hosting an informal meeting with Indonesian lawmakers on their public accounts committee on May 23, after our regular meeting. This obviously is more in the area of our diplomatic relations as lawmakers. They're hoping to come in to see our committee doing its normal business in public. We'll try to find something on the calendar for that. Then we'll have a discussion with them afterwards.
Finally, we finalized wording for the INAN committee letter, which was distributed to all of you. It was then sent to that committee. Again, that's as per a motion that was passed in this committee.
That's really the discussion that we had and the best that I could distill it, with assistance from the clerk.
I'm happy to take comments on it, and we'll see where we're at there.
Mr. Desjarlais was first.
[Translation]
My apologies, Ms. Sinclair‑Desgagné.
Thankfully, I have the clerk here to correct me.
Go ahead, Ms. Sinclair‑Desgagné.
Thank you, Mr. Chair.
I have a quick question.
You said Ms. Anand would be appearing, but could you remind us what the context was and what the motion was about, please?
[English]
[Translation]
I know that she will be here for only an hour, but the clerk will locate the exact motion.
[English]
In the meantime, I'll turn to Mr. Desjarlais, so we can move things along here, but we'll come back to you, Madame Sinclair-Desgagné.
Did you have a point you wanted to raise, Mr. Desjarlais?
For the members who weren't present at the subcommittee, I have the two reports specific to the ones that the Auditor General tabled. My intention, however, is to speak more broadly to the Auditor General's comments.
In several audits, not just the policing and the housing audit.... You may recall the third audit on clean water she tabled here.... There were 20 years of neglect. She said it was beyond unacceptable. She asked this committee to do more, and to find ways to ensure that those recommendations weren't just agreed to by the department but that there was actually a will to see them enforced.
That's why I think a serious set of meetings is necessary on several issues pertaining to first nations people, above the policing and housing, to include clean water and the study that we reviewed in 2022.
Are there any other comments? Are members satisfied?
The subcommittee, of course, will pick things up again soon.
Go ahead, Ms. Yip.
I had also mentioned that I would like these studies to be considered, namely, the first report under the Canadian Net-Zero Emissions Accountability Act and the third report entitled “Discretionary Powers to Protect Species At Risk”.
Thank you.
Thank you.
[Translation]
I'll now turn the floor over to the clerk to provide the requested information.
The motion pertaining to Ms. Anand reads as follows:
That the committee report to the House that it invites the President of the Treasury Board, Anita Anand to appear for no less than two hours in relation to the ArriveCAN study, and that this meeting occur within three weeks of this motion being adopted.
I wanted to respond to Ms. Yip, but perhaps we can discuss it in subcommittee. If I remember correctly, what Ms. Yip had asked for was the meeting on forests, and that's already taken place. Therefore, we can't add a bunch of reports to what had already been—
We'll talk about it in subcommittee.
[English]
Just a note to the subcommittee, we will probably begin to meet more frequently so that we can have an airing of witnesses and a discussion about priorities that will come from both the government and opposition side to plan out the calendar.
Our next meeting will be on Thursday regarding the second report entitled “Housing in First Nations Communities”.
The witness list for ArriveCAN is due tomorrow.
Are there any other comments?
I'm going to ask the subcommittee members to come up here right after I adjourn the meeting.
The meeting is adjourned.
Publication Explorer
Publication Explorer