HANSARD
Printed and Published by Nova Scotia Hansard Reporting Services
Ms. Maureen MacDonald (Chair)
Mr.Chuck Porter (Vice-Chairman)
Mr. James Muir
Mr. Keith Bain
Mr. Graham Steele
Mr. David Wilson (Sackville-Cobequid)
Mr. Keith Colwell
Mr. Leo Glavine
Ms. Diana Whalen
WITNESSES
Department of Finance
Ms. Vicki Harnish, Deputy Minister
Ms. Suzanne Wile, Director of Government Accounting
Mr. Byron Rafuse, Controller
Mr. Steve Feindel, Director of Corporate Information Services
In Attendance:
Ms. Darlene Henry
Legislative Committee Clerk
Ms. Sherri Mitchell
Committees Office
Mr. Jacques Lapointe
Auditor General
Mr. Alan Horgan
Deputy Auditor General
Mr. Neil Ferguson
Legislative Counsel Office
[Page 1]
HALIFAX, WEDNESDAY, FEBRUARY 18, 2009
STANDING COMMITTEE ON PUBLIC ACCOUNTS
9:00 A.M.
CHAIR
Ms. Maureen MacDonald
VICE-CHAIRMAN
Mr. Chuck Porter
MADAM CHAIR: Order, good morning. I'd like to call the committee to order, please. Today we have with us, from the Department of Finance, various officials. The focus of today is following up on the chapter in the Auditor General's Report. We will start in the usual manner with introductions and an opening statement from the deputy.
[The committee members and witnesses introduced themselves.]
MADAM CHAIR: Thank you. Ms. Harnish, the floor is yours.
MS. VICKI HARNISH: Thank you. Good morning, Madam Chair, committee members and staff. The Department of Finance has been invited to your committee today to discuss Chapter 2 of the Auditor General's Report on payments to vendors. I have brought three staff with me who are experts in this area and they've just introduced themselves, so I won't do that again. As usual, I'll take the general questions and I'll refer detailed questions to my colleagues.
I would like to begin my remarks by saying that the Department of Finance recognizes and appreciates the importance of the work of the Auditor General's Office. We work closely and in an ongoing way with the auditors from this office throughout the year and in many aspects of our business. As we are the host department for government's Internal Audit Centre, we also have a very strong appreciation of the value of auditing in our management process, including principles of risk management.
1
[Page 2]
Internal controls are important for all organizations, public or private. For all government departments internal controls ensure that government programs and services operate effectively in compliance with policies, laws and regulations. Part of that is protecting the integrity of public funds, of particular interest to those who manage a large amount of money, as we do here at Finance. However, it is important to note that internal control systems, no matter how well conceived and operated, can provide only reasonable and not absolute assurance to management regarding any aspect of their business and the choices that our managers make to control the risks they face always involve a balance. Yes, we must have strong controls in place; however, the measures and processes cannot be so strict and cumbersome that they grind the operations of government to a halt.
The Auditor General's comments in Chapter 2 helped identify some specific areas to improve. There were references to segregation of duties, testing of payment transactions, control of the vendor master file, and internal control documentation. We accept most of the observations made and we are moving to make improvements. However, it is important to note that we do have extensive control systems already in place. We can elaborate more on these, but I would like to mention a few now.
Across the Finance system, we have been working to improve documentation and compliance with procedures and processes. Our standardized SAP systems for Finance, payroll and, more recently, HR also contain built-in control systems not only for government departments but also school boards and soon, health authorities and each year we continue to make these stronger. This standardization results in efficiencies for tracking and managing government funds in a consistent and secure manner.
SAP provides the capability to provide for standard business processes based on best practices within our business operations. We now do annual audits on our Corporate Information Systems Division and this has reinforced a controls-conscious approach in our organization. That's a quote from our external auditors when they last did our Section 5970 audit - they commented, in fact, on our improving controls consciousness.
We are pleased to inform you that we are in the process of rolling out new SAP security profiles for government accounting users and those in financial services units in all departments. In fact, we finalized government accounting just two days ago. These profile changes address concerns of management and auditors regarding segregation of duties and access to the system. We would also be pleased to elaborate on the considerable improvement in the area of controls in the area of payment production.
We have centralized more of our payment production which adds level of control. We have also reduced the use of paper cheques in favour of electronic bank transfers where possible. This helps eliminate many risks that were part of the old paper-based system so we believe that, while there will always be room for improvement, we have already come a long way. Not only have we responded to the Auditor General's Report, but we have taken the
[Page 3]
initiative to commission our own audits. These audits help us continually improve our processes and ensure procedures are in place to minimize risks.
The purpose of establishing internal control processes is to minimize risk. Along with our system controls we feel that we have the necessary compensatory controls in place to achieve an acceptable level of risk management. There will always be risk associated with vendor payment transactions, there is no way to create a system that is flawless. What we have worked to achieve is a system of checks and balances that helps ensure the best controls possible to address weaknesses and protect government transactions. Thank you for your time today.
MADAM CHAIR: Thank you very much. The opening round will be 20 minutes. I recognize Mr. Steele for the NDP caucus.
MR. GRAHAM STEELE: Thank you very much, Madam Chair. I want to start by providing some context for the questions that I'm going to ask afterwards. We are talking here about a very large amount of money. Payments to vendors may sound like it's when people sell government paper or paper clips or something like that, but it actually is much more than that. Essentially it's every payment other than things like amortization, interest expense and salaries.
According to the Auditor General, this chapter on payments to vendors covered $6.3 billion in the fiscal year 2007-08 - we're talking about a very large proportion of provincial spending. This audit also covered core government business, it didn't cover district health authorities, school boards or Crown corporations. The purpose of the audit was to assess the adequacy of controls over payments to vendors. The conclusion was - and I'm going to read it because this is important - the Auditor General's conclusion was that, ". . . key controls did not operate effectively throughout the year to ensure all payments and related accounting records are complete, accurate, authorized and provide adequate linkages to other relevant accounting documents or records." And that is a lack of key controls over $6.3 billion.
Then we get to what to me, as a member of this committee and a member of the Legislature is the really startling bit: "Past reporting by our Office has highlighted internal control deficiencies in specific entities and across government. The prevalence and types of control weaknesses found by this audit, and the significant funds flowing through payments to vendors indicates that government needs to be very concerned about its state of internal control and address the matter in a prompt and thorough manner."
Yet, leaving aside the remarks that were just made by the deputy minister, the government does not appear to be very concerned, which the Auditor General says it should be.
In its brief formal response to the audit, the Department of Finance says the
[Page 4]
following: "Generally speaking, the findings and recommendations concerning segregation of duties, payment transactions and control of the vendor master file, address minimum risk activities and in many cases there are compensatory controls in place to address the weakness identified." Now to me that sounds like the Department of Finance saying, it's no big deal.
You both can't be right. Either the Auditor General is overstating the deficiencies or the Department of Finance is understating them because you can't both be right. Now, which one is it? Is the Auditor General overstating the problem or is the Department of Finance understating it?
MS. HARNISH: I believe that it's important to note that we have, in fact, work completed to respond to the recommendations of the Auditor General - for the last number of recommendations of the Auditor General over time - of exceptionally good progress, in fact, in that area. For example, there was a financial application controls audit a couple of years ago with 24 recommendations. We accepted 23 and that work is 100 per cent complete.
The 5970 audits - we have those done ourselves of our own volition each and every year on our internal IT systems. Every time we receive recommendations from our auditors, we respond immediately to those. We are over 70 per cent completed on the recommendations of both of the last two of those audits. We are not just sitting around and twiddling our thumbs.
MR. STEELE: Okay, but the problem is that the Auditor General doesn't agree with you and you can't . . .
MS. HARNISH: Well that would be his opinion . . .
MR. STEELE: Wait a minute now, I haven't asked my question yet. The Auditor General doesn't agree with you. In the same report, the Auditor General points out in Paragraph 2.22 that his findings around incompatibility of functions are similar to those in the 2006 audit. The Auditor General says, and it's not me saying it: "We are concerned that, two years later, our recommendations to address these segregation of duties issues have not been completely addressed."
[9:15 a.m.]
This is a pattern that is developing with the Department of Finance in particular, where the Auditor General makes recommendations and the Department of Finance in its official response essentially says, it's no big deal. Then a couple of years later, the Auditor General goes back and says you know what, the recommendations still aren't implemented, we still have the same problems.
I'd like to actually address this question . . .
[Page 5]
MS. HARNISH: Is there a question?
MR. STEELE: Yes, but it's not for you, it's for the Auditor General. I want to address a question to the Auditor General. Now, you've heard what the deputy minister has said so far this morning and it seems to me that when you take what you have said in your report and the department's response that there's a disagreement about the importance of the matters that you've raised. Now, are you overstating the problems, Auditor General, or is the Department of Finance perhaps not taking your recommendations seriously enough?
MADAM CHAIR: Order. Mr. Muir.
MR. JAMES MUIR: I'm relatively new to this committee, but I thought the witnesses were over there, not over here and is this . . .
MADAM CHAIR: No, order. It's common practice to ask the Auditor General questions during these meetings. Yes, it's part of our procedure. That's why the Auditor General . . .
MR. MUIR: So are we getting information from the Department of Finance or are we getting information from the Auditor General?
MADAM CHAIR: The question is not out of order to the Auditor General.
Mr. Lapointe.
MR. JACQUES LAPOINTE: Yes, to answer that question, I don't believe that we tend to overstate our conclusions, our findings or our recommendations in our reports. We attempt to simply identify problems as we see them and to list what we find and to report it. We then try to recommend what we feel are reasonable solutions to what we find, so that we've reported on findings in various areas of finance and financial operations over the last several years, as have other auditors, and we simply were in this report stating what we felt was the situation.
