:
I call this 59th meeting of the Standing Committee on Public Accounts to order.
Colleagues, I have no particular business to bring to your attention before we move to the matter at hand, other than to confirm that on Monday, May 25, we have been able to secure our witnesses for the study of chapter 3 on tax-based expenditures. I can also confirm a hearing on the 27th on chapter 5, as directed and requested by the committee.
Today, we will be studying chapter 2, required reporting by federal organizations of the 2015 report of the Auditor General of Canada, referred to this committee on Tuesday, April 28, 2015.
I note that Ms. Cheng is here with us today in the capacity as the acting Auditor General.
Ms. Cheng, please introduce your delegation and give us your opening remarks.
[Translation]
Thank you for this opportunity to discuss “Report 2, Required Reporting by Federal Organizations” of the Spring 2015 Reports of the Auditor General of Canada.
Joining me at the table are John Affleck, principal, and Colin Meredith, director, who were responsible for the audit.
This audit focused on recurring reporting requirements set out by the Treasury Board, by the Public Service Commission of Canada, and by statute. We undertook this audit to respond to long-standing concerns about the burden these reporting requirements create for federal departments, federal agencies, and crown corporations.
The overall objective of the audit was to determine whether selected reporting requirements for federal organizations efficiently support accountability and transparency, and generate information used for decision making in policy development and program management. Overall, we found that reporting intended to support accountability and transparency was serving its intended purposes.
We also found that clear purposes and timelines had been established for the selected reporting requirements, and that central agencies had provided guidance and support to help federal organizations meet them.
However, with respect to the efficiency of required reporting, we found that neither the Treasury Board of Canada Secretariat nor the Public Service Commission of Canada had determined the level of effort or costs involved in meeting the requirements we examined. ln our view, determining level of effort and costs would lead to a greater understanding of the resource implications of these requirements, and would allow them to be adjusted accordingly.
[English]
Furthermore, we found that the secretariat has not maintained a comprehensive inventory and schedule of the 60 recurring reporting requirements stemming from its policies, directives, and standards. Such a tool would both help the secretariat address the burden of Treasury Board reporting requirements and help reporting organizations efficiently prepare the required reports.
The secretariat made some accommodations for the sizes and mandates of reporting organizations when reporting requirements were first established and during subsequent reviews. However, we found that most Treasury Board reporting requirements applied equally to all organizations regardless of their size or mandate. For example, the Canadian Polar Commission, a small organization with 11 staff members, was required to prepare 25 annual or quarterly reports.
We noted that the efficiency and value of quarterly financial reports could be improved to better support accountability to Parliament. We identified only one routine use of the information in quarterly financial reports. The Office of the Parliamentary Budget Officer used the information in preparing assessments of in-year spending for parliamentarians.
Six of the eight reports that we examined were intended to support accountability and transparency. We observed that federal organizations were preparing these six reports. However, they were not meeting the remaining two reporting requirements, which were intended to support their internal decision-making.
We noted that 20% of departmental investment plans had not been completed as required. We also found that about half of the departmental security plans that were due by June 2012 had not been finalized at the time of our audit. A departmental security plan is intended to support internal decision-making by providing an integrated view of an organization's security requirements.
In addition, we found that the secretariat did not take full advantage of the opportunity to use the information in the departmental security plans. For example, although the secretariat reviewed the plans it received and used them to support its policy review, it did not use the information to identify broader government security issues.
In the report, we made six recommendations aimed at improving the efficiency and usefulness of required reporting. The secretariat and the commission have agreed with our recommendations.
Mr. Chair, this concludes my opening remarks. We would be pleased to answer questions that this committee may have.
Thank you.
[English]
I would like to introduce Mr. Michael West, our director general for delegation and accountability, who is with me today.
We are very pleased to be here and to have the opportunity to participate in the work of the committee with respect to chapter 2 of the report of the Auditor General.
As the report notes, the Public Service Commission is responsible for promoting and safeguarding the merit-based appointment system and ensuring that it is free from political influence and, in collaboration with other stakeholders, is responsible for protecting the non-partisan nature of the public service.
The PSC is accountable to Parliament for safeguarding the integrity of staffing in the public service and the political impartiality of public servants. We report independently to Parliament on these matters.
