Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
Welcome to meeting number 112 of the House of Commons Standing Committee on Government Operations and Estimates, also known as OGGO, the committee so nice they named it twice.
Pursuant to Standing Order 108(3)(c) and the motion adopted by the committee on Monday, October 17, 2022, the committee is meeting to consider matters related to the ArriveCAN application.
As always, colleagues, keep your earpieces away from the microphones. It causes feedback and potential injury to our very valued interpreters.
I understand, Mr. Moor, that you have an opening five-minute statement.
Good afternoon, Mr. Chair and honourable members of the committee.
I would like to thank the Auditor General and the procurement ombud for their reports, which have identified some important lessons for us all. The Canada Border Services Agency has already implemented a number of actions to address their recommendations.
At the onset of the pandemic, the CBSA was focused on protecting our borders while maintaining the flow of essential travellers and trade. The agency needed to adapt its operations at a time of considerable uncertainty over health risks.
The need for ArriveCAN arose quickly when it became clear that the manual paper-based processes for tracking contact tracing and the health information of travellers did not meet the needs of the Public Health Agency of Canada. PHAC asked the CBSA to assist it by developing a digital form. The first version of ArriveCAN was released six weeks later.
Over the following two and a half years, the CBSA responded to the changing health requirements set out in over 80 orders in council by releasing 177 different versions of the app. The agency has estimated that the border health measures related to the ArriveCAN app cost $55 million, including a number of non-IT costs, such as $6 million for the Service Canada call centre.
The Auditor General's and procurement ombud's reports have identified a number of serious weaknesses in the procurement and internal controls processes. We have accepted their recommendations and our management response plans are already under way. I would like to highlight a few of those actions aimed at strengthening the agency’s governance and assurance functions.
We have strengthened the first line of defence by requiring all HQ staff with financial delegations to retake four procurement training courses to help them better understand their responsibilities.
Given the weaknesses in procurement oversight, we have established a new executive procurement review committee to strengthen the second line of defence by reviewing all contracts and task authorizations over $40,000.
We have also established a new procurement centre of expertise, which is developing an ongoing program of quality assurance reviews to ensure compliance with the directive, with a particular focus on the need for proper record-keeping.
Our management response plans are aligned with the plans of other government departments, as developing the ArriveCAN app was a shared responsibility. The agency leveraged PSPC’s contracting authorities for over 30 of those contracts and Shared Services Canada's for seven contracts. The CBSA was the contracting authority for the remaining four contracts.
In the first year, the agency was responsible for managing the development, enhancement and operations of the ArriveCAN app on behalf of the Public Health Agency of Canada. However, no new funding was received in the 2020-21 financial year, and the costs were coded to a general COVID-19 pandemic measures account, which would have included other pandemic-related expenditures, such as personal protective equipment and enhanced cleaning.
The agency did establish a dedicated financial code in the second year, when funding was provided by the Public Health Agency of Canada and Immigration, Refugees and Citizenship Canada. In hindsight, this should have been created earlier.
I am very proud of my employees, colleagues and the frontline border services officers who served Canada throughout the pandemic. We acknowledge the serious deficiencies and we welcome the lessons learned. We are now focused on addressing the recommendations that have been made.
Good afternoon, gentlemen. Thank you for your attendance today.
My focus will largely be with you, Mr. Moor, but I invite anyone else on the panel to weigh in if they feel they can contribute in some fashion to the response.
I appreciate your opening statement, Mr. Moor. We've heard that from a number of officials at the CBSA. I mean no disrespect when I say this, but I'm not interested in lessons learned. I'm interested in how we got here and the issues that are really concerning to Canadians.
There seems to be a culture of hiding information, threatening those who come forward, reprisals and a general lack of accountability from senior leadership at the CBSA. This committee has bona fide concerns that the CBSA's top brass is covering up and deliberately trying to hide their actions while scapegoating others. There are now over 12 investigations taking place because of this debacle.
My time is limited. I'll be asking for straightforward and honest responses, please.
Mr. Moor, we've seen the arrive scam briefing packages that went to Ms. O'Gorman. Your name is all over these documents, as is Minh Doan's and Kelly Belanger's. This committee has been lied to by current and former senior CBSA leadership, particularly Mr. Doan, Ms. Belanger and the former president, Mr. Ossowski.
I expect you to tell us the truth today. Will you agree to that, sir?
The biggest question that we need to put a final point on, without deliberating any further, is this: Who at the CBSA was responsible for the decision to choose GC Strategies, also known as Government of Canada Strategies? We've had evidence from Cameron MacDonald on two occasions confirming, and Antonio Utano confirming, that it was Minh Doan.
We also have, and this was really telling, a public document, an ATIP response from the CBSA, that confirms, in annex A of the document, that in answer to “Who made the decision to contract GC?”, it was “My office”, in reference to Minh Doan's office and Kelly Belanger's office—the same office:
My office made the decision to pursue the contract with GC Strategies.
The two proposals for the work were presented to the CIO and President, and the decision was made to proceed with GC Strategies as their proposal and approach aligned with what the CBSA was looking for, particularly rapid staff augmentation.
The Deloitte proposal was a managed service using their Cloud instance. This would have involved additional risk, and did not align with our direction to build Cloud/Mobile competencies [with] the Agenc[ies].
Are you prepared, right here and right now, to confirm once and for all that it was Minh Doan who ultimately made the decision to go with GC Strategies—yes or no?
I'd like to provide some additional clarification for the committee. There were two decisions here. The first decision was how the ArriveCAN app would be developed. That decision was a staff augmentation decision. The decision was to keep this in-house in order to develop the app and use staff augmentation to bring in the technical services required.
The other option was the managed services approach, which was the Deloitte option. It was decided at that time by the executive committee that the managed services option would not be appropriate, because it was unclear what the statement of work would be from the Public Health Agency of Canada.
Sir, this is all evidence that we've already heard. I don't need you to waste the valuable time I have by repeating that. I'm sure you've been following the committee and you know what the evidence has already led to.
Will you confirm with me right now, at this point in time, that Minh Doan was charged with the responsibility of choosing GC Strategies?
I can confirm that, once the staff augmentation model was agreed, the ISTB was responsible for putting in place the resources required, whether those be resources from—
Okay, that's the end of discussion. You've now confirmed, as many people have confirmed, that it was Minh Doan. Minh Doan repeatedly lied to this committee, saying that he didn't personally make that decision, that his team did. I'm very glad for your honesty, and we can clarify that and move on.
This was such a political hot potato for the government that the Minister of Public Safety at the time, Marco Mendicino, had significant concerns with Government of Canada Strategies, particularly with the millions of dollars received. We now know that it received upwards of $19 million for its involvement in this particular boondoggle. We know that Cameron MacDonald was threatened by Minh Doan. On October 28, 2022, there was a phone call. He was told that the public safety minister at the time, Marco Mendicino, was unhappy with the ArriveCAN media coverage and “wanted someone's head on a platter”. He was worried that either he or you, sir, Jonathan Moor, “were going to get fired”. He was talking about someone's head on a platter.