MR. STEELE: Now in this audit, Mr. Lapointe, you raised some concerns that your recommendations - very similar recommendations in your 2006 audit - had not yet been implemented and you've heard the deputy this morning say that as far as they're concerned, they have essentially implemented all of them, or very close to all of them, on some scores. Another percentage that was offered was 70 per cent.
There seems to me to be some incompatibility here between you raising concern about recommendations not being implemented and the department saying that they are being implemented. What's your comment on that?
[Page 6]
MR. LAPOINTE: Well, it may very well be that more have been implemented since. At the time that we were writing this, we were simply reporting how much had been implemented at that time and our stats at the time were that there were large numbers still in progress and that had not been done.
Now the situation today, which is quite some time later, perhaps a year later, we don't really know.
MR. STEELE: So when you were writing the audit, is it fair to say that you were concerned at that time that the recommendations from the 2006 audit had not been implemented to your satisfaction?
MR. LAPOINTE: Yes, this was around, I guess we're looking back at perhaps last October. At the time we had stats that said that as far as we knew, they had not all been implemented and so that's simply what we reported then. So it may very well be that the situation today is quite different. We haven't gone back since.
MR. STEELE: Now, Ms. Harnish, when an audit is undertaken it's my understanding that the Auditor General reviews the scope of the audit and the audit criteria with the department. Now the purpose of that is to reduce or eliminate any later argument over whether the standards the department is expected to meet are reasonable. Did that happen in this case?
MS. HARNISH: He would have reviewed them with the controller.
MR. STEELE: Did the department tell the Auditor General at that time, or at any time during the audit, that it considered the activities that were being audited to be "minimum risk"?
MADAM CHAIR: Mr. Rafuse.
MR. BYRON RAFUSE: If I can answer that question, in regard to the samples that were pulled for this particular audit, which were 163 samples out of a million that we conduct on an annual basis of payment transactions; some of the ones which were pulled, the Auditor General did ask the line CSUs to comment on the findings and also reviewed them with me as well. Some of the findings were characterized as minimal risk, and I'll give you an example as to why they were characterized as minimal risk, given the fact that we have compensating controls outside of the system to address these things.
Some of the samples were recurring payments to nursing homes at the Department of Health, of which the amount that is paid on an ongoing basis is a set amount paid every two weeks to the same home, of which the foundation of that payment is the approved business plan associated with that home. So a lot of rigour goes into that process that
[Page 7]
establishes that payment. Then a recurring payment is set up in the system. So if you happen to pull an invoice or a payment from that set of transactions and a cost centre does not appear on that one, well that is a minimal risk transaction because it is a recurring payment to that home, of which the cost centre does not change and therefore - and there's management control around that process. There's also management controls and review of those transactions subsequent to the payment, to ensure that the right cost centre was charged for that although it does not change, so there'll be minimal risk as well, so that's why those types of activities were characterized as minimal risk.
MR. STEELE: But I think there's a distinction being drawn between minimal risk of certain transactions in the sample and what the Department of Finance actually says, which is that whole categories were minimum risk.
Now one of the department's other answers is - and you've just repeated it now - is there were compensating controls, meaning, well, maybe we didn't do it the way the Auditor General wanted it done but there were other things that we do that essentially make up so that, at the end of the day, we still have controls.
Now during the audit, did the department not bring those compensating controls to the Auditor General's attention? Was the Auditor General aware of those compensating controls?
MR. RAFUSE: It depends on which audit we're referring to because that audit actually refers to several audits. The application control audit, which was referenced in this audit, compensating controls were not viewed or regarded in that audit and that's why we always viewed that audit as being very limited in its view, because it did not look at the compensating controls.
In this particular audit which references that audit and the samples that were pulled, we did cite, and the line departments I do believe cited, that there are compensating controls in place associated with these things, which led to - it doesn't change the finding - the response that these were a minimal risk.
MR. STEELE: Okay now, Mr. Lapointe, part of the department's answer to this is basically it doesn't matter that you found deficiencies because basically they have compensating controls. Do you agree there were compensating controls that make up for the deficiencies that you found?
MR. LAPOINTE: Well, there may be some cases in which there were compensating controls around some of these deficiencies. There were cases in which some of these controls wouldn't have been brought to our attention and we wouldn't have known about them. I can't see that you can make a blanket statement, as is done in this response which I find disappointing, that overall these were all low-risk findings and there were compensating
[Page 8]
controls overall. That's too broad a statement and it's just not reasonable to assume that there were compensating controls covering all of the deficiencies that we found.
MR. STEELE: Okay, thank you. Ms. Harnish, do you remember the name Sheila Brown?
MS. HARNISH: From the Mount?
MR. STEELE: No.
MS. HARNISH: I'm sorry.
MR. STEELE: Well, let me remind you, there is another person with that name but that's not the one I'm referring to. I'm referring to the Sheila Brown who was a low-level clerk in the Department of Service Nova Scotia and Municipal Relations. She was able to perpetrate a fraud against the government that lasted seven years, involved 137 separate transactions totalling over $360,000. She was able to do that because she had access to incompatible accounting functions, which is precisely one of the deficiencies identified in this audit that we have in front of us, which is dated November 2008.
Now the particular fraud involving Ms. Brown was discovered in 2004 and on March 30, 2005, this committee inquired into that fraud. We were assured by responsible officials, including Mr. Rafuse, who I believe was making his first appearance before this committee as Acting Controller - not his first-ever appearance but his first appearance as Acting Controller - that steps were being take at that time to make sure that such a fraud could never happen again. Yet, four years later, the Auditor General is telling us, telling the province, telling this committee, that the same problem with incompatibility of functions still exists. When is the department going to fix that problem once and for all?
MS. HARNISH: There were compensating controls in place in that case, they broke down. That was human error as much as anything else inside the department - it shouldn't have happened.
In terms of incompatible access, my controller does say the incompatible access isn't still in effect; that particular transaction couldn't take place again. We rely mainly, and in large part, on segregation of duties to provide safeguards against misuse of public funds.
In many cases, we are forced to provide access to certain sometimes incompatible functions for a number of reasons. In that case, compensating controls are put in place.
Now we've just completed - in fact, we've initiated, probably 10 months ago a complete security review of every SAP user's profile to flesh out all cases where control access appears to be incompatible. We are working our way through every one of those
[Page 9]
almost person by person right now with this particular security review to identify where incompatible access is not required, removing that access and to identify where it is required for business purposes, flag that to either my own staff if it is within the department or to the line CSUs if it's outside in the line departments, that those incompatible access rights exist and tell them to make sure that you have compensating controls in place.
We don't take lightly any of these findings. Where we believe we can remedy them and remove the need for external compensating controls outside the system, we're doing so, but in some cases there are and there will always be a requirement for incompatible access just so that we can continue to do business. Now the types of compensating controls we put in place are largely due to people doing their jobs, it's additional sign-off by managers, things of that nature. When that breaks down, the system doesn't work.
MR. STEELE: When we inquired into this four years ago, I don't think we took the answers we were being given as being that the deficiencies for the refunds clerk in that particular department was the only thing that was going to be fixed. I know at the time, I certainly took the answer to be that the whole issue was going to be examined very carefully because remember, this fraud that had been perpetrated lasted for seven years, 137 transactions, and $360,000 before it was discovered. Our Auditor General is telling us today that essentially the same problem exists. If we were assured four years ago the problem was going to be fixed and it isn't, what assurances can you give us now that the problem is actually going to be fixed and we're not going face one of these frauds again?
MS. HARNISH: Well I've just explained to you that we have taken significant action over the last several months on the subject of incompatible access itself. Certainly, within the next year we're also going to be installing audit software that allows us to go back in on a regular basis inside the department and identify cases of incompatible access. If it occurs over time, if it kind of creeps back in, we'll be producing regular reports on that and making management, either in my own department if the incompatible access exists internally, or in the line department, if it exists there, ensuring management is aware that the incompatible access still exists and that they have adequate compensated controls in place.
I think we are making good progress on this. We do take these issues quite seriously.
[9:30 a.m.]
MADAM CHAIR: Order, the time has expired for the NDP caucus. I recognize Ms. Whalen for the Liberal caucus, you have 20 minutes.
MS. DIANA WHALEN: Thank you very much and welcome this morning. We're happy to be able to go over the recommendations that came from the Auditor General and have this time with you to discuss that and perhaps a few other issues as well because I know you've already gotten a good start on the issues that are here in the Auditor General's Report.
[Page 10]
I did want to, by way of context, just mention that when the Auditor General had brought his recommendations to us, one of his overall comments was that within government there doesn't appear to be a culture of control. I know that is very much a concern to us and would be as well to you. I think in making those comments, he was talking about his recommendations over the years not being perhaps adequately addressed - not solely by your department, but across government. I wonder if you could comment on that, as I say, as an overarching statement saying that we don't have a culture of control in this province?
MS. HARNISH: I believe that we are making significant progress in this area. Cultural change doesn't occur overnight anywhere for any kind of change. Certainly within the Finance Department, which is where I can most confidently speak, we have come an awful long way in the last number of years since I've been at the department myself. I referenced earlier the fact that the external auditors who have been doing our regular 5970 audits, those would be our system audits of Steve's operation, has commented most recently on the controls consciousness that he is starting to see become much more apparent inside the Core Competency Centre. It takes a while to get people to really embrace the need for controls which they may find cumbersome, or that would slow them down.