The Public Service Employment Act, as amended in 2005, sets out a staffing system based on values, in which deputy heads have greater responsibilities. The PSC fulfills its mandate by delegating staffing to deputy heads and providing overall policy guidance and tools to assist them in exercising their delegated authorities. We have delegation agreements with 80 departments.
Since 2005, the staffing management accountability framework has set out the PSC's expectation for a well-managed appointment system and has provided a framework for monitoring staffing performance. The PSC has been overseeing the staffing system through regular monitoring and through conducting audits and investigations when needed.
Deputy heads have been submitting self-assessments in the form of departmental staffing accountability reports in which they report on their organization's performance. These provide the commission with the opportunity to assess organizational performance against the staffing management accountability framework and to provide annual feedback to deputy heads.
[Translation]
Based on the overall performance of the staffing system, we have been aiming for continuous improvement and lessening the reporting burden on departments and agencies. A mature staffing system has allowed us to move towards a more effective and efficient model of accountability.
Our efforts to streamline the PSC's reporting requirements have been acknowledged by the Auditor General in the report. We developed a framework in consultation with internal and external stakeholders, including deputy heads. We made it simpler and more focused, with 12 indicators in 2013-14 as compared to 29 in previous years.
A shorter, more concise report makes for a more effective and useful management tool for deputy heads as well as the PSC. Reducing our reporting footprint will allow organizations to put their efforts on addressing their own specific risks that reflect their operational realities and staffing challenges.
Mr. Chair, we have nearly 10 years of experience with a fully delegated system. Our staffing system is maturing and is working well.
[English]
Organizations are building their internal capacities to monitor their own staffing processes, and we are confident that this will lead to improved effectiveness and efficiencies. The Public Service Commission is ready and able to assist organizations in further developing these capacities, which would be more targeted to their needs. At the same time, we have invested considerable efforts in developing our own capacity to better utilize the staffing data collected by the commission, which further alleviates the reporting burden while ensuring the overall accountability of the system.
As I mentioned earlier, our audits and investigations also provide important staffing information. ln addition, we have a survey conducted by Statistics Canada that gathers feedback from hiring managers as well as applicants on their experience within the staffing system. Instead of getting their staffing statistics from the Public Service Commission as part of the annual reporting cycle, organizations can now access the latest staffing data through an online portal.
[Translation]
Where we find problems, we work with organizations to resolve them in real time, as quickly as possible. We are therefore moving more and more towards an approach based on identifying horizontal systemic issues.
ln all of our activities, from outreach to oversight, we look for lessons learned, to identify areas for improvement and to take concrete actions. We share good practices to foster continuous improvement. We are also continuing to adapt our requirements, consistent with the recommendations of the Auditor General.
For instance, this year, we asked organizations to focus their reporting on only three key indicators, in areas of particular relevance, based our integrated information. These are official languages qualifications in staffing, areas for ongoing improvements identified in our audits, and priority entitlements.
[English]
As you may know, the Public Service Commission is responsible for administering priority entitlements, and we work closely with departments and agencies to ensure that the rights of priority persons are respected. This collaboration will be critical for the implementation of the which will provide medically released veterans with greater access to public service jobs.
[Translation]
Let me now turn to the Auditor General's recommendation to systematically adjust required reporting on the basis of its effort, cost and value. PSC is reviewing our policy and oversight frameworks. Our consultations with federal departments and agencies are now underway.
We would like to simplify our policies to remove duplication and minimize overlap while upholding the fundamental principles of the Public Service Employment Act. We also want to more fully integrate all of our staffing information to help organizations and the PSC identify areas where we can improve staffing management and performance.
[English]
We will also be looking to remove any unnecessary requirements and to make sure that any reporting considers effort, cost and value. We expect centralized reporting requirements to be reduced, which will reduce the efforts and costs to organizations. With the more fully integrated staffing system we have available, it will be of more value to organizations. We are still at an early stage but we expect that a more integrated approach to the delivery of our policies and oversight functions will provide further opportunities for increased effectiveness and efficiencies.
ln closing, Mr. Chair, we will be working closely with departments and agencies to help them build a stronger culture of prevention while we continue to deliver our fundamental responsibility to provide independent oversight to Parliament on the integrity of the merit-based staffing system and non-partisanship of the public service.
I would be pleased to respond to your questions.
Thank you.