Mr. Chair, Mr. Sousa is deliberately misleading the evidence. We already got confirmation from Kristian Firth that in GC Strategies, “GC” stands for Government of Canada.
Mr. Moor, can you provide us with some context now? I think there's some clarity required in terms of the last round of questions. How did it become ArriveCAN in the first place? Who ultimately made decisions collectively to achieve what has been established to this point?
Right now the question is this: Who signed for GC Strategies? We're all concerned about how those contracts were arrived at and to what extent those privileged...that was possibly given to one contractor over another. Please confirm.
There are a couple of questions in there. What I would say is that the contracts for GC Strategies were arranged through the contracting authority, which is PSPC, and the CBSA, which is the technical authority. The contracts were signed by the border technologies innovation directorate, and at that time, the majority of the contracts were signed by Mr. Utano, who was the executive director. The counter-signatory was Mr. MacDonald, who was the director general.
What I said in my previous answer was that the vice-president at that time was Mr. Minh Doan. The information, science and technology branch was responsible for developing the application and implementing the application within six weeks of the start of the pandemic.
In terms of the Auditor General's report, you've read it, I presume. I know you have because you provided your concurrence with some of her recommendations. There's a dispute in terms of what amount was actually attributed to the overall program that grew throughout the process. Can you give us some clarity in terms of those numbers?
The CBSA supports the calculation of $55 million as the total cost of the public health measures within ArriveCAN. The OAG in the report actually confirms—I think in paragraph 1.24—that they identified the public health component as being $53 million. However, they did add a further $6.2 million for the customs e-declaration, which computerized the old E311 form. On that basis, they came up with a calculation of $59 million. We have a detailed reconciliation between the two numbers—what has been included in our numbers around the public health measures and what's been included in the OAG numbers, which include other activities, particularly the e-declaration but also mobile border costs.
In terms of the overall cost of ArriveCAN, at the start of this process, we did not know what the costs would be. In fact, in year one, we expended about $5.6 million, and none of that was funded externally. We had to fund that within the CBSA.
In the second year, we received some additional funding. We received $12.37 million from the Public Health Agency of Canada, and we were in supplementary estimates (B). We also received $12.4 million from Immigration, Refugees and Citizenship Canada in supplementary estimates (C). Therefore, in the second year, we had a $25-million budget, which we managed to a separate cost centre, and that's when we created the new code.
In the third year, we requested funding. In budget 2022, it was announced that the agency would receive $25 million.
Over the course of three years, the money was incrementally provided to the CBSA.
I recognize that it should have been established as a project from the start. It wasn't, and that is very unfortunate, because it meant that we did not have the normal governance structures associated with project management.
ArriveCAN is still in operation. I actually used it myself a couple of weeks ago to return to Canada.
About 300,000 people a month use it, so about 3.6 million people use it. There are big advantages to using ArriveCAN. There are now dedicated lanes at the international airports that operate with ArriveCAN so that you can get to the front of the lanes. It also significantly reduces the transaction time at the primary inspection kiosks.
I'd say the CBSA did this in-house. However, it used staff augmentation to assist it.
I think one of the lessons learned is we were relying too much on staff augmentation. Staff augmentation is not a bad thing. You need to bring in people who are technical experts and, in particular, cloud experts, who we may not have in place, as well as other experts in technology architecture and security accessibility.
It's not a bad thing to bring in contractors and consultants. The issue here is whether we overuse them.
In her report, the Auditor General mentioned that PSPC had “challenged the Canada Border Services Agency for proposing and using non‑competitive processes for ArriveCAN and recommended various alternatives.”
I'd like to ask you two questions about that.
First, why were PSPC recommendations ignored?
Second, what would have encouraged the CBSA to accept the recommendations it received from PSPC, which performs a challenge function, as it did in this case?
As it was confirmed last week, I think by the deputy minister of PSPC, these concerns were raised at the director general level within the information, science and technology branch. It is unfortunate that they weren't raised at a wider level. I, as the chief financial officer, did not receive any concerns.
I think this is one of the key lessons learned. This is the reason why, in the new code improvement plan, we've instigated the executive procurement review committee, which will allow us to scrutinize all contracts and all task authorizations above $40,000. This will provide the second line of defence and allow us to do that.
I think we should have been informed about it. I think PSPC is clear that it informed the agency, but it informed the agency at the technical authority level.
At that time, Alex's team was looking after the CBSA contract authorities. There were four contracts in total. The team was also very involved in the acquisition of PPE at that time.
While you were reviewing the supplier options, what evidence did you have that GC Strategies could actually provide the federal government with good value for money?
I think my understanding is that GC Strategies had been working with other departments already and had shown evidence of being able to provide the technical architects required.
What this contract was about was the acquisition of technical architects to do specific pieces of work—with a range of different skills and a range of different experience. The majority of experience required more than 10 years of experience in the past, so GC Strategies was providing those. If one of those individuals was not satisfactory, then the information, science and technology branch would ask for an alternative.
Mr. Martel, you received the 2021 Canadian Institute for Procurement and Materiel Management award. That award was given precisely for the CBSA's acquisition of the ArriveCAN app in the context of the COVID‑19 pandemic. Congratulations.
People tend not to select themselves. The award was given for saving time. Essentially, the goal was to expedite the process while maintaining the same control measures as before. Of course, this assumed that technical authorities would be able to apply their own controls and that a need existed.
Mr. Moor, last January 18, Ms. O'Gorman told the committee that better control and oversight measures had been implemented. You said so in your speech as well.
I'd like to ask you four questions about that.
How long have these control and oversight measures been in place?
What effects have they had so far?
Are these measures permanent?
Can they be used to perform checks on existing contracts? I'm thinking, for example, of the contract between the CBSA and Deloitte for the agency's assessment and revenue management application, also called CARM.
We have been looking at developing our procurement improvement plan over the last nine months.
Our first step in that was to remind individual managers of their responsibilities for procurement. All individual managers with delegated financial signing authority—over 800 people—were asked to do 16 hours of training. That was the first thing, just to remind people of what they needed to do.
The second action was that we created the executive procurement review committee. The first meeting of that was in October. We are now looking at every TA and every contract.
The third action is that we are now implementing a quality assurance review process through Alex's team.
The effect is much more transparency over all of the actions we are taking on procurement, and we have strengthened our first line and second line of defence. This was lacking during the COVID period.
Mr. Moor and fellow witnesses, thanks for being here today and answering our questions.
I'll start out with one of your statements from today's testimony. You said that ArriveCAN was done “in-house”. I wonder if you can confirm where the intellectual property now resides. Is it the property of the Government of Canada or does it belong to the contractors who did the bulk of the work?