I also have to tell you, we get pushback from the business who finds the controls when they want us to do something, delay our immediate response because we have appropriate procedures to go through in terms of seeking approvals, documenting what's being done, granting access for a limited time to make a change, for example. We're working with them as well so that they understand that this is a necessity, tone at the top and your overall control environment is really the first essential element in an effective internal control program.
MS. WHALEN: I would agree that progress has been made; it would appear so. As you say, your other auditors are saying that you have increased control consciousness, but we've been looking at this for many years. I've been an MLA now for five and a half years and I know, I think it was 2004, the question about lack of control and the access to the SAP system was mentioned at that time. I think I just heard you a moment ago answering to Mr. Steele that you are now checking person by person and going through those accesses. Why would that not have been done so much sooner when there was a much earlier report that pointed that out, specifically in the computer access?
MS. HARNISH: We've done and implemented an awful lot of new programs and processes over the last number of years. You pick off what you can as you can accommodate the workload among other things. Certainly we had confidence in many cases that internal controls were complemented by the other compensating controls that we speak of and so placed less priority possibly on some of the access rights than on other elements of the recommendations that we were implementing over time.
I would say it was probably eight or nine months ago that we secured the services of
[Page 11]
an individual capable of doing the job and he has been working his way through these for a number of months now.
MS. WHALEN: Just in relation to the SAP alone and those earlier recommendations that the access had not been properly monitored and so on, I think it's fair to say that that has been slow in coming and I think that we'll leave that now that you are doing it now, that is a good thing, but I think it is fair to say that it has been a long time in coming to fruition that you're actually working through.
I wonder if we could talk about your ability to manage the workload and just resourcing within the controller's area. I think this would rest primarily in the controller's office, so I'm just wondering if you could relate and let me know to begin with how many people you have that work in that, is it the government accounting office, is that what you call it?
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: There's approximately 20 people in the government accounting office and in the corporate information system, 65 would be what we are running in systems right now.
MS. WHALEN: And the second one of 65, that's more . . .
MR. RAFUSE: That's corporate information, that's running the systems.
MS. WHALEN: That's the IT section really.
MR. RAFUSE: And then we also have the corporate payroll side as well which has 15 individuals running payroll services for the province, school boards and pensioners.
MS. WHALEN: In a number of other provinces we actually have an office of the comptroller general, that seems to be a common structural thing in other places. Can you tell me how you might relate to other provinces in terms of your resources available? I don't know if it is Ms. Harnish or Mr. Rafuse.
MR. RAFUSE: I think there is a council of controllers and we do share information. We are structurally set up differently so the comparison is hard to make when we have different responsibilities. For example, New Brunswick does not run a corporate information system, so they don't have a comparator on the information side of things. I'm not sure, I do know I would relish to have some of the levels that maybe B.C. might have because they have quite a large one, but they have different functions. They also have internal audit reports to them and I don't have internal audits, so it's hard to make that kind of comparison.
[Page 12]
MS. WHALEN: Okay. Do you know how many internal auditors we have in the province?
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: I think we have 14 or 15 inside the Internal Audit Centre in the Department of Finance. Now there would be auditors resident in some of the Crown corporations, for example, some of the line departments have some of their own audit staff as well. Community Services has some folks assigned to them, for example, the Department of Health, I believe, has a couple. We are, in fact, looking at the overall structure of internal audit to see whether we may more effectively operate from - pull some of those folks in to enhance our own capability and redeploy them.
MS. WHALEN: I think it's an area we've had here in the past about the internal audit. It sounds like there may be a few more people there now, but it hasn't been a large focus for our government and I think it is important. I had just looked at New Brunswick and they have about 47 people in the office of the Comptroller General, so I was trying to get a relative sense about a province that is, in fact, smaller than ours and how we compare.
I think your comment is quite telling when, as you say, you have to prioritize and decide what you're going to do first or how you're going to tackle each of these issues that come up. I think they are very important and probably you are inundated with very important initiatives that need to be dealt with, but we want to see these basic controls in place. I think to suggest that certainly your job is to let the other departments know when you have these controls in place, that they shouldn't be impatient, they have to be followed, but the Auditor General found a lot of areas where there weren't any written procedures. I don't have the exact number here, but he goes through the number he looked at, 163 files, there was certainly one process without any approval, two that didn't have authorization, it came through with employees without the authorization to do it, some that had no processes documented and overall there were quite a number that were tested and found not to have the right documentation, 31 out of 163 didn't have either the right coding of one sort or another - that's 2.3 in the report.
So those things are significant when they're added up and I think that that's very much what we heard from the Auditor General was individually any single issue that was flagged may seem small, but collectively they represent then that lack of control within the systems. I'm wondering if you could comment on that. It carries on a bit from what Mr. Steele was saying about these maybe seeming small, but overall does the department understand that collectively they're a big issue?
MS. HARNISH: In many cases what would have happened is the procedures are in place, the procedures are appropriate for one reason or another. An individual manager or an individual clerk failed to adhere to process and procedure. We're not in a position to make
[Page 13]
sure that everyone always does their job, however, one of the things we have done and we've started is an initiative to review kind of common errors.
Suzanne and her staff prepare what we're calling accounting directives which talk about a common error that is made very routinely, and they document and remind people that the procedure needs to be adhered to for specific reasons. They get out and talk to the accounting managers to remind them they have to oversee staff to ensure they perform their functions appropriately.
We're trying to build a culture right across the system where folks understand the controls are there for a reason and if they're not adhered to, yes, they may be a nuisance, but they still must be adhered to because there's a reason.
MS. WHALEN: Well I think it sounds to me like you recognize what the Auditor General has been saying about that culture of control perhaps not being there now and that your job is to continue to try to bolster it, that's what I'm hearing you say, is that you are trying to bolster this throughout not just your department.
MS. HARNISH: We are. We received approval from the Audit Committee of Deputy Ministers at the last audit committee meeting to initiate quite a large initiative on internal controls over financial reporting. That will address internal controls both from the overall environment, the top, the entity level, at the IT systems level, and then at the business line level.
MS. WHALEN: Ms. Harnish, are you the leader in terms of those initiatives as the Department of Finance Deputy Minister?
MS. HARNISH: They were initiated yes, by the controller and with the support of the senior financial executive forum, which would be the executive directors of Finance right across the system.
MS. WHALEN: Can I ask you directly, your response to the Auditor General's Report, the short response at the back of the chapter, has really soft language. In that you accept the recommendations, but you say, "The Department of Finance through the Controllers Office, will ensure that Corporate Services Unit and corporate staff are reminded of accounting policies and processes and, if needed, arrange for appropriate training."
It's very soft just to remind people, rather than to say this is really important, we have to do better, we've got to pull ourselves up by our bootstraps, or something strong.
MS. HARNISH: That conversation has taken place and I think you may have been in the room. The controller had that same conversation with the senior financial executive forum and they have discussed it. We do take this seriously. He reminded all of those line
[Page 14]
directors of their accountability as well, to ensure within their own units. People understood the necessity to conform to process and procedure.
MS. WHALEN: Given the severity of the problems that were found through the audit, it seems that proper training might be the answer. I'm wondering if your position today is that enhanced training is required throughout the financial organization?
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: Certainly in addition to reminding people of corporate policy and procedures, the conversations we've had to date have been around the need for training. In fact, through Suzanne's group, as well with the financial managers forums, there's been sort of a needs assessment kind of done about what training is needed out there on the manager level, about reminding people about PSAB standards, from process perspective. It's led to the accounting directive policies or initiative. Certainly . . .
MS. WHALEN: Is it more than ad hoc, Mr. Rafuse?
MR. RAFUSE: I think it was more than ad hoc. There is a methodology or a standardized practice that accounting shops must follow. There are standard procedures and reminding people of the need to follow segregation of duties, best practices, to remind people that when they give access to the systems - because one thing you have to remember is that it's the business owners that give access to the system. We set up the parameters of which access should be provided so that when they give access to users, they do it appropriately.
MS. WHALEN: I'm sorry to interrupt, but have you got a reasonable budget to assign for training for staff across the financial side?
MR. RAFUSE: A lot of what I'm speaking about is procedural and in-house, so there's not a big cost associated - maybe time but there's not a big outlay of cost associated with that type of stuff.
MS. WHALEN: There's one thing I wanted to ask specifically around the loan limits - has there been any change made to the loan limits allowed on cheques? It was interesting to me that there were only two loan limits identified - $25,000 for any cheques that went out from Community Services and $25 million for any other cheques that the government were to write.
[9:45 a.m.]
It's interesting in the Auditor General's comments, again, he said, " The $25 million dollar limit was set to accommodate very large loan and grant payments made by government. However, it does not provide much control over . . ." those payments. "If
[Page 15]
someone was able to access and change an electronic payment run file before it was sent to the bank, and other controls were circumvented, it is conceivable that this person could transfer an amount under $25 million to another bank account. . ." and he goes on a little bit beyond that. So $25 million would seem to be a very large number. Has that been reviewed? There was a definite recommendation to introduce different loan limits.
MR. RAFUSE: That limit has been reviewed in the context - the reason why it's set now is so that there's not a manual intervention into the payment process, which in itself leads to control issues.
It is being reviewed. Once we do an upgrade to the system, we'll be able to implement levels at a different level, for variant types of transactions, as opposed to a carte blanche level for all transactions.
It will require some aspects of training and some aspects of system changes to allow that to happen but as I said, other controls would have to break down for the Auditor General's comment to come to fruition.
MS. WHALEN: There must be a lot of other departments, though, that don't routinely have these multi-million dollar cheques going out because to set it at $25 million, as you mentioned, Mr. Rafuse, it solves a control issue because it's so high that it's not going to flag any of the processes, it's not going to stop payments.