:
Thank you very much, Mr. Chair. We too are delighted to be here and to help the committee in any way we can with its important work. I'm particularly pleased to be here to speak to the Auditor General's recently tabled report on required reporting by federal organizations.
I'm joined by Bill Matthews, the comptroller general of Canada, and Rita Whittle who is the executive director of security and identity management in our office of the chief information officer branch at the Treasury Board Secretariat.
[Translation]
First, I would like to thank the Office of the Auditor General for their report and recommendations. The issues they examined are extremely important. Reporting is the cornerstone of accountability, transparency and openness.
[English]
The Treasury Board is responsible for establishing the rules and the requirements for financial, personnel, and administrative management across government.
As the administrative arm of the Treasury Board, the secretariat supports deputy heads as accounting officers to implement and ensure compliance with Treasury Board policy requirements within their respective departments and agencies. The secretariat in that context requests and collects certain information from departments, as required by Treasury Board policies, to demonstrate compliance and the presence of expected management practices.
[Translation]
The secretariat also collects information in support of legislative and parliamentary requirements. One example is the data for the Main Estimates. Although the secretariat works with departments and agencies to reduce the burden of providing the base information, the requirements for these reports are beyond our control and were appropriately excluded from this audit.
[English]
The secretariat is conscious of the fact that preparing and providing reports can place a burden on departments. In recognition of this, the Treasury Board has given the secretariat formal direction on reporting through the foundation framework, which is at the very heart of the Treasury Board policy suite. The framework includes a set of smart reporting principles which state that reporting requirements should respect the oversight responsibilities and accountabilities of deputy heads, have a clear purpose, seek timely information to meet that purpose, and be efficient. That is to say that the cost to create and submit information should be minimal, leverage existing data sources, and not duplicate other requirements.
[Translation]
As an example of the secretariat's commitment to these principles, although it will take some time to put these in place, instead of having to ask departments to report, we are assessing the potential for systems that already have the base information that can be extracted to prepare a report.
As demonstrated by the Office of the Auditor General's report and recommendations, we recognize that there is room for improvement and that there are some more immediate steps that we can take. To this end, the secretariat is committed to the ongoing refinement of the policy suite and finding the right balance between the burden of reporting and the utility of the reports.
[English]
As part of our path forward, the secretariat has prepared a management action plan that has been shared with the Auditor General and with this committee.
I would like to conclude by briefly taking the opportunity to provide you with some of the highlights.
The secretariat is updating our guidance to ensure that not only the effort, cost, and value of a report but also the size and mandate of reporting organizations are considered when designing a reporting requirement.
The secretariat is also making a schedule of all reporting requirements publicly available.
The secretariat is reviewing the departmental security plan guidelines to provide effective support to departments in their development, maintenance, and reporting of their plans.
Finally, the secretariat is assessing the feasibility of new reporting mechanisms to more efficiently meet quarterly financial reporting requirements.
Thank you for your time, Mr. Chair. My colleagues and I would be pleased to answer any questions from the committee that we can.
At the time when we completed the audit, we found that about half of them had approved plans. This has to go back to the start of the requirement, really. The policy on government security was approved in 2009. Further to that, there was a directive that required departments and agencies to prepare these kinds of plans.
Really, this is a tool to help them put all their risk postures together so that they can understand what they're faced with, from the physical side to the financial side, as well as the cyber, to ensure that they have a comprehensive view, and to ensure that they have a plan to address the different exposures they think they might have. This helps them put it all together so that they know what they have and they can manage accordingly.
The policy and the directive were in place in 2009. Recognizing that it was a significant exercise, departments and agencies were given time to pull together the plan. That's why the plan was not required before June 2012.
In the report, we note that Treasury Board Secretariat actually did some follow-up as well along the way, trying to see if they were coming along. They were not particularly fast in terms of completing the plans. At the end of the audit timing, we saw that about half of them had completed plans.
Now, because we didn't look at the practices, or didn't look at the state of the unfinished plans, we don't know how mature they are. Treasury Board Secretariat probably has more up-to-date information and perhaps can help us with that.
:
I think that's where the 64% that's been signed off comes from. We've gone from 50% to 64%, it would seem, from what should have been 100% in 2012. I guess we're moving along by millimetres. I would be hard pressed to say that we're inching along, because that would be too fast. There's incremental movement, albeit it's too slow.