I'm pretty certain in my answer to this that the IPR belongs to the Government of Canada, because this is an app that we developed and we are continuing to operate.
Okay. If you could confirm that and provide that information to the committee after this meeting, it would be appreciated.
There has been a fair bit of focus on who signed the contracts, and I think that we now have fairly straightforward answers around the role of Mr. MacDonald and Mr. Utano.
I'm interested in the process of confirming that the work was delivered as required. Assumedly, at the other end of the process, the contractors complete the work and submit it and there's some process of reviewing that work and then signing off on it before the bills are paid. This is my basic understanding of the way the process should work.
Were those same individuals responsible for signing off on the invoices prior to the contractors being paid for the work and confirming that the work was done in good order?
I can confirm that the work was done in good order through the Financial Administration Act section 34 requirements. As I said before, the border technologies innovation directorate was responsible for overseeing these contracts. They would receive invoices from the contractors. Their job would be to check that the individuals had done that work. They also have the right technical quality and experience in order to make those payments.
These are delegated authorities provided to, assigned to, individuals within that secretariat. Those individuals had the training and were responsible for signing off on the invoices to confirm that the work was done. I see you nodding, so I'll take that as confirmation.
The reason I'm asking this is that one of the Auditor General's findings was that the CBSA approved time sheets that included no details on the work completed. This is a quote from the AG's report: “This limited the agency’s ability to challenge the contractor’s invoice and, without knowing what work was completed, its ability to allocate the invoice to the right project.”
I guess what I'm trying to point out is that the AG has highlighted a lack of documentation, which assumedly would have made it difficult for those delegated authorities to confirm that the work was actually done. Were those delegated authorities, those individuals who had the authority to sign off on the invoices, provided with adequate information to confirm that the work was actually done?
I think there are two issues here. One is around certification that the work has been done. The other one is around whether the costs have been allocated correctly to the cost centre.
For example, a cost centre manager may well have been observing and seeing that the individual on the invoice had done 30 hours. However, they may not have been allocated to specifically ArriveCAN. This is what I said at the start of this evidence: We did a mistake in not setting up a separate ArriveCAN cost centre code from year one. When we were receiving an invoice, we would say, yes, those 30 hours have been done, but we weren't coding it between ArriveCAN or operational expenditures or elsewhere.
However, we are now looking at all of these invoices, because a number of allegations have been made, to go back and make sure that we have not been overcharged. If we do find that we have been overcharged, we will pursue repayment for those. The minister for the Treasury Board announced last week that PSPC had identified some overpayments. We will be doing the same. If we identify any invoices that were not for work done, we will be pursuing payments for that.
The Auditor General has said that there weren't adequate details to confirm that the work was done, but you're asserting that the individuals signing off that the work had been done had adequate information to confirm that this was the case. Is that correct?
Contracts contain very clear invoicing instructions. If the technical authority isn't satisfied with details in the invoice, they can return it and request additional details.
I don't have details on the number of individuals who were signing it. This comes back to the point I made earlier around the delegated financial signing authorizations. We have around 900 in the agency headquarters in total.
Mr. Moor, could you provide to the committee the names and titles of the individuals who were responsible for signing off on invoices related to the ArriveCAN contracts?
Okay—I'm not understanding whether that's, yes, you can table with the committee the names and titles of the individuals responsible for signing off on the ArriveCAN work.
Mr. Moor and others, just so you're aware, at this committee we have passed a motion in the past requiring that any requests for a response back have to be within three weeks, lest you get called back on why you have not provided that information.
Mr. Moor, I'm going back to the last question I had before I ran out of time, which was about the conversation between Minh Doan and Cameron MacDonald in October 2022.
Marco Mendicino was so unhappy with the media attention on ArriveCAN that he wanted “somebody's head on a platter”. Either Minh Doan would be fired or you, sir, would be fired. He made specific reference to that.
He turned and said, “You know, Cam, if I have to, I'm going to tell the committee that it was you.” He threatened Cam MacDonald. That threat was then relayed up the chain of command. Ultimately, it was communicated to Erin O'Gorman.
To your knowledge, sir, was anyone, particularly Minh Doan, suspended or reprimanded for that threat? Answer yes or no.
I could start with the comment made by the minister. I'm not aware of that comment. I've never come across it. In fact, I never briefed the minister at that time, and I was not—
Personally, I briefed the ministers on supplementary estimates (B) and (C) packages in 2021-22, as well as on the announcement in budget 2022 of the $25 million—
Were you aware of any other senior executive who would have had those discussions?
For instance, would the president and the deputy minister, Ms. O'Gorman and Mr. Ossowski, have had those discussions with those three ministers with respect to the cost overruns?
You heard reference to the award that you received for ArriveCAN, which really begs the question why the award was given, in light of the Auditor General's report and the procurement ombudsman's report.
Can you provide us with documentation, sir, as to how the three individuals identified at the CBSA received those awards, including their nominations and things of that nature? Can you provide that to the committee within three weeks?
We heard last week from PSPC that three additional companies that received taxpayer money and should not have received that taxpayer money are now being investigated by the RCMP. Those three companies were not identified by PSPC because of privacy concerns.
Are you familiar with the three companies in question, sir?
I'm not familiar with those companies. However, I have been informed by PSPC that the CBSA is involved in this, and that our involvement is limited to $15,000.
I'm informed that the individuals who have been identified as fraudulently making claims...some of those claims are linked to us. I think there are 36 different departments affected. The CBSA is affected up to $15,000.
To your knowledge, sir, are there any other companies that are operating under suspicious circumstances with their contracting at the CBSA, either with the ArriveCAN app or with other work done at the request of the CBSA, being considered for RCMP referrals?
I'm not aware of any at the moment, but as I said before, we are now looking through all of the interactions to see if there are any examples.
For example, we have done a review of our contractors who are working and whether they are included in the GEDS system. We have identified a few names there, but I'm pleased to say that in all of those cases, we have spoken to the other employer—
I have in my hand a multi-page letter addressed to Arianne Reza—then the assistant deputy minister, and now the deputy minister for PSPC—in relation to the request for a national security exception in relation to one company.
I'm looking at the third page of this document. Toward the end of it, you indicated:
We have identified a supplier that has already successfully implemented a modern tool for risk assessments on shipments coming in to Canada—
That was once involved with Transport Canada.
—that leveraged technology to build a modern, cloud first approach, low-touch process to replace a manual, high-touch process.
That company in question is GC Strategies, or “Government of Canada Strategies”. Is that correct?
As you know, sir, elected officials come and go, but in our public service we have people who spend decades in the bureaucracy and in program areas. We learned from GC Strategies that Mr. Anthony had been working in the IT sector for companies since 2005. Mr. Firth said he had been working since 2007.