MR. RAFUSE: There would be a fair number of transactions over the $25 million.
MS. WHALEN: A lot?
MR. RAFUSE: Yes,
MS. HARNISH: To a DHA. . .
MR. RAFUSE: To a DHA, that type of thing.
MS. HARNISH: On a bi-weekly basis.
MS. WHALEN: Well, it's true, you're more familiar with it but it seems like it's almost like having no control - to set it so high that it's not going to interrupt the flow of business, so to speak, within the department.
MR. RAFUSE: The control would be on the front-end piece when we set up the vendor and when the payment is approved, as opposed to on the back-end piece when the actual transaction goes through. That would be our thinking around that one.
[Page 16]
MS. WHALEN: But you have accepted the recommendation, you will make changes?
MR. RAFUSE: I don't know what an appropriate level would be at this time but yes, we'll look at changing that.
MS. WHALEN: How much time do I have left, please?
MADAM CHAIR: You have until 9:50 a.m.
MS. WHALEN: I have only a few minutes. Ms. Harnish, given that you will probably not be back at the Department of Finance before we get a fiscal update, I'm wondering if you would just answer a question for me about the possibility that our province will run a deficit in, or have a deficit this year? Will we have to change any legislation in order to do that?
MR. MUIR: Madam Chair . . .
MADAM CHAIR: Order. (Interruption)
MS. WHALEN: It's a factual question.
MR. MUIR: Is that question in order, in light of what the intent of this meeting is?
MADAM CHAIR: Order. The question is in order.
MR. MUIR: Why is it in order?
MADAM CHAIR: Because it's the practice of this committee to allow members to ask whatever question they want to ask, within respectful limits.
MR. MUIR: So the topic of the . . .
MADAM CHAIR: The question is in order. Thank you. Ms. Harnish.
MS. HARNISH: What you have asked me - I want to be sure I understand the question. You asked what the Provincial Finance Act says about - are you talking about in year or a budget for a future year?
MS. WHALEN: Well, a budget - let's go with the budget.
MS. HARNISH: The Provincial Finance Act has two provisions that deal with tabling a balanced budget. The first indicates that a deficit cannot be tabled in a budget for a future year. The second defines deficit, so that what effectively it provides is that a stream of payments related to the offshore offset has to be recorded as a surplus.
[Page 17]
MS. WHALEN: Could you repeat the second part again?
MS. HARNISH: It effectively - and it's done in a bit of a convoluted manner, but its definition of deficit says that one would be in a deficit position unless a surplus equal to the amount of the offshore offset received, expected to be received in the given year, flows to surplus.
MS. WHALEN: So in other words, we must have at least that amount of surplus because it's dedicated already to the debt.
MS. HARNISH: You must have a surplus equal to - and then there is an annual limit put on the amount of that offset that would be recognized in that surplus.
MS. WHALEN: That's fine. So my question was, do we need to have a change in legislation if, in fact, a deficit budget is going to be presented?
MS. HARNISH: Well, I'm not a lawyer and I'm not going to give an opinion, I can tell you what the Act says.
MS. WHALEN: Okay. So my interpretation would be yes.
MADAM CHAIR: Order, the time has expired for the Liberal caucus.
Mr. Porter for the PC caucus; you have 20 minutes.
MR. CHUCK PORTER: Thank you, Madam Chair, and thank you to our witnesses for being before us today to answer a few questions. Always an interesting topic, one we've heard about over the last two and a half years or so. On the various committees that I've sat on, we've talked about a number of issues and concerns coming forward out of the AG's Report, so always a topic of interest and one that we have questions surrounding how we're doing. Are we making some progress? Are we not? What are we doing?
In listening to some of the questions this morning, I just jotted a few notes and I thought, what are basic controls? I don't know that I've ever really seen that. I'd like you to tell me, what does basic control mean?
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: Basic control at sort of a high level is from a system perspective, you have appropriate controls on who has access to the system. That means people have access for appropriate reasons, for the functions required for their own business reasons. Likewise, basic controls would be that as you implement the system or make changes to the system, that those changes are appropriately documented, that there's appropriate testing on those
[Page 18]
changes and that there is a procedure to follow as those changes go into production.
If you go one more step further, you have controls within the system would be such, and that's what our Section 5970 audit looks like, the application control audit looks like - the application itself has controls in it and follows appropriate kinds of practices within an IT system. Then on the back-end piece, on the payment side would be controls about how a vendor is set up, how a vendor is paid and how the funds to that vendor are ultimately given to them.
MR. PORTER: And that would all be all wrapped up in that title basically of basic controls.
MR. RAFUSE: Basic controls would follow all those functions, really the procedures and controls around the process, initiating a payment or initiating a purchase, to the payment of that purchase.
MR. PORTER: So over and above a basic control, what's next? There's obviously another level that is more secure, what do you refer to that as?
MR. RAFUSE: Well, the basic controls would be ones which we would have in our - the roles and responsibilities of individuals, appropriate job descriptions and the like. Beyond that you would get into compensating controls, where there is a control weakness that's either inherent in your system or required in your business practices.
We do have, and we do accept that we have, some segregation of duty control exceptions, that our business requires, that we must put compensating controls around those things. So compensating controls would go beyond what I would refer to as basic controls.
MR. PORTER: I know from past experiences in the Auditor General's Reports, there's been issues around access to certain technology, certain files, et cetera. That was noted as a concern in the past. Have we made changes to those - I don't know what is the proper terminology - to allowing access? Have we changed how we do that?
MR. RAFUSE: There are three things that have been put in place. First of all, for those access control deficiencies that the business requires - I'll give you an example of it. If you have a relatively small accounting shop in one of the line departments, a basic control would be that a person who initiates the purchase, enters a purchase order, would not be the individual who releases it for payment. That's a good segregation of control or segregation of duties control, from our perspective.
In some places, individuals have to be given the right to do both of those transactions because there's just not enough staff or there's not enough staff for that office to warrant having more staff. So what we do, the control - the compensating control to be put in place,
[Page 19]
we ensure that the compensating controls are put in place that ensure that for any given transaction one person does not order that good and also release it for payment. So we make sure that segregation of duties or compensating controls are put in place.
The other thing that we have done is that we have initiated a process, as the deputy has indicated, where we are looking at the access rights of individuals, some of which were noted in the report, particularly the ones around individuals working in government accounting, where there were incompatible access rights in their access and their ability to access the system and we've actually removed the ability to do certain transactions, to address that deficiency.
MR. PORTER: Okay, so all people in the Department of Finance obviously don't have the same access, that would be a given?
MR. RAFUSE: That would be a given. I cannot release something for payment, I don't have that authorization.
MR. PORTER: Just from a security benefit, how many people would have - I don't know, I could pick an example, it's payday, there's a certain button that's got to be pushed for people to get paid, Jane is out sick tomorrow so people aren't going to get paid. How does that work? How many people would have actual access to a fairly high-level transaction that's going out, in any department within or any section within the department?
MR. RAFUSE: Payroll is somewhat different. The input for people's time and the like would be done at the line department and they're given a certain time frame to do that. There would be individuals in the Department of Finance who would be given access to allow for those entries to be processed and simulations to be run about appropriate deductions and the like.
The actual authorization that would allow that actually to create a bank file and to move that to payment is restricted to, I believe, very few people, less than half a dozen people could do that. And the actual entry part of it, the action transaction entry, the time, they're not authorized to do that, somebody else would actually have to enter the time. They would be authorized to take that, run it through the system and actually generate a payment - segregation of duties.
MR. PORTER: Any idea how many people work in the Department of Finance?
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: Across the entire department we have just over 200 staff.
MR. PORTER: How many different levels of security and access would be within
[Page 20]
that 200, any idea? I just was kind of curious, based on the other gentleman's comments with regard to how narrow the number was for certain areas of payments to vendors and so on, payroll or otherwise in the department.
MADAM CHAIR: Mr. Feindel.
MR. STEVEN FEINDEL: It would certainly be dozens of different roles and profiles within the system, just within the Department of Finance. When you get out into the departments and the various Finance CSUs, there would be once again multiple types of roles around procurement, invoice processing, so a lot of the work that the deputy has referenced around the work that we're doing on the security redesign is actually splitting out a lot of the profiles that when the system was originally implemented 10 years ago - in excess of 10 years ago now - were combined in such a way that they do present the issues that the Auditor General has noted. So we're solving that by splitting those apart to be able to give them to people on a more selective basis and not have these conflicts within the system.
MR. PORTER: I'm only assuming here but I would assume that there is a certain number of people within the entire Department of Finance who would have full access to every single thing; I'm only assuming, I don't know.
MR. FEINDEL: I would say that there would be no one who has access to everything.
MR. PORTER: No one has access, interesting. You talked about - I think it was Mr. Rafuse - some training a few minutes ago and the financial management forum. I'm interested to hear what that is, who that is, who are we sending on what training and how specific is that?
MR. RAFUSE: The financial managers forum is a group of every financial manager working in the financial community and there's a group of the senior financial group as well, called the senior financial executive forum. These are the managers and leaders within the financial community and the Department of Finance, Treasury Board and the line departments.
The training I was speaking to is both for themselves and for their staff, in regard to things such as appropriate controls around payment process in general, things like, you know, POs are issued prior to the purchase of the good, that there is a proper authorization level for that, that you maintain records on who is authorized to make purchases and for what cost centres and that you maintain those files for audit purposes and that you reference those files when you're approving that for payment. That's more of the kind of fundamental aspects of it.
The other things would be system training, for these types - these are the transactions and these are the procedures which you must follow when you're entering these transactions
[Page 21]
within the systems because there may be varying ways that, throughout the years, people may have diverted from the standard practice about how things should be processed.