There's ample evidence from last year—not in the report, I must admit—of cyber breaches in some of the departments that, Ms. Cheng, you actually looked at in this audit. I agree with my good friend and colleague Mr. Woodworth that it's not just about cyber breaches, but clearly that's the most egregious part when it comes to the protection of data that's confidential.
Last year, we clearly saw that at Transport Canada. It's one of the departments that's actually in this audit and that is talked about.
Mr. Scott-Douglas, do you know whether Transport Canada is actually finished its particular piece? Has it gotten to the end? Is it one of the 64% that signed off?
I see a nod of the head, so....
As we look at the security pieces, one of the things I find troubling, to be truthful, is the speed at which we move along, Mr. Scott-Douglas. I recognize, sir, that you're not responsible for writing these for all these departments. They report to you as to whether they've done them or not. I understand that. It would be nice to have the departments here to understand why exactly they're so slow. Clearly, when it's of such critical importance and the Treasury Board Secretariat puts a great emphasis on it.... You have a person responsible for making sure that we have things secure. Why are things so slow when there's a real sense that it needs to be done, that it's very important that it be done?
From 2012 to 2015 we've literally gone up 14%. That's not quite true; it's only 14% more than that. If you actually break it down, it's less, about a 7% increase. Do you have any sense, sir, of why it is that slow?
:
That's a terribly important question, Mr. Giguère. Nancy might have other things to add to this.
At no time do I want to suggest that any effort at reducing a reporting burden should put at jeopardy the important requirements to mitigate risks, to ensure that we have the appropriate compliance, and to ensure that deputies within departments, the Treasury Board Secretariat, Treasury Board ministers, and indeed, parliamentarians, have the right kind of information they require in order to run their programs efficiently and hold people appropriately to account.
The work of OECD generally, and indeed, the thrust of the work within the secretariat at the moment, is on how you develop reporting requirements in a way that ensures you have an appropriate sense that the right risks are being mitigated and the right kind of excellence is being pursued where it ought to be, without unnecessarily burdening departments and agencies. It's really getting the balance right between ensuring that you're maintaining a proper oversight on departmental performance without unnecessarily burdening anybody in doing their jobs.
Thank you to our witnesses again today.
I want to thank the Auditor General's office for this report. I'm one who comes from the private sector where reporting is very important, which I tended to live with in my past. This is helpful information and I like the direction that we're going in here.
I'd like to direct my questions to Treasury Board specifically, and I have a feeling probably they're for Mr. Matthews, but Mr. Scott-Douglas, jump in if it's for you.
I wonder if you could just walk us through the content of a quarterly financial report as you're able. I know there's tremendous data and usefulness to these reports, but perhaps you could also explain how departments' quarterly financial reports are somewhat different from those in the private sector where I've come from, and how we might benefit from them.
:
Sure. Thank you for the question.
I'll start with the broad similarities and then go into some specific differences.
The actual idea for quarterly financial reports from departments originated in the Senate with a private member's bill by Senator Segal, if I recall correctly. His whole notion was that the government should be like the private sector from an investment perspective. If you hold stocks in the private sector, investments, you look to see the quarterly results of that company. When he looked at the federal scene, what he saw was a federal budget, which is planning information, financial statements at the end of the year, plans for each department to start the year, and results at the end of the year, but nothing in the middle of the year, except a monthly report from the Department of Finance. It was whole of government. When you were looking for information on department by department during the year, you couldn't find anything.
That was the whole premise. The government picked it up in a piece of legislation and put the requirements for quarterly reports right into legislation.
The similarities are that basically you have a financial report and a narrative or discussion and analysis that explain what's going on in that quarter. It explains the current quarter versus the same quarter in the previous year. It also looks at year-to-date numbers, current year versus previous year. Those are the similarities.
The difference is that in the government, Parliament votes on department funds. When we're preparing the quarterly financial statement requirements, we thought it would be more relevant for Parliament to know how departments are spending the funds that Parliament had voted to it, so they're appropriation-based. That's the big difference.
If you go to the private sector, you would see a full set of full accrual financial statements, balance sheets, statements of revenue and expenses, comprehensive income. It's more onerous, to be honest. The other more onerous piece in the private sector is, because there are investments riding on the line, there is a degree of assurance provided from the auditors; whereas in the federal government these quarterly financial statements are made public, they are not looked at by the Auditor General in terms of any types of insurance.