The procurement processes in place on how to obtain some of these contracts have been around since 2003. We're talking about over 20 years where these contractors and subcontractors, many of whom interchange with different companies, are all working on various projects with government. Over time, there are relationships that have been built amongst all these people working together.
Do you think the CBSA has done enough to ensure there's appropriate oversight of employees and their relationships with prospective contract bidders looking to find this work and understanding how to get it? I'd like to hear about what oversight is in place.
I think what I would do is cover it in two separate sections.
The first one really is around the conflict of interest. We have, as part of our procurement improvement plan, strengthened our disclosures around conflicts of interest. What we are now doing is asking all of our staff to declare if they do have a second job, to allow us to evaluate that. There is no real reason why people shouldn't have a second job, but the important thing is to be transparent about that and ensure there is no potential conflict of interest.
The other area that I think you're referring to is the oversight of the procurements and the task authorizations. As I've said before, our procurement improvement plan has created the executive procurement review committee, which is going to be looking at everything over $40,000. We've already had over a dozen meetings about that, and we're already starting to really strengthen the second line of defence around this.
The third thing I would say is that you're asking a more general question around the Government of Canada's procurement. I think the deputy minister of PSPC did refer to that in her evidence on around over 600 staff augmentation companies and really looking to see if we can insource and actually have these facilities or these people in-house.
I'm pleased to say that the CBSA has already started to do this. We have set a target of bringing 25% of all contractors in-house, reducing our level of contractors by 25%. In some cases, we've actually gone even further than that. In terms of our chief data officer, I'm pleased to say that they had 75 contractors in April 2023, and they're now down to 44 contractors in April 2024—well, that's the aim—and that's a 41% decrease.
I think there are multiple different parts to your question.
Well, I'd like to see that there's no opportunity for collusion amongst people who are trying to obtain these contracts, for having a relationship with certain people who are saying, “Yes, here is what you should do to get this contract—this is how you can get this.” To your knowledge, has the CBSA identified any employees who also have procurement contracts with the government?
I'm going through all the checks. We have not identified any at the moment, but what I can say is that we're continuing that work. PSPC has identified some fraudulent payments. I think we have to continue that work and make sure it's all completed. I think it is worth saying, though, that the CBSA takes the allegations of wrongdoing very seriously and, as we have said before, we are currently investigating those allegations.
When I asked Minh Doan about the decision to pick GC Strategies, his initial response was that a team of 1,400 people were all involved and then it was narrowed down to six directors general. Did this decision come down to these directors general? Did they advise Mr. Doan to make this decision? He clearly made the decision.
In terms of our second line of defence on financial controls, we do random selective testing of invoices. At the moment, we're doing about 5% of those invoices and we're checking to make sure they comply with all of those rules and regulations.
I see that tests are done for contracts exceeding $40,000. How do you explain the fact that contracts worth two, three, four, five or six million dollars weren't previously tested, and that there was no reaction?
Everyone gets the impression that things were allowed to run their course haphazardly. People figured that since it was taxpayers' money, it was all right. That's the impression people have about this situation.
Why did no alarm bells go off before October 2022, when the committee started studying the issue?
COVID was a very intense period of time, and we were relying on the delegations of authorities in the DFSA. We were also relying on the oversight of PSPC for their contracts.
In October 2022, when we started our study, spending on the ArriveCAN app was said to amount to roughly $54 million. We were told that this amount included the cost of advertising outside of Canada, in airports, and so on.
Today, that figure has climbed to $59 million, and we can't tell which costs relate to advertising. We see that $6 million was earmarked for the Service Canada call centre.
How much money does CBSA transfer to Service Canada annually for call centres? Does the $6 million pertain to the ArriveCAN app only, or does it include a bunch of other CBSA sectors?
How much is currently being spent on advertising to maintain the app and inform people on how to use it?
Yes. I think, very briefly, the Service Canada call centres were operating for two years. They actually managed 645,000 calls from members of the public, from travellers.
Mr. Moor, I have a question about the CBSA's involvement with Botler. Granted, this deals with a project other than ArriveCAN, but I think it raises some of the same concerns around the diligence of the agency to confirm that the work was actually completed.
In 2021 the company Dalian submitted invoices for work done by Botler and, specifically, those invoices included billing for time allegedly spent on the project by Ritika Dutt, one of the principals of Botler. At the time, Ms. Dutt was on medical leave. This was known to CBSA's border technologies innovation directorate, and yet they went ahead and paid the invoice to Dalian anyway. Why was that done given that they knew that Ms. Dutt couldn't possibly have done the work since she was on leave?
In February 2021, the CBSA contracted with Coradix in a joint venture with Dalian. It was for six particular outputs. The CBSA paid for two of those outputs because that work had been done. They did not pay for the other four outputs because that work was not done to a satisfactory level. It was not about individuals. We were not paying on an hourly basis; we were paying an an output basis.
The time sheets are not relevant when you're doing tasks, because what you're doing is saying, “We will pay you this amount of money for delivering this output.” We're not saying, “We will pay you x dollars per hour.”
There's a document. They were writing particular documents. We received those documents and we decided whether the documents had satisfied the requirements of the task authorization.
One of the documents, for example, could have been a plan. If the plan was satisfactory, we did not have any input on who wrote the plan.
My understanding is that Ms. Dutt contacted the CBSA, but that was inappropriate, because we should not be working with subcontractors. That's not our role.
Mr. Moor, I want to go back to an answer you gave my colleague about the letter invoking the national security exception. The letter mentions the fact that it entails an exemption from the rigorous procurement process normally required when awarding contracts.
Mr. Moor, do you acknowledge that you signed that letter?
So you signed that letter. I don't understand why you hesitate to say that you signed that letter.
Do you acknowledge that this letter started the fiasco that we're dealing with today? An app that was originally supposed to cost only $80,000 to develop has now cost $60 million, according to the Auditor General.
You say that the invoice amounted to $54 million. If that exemption hadn't been requested, we wouldn't be where we are today.
No. The national security exception was requested by PSPC for it to access the powers at the start of the COVID pandemic. The national security exception—
You were the one who signed the letter, Mr. Moor. You can talk about PSPC all you like, but it's your signature at the bottom of the letter. In the letter, you ask Ms. Arianne Reza, assistant deputy minister at PSPC, for authorization to move ahead with this exemption.
You say in the letter that you had found a supplier that had already successfully implemented a modern tool. My colleague has already mentioned this passage, and I will not quote it again.
Mr. Moor, you signed the letter. You're telling a deputy minister that you have a supplier that has effectively implemented a modern tool in the past. Today, before this committee, you say that you can't tell us who the supplier was.
You say it's an example, but it's like the examples on the GC Strategies website. Mr. Firth and Mr. Anthony quoted a lot of federal government officials, but couldn't give us names.
You're doing exactly the same thing. You say in the letter that you found a supplier. What supplier was it?