[10:00 a.m.]
The last thing would be around the documentation not only of those particular transactions but the documentation around the processes themselves, as a good control mechanism and good habits so that if there is a changeover in staff, that you can provide new staff with procedural manuals, documentation manuals, about how an invoice - it could be as basic as how is an invoice paid in the system and what things you need to check so that when a clerk is processing them, they have not only their peers to rely on but a procedural manual they could follow.
MR. PORTER: I know from a previous life that technology - and this is fairly, I guess, high-rated technology and advanced and whatever the right word is in the world of technology these days, that it changes, it is outdated yesterday, by the time this thing comes out, hits the market. How often, and going sort of back to that training piece, how often are we training people, or how often are we living with the same piece of technology? Is this something that goes two or three years and then the department turns it over and you're on to the next phase, or does this kind of technology change more than that?
The reason I'm asking that is we've seen, and again, I'll go back to previous Auditor General Reports where this technology continues to be a bit of an issue and access and so on like that. Is it an ongoing, forever living thing that we're going to have these issues and maybe issues isn't the right word but you know, addressing concerns of access and security?
MR. RAFUSE: The issue of security won't go away because it's a byproduct of the environment we live in. Technology may change. One thing you need to remember is that in a system like SAP, or any other kind of robust, integrated, financial system that is rules-based, is that there are standardized practices that are built into the system that follow the business needs. These are what you train the users on.
The technology behind them and processing and the support of them may change and may be upgraded but the actual rules and the business processes tend not to change, unless you make a fundamental change in the methodology in which you make a payment or how you actually organize it internally, so that should stay fairly standardized over time.
MR. PORTER: So it's basically more the hardware issue of technology that you would look at changing versus the actual programming and/or the policy around that?
MR. RAFUSE: We would be looking at technical upgrades that would actually maybe provide additional functionality or allow us to do some things within the system to address some control issues that we otherwise couldn't have done on older technologies.
[Page 22]
MR. PORTER: So we've talked a little bit about addressing some of the issues. What actions has the Department of Finance taken to respond to the concerns identified in various audits now that have been conducted on the SAP system? Over the past couple of years we've seen it continually come up, so I think it's a question of interest.
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: We have regular and routine audits both by the Auditor General and by our own auditors. Every year we have a Section 5970 audit done on our SAP systems, for example. Each and every time we receive a new audit report we put together a steering committee which often involves the business users as well as the folks who run the system or actually are responsible in the Finance Department for a part of it.
We work our way effectively through every single recommendation made or deficiency noted, we put in place a strategy to address the recommendation. On some occasions one balances the risk with the reward of anything and may choose to accept a risk, so we may not always choose to act on every recommendation. The steering committees put in place detailed action strategies to respond to every one of them.
There's a quarterly reporting mechanism where the committee itself prepares a quarterly report on progress that is circulated to the controller and to me as well. We watch and monitor to ensure progress is being made. For example, we had a financial application control audit which came up with 24 recommendations. We accepted 23 of them and I'm pleased to say they are all implemented. The 2006-07, 5970 audit, there were nine items to address, our work is completed on six and we have three in progress. The 2007-08, there were eight more and we have work complete on five, three outstanding. We are not only putting in place action plans to address the recommendations, but we're also actively monitoring our progress on a quarterly basis to ensure that progress is being made.
MR. PORTER: Thank you for that. Just kind of a couple of questions out of that for clarity, I'll throw two or three at you here. The steering committee, who is that made up of?
MS. HARNISH: Well, the steering committee would be specific to the audit itself to ensure that it was a combination of people in the Finance Department responsible, as well as business users themselves and people in the Finance CSUs. For the financial application control audit which addressed, in many cases, business-related changes, the Finance Director from the Resources CSU was the chairman of the steering committee. We try to put in place the appropriate structure dependent on the actual audit itself and the kinds of issues that need to be addressed. I know Byron could tell you a little more about the composition of some of the other steering committees.
MR. PORTER: I'm also curious to know what a 5970 is, I'm sure there are people at home watching that may be interested in that, as well.
[Page 23]
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: A 5970 refers to a section of the CICA - Canadian Institute of Chartered Accountants - handbook which requires an audit on anybody who runs a financial system which others use for the preparation of their financial statements. Since we host the system for not only ourselves, but for municipalities, for school boards and various corporations - the Water Commission and the like - we're required under those requirements to provide them with that audit which is given to their auditors, so that their auditors can rely on that for the purposes of those organizations' financial statements. So it is documentation
New Take
Cindy-10:07 a.m.
organization's financial statements. What it is, is a documentation for them to rely on - on the system of that organization. We also are required to provide it to our auditors as well, so that they can use it in conjunction with the audit of the Public Accounts.
MR. PORTER: Ms. Harnish, in some of the answers you gave a few minutes ago with regard to the number of recommendations being acted on, it sounds like there are a lot of them acted on, some complete. Everything that we tend to read sometimes, the media and so on does not always reflect that. When do you report back to say, check, we've completed this, here it is? Maybe it's a question for the Auditor General to comment on, I don't know.
MS. HARNISH: We've set up a tracking mechanism for the Auditor General's recommendations, for example, right across government, so all of the annual reports and the recommendations contained therein. The AG himself and his staff review every one or two years now the progress against their last set of recommendations. This new tracking mechanism, the folks at the Auditor General's Office have access to and are going to be able to monitor on a pretty regular basis on how not only the Finance Department is doing, but all of the departments as well.
MR. PORTER: And we would expect that, obviously, to be reported, that progress has been made on that. I know I only have a very short time left, can you give some examples of the benefits of the centralizing and automating data, the integrated systems?
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: First of all from a control perspective when you centralize, say payment production or cheque production as we have done recently with the last bit of payments, when we brought in Community Services payments into the Department of Finance, you bring it into a controlled environment with centralized processing, with centralized distribution systems and it actually is an enhancement of control features from that perspective, when you centralize those types of things, from an internal control
[Page 24]
perspective.
The bigger benefit, though, from a centralized system is for management. It allows for not only standardized practices for efficiencies, which allows for more efficient use of staff time for back-office activities, but it also allows management to have access to information for the purposes of decision making. One of the benefits of having a robust system like we do is that you can not only have real time information, but it also allows you to do a lot of "what if" scenarios, it allows you to put information into what we refer to as "business intelligence" type applications, to run different types of scenarios to do different types of reporting. The management of the departments that rely on that have a confidence that that information is reliable and it is consistent across departments, not only when you look at it from a singular department perspective, but corporately. We can roll up expenditures and activities on a more efficient and a more consistent basis now than you could when you have a decentralized kind of model. Also in a decentralized model there is the benefit of the fact that you know that everybody is using the same GLs for the same things, so that if you did a run on a certain GL then you would know that everyone across all departments has put those types of expenditures into that type of GL; you wouldn't have to go out and ask them to put travel in 6311, as opposed to 8410, that kind of thing.
MR. PORTER: Thank you.
MADAM CHAIR: Order, the time has expired for the PC caucus.
Mr. Steele. The next round of questions is 12 minutes per caucus.
MR. STEELE: Thank you very much. I do have more questions about the system of payments for vendors, but I want to take advantage of your presence here, Ms. Harnish, to ask you about something else that is within your bailiwick and it's on everybody's mind this morning, that's the Industrial Expansion Fund. You and I agree, and have over the years - it is not for civil servants to answer for policy decisions made by government and that's not what I ask you today . . .
MR. MUIR: Madam Chair . . .
MADAM CHAIR: Mr. Muir.
MR. MUIR: Again, I ask, the topic of this committee seemed to me to be the Auditor General's Report and it seems to me we are now deviating from that.
MADAM CHAIR: Mr. Muir, all members have certain privileges in this Chamber, including the privilege of speaking freely on whatever topic they deem of relevance. It's the practice of this committee to allow members of the committee to ask witnesses in front of us whatever question is within their remit. The question Mr. Steele has asked is fully in
[Page 25]
order.
MR. MUIR: . . . whether the witnesses would have an opportunity to actually prepare for questions that they might get.
MADAM CHAIR: Mr. Muir, these people are experts in their field and the question is in order. Mr. Steele.
MR. STEELE: I've now been interrupted three times by Mr. Muir, with issues he would know are pointless if he had more experience on this committee. I wonder, Madam Chair, if you could add to my time the time that Mr. Muir has taken from me.
Now, back to the Industrial Expansion Fund. I want to ask you about the accounting for the fund - not about the policy - about whether what happened yesterday was a good idea or a bad idea, because I do understand and accept that's not for you to answer. When I review the budget documents that the Legislature approved last Spring, I see that the amount of money approved by the Legislature for the Industrial Expansion Fund for 2008-09 is $23.8 million. So yesterday's announcement not only punched a hole in that, but sort of blew right through the ceiling and went into hyperspace. I wonder if you could just explain to me, from an accounting point of view, the authority by which the budget documents essentially are ignored and the government picks whatever number it deems appropriate,. Do the budget documents mean anything?
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: The legislation provides the ability for the government - that's the IEF legislation - to change the level through an Order-in-Council.
MR. STEELE: So essentially, if I understand it, it doesn't really matter what the budget documents say, the government has the legislative authority, as far as you know, to set whatever level it wants?
MS. HARNISH: That's the proviso in the Industrial Expansion Fund Act, whatever the Act itself is called.
MR. STEELE: If I understand it properly, what was authorized yesterday was essentially a spending limit - $175 million wasn't spent yesterday, it was a capacity, an authority, a ceiling. The allocation of the money to the actual budget depends on when and the terms on which the money is spent, is that correct? The fact that a certain amount was authorized yesterday doesn't really have anything directly to do with this year's budget or next year's budget.