That's the quick answer.
:
I'll think about the whole cycle.
I've mentioned the budget already, which is your starting point. It's a planning document for the whole of government. You have that followed by the estimates, which is what Parliament is being asked to vote on for departments. That gives you the cash resources for each department. We accompany those with each department's report on plans and priorities, which is their annual planning document. Those documents are followed up with actual documents. That's a tenet of our system: a planning document followed by an actual document. The actuals would be the departmental performance reports on a department-by-department basis.
You have the public accounts, which this committee is very familiar with. Then through the year you have something called the “Fiscal Monitor”, which the Department of Finance produces on a monthly basis. That gives the whole-of-government financial results, and a few years ago that was supplemented by these quarterly financial reports that are done on an appropriation basis.
The one other thing I should add, Mr. Chair, is that since the advent of quarterly financial reports, there has been a database that the Treasury Board Secretariat produces. It contains much of the same information as is contained in the quarterlies, but also some other statistics. That's updated every quarter. It's open to the public. You can get spending data, appropriation data, and a number of personnel data. What you don't have is the narrative, but you have all the data there. That has come along since these quarterly financial reports were legislated.
:
Thank you for the question.
There are a couple of things I should highlight.
Number one, since the investment plan was finalized, the key changes that were made were really to help the small organizations by requiring less documentation. Instead of going to Treasury Board for approval, they could submit their investment plan via a letter to Treasury Board Secretariat pro forma. There are some nuances, depending on the size of the organization. That's one change.
Lots of information sessions and guidance have been given on how to best produce these things. Still a fair comment is whether we have the balance right between large and small. That's something we'll look at as we go through the policy reset that my colleague Roger Scott-Douglas talked about.
We will likely make some additional changes as we reset the policy.
What I will say is that I pulled together a group of chief financial officers about three months ago to talk about the investment planning policy. The first question I put to them was whether they found this useful and did they think that we still needed a policy. The answer was a resounding yes. We had a follow-up conversation and we have the headlines right. We probably have some thinking to do on the details, but grosso modo we think it's working quite well.
:
Thank you for the question.
Yes, we have reduced the indicators from 29 to 12. What we noticed is that as part of the 29 there were some that were actually overlaps and some that were somewhat duplicative, which made the reporting much more burdensome for departments. The 12 that have been put forward were some of the key ones, and they've been used as is indicated in the report.
What we've now noticed at this point is that we have received very good data and very good reports from departments, which indicates that the staffing system is extremely mature. What we're seeing is that even if we continue to ask on a regular basis for the reporting, the activities demonstrate that the levels are being maintained.
In the context of the monitoring we do and as well in the context of the fact that we receive other forms of information through our different oversight mechanisms, such as audits or investigations, we're able to see that there is stability within the system. Therefore, depending on the size of the department and the number of activities, we can actually take a bit of a step back.
We're even considering at this point whether or not some of the burden can be reduced in certain departments. Small and micro departments may have two or three staffing actions a year, so it's a bit ridiculous to ask them to do really big reporting on 12 indicators.
We're looking at what's happening horizontally in the system to see whether or not we're seeing signals that the system probably needs to be reviewed in certain aspects. Instead of forcing departments to perform on 12 indicators, in the past two years we've been going to six indicators a year to make sure that we have a full cycle, and to see what was happening with the indicators. Actually, this year we've asked departments to report on three.
The reason we chose three is that we knew things were going well in the other areas of activity, and we needed to have further data on what was happening with official languages. Also, we always ask departments, if they've been audited, to report on the audit conditions or whatever observations we've put forward to them. We also ask that they report on the priority system, because we noticed through our different mechanisms that certain activities in the priority systems were not quite up to par in all departments.
More and more, as we're doing an integration of our policies and our oversight tools, we're looking to see this through different signals and also through the accountability that is exercised by the delegation to deputies. They best know their operations. They best know their activities. Therefore, what we're going to be thinking about as we're moving forward is for deputies to ask their systems or their departments to report to them and to share that information with us. The problem with going with a set of indicators is that it may not be pertinent to everybody that year, so deputies are in the best position to know what they need to be accountable for in the context of their staffing system. Sharing that information with the commission will give us the right data that we need to compile through the cycle.
