Auditor General Karen Hogan addressed reporters today on Parliament Hill, unveiling three significant performance audits that shed light on government practices concerning contracts, funding management, and cybersecurity. The reports delve into the awarding of contracts to McKinsey & Company, the management of funds by Sustainable Development Technology Canada, and the capacity of federal agencies to combat cybercrimes.
Hogan commenced by discussing the audit of Professional Services contracts, focusing on the government’s dealings with McKinsey & Company between 2011 and 2023. The audit scrutinized compliance with federal policies and the value derived from these contracts, which spanned across 20 federal organizations, including 10 Crown corporations. The total value of contracts with McKinsey during the audited period exceeded $29 million, raising concerns about adherence to procurement policies and the demonstration of value for taxpayers’ money.
The findings revealed a frequent disregard for federal contracting and procurement policies among the awarding organizations. Hogan emphasized that while some contracts were awarded through competitive processes, bid evaluations often lacked sufficient information to support McKinsey’s selection as the winning bidder.
The second audit examined Sustainable Development Technology Canada’s management of public funds between March 2017 and December 2023. With the foundation approving $856 million for 420 projects, concerns arose regarding governance and stewardship. Significant lapses were identified, including the allocation of $59 million to projects that failed to meet key requirements outlined in contribution agreements.
The final report addressed the capacity of federal agencies, including the RCMP, CSE, CRTC, and Public Safety Canada, to combat cybercrimes. Hogan expressed deep concerns over the lack of capacity and tools within these organizations to effectively respond to the growing threat of cyberattacks. She highlighted systemic breakdowns in coordination, tracking, and information sharing, emphasizing the urgent need for a unified and coordinated approach to cybersecurity.
The audit underscored the inadequacy of the current system for reporting cyber incidents, citing confusion and inefficiencies in the process. Despite discussions about implementing a single reporting point for cybercrimes, tangible progress remains elusive. Additionally, staffing challenges within the RCMP’s cybercrime investigative teams further exacerbate the issue, necessitating a comprehensive national cybersecurity strategy to address these critical gaps.
In conclusion, Hogan emphasized the imperative of upholding governance principles and existing rules to address the identified shortcomings. She stressed the importance of transparency, accountability, and expertise in procurement practices, fund management, and cybersecurity efforts. While structural reforms may be necessary to enhance effectiveness, Hogan reiterated that adherence to established protocols and the allocation of resources to the right areas remain paramount in safeguarding public interests.