[Page 26]
[10:15 a.m.]
MS. HARNISH: It doesn't. It's an authority, not to spend,, t's an authority, in many cases, to lend. There's a combination, as you know; they loan money, they provide consessionary loans, it is a combination. The spending would occur in a couple of manners, and you're probably asking how that, and when that, hits the operating statement, which it must do within the spending authority allotted through an appropriation or a supplemental approp, we would see money actually recorded in the operating statement.
If you had to carry an LVA against a loan - a loan valuation allowance - because you thought you may not see all of the money returned, for example, that LVA is included as an operating expense inside the department's budget. If, in fact, there's a consessionary loan and certain consessionary targets are met when, in effect, you required that amount not be repaid, then we record it as an expense as well.
MR. STEELE: So really, when and how it's recorded and which budget you were to allocate it against depends, basically, on the situation in a particular case.
MS. HARNISH: That's right.
MR. STEELE: So some or all of that might be allocated to the budget for 2008-09, or all of it might be allocated to 2009-10, some of it may never be spent, not allocated ever. Is that basically the way it works?
MS. HARNISH: That's right. There's no time limitation. It shows up each year in the budget documents as a statutory capital advance.
MR. STEELE: Okay. I just note before I move back to the topic that is on our agenda that the last three times the ceiling for the Industrial Expansion Fund was increased were 1993, 1999 and 2006. In case you're wondering what else those years have in common, those were all election years. Now we see that now that the government has blown through the last increase they authorized to themselves a week before the last election, they are increasing it again by the unheard-of figure of $175 million. I think there's an election coming.
All right, back to the Auditor General's Report. Now, something else that the Auditor General says - and this is with respect to what he would call the failure of controls, or what I would call the failure of controls - the Auditor General notes that payments to vendors are processed through the eight corporate service units, which are referred to in the jargon of the trade as CSUs.
In Paragraph 2.25 of his report, he writes the following quote: "We encountered numerous transactions in all CSUs which were not subjected to all of the controls that had been described to us during the systems documentation phase of the audit."
[Page 27]
Now, this tells me two things. First, that what is actually happening on the ground is different from what's supposed to happen and that the Department of Finance's theory of what's happening out in the CSUs is not actually being replicated in the trenches where the real work is going on and where the real errors are being made.
The second thing it tells me is that the problems are spread throughout the government. This happens, says the Auditor General, in all eight of the corporate service units. It's not a case where there's one CSU or one part of government that doesn't get it, it's everywhere. What assurance can you give this committee, and through us the people of the province, that these government-wide control failures are going to be corrected?
We've been told it before and it hasn't happened - why should we accept that this time something is going to change?
MS. HARNISH: Accountability rests with the management inside a line department for the appropriate adherence to policy and procedures inside that department. One of the things that we are doing to enhance what I've spoken of earlier as the culture of control, is initiating an internal review of financial controls. It was approved by the Audit Committee at its last meeting, it's being led out of our department. We'll be striking a steering committee composed of our staff and staff across the corporate service units. In fact, the Auditor General will be placing a member as an observer on that committee.
Among other things, it will not only identify and document control procedures at the larger, government-wide level - including things like "tone at the top" and attitude, and so on - it will also identify several GLs, which are the riskiest areas, where the business processes will be documented and implemented within each of the line CSUs.
By engaging individuals inside the corporate service units in this effort and then by, down the road, requiring that they certify or sub-certify adherence to practice, we believe that the culture will be enhanced inside those units.
MR. STEELE: One of the other deficiencies noted by the Auditor General has to do with the SAP independent audit. The last one for the year ended March 31, 2008, was qualified, which in accounting terms is very serious. It means that deficiencies were found, so the auditor couldn't verify that the systems were working as they were supposed to. The Auditor General points out that this is linked to the payment-to-vendor system because that SAP system is, in fact, used for payments to vendors.
When are we going to get an unqualified audit on the SAP system? Let me ask that another way. Do we expect that the audit will be qualified again this year, or do we have reason to believe that this year it will be unqualified?
MADAM CHAIR: Mr. Rafuse.
[Page 28]
MR. RAFUSE: Before I turn it over to Steve to talk a little more about the actual 5970 audit and where it's going this year, although those audits were qualified, I think it's important to note that the auditors that received those audits, ours and all of the other organizations that we handle their financial statements, did not believe that qualification within the 5970 was significant enough to provide a qualification on the statements themselves. So there are issues that we are addressing in there but they're not a significant risk that leads to a qualification of our actual statements themselves.
So yes, there are issues there, we are addressing them and we're moving towards a more controlled environment. But the issues that are there do not lead to deficiencies on our statements, so . . .
MR. STEELE: Before Mr. Feindel starts - I mean, is the implication of what you're saying that the Auditor General is misunderstanding that audit report, because he says it's serious and you're saying it's not really?
MR. RAFUSE: No, I'm not saying that, I'm not saying he's misunderstanding it and I'm not saying it's not serious. What I'm saying is that the findings within the 5970 audit do not lead to a qualification of our statements themselves.
MADAM CHAIR: Order, the time has expired for the NDP caucus.
I recognize Mr. Colwell for the Liberal caucus. You have 12 minutes.
MR. KEITH COLWELL: Thank you, I'm going to share my time with Ms. Whalen.
You talked at some length about training and changes in the system to improve it towards what the Auditor General had, and probably internal things that you want to improve yourselves. One thing I didn't hear was accountability from managers. Now, if you have a manager who is not doing the work that - or a director in their departments, what action do you take?
MS. HARNISH: It would be totally dependent upon what you believe the performance shortfall was.
MR. COLWELL: And what would that include? Would it include dismissal? Would it include a letter of reprimand? What would it be?
MS. HARNISH: There's an escalating series of performance management techniques. Again, it would be totally dependent on the situation at hand.
MR. COLWELL: I just wondered because I believe I heard in one of your comments that when you were dealing with some of the managers and stuff, that some of this stuff was
[Page 29]
a nuisance to do. I've heard that in businesses before and usually it means there's some kind of problem with the process in the operation, when people take accountability seriously. You know, the report from the Auditor General is pretty scathing on some of these things and it raises really serious concerns about accountability and issues of control. So it just doesn't seem like there's enough of a culture there to ensure that the things are done properly. When a lady can rip off the province for $300,000 - as we all know that's history now and hopefully that has been resolved - there's a breakdown someplace in the whole system. Are there more breakdowns? The Auditor General seems to think there's a possibility that there may be and that raises some very serious concerns.
When you're running an operation and you have to have financial accountability, especially with taxpayers' money, that raises very serious concerns. Could you comment on that, please?
MS. HARNISH: What would your question be, specifically?
MR. COLWELL: Well, I'm shocked to hear that you asked me what the question is. The question is, what have you done to create the culture of total quality in management?
MS. HARNISH: I spoke earlier of a number of initiatives we've undertaken. Inside the Department of Finance, for example, we've beefed up an awful lot of our processes and our procedures. Steve works with his staff in particular, in the SAP environment every day, to talk about the importance of controls, the importance of adhering to process. He has named a couple of his managers as champions and it's their job to not only point out when deficiencies occur and speak to the staff who have incurred those deficiencies, but to also talk, educate, encourage, among other things.
It takes a while to change a culture. Now, within the line CSUs as well, certainly we have urged - which is what we can do - the finance directors inside those CSUs to take equally seriously the results of the audit, to speak with their staff, to work with their staff, to put in place processes to champion good practice, to educate. There are a number of things that have to go on simultaneously to change a culture.
MR. COLWELL: Yes, I'm fully aware of that. It is a difficult thing to change but I think it's key to resolving a lot of the problems that the Auditor General has identified here, and I'm sure there are other issues you're aware of that you're working on.
I just wanted to make those few points because I think that's the key to resolving these problems. If you have a culture - I know I ran a business for a long time and the people who really cured the problems you had in the business were the line workers, the people actually doing the work who would come forward with suggestions and say look, this is a problem. Do you have that culture in place?
[Page 30]
MS. HARNISH: We're working on it. We think inside the department itself, we have come an awful long way. Our folks are professionals, they want to get the job done. Maybe for too many years the attention was on product and getting it done, as opposed to ensuring it was done correctly according to process and procedure. They're faced with competing and kind of conflicting signals. You get the business that wants that change done immediately, that wants you to just forget about getting the approvals - give me my password, for example, something as simple as providing a password to an employee account if they've forgotten it. You make a call, you'd like someone to say, here's your password.
We have processes that need to be adhered to, so the person on the other end of the line for a long time wanted to respond quickly and just provide the password. Well, they now know, you just don't give it out over the phone. You ensure that their request is documented appropriately. You ensure that the password is then conveyed to them in a confidential manner. They're starting to appreciate that sometimes process is there for a reason and not to be a nuisance. We have been working with them intensively for the last at least three to four years, just trying to ensure that they start to see these controls as a necessity, as opposed to a nuisance.
MR. COLWELL: Yes, I'm glad to hear that and I didn't doubt that you were doing that - I just wanted to hear that. I'm going to give the rest of my time to Ms. Whalen.
MADAM CHAIR: Ms. Whalen, you have until 10:34 a.m.
MS. WHALEN: Okay, so about six minutes. I would like to just follow up on what was said here about the idea of the quality management throughout the system and it sounds to me like your managers don't understand it - perhaps your financial people do. But if the managers are putting pressure on the Finance Department to hurry up, get things done and so on, it sounds like they don't understand and appreciate the necessity to have these controls in place. Therefore, I would say you need some sessions that perhaps your deputy ministers could convene, get your managers to completely understand. Controls break down if you don't have a buy in from the top, which is going right down your chain of command.