I don't know, Michael, if there's anything I've missed that you want to add.
:
Mr. Chair, as Mr. Matthews has pointed out, the purpose is really to try to help parliamentarians understand the end-year use of the funds. If appropriation dates are going to serve that purpose, if they're going to be more meaningful in terms of what the financial performance of a financial entity is, then an appropriation-based accounting would not necessarily be appropriate. So, really, it's for a better understanding as to how Parliament intends to use that information and what the best way is to provide that information.
Mr. Matthews also alluded to a database. Is that a better way to do it? In other words, it would be important to determine the real purpose of the quarterly financial statements, have a better understanding of them, then decide whether the form and the manner prescribed right now under the Treasury Board accounting standards, the TBAS, were the most meaningful way to meet that.
Right now as it stands, status quo doesn't seem to be serving one purpose or another, so it's basically just a form that people try to accomplish, providing some narrative and providing some use of appropriation information on a quarterly basis. The departments don't seem to be making much use of it. It's not clear to us how Parliament's making use of that, and the only thing that we saw was the PBO, and even then we thought that the format wasn't particularly all that helpful to them. So status quo, if it requires work from departments and agencies, and it doesn't seem to be serving a really good purpose, that's what we encourage the Treasury Board to look at to see if we can make improvements on that.
:
Thank you very much for that question.
This was alluded to a little bit earlier as a very important issue generally. I might just point out, looking at the reports that the Auditor General selected to report on, that two of them do already have built into them aspects that touch on the need to scale appropriately for different-sized departments.
Bill mentioned earlier in his remarks that the department investment plan has been fine-tuned to ensure that small departments and agencies have less burden in the preparation of theirs, and as it's noted on the official languages annual review as well, it varies by entity and there are some particular accommodations made there; some report every three years and some every year. That process is already built in.
A lot more can be done, and it's been alluded to already in a couple of other questions about this particular burden.
Through the policy reset, all Treasury Board policies, not just their reporting requirements, but other aspects of risk mitigation that might be included in their requirements, are being put through a sieve, if I can put it that way. One of the things needs to be to ensure that the principle of proportionality is in play, that the requirements and the burden of complying with those requirements is proportionate to the risk, and where there's accommodation that needs to be made for small departments and agencies, that will be part of the challenge function in the renewal of the suite.
It was just to add to the answer given by Nancy. She'd mentioned the quarterly financials as a transparency report. What this means is that report was put in at Parliament's request through legislation for Parliament. Do I use the quarterly financials in my day-to-day job? No, I do not.
I do use the database that has come along. Frankly, it's more robust than the quarterlies. What the audit revealed is that the Auditor General couldn't find people actually using the quarterly financial reports. The question was, is it better served through the database? I believe that Nancy said that.
That's really the only point I wanted to highlight. They're clearly not being used. I don't believe that the audit actually surveyed parliamentarians, but in my time at committee, I don't recall discussing them very often.
We do monitor the number of hits we get on our Web pages. They are looked at, but very quickly. You might get 500 hits on the quarterly financials during a quarter, two minutes at a time type of thing. They do get some attention. The PBO did mention that they use them from time to time, but aren't always able to find the answers that they're looking for.
I just wanted to expand on it. It's clearly a report for transparency purposes. It's for parliamentarians.
:
Thanks, Mr. Albas. Thank you, all.
If I might, I have just one very quick question before we close.
On the security plans, again, when the audit was done, something like 51% were done, and almost 50% not done. Here's my difficulty. Given the current climate, and given the current government's focus on security, and given the fact Mr. Scott-Douglas indicated that Treasury Board had provided guidelines, seminars, workshops and enhanced templates, and that Comptroller Matthews said that in addition to the obvious benefit of having a security plan, which speaks for itself, there was also the benefit of having to go through the exercise of the process, more efficient, less oversight by Treasury Board.... That was the main issue.
There were all kinds of benefits, and yet here we are now before the committee and at the time, 2012, you had almost less than half, about half, not done. Here we are three years later, and at best, you've got, and I'm not clear between the 80% and the 64%, but even if the 80% means completed, that's still one in five that's not done. If it's 64%, it's even worse.
My question is how on earth, given the importance of this and the amount of time that's gone on, can there possibly be any plans that aren't done?