Why are you using it as an example to justify an exemption from the rigorous procurement process? I would point out that this is what led to the scandal surrounding the ArriveCAN app, an app that was supposed to cost $80,000, but ended up costing $60 million.
It's hard to understand. Who, in this government, is responsible for these signatures?
I was the CFO at that time, and I was an executive of the CBSA. I take responsibility for the failures which have been identified, and I am also responsible for the improvement plan that we are developing to ensure this does not happen again.
I wanted to ask you about the improvement plan a bit. You've read the AG's report and you've read the procurement ombudsman's report talking about the deficiencies in management and documentation. I wanted to ask you about some of the steps you've taken.
The CBSA has said that it has struck an executive procurement review committee and also a procurement centre of expertise. Can you please explain the executive procurement review committee, who sits on it and what is its role?
We established the executive procurement review committee, and our first meeting was in October. I chaired the first eight of those meetings, and now the executive vice-president has taken over the chair.
A number of VPs sit on that, but also, Alex's procurement team is on there. The role is to challenge the individuals who are bringing forward task authorizations or contracts that have a technical authority, but also to seek assurance from Alex's team that we are complying with all the rules and regulations and the standard operating procedures. It is a second line of defence and a check to make sure that the issues that were identified in the Auditor General's report and the procurement ombudsman's report do not happen again.
There are literally hundreds of thousands of decisions that are made, if not millions, or tens of thousands of contracts that are entered into. How do you decide what to look at? I mean, there is a flood of contracts. How do you decide what you review?
At the moment, we have set it at all contracts and task authorizations above $40,000. This will be evolving over time. We are already seeing a reasonable number coming in. It's not unmanageable. We will hold meetings whenever we need to in order to get through the volume.
You've testified in this committee that there's a process of financial reconciliation that's taking place between the numbers that the AG has put forward and the CBSA's original numbers. When can we expect the timeline to be completed for that process, and can we have the results of that reconciliation review?
It's already been completed, and I'm very happy to provide those results to you, but as I explained earlier, the OAG does identify that they have two numbers in play. They have a number of $53 million around the pandemic health component, and then the number of $59 million includes the customs and declaration.
Okay. If you can get that for us in writing, it would be terrific.
The very first question of the committee was asked by my Conservative colleague. He asked the question and didn't provide you with an opportunity to respond.
Can you tell us, in your words, who made the decision to hire GC Strategies? Be as precise as you possibly can as to who was part of that decision-making matrix.
It was decided by the information, science and technology branch. It was within that branch. It was the border technologies innovation directorate.
The executive director at that time was Mr. Utano, the director general was Mr. MacDonald and the vice-president was Mr. Minh Doan. The decision was made within the delegated authorities of the information, science and technology branch.
My colleague singled Minh Doan out, saying that it was Minh Doan's decision, but you're saying that Mr. Utano and assistant deputy minister Cameron MacDonald were also part of that decision. Help me understand that.
The signature on the documents shows Mr. Utano as the technical authority. The second technical authority—I can't quite get the terminology right—was Mr. MacDonald. They both reported at that time to Mr. Minh Doan.
I think I would have had more oversight. I think that's one of the key issues for us.
We were incredibly busy, though, and we were also understaffed in a number of different areas. I think it's worth just reminding everybody of what the pandemic was like at the start. Immediately, most of our people were sent home. We had to set up home offices, we had to set up new organizational structures and we had to manage the border. A lot of the individual border services officers were really very reluctant to touch paper because the Public Health Agency had said you could catch COVID from touching paper, so the necessity to get a paperless process in place was really important.
I see that today we actually have some gentlemen at the committee of whom I'd like to ask some questions about CARM. I see Mr. Leahy there and Mr. Martel, the director of procurement.
The challenge that I have with CARM is the complete lack of consistent statements on when this project began and how much it would cost. To paraphrase Hamlet, it seems like there's something rotten in Denmark.
Mr. Gallivan testified at the trade committee that this was started in 2010 and it was a $370-million project.
In the Canada Gazette, part II, that just came out on March 13, 2024, the government states, “In 2014, the CBSA began the design and implementation of the CARM project”, and that the CARM project is a $526-million contract.
I don't mean to interrupt my honourable colleague's train of thought, but I just want to know the relevance here.
This is the ArriveCAN study and we are looking into ArriveCAN, not CARM, so I would kindly ask my colleague to establish the relevance to the study on ArriveCAN.
I actually see the relevance, so I'll allow him to continue.
I think we heard from witnesses that Deloitte, which is running CARM, was messing up CARM and, therefore, was in the penalty box, which led to us getting GC Strategies. I appreciate your point, but I do see the link.
Go ahead. You still have four minutes and four seconds—
I'm sorry, but I have a point of order, Mr. Chair.
I do apologize, but that is such a tenuous thread, if I can even call it that. Again, may I remind the chair that we're here on a constituency week to study ArriveCAN, and I'd prefer us to focus on ArriveCAN.
What is the link to CARM? I don't see it, Mr. Chair.
The link is the contracting irregularities that took place in CARM. Deloitte was allegedly put in the penalty box, which is how we ended up with GC Strategies, so the link is pretty direct in exploring how we got to GC Strategies through the problems with CARM. That might illuminate the committee with respect to this study.
If I can just deal with the penalty box comment.... I'm not aware of anyone saying that Deloitte was in the penalty box. It is worth identifying that Deloitte worked with us on a number of other things, as well. I, in the finance and corporate management branch—
We'll be happy to provide that to the committee from the ATIP requests, and we'll bring you back to talk about it, but could you answer my question? Is this a project that started in 2010 or 2014? Your government is saying two absolutely contradictory things.
It is the precursor to it. A revenue ledger is extended into CARM, but the language in the submission, you'll see, is both CARM and ARL. They're interchangeable.
What I can't understand is the cost. What we heard from Mr. Gallivan is $370 million, but what we've also heard at committee is that you've spent $438 million. These two numbers are very inconsistent.
What actually concerns me the most is this: In a transition document prepared for the VP of the CBSA on July 31, 2021, it says that the costs are $371.5 million. Interestingly enough, nothing in the estimates or anything else adds up to that at that time point. In fact, you signed a contract on October 6, 2021, for $322,125,778.
Is this contract a result of verbal approvals that were given to Deloitte to do work and you had to then prepare a new contract with Deloitte?
I might ask Mr. Leahy to respond with the details, but what I will say at the start is that the CARM project has been a long-running project. The first two elements of CARM have been delivered, so the agency revenue ledger has been put online.
The cost identified in the transition document to the VP on July 31, 2021, was $371 million. There's nothing in the estimates or supplementary estimates that adds up to that, but there is a contract on August 6, 2021, for $322,125,778.
It appears to me that this is creating a contract to deal with the overruns because there was a contract for Deloitte in 2018 for $32 million, which now appears to have turned into a $322-million contract a mere three years later.
Is this the result of verbal authorizations that had to be covered with a new contract?