MS. HARNISH: They do - not only financial managers, but the manager who signs an invoice inside a department to say that the good has been received or the expenditure made needs to look at that invoice.
MS. WHALEN: I really think that could be where your problem lies, the pressure that your financial staff are under to meet the needs of - you said - competing demands. But that has to be understood throughout, because that's where you're going to get your culture of control and people understanding that doing things wrong and fast isn't the best way to do them, that just because you've been quick about it isn't going to mean we're getting good results.
[Page 31]
[10:30 a.m.]
MS. HARNISH: It's our hope that by involving the Audit Committee of Deputy Ministers in this review of internal control for financial systems, they are actually approving the program plan and overseeing progress that will start right at that level.
MS. WHALEN: I think it's more than necessary, it has to happen now. Again, I think this whole culture of control does come from the top and as the government's top person - the Deputy Minister of our Finance Department - I think it's up to you to have a sense of urgency. When I spoke about your soft language in the audit response, it's very soft, it's, we'll remind people, we'll send a memo. I think it's time they really heard loudly, you've been working within the department for a number of years and you said you've made progress. Certainly what we want to hear is there's a realization that things have to change and it's not time to go slow, it's time to get on with it, and that's what I'd like to hear.
Just reading Paragraph 2.47 in the audit report, it says that during the Fall of 2007 there was follow-up on a recommendation from the December 2005 Report of the Auditor General, indicating that the Department of Finance will be working with - in this case one department - Service Nova Scotia and Municipal Relations, ". . . on a pilot basis to develop a framework and methodology for the documentation of internal controls . . .".
Today we hear that your deputy ministers' committee is now going to have an internal review of all of the accounting controls. Has this begun? Did you do the work with Service Nova Scotia and Municipal Relations?
MS. HARNISH: Service Nova Scotia has started - do you want to . . .
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: If I could just add to that. This recommendation does actually fall into what the deputy minister was speaking to. The process that refers to, and we agreed with, is that we are looking at an enterprise-wide review of internal controls of financial reporting. It is being managed by the Audit Committee of Deputy Ministers and it is actually a two-pronged approach. We are doing New Take - carolyn
starts at: 10:32:13 a.m.
committee of deputies and it is actually a two-pronged approach. We are doing this corporately, which will look at enterprise controls, IT controls and business process controls.
Service Nova Scotia and Municipal Relations is looking at business process controls within their department, so they are connected and it is coordinated.
MS. WHALEN: Why has it taken so long for Service Nova Scotia and Municipal
[Page 32]
Relations to get going, then? I would have expected them to be done now, if that was reported in Fall '07 that it was going to be done.
MR. RAFUSE: Well, two reasons - it's a resourcing issue, as well. In fairness to Service Nova Scotia and Municipal Relations, the corporate one should have been done - it should have been done first. We were not able to do that until recently and that actually sets the tone at the top, which was required under the methodology we're following, which is a COSO recommendation. We needed to set the tone at the top and, from a risk-based approach, there's no need to document all your business processes that you have out there. This approach will allow you to look at your risks, of your GLs. Service Nova Scotia is looking at all theirs.
MS. WHALEN: Well, I understand that may do a lot of transactions, I realize that, too, but for this you mentioned it is a resourcing issue. Was the review that was spoken about in Fall'07, remembering that that goes back to December '05's Auditor General's Report, was that recommendation being acted on, in a timely manner I guess is what I'd like to know? It doesn't seem to be.
MR. RAFUSE: We have to remember, too, that what we're looking at here is something that no public sector body is required to do. In fact, there's only one other one in Canada that actually is doing this and it's a - we're trying to develop a model that is appropriate for the public sector, that models their requirements under Sarbanes-Oxley reporting, which is a very onerous documentation of controls, of which they're actually revisiting. So we're trying to find a balance between control documentations and the resources needed to do that.
MS. WHALEN: It's hard for people to understand some of that, Mr. Rafuse, I think because it does - people that I've . . .
MADAM CHAIR: Order, the time has expired for the Liberal caucus.
Mr. Muir for the PC caucus; you have 12 minutes.
MR. MUIR: A couple of things, just comments starting off; I think as a person who has been in and around government for quite some number of years, I think everybody welcomes the role of the Auditor General. The role of the Auditor General is to make government work better and to be more accountable to people. I recognize the value of the Auditor General's Office.
Having said that, there's no question, having dealt with the Auditor General in two or three different roles, I think the Auditor General, like most other auditors, is that a lot of what the Auditor General provides, if it's not hard it's based on opinion and sometimes the opinion of the Auditor General would differ from the opinion of the people in the
[Page 33]
department. Is that correct?
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: At times we don't see things exactly in the same manner, that's accurate, yes. Jacques and I have spoken before of things that we differed on.
MR. MUIR: I guess what my point is, not everything is based on hard data, saying that two plus two is equal to four and you're saying it is equal to three. It's a variety of things and I guess that's fair enough.
Anyway, notwithstanding that, that it is opinion, I know the first time that I had encountered the Auditor General was in a role I had some number of years ago. I didn't know exactly what it was but I can say that we did sit down and we discussed the findings and some of those that came, we fully supported, some we had - I won't say issue with, didn't fully support anyway, we worked it out.
Having said that, I know that most departments, all departments, of government, take the Auditor General's recommendations very, very seriously and see it as a way - as I said earlier - to improve government and to improve accountability.
I want to go back, looking at the current government, or I guess probably the previous government technically, when did the province adopt generally accepted accounting principles?
MS. HARNISH: When did we move to GAAP? My government accountant friend here tells me 1999.
MR. MUIR: Now I want to just suggest that the culture of change that has been alluded to by a number of people here this morning actually began in 1999. To imply that there has not been a culture of change in this government in the ensuing 10 years is putting out misinformation.
Having, again, worked with it in this culture of - I think the word is culture of control, that is present in the government and I commend the people in the various departments for doing that. Can it be improved, as the Auditor General says? Yes, it can but people are making progress. How many CSUs are there?
MS. HARNISH: There would be eight finance corporate service units.
MR. MUIR: Eight finance corporate service units. How frequently does the Department of Finance meet with each of those, to see that you're all on the same page? For example, let me just qualify that; the Auditor General has made some recommendations for
[Page 34]
improvement to the procedures in the Department of Finance. I would think that a lot of those recommendations then would go on down into the finance corporate CSUs.
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: The senior officials from each of the CSUs, myself and Treasury Board, meet monthly, as do the managers meet with representatives from government accounting as well. The findings in this particular audit were discussed at the senior group while the audit was being conducted, as you know, or alluded to, the fact that the findings are shared with the various CSUs and they were shared with myself in this case, as to what the findings were and what the recommendations may be.
When the report was released, I did review this report with the senior financial executive forum and talked about what our approach and response would be to some of the findings.
MR. MUIR: Thank you. Getting back to the Auditor General and the role of the Auditor General, it's interesting, talking about the role of the Auditor General, one of the things that the government dealt with last year was a request from municipalities, in particular HRM, to have their own Auditor General. Their books are audited every year but, of course, the Auditor General is a person, in our case, I guess, who reports to the Legislature as opposed to reporting to the government.
I think that indicates how important it is to have sort of that objective look at what we do, as government, at whatever level it happens to be - in that case municipalities. Auditor Generals can go in and I guess have the right to look at just about anything they want to. They construct their own agenda although I do know that if a department or an agency of government did have some question about their own operation, that the Auditor General could be invited to go in and take a look at that. Quite often the office would accede to that request and help them out that way.
How much money is given to external agencies? What's the total budget of the government expenditures?
MS. HARNISH: Our expenditure now, including debt service costs, would exceed $8 billion annually. Debt service cost is $900 million of that so actual, out-of-pocket expenditures is $7.1 billion - $7.2 billion. Of that kind of expenditure, close to 80 per cent goes out our door and is spent by third party operations. Twenty per cent of our budget is government payroll, 20 per cent is government operations, the rest is spent by district health authorities, school boards, grant recipients and on and on.
MR. MUIR: I think Mr. Rafuse said earlier that the Department of Finance does the district health authorities, as well as the school boards; you are the accountant overall for
[Page 35]
them, is that correct?
MADAM CHAIR: Mr. Rafuse.
MR. RAFUSE: What we do is our financial systems for the school boards, we run their systems for them. We also, in that particular case, are the central processor for their pay and for their pensioners.
For the health authorities, it is a different type of relationship because we may house their systems, and they're about to go live, but we won't be running their payroll for them or the like, but at the end of the day theirs are what we refer to as entities that are part of the government reporting entities and they are consolidated on our books. All their activities are reflected on ours.
MR. MUIR: Is there any major expenditure that we make that isn't consolidated on our books? Are school boards on our books?
MR. RAFUSE: Yes, school boards are on our books.
MR. MUIR: Are health authorities on our books?
MR. RAFUSE: Yes.
MR. MUIR: Community Services long-term care facilities? Well, that would be Health, wouldn't it.
MR. RAFUSE: The difference with a long-term care facility is the payment to the long-term care facility would be on our books, but the actual expenditures at the long-term care facility would not be consolidated, because they are not a controlled entity.
MR. MUIR: Is there any major expenditure that we make that is not consolidated?
MR. RAFUSE: No, we consolidate over 100 entities, either the actual payment out to them from the consolidated fund is on our books or the actual activity would be.
MR. MUIR; So because of the acceptance of when the government took on the GAAP principles, clearly the expenses and all of this, and the revenues of the province are transparent? You don't have the opportunity that you perhaps had before the acceptance of GAAP, so the finances are open and transparent in the province?