I'll say that we did not come to this committee prepared to answer questions on CARM. We're very happy to bring back the detailed information, unless Mr. Leahy can answer.
I think the evidence that we'll bring forward from our trade committee will demonstrate the history and hopefully bring clarity to the question you raised about the lineage of the contract. That material is coming forward to committee.
There were two small contracts around that activity, and the major contract was in February 2018. The initial two contracts to begin work on CARM/ARL.... I don't have the precise dates in front of me, but they were awarded around March 2010.
There were two allocations of funding. There was an initial allocation, as I mentioned, around that timeline. Then there was a contract award in February 2018.
Out of curiosity, how much of an expected loss of revenue would exist as a result of CARM's delay? I know that you have an estimate on why CARM exists, and it's expected to capture some funding. Do you have any idea?
Mr. Moor, it's postpandemic now and a new normal. Changes are being made. Do you still see poor record-keeping happening on any other projects at this point, recognizing some of the issues that have arisen from both the ombudsman and the Auditor General?
I think knowledge management and record-keeping will always be an issue. I think it's an issue around the world in terms of how you ensure that you have the right records, especially post-COVID, which I think impacted us particularly.
We are definitely putting in place ways in which we can improve our record-keeping. I think a good example of that is the procurement review committee. It will be completely minuted. All the records will be kept essentially by the governance unit.
There are lots of suggestions about interrelationships between prospective contract bidders and relationships with employees. Do you think the CBSA has done enough to ensure that appropriate oversight is being taken in this respect?
I think it's very important to say that if a contractor has worked on developing an RFP, then they are precluded from bidding on that RFP. That is part of our rules and regulations. If we find that the investigation says that there's evidence behind that, then action will be taken on that. That is not acceptable.
The only time you can use a contractor to help you develop an RFP is when it's a technical requirement. The individual or the company who helped you then has to be precluded from bidding on that contract.
I'm aware of the reviews being done internally. The security and professional standards directorate does report to the CFO. However, for reviews of executives, all the reporting is done directly to the deputy minister and the president. I am not party to any information on those investigations.
No, I've not experienced any pressure from elected officials. Actually, as the CBSA, our minister is the Minister of Public Safety. I very rarely see the minister unless it is about supplementary estimates or main estimates.
The CBSA has a very clear code of conduct, which is always kept under review and which will be updated. We also have the overarching public safety ethics responsibilities as well.
With respect to the issue around the ArriveCAN component, there are some discrepancies still about the cost. You mentioned two different costs. One was in regard to the immigration component of it. One was in regard to the support for the pandemic. Can you elaborate a bit further on this?
There are two elements to ArriveCAN. On my mobile phone, I still have the ArriveCAN app. I used it a couple of weeks ago to return to Canada.
One of the things the Auditor General did point out was that the benefits from ArriveCAN are still ongoing. The work we developed during the public health testing stage is now available for us to use for the advance declaration.
Mr. Moor, do the three measures that you put in place apply to current contracts, like the one for the agency's assessment and revenue management application, also known as CARM?
Yes, they are being applied to all contracts. The only exception is CARM, which is being managed by the executive committee directly. There's a subcommittee for CARM.
According to Ms. Ladouceur, spokesperson for the Canada Border Services Agency, the objectives are to publicize the application and add other important features. That was her answer to a reporter's question. The app needs to be publicized more so that people use it more. Right now, 300,000 people use it every month. That amounts to only 13% of travellers, which is not a lot, between you and me.
How much will it cost us to make it more widely known?
What other important features need to be added?
How much is going to be invested in this application annually, and for how long?
The maintenance of the existing app is costing just under $3 million. That is for cloud hosting and for technical support.
The actual advertising is being done largely by third parties. While I was on the plane coming back, it was Air Canada that was saying to use ArriveCAN because it would speed up your border process. We're also seeing at the airports extensive advertising on the benefits of ArriveCAN.
The intention is to roll out ArriveCAN at the land borders. That's part of our travel modernization project, which is ongoing at the moment. Clearly it was intended, during COVID, as part of the public health measures, that the e-declaration would be rolled out at the land borders shortly.
Mr. Moor, going back to my original questions around invoicing, would it be fraudulent for a contractor to submit an invoice to the CBSA indicating that a certain resource had been used to complete the work when that resource wasn't in fact used to complete the work?
It would be if it was a staff augmentation contract. For example, if we had asked for a level three technical architect and we were delivered a level two technical architect, that would be fraudulent, but in this case, in the Botler case, we were asking for an outcome, for an output, and, therefore, we were judging the quality of the output on the quality of the work done, not on who did it.
Can I take it from your comments that there was no process to confirm which resources were used to get to that outcome and that what the CBSA was concerned with was the quality of the outcome, not the resources that were used to get there?
That subcontractor didn't have a contract, just to be clear, but I guess what I'm trying to get at is this idea that in these task authorizations, different resources are valued at different amounts. We've heard at this committee about the bait-and-switch approach that some unscrupulous companies use, whereby they suggest that certain resources are going to be used in order to get the work, and then when the work is actually done, they use different resources that cost them less.
Here we have a case in which a contractor is indicating that a certain resource was involved in the work when in fact they weren't, and you're saying that isn't a problem?
Botler's contract would be with Dalian-Coradix, not with us. We were contracting with Dalian-Coradix and we were asking them to produce six documents. It was not relevant to us who was producing those documents. What was relevant to us was that the quality of the documents was in line with the statements of work.
Is it required that the resources used be cited on the invoice? I'm looking at the invoice right here and it includes the task number and the specific resources that were utilized in completing the work. Is that a requirement of the invoicing process?
It was not in this case, because we were asking for a task to be completed; we weren't asking for individuals. That is a requirement if it's a staff augmentation contract, because then we would need to check that they have the right skills and experience to do the work.
The Auditor General said in her report that in documentation provided by the CBSA the financial records and controls were so poor that they were unable to determine the precise cost, and they pegged it at $60 million. That report has been out for 50 days now.
Mr. Moor, can you tell us if you've provided any follow-up documentation since this report to the auditor's office to further clarify what exactly was the cost of ArriveCAN?
No. We have not provided any further information, but the information that we've agreed to provide to the committee we're very happy to share with the Auditor General.
As I've said before, I don't think it's possible to get a completely firm number, because in the first year we did not have a separate accounting code. What we did was use our experts to make their best estimate of how much it had cost. Our best estimate remains $55 million.
Well, let me ask you this, because we are now aware that 76% of contractors who did work on this, who actually did no work, billed the CBSA. We know that there are records of shredded documents. That is well known and has been shared with Canadians.
Again, the Auditor General said there were “weak” financial controls and record-keeping when it came to your work.
As CFO, do you think a third party forensic audit of ArriveCAN is necessary based on what you now know and on the points I just raised?
I think you raised a number of different points in there.
The procurement ombudsman referred to the 76%. That was actually the question previously about sort of who does the work. When you're using staff augmentation, we were checking the individuals having sufficient qualifications—
With the facts that I've raised, the circumstances and what you know now as the CFO, do you believe that an independent third party forensic audit is necessary with ArriveCAN?
We have shredded documents, the Auditor General saying there were weak financial records and controls, and the procurement ombudsman's report. Yes or no, do you believe that a third party forensic audit is required here in these circumstances?
I don't think it would add anything additional, because we've already had a third party audit in terms of the Auditor General and also the OPO. What we are acknowledging here is that we did not have a cost accounting code in year one, so there's a judgment: How much was being spent on ArriveCAN versus other operational activities?
Sir, I think there would be many Canadians who would disagree and say that in this case a forensic audit by a third party is necessary for each of these, because the more we learn, the more vague and the more evasive, frankly, many of the witnesses will be on this.
I want to ask you about performance bonusing, Mr. Moor.
For the executives at the CBSA who have been responsible for what happened here with ArriveCAN, can you confirm whether they have received bonuses this year or not?
I can't confirm if they received bonuses this year because the year is not actually at an end, but I can confirm that during the period under review I did receive performance payments. We've already agreed to come back with information on that to the committee.
Going forward, then, in that case, knowing now...with the Auditor General's report now tabled, do you believe executives at the CBSA responsible for ArriveCAN should get performance bonuses in the future?
You wouldn't rule it out based on what you know and the findings here in the Auditor General's report, the procurement ombudsman's report and all the facts that you know, and based on how atrocious the financial record-keeping was at the CBSA. You can't rule it out and say now that executives at the CBSA who were responsible for this mess should not get a performance bonus going forward, now that you know what's in the Auditor General's report?
Sir, I know what's in the Auditor General's report, and I'm disappointed. I come back to my previous comment.
When we do our financial assurance, we are on average at around 8% or 9% errors. Most of those are not compliance errors. They are administrative errors. In the Auditor General's case, she identified 18%. That is very disappointing, and I recognize that. However, a lot of that has to do with the fact that we did not have a cost accounting code at that time.
There's an error of $60 million with ArriveCAN that Canadians are frustrated with and, again, you're disappointed. I'm going to ask you again. With being disappointed in the contents of the report and how damning it was about the financial practices and record-keeping, you're not going to rule out that executives at the CBSA this year are going to get performance bonuses based on what we now know with ArriveCAN.
Well, I don't think that's a question I can answer, because I do not set performance bonuses.
What I can say is that we are taking action to address all the recommendations in the Auditor General's report. I do not agree that we don't have the information; there are areas in the information that we are uncertain about, and we had to make estimates.
Mr. Moor, I'd like to thank you and your colleagues for being with us today. You'll have to forgive me, because I'm joining halfway through. Hopefully, I won't be repeating what my colleagues have already asked.
I read this is in your introductory notes: “PHAC asked the CBSA to assist them by developing a digital form, and the first version of ArriveCAN was released six weeks later.”
Can you walk us through what those first six weeks looked like?
Those first six weeks were very, very difficult for the agency. The pandemic had been announced, and we were very much at the front line. We had individuals in the border services offices who were dealing with people who could have been infected by COVID-19. There were a number of repatriation flights.
The best we could do at that stage was to have a manual paper-based form. This was an issue for a lot of our officers, because we were being told at the same time that you could catch COVID from touching paper. It was an urgent matter to get this form digitized.
When you look at value for money, you see that the paper-based system was around three dollars per unit, whereas the ArriveCAN system is about one dollar per unit, or one dollar per traveller. It was more efficient than the paper-based system. It was actually also much more effective than the paper-based system. The paper-based system had to be sent off and it had to be coded into the records. It then had to be provided to PHAC, who then provided it to municipalities to actually follow up on the quarantine.
The Auditor General, in her own report, identifies that it was more effective to use ArriveCAN because they could get that information before the end of the 14-day period. With the paper-based system, it was taking up to three or four weeks to get that information. I think it is worth bearing in mind the effectiveness and the efficiency.
It was a very difficult time for all of us. As well, a large majority of our employees were sent home to work. That was a new thing for lots of us.
Therefore yes, I would say that at the start of the pandemic, it was a crisis situation. We were working incredibly long hours. During that time, I'm sure we made mistakes, and we should learn from those mistakes. It was a very stressful and difficult situation.
Thank you very much. I certainly remember that time. We were told to wash even our groceries, for example, or wear gloves to pump gas. It was certainly a time of uncertainty.
Over the two and a half years after the fact, the CBSA responded to the challenging health requirements as they were coming at you. Again, it was kind of like drinking from a firehose. Through over 80 orders in council, 177 different versions of the app were released. I wouldn't ask you to explain each one, but what predominantly were some of those changes with each one of those iterations of the app?
When we set up our governance structure in the pandemic, we set up two separate task areas. I was responsible for the internal task force. One of my colleagues was responsible for the border task force. All of ArriveCAN was done through the border task force. This was mentioned in the Auditor General's report in 2021. It was a partnership, at that stage, between PHAC, ourselves and a number of other government departments. Various decisions were being made minute by minute. I was not part of those decisions. I was running the internal task force, which was more focused on the activities of the organization and the health and safety of our officers.
It was a very dynamic environment. It was my understanding that things were changing very much at the last minute, and then that had to be coded to allow us to update ArriveCAN at the time. It was very complex, it was very difficult and very long hours were being worked.
There were a number of them around the world. All of them were slightly different. Certainly the U.K.'s, which I was aware of, was different. I know the European one also. Basically, they were doing the same function. They were trying to record information on people travelling into the country so that they could trace those contacts—that was particularly important when you were seeing new variants coming in—and allow the public health agencies around the world to be able to track where those individuals had been and how the spread of the new variants was operating.
As well, as the ArriveCAN app progressed, we had the proof of vaccine credential. That was also a very complicated, difficult system, and it was complicated and difficult for us to be able to identify the vaccines and go right back into the provincial health data systems to check that they were valid.
I was just wondering if there were discussions or dialogue happening about shared practices or best practices within those government entities that were facing the same thing, or were we flying on our own on this one?
We did have many conversations with our colleagues around the world, but I think we were slightly flying blind, because every requirement was different.
Would you agree with me, sir, that deleting four years' worth of relevant emails—not because they were corrupted, but deliberately deleting them—during the ArriveCAN development and outlay would potentially constitute not only a highly suspicious action on the part of Minh Doan but also potentially an illegal one under the Criminal Code? Obstruction of justice comes to mind.
Do you believe that's worthy of an internal investigation?
I want to circle back to GC Strategies. There are a couple of issues that were raised in the Auditor General's report.
First of all, the CBSA informed the Auditor General during the report stage that GC Strategies was awarded their initial contract on the basis of a proposal that was submitted.