MR. RAFUSE: Yes, exactly, they are open and transparent. Really the consolidated statements are to reflect all entities in which the government has deemed to control from an accounting perspective, not just government departments.
[Page 36]
MR. MUIR: So the role of the Auditor General then is to help us manage this process, primarily?
MR. RAFUSE: The Auditor General in the role of our financial statements would actually audit not only the transactions at the departmental level, but the consolidation of our statements that happens within government accounting, they audit that process as well.
MR. MUIR: In the individual departments, what is the level of expenditure that ministers have to sign off on?
MADAM CHAIR: Ms. Harnish.
MS. HARNISH: It depends on the type of expenditure, but if it is a procurement of goods and services, it's $5,000.
MR. MUIR: It's $5,000. So . . .
MS. HARNISH: So approval is sought before the commitment is made, hopefully, for the commitment to either the good or the service being procured. Also, we still seek approval for refilling of vacant positions for ministers, which exercises a second check on the level of personnel inside the system.
MR. MUIR: I would think that is, particularly with regard to vacancies, a pretty important control. How much of the government's total expenditures - forget about third party agencies - go out to human resources for salaries?
MS. HARNISH: Well, direct government payroll is 10 per cent of our total.
MR. MUIR: Is it?
MS. HARNISH: It is. In most departments it runs 60 per cent to 70 per cent of the departmental budget, in fact. In third parties we believe that right across the system it is close to 70 per cent through all of the third parties as well that would be payroll.
MR. MUIR: In terms of the expenditures of the government - I'm going to use the word discretionary - how much of the government's budget would not be specifically targeted to other agencies, or for amortization?
MS. HARNISH: Very little. I don't think you would call it discretionary, but non-payroll expenses inside government proper are less than 10 per cent.
MR. MUIR: Less than 10 per cent.
[Page 37]
MADAM CHAIR: The time has expired for the PC caucus. Our round of questions has now finished and I would ask the deputy if she would like to make some concluding comments?
MS. HARNISH: No, I have no prepared remarks, only to say that I hope that we have been effective in providing a little more clarity to you of our actions with respect to responding to not only this particular chapter, but several of the chapters of the Auditor General around internal controls.
MADAM CHAIR: Thank you. On behalf of the committee I would like to thank you and your staff for being here today. At this point we would say if you would like to leave, you can do that. We have another item of business, so we'll take a few moments to look at the information the clerk is circulating.
Members of the committee, what is being circulated to you is a proposal for topics in the coming weeks of this committee. The subcommittee met last week and the result of our meeting is as follows. March 4th, because one of the caucuses is out of town, there will be no meeting. We are proposing that we meet on March 11th - I would like to let the members know that the Director of Audit from St. Lucia will be on hand for that meeting, to observe our proceedings. Nova Scotia has been paired with St. Lucia in a development project with respect to the development of Public Accounts Committees. Our Auditor General has already been doing some work with St. Lucia, and their Director of Audit will be on hand that day.
The committee is recommending for possible topics the following. We're recommending that we examine the SAP system and get an update on that. We are recommending that we go to Sydney with the Tar Ponds Agency - that was what we agreed to at the subcommittee. We also recommended that we call the Nova Scotia Community College to discuss their growth plan and the skills shortages in the province. We recommended that we examine the government loan to ACA Co-operative Limited and we also discussed whether or not we might possibly call Finance with respect to an update on the financial statement. That goes to the item of correspondence you have from Finance Minister Baker, declining to come to this committee - himself and the Premier.
So first, with respect to the topics, I notice, Mr. Colwell, you have some reservations now about some of these topics. Would you like to speak to that.
MR. COLWELL: We have no trouble with the SAP system. My problem with the meeting in Sydney is that we're having real difficulty getting members of our caucus to go, so I'd like to delay that one for a while. Leave it on the agenda, of course, but we have a real big problem with scheduling conflicts in and around that time, so I'd have to get back to you with a time that's suitable for us.
[Page 38]
MADAM CHAIR: I should say that Darlene has indicated to me that these are just possible times, nothing has been scheduled so this was just a suggestion. I think we had actually been looking at doing this sometime in April, possibly, because of the weather and what have you.
But first of all, what I'd like to do is just get approval for the topics that the subcommittee is recommending. So the topics are: the SAP system, the community college, the Tar Ponds Agency in Sydney, and the loan to ACA - those four topics are being recommended by the subcommittee.
Mr. Steele and then Mr. Muir.
MR. STEELE: I have two comments, Madam Chair. The first one is, I think it's a brilliant idea for this committee to go on the road to Sydney. It's such a large project and so important. I don't recall a previous time when this committee has gone on the road but if ever there was a time, this is it. So I think that's a brilliant idea and I really hope it goes ahead, even if it's at a later date.
The other thing is the fourth item down, the ACA poultry plant. I don't think it was ever anyone's intention that it would actually be representatives from ACA who would appear before us, although that's the way it looks, the way this thing is done. The intention was to have officials from Economic Development discussing the loan and various other issues that have since arisen around ACA, so I just wanted to clarify that.
MADAM CHAIR: Yes, you're correct with that. That's what we were looking at, the Department of Economic Development. Mr. Muir.
MR. MUIR: Yes, picking up on the ACA, I was at the Resources Committee yesterday and I think that topic is going to be dealt with by that committee, I believe. I think that was one of the decisions that was made there, or at least the whole industry, not just the plant.
MADAM CHAIR: Mr. Steele.
MR. STEELE: That's useful to know. Thank you to Mr. Muir for that. What I would suggest is perhaps we should approve this but ask the clerks and the chair to consult with that other committee to make sure that there's no unnecessary overlap. In fact, if the Resources Committee is going to be dealing with the same topic, it would be less necessary for us in the end to deal with it.
MADAM CHAIR: Is that agreeable to members of the committee? That's fine, that makes sense. I would ask for someone to move these topics. Mr. Colwell, perhaps you could move these topics.
[Page 39]
MR. COLWELL: Yes, I'll move the topics, again with the proviso I said about the Sydney Tar Ponds and the ACA poultry farm that was put there. Those two should be, I would suggest, removed until we get more information. When we get more information about the other ones, I think we should proceed with those as moved. So I so move.
MADAM CHAIR: I'm suggesting that we not remove topics, that we actually approve them, but with the proviso that we not schedule in Cape Breton until we have unanimity in terms of the time - we would not go ahead and schedule that without unanimity - and that we consult with the other committee, the Resources Committee, with respect to what their plans are. The reason for this is it makes it a lot easier for the clerk to have approval of topics that she will be able to schedule, as we look at the schedule for the Spring.
MR. COLWELL: I fully understand that but I want to make sure that those things are on the record, that the clerk realizes that, so she doesn't proceed with any information. With that in mind, I'll move them.
MADAM CHAIR: Thank you. Any further discussion?
Would all those in favour of the motion please say Aye. Contrary minded, Nay.
The motion is carried.
Now, additionally we did receive from Mr. Baker a response to our second request, that he and Mr. MacDonald appear in front of us. We had a discussion about this and the subcommittee, given the opinion that we've received in the past from Legislative Counsel, felt that our hands essentially were tied with respect to taking this any further. So we are recommending to the committee that no further action be taken because there is none, essentially, we can take at this time. Although there was some limited discussion about whether or not we would want officials from the Department of Finance to come - I think that was Mr. Colwell's sort of suggestion. What are your feelings on this? Mr. Muir.
MR. MUIR: Let it go.
MADAM CHAIR: Let it go. Mr. Steele.
MR. STEELE: With respect to the possibility of subpoenaing the witnesses, I think we have to give in to the inevitable and just accept it, that it's not possible without an order of the House.
On the topic of having Finance officials here, it's my understanding that an invitation to the officials has been made by the Economic Development Committee. I'm looking at the clerk and asking, are we right about that? (Interruption) Okay, perhaps I've misunderstood that.
[Page 40]
The difficulty I have is that the kind of things we want to find out are really questions that ought to be put to politicians, not civil servants. I don't want to drag Finance officials here, only for them to say, what you're looking for we can't give to you. So I'm a bit worried about what exactly it is we would be proposing to ask those Finance officials in the circumstances.
MADAM CHAIR: Mr. Colwell.
MR. COLWELL: Mr. Steele is correct. I'm chairman of the Economic Development Committee and a request was put forward that we have the Finance Department come in for an update in that area, but that could be redirected here if the committee so wished. It was put forward and some ideas were put forward about who would attend, and it didn't include any minister or the Premier.
MADAM CHAIR: Then perhaps we can, as well, have that discussion between the chairs of the committees and get it sorted out. Is that agreeable to people? Great. So I think that pretty much concludes the business at hand.
The one thing I would say around the SAP system, I think we've seen in the past that we bring witnesses in and the information we require, we don't have in advance - we end up asking them to table information, and what have you, during a hearing. I think in this case we need to be very specific about asking for information in advance of when they come so that members will have ample opportunity to prepare, and the materials they require, in order to make our time here, which is fairly limited, as useful as possible.
I noticed today that references were being made to annual audits, and what have you, and I would assume that we would want the most recent reports, the most recent audits, and any information that they can provide us prior to coming, in a reasonable period of time, so that the members can prepare and use that time usefully. Mr. Steele.
MR. STEELE: Thank you. I don't think we formally approved this document, unless I misheard, so perhaps we should do that. I so move with the amendments and provisos that have been added by members.
MADAM CHAIR: I think we actually did - that was my understanding of what we did, yes. Outside of that, is there any other business?
We stand adjourned until next week, thank you.
[The committee adjourned at 10:59 a.m.]