The CBSA indicated that it had discussions at the time with three potential contractors about submitting a proposal to develop the ArriveCAN app, yet through investigation, the Auditor General found that only one proposal was received by the CBSA, but not for GC Strategies.
Why would the agency deliberately mislead the Auditor General?
My understanding is that at the start of the pandemic—and again, I was not directly involved in these discussions—they mocked up what the first version of ArriveCAN would look like and asked three organizations—Deloitte, Apple and GC Strategies—
Why would the CBSA deliberately mislead the Auditor General by saying that it had received a proposal from GC Strategies when in fact it had not? Why would they deliberately mislead?
No, sir. The CBSA said that GC Strategies provided a proposal. The Auditor General confirmed that it did not.
The question is very simple: Why is the CBSA actively misleading the Auditor General in the performance of her role?
It really brings to mind the cosy relationship that GC Strategies had with the CBSA.
The second case in point is that there was a reference to a $25-million sole-sourced contract going to GC Strategies, and the CBSA invited GC Strategies to write their own contract. If that's not showing favouritism to GC Strategies, I don't know what is.
What was going on at the CBSA that allowed these highly irregular and suspicious contracting practices with Kristian Firth and Darren Anthony of GC Strategies?
I am not aware of the status of that. What I am aware of is it has been longer than our normal standard operating procedures. Our service standards are 120 working days to complete an investigation. It has been longer than that.
Mr. Moor, I believe we ran out of time when I was asking you about Mr. Doan and the decision to pick GC Strategies. His initial response was that a team of 1,400 people made this decision, and then when asked, he narrowed it down to six directors general.
Did this decision come down to these directors general? Were they giving instruction or advice?
I think Mr. Doan was referring to the fact that there are 1,400 people in the information, science and technology branch. Those people reported directly to him as the vice-president.
I think it's also clear that the technical authorities for all of these contracts were with the border technologies innovation directorate. As I have said before, the executive director of that was Mr. Utano. The DG of that was Mr. MacDonald.
I cannot comment on what Mr. Doan actually said back in the evidence. I have looked at the evidence, but I can't comment on the detail of that.
I think we can go back and check to see whether the names were....
He was referring to the directors general who reported to him. I think in this case, it would be unlikely that all of those directors general would be involved in a decision like this. It would have been the responsibility of the DG of the area of his organization who was doing this contracting.
When examining options for suppliers, what evidence was CBSA relying on that indicated that GC Strategies could provide the federal government value for money?
Again, in the evidence given last week by PSPC, it was on a TBIPS, a task-based informatics professional service, so they were already a qualified vendor. That was confirmed by PSPC.
In terms of value for money, that's part of the contract authority's responsibilities. The technical authority is responsible for the statement of work and the technical ability of the contractors to do that work. I would refer back to PSPC for any questions around the value for money through the contract authority.
There are issues identified by the Auditor General and the procurement ombud. In their reports, the issues are the result of shortcomings in the directive on the management of procurement—or rather, the guidance to managers about that directive.
This is one of the reasons we have asked all of our delegated managers to do the four training courses. It's to remind them of what their responsibilities are under the procurement directive. It's also around our other procurement improvement plan activities.
For example, the executive procurement review committee will also be checking that we're complying with all of those rules and regulations. Alex's team has already updated our standard operating procedures with checklists to ensure that we are complying. We're also putting in place an assurance review process, which will allow us to go into the individual files and ensure that there has been compliance across all of the files that we look at.
Everyone has been trained in terms of the first line of defence. We're now training, within Alex's directorate, the individuals who will be doing the assurance reviews. We will also be training the executive procurement review committee in order to ensure that they have all of the knowledge available to them to be able to exercise their judgment correctly.
Yes. Reviews will be summarized on a quarterly basis and they will be reported back to the executive committee. We've already piloted the reviews, but our first quarterly report will be in July.
Mr. Moor, you said earlier on that you were unaware that members of your team had received an award from the Canadian Materials Procurement and Management Institute, or CIMG.
How is it possible that a manager wouldn't have that information and congratulate his employees? It's important for employees to get a little pat on the back from their superior.
Okay. Basically, there are lots of steps involved before getting a comment from anyone.
Mr. Leahy, earlier on, we talked a little about the CARM application. I'm raising the matter again because I see a number of things that remind me of the ArriveCAN case. There's a lot of goodwill and people want to speed up the process, but we can't disregard the fact that borders are key trade locations.
How many pages were in the technical specifications submitted by Deloitte for the CARM application, and how many comments were made about those specifications?
There were several documents. I think the request was made last week, and there are over 600 pages in all. There was also a list of comments from CBSA staff about the documents.
The development budget to date is $438 million, and $182 million was paid to Deloitte. That's what came up at the last committee. The question was how much we have paid Deloitte and how much we have spent on the development of this. It was $438 million on development and $182 million to Deloitte for development.
Mr. Moor, in response to a previous question, you indicated that no one raised red flags about GC Strategies until this committee's investigation began.
I do, and I find that disappointing. I think one of the things that we have learned here is that we do need greater oversight of procurement and task authorizations in the organization. That is why we have developed a procurement improvement plan.
I think, going back to 2020, the procurement team was relatively small. We have now enhanced the procurement team to act as an assurance provider as well as a contract authority for the contracts that we do.
To be clear, though, Mr. Moor, didn't Botler raise serious concerns and allegations regarding the relationship between GC Strategies and the CBSA in 2021?
My understanding is that Botler, at the time, raised concerns with ISTB, the information, science and technology branch, around the payments. They were making complaints that they had not been paid by Dalian and Coradix. It wasn't until, I think, November 2022 that they raised allegations. Those went straight to the president, and the president passed those to internal affairs, which then subsequently passed them to the RCMP.
But this committee's investigation didn't start until after that, so the CBSA had received the concerns from Botler prior to this committee's beginning its work on ArriveCAN. Is that correct?
I can't remember precisely the dates, but I was made aware of the allegations by the president when she received them in, I think, November 2022, and then they were passed to internal affairs.
I guess the surprising part of your statement that no one had raised red flags about GC Strategies is the fact that if you read the Botler investigation report that they provided to the CBSA, it's alarming. The communications and the relationships that are documented in that report—and, admittedly, not all of these have been proven—point to major misconduct at the CBSA, and yet it's taken this committee's work to get to this point, such that the RCMP is now looking into it and there are something like 12 different investigations into how the CBSA conducts procurement.
I'm just wondering why the CBSA didn't take Botler's red flags more seriously back when they raised them.
Mr. Leahy, earlier on you seemed to want to answer questions. I'd like to ask you one.
I'll return to the passage that says, “We have identified a supplier that has already successfully implemented a modern tool...”. You told us that the supplier in question was Lixar.
A while ago, I asked you to name the supplier. You told me it was Lixar, but it was actually Lixar and GC Strategies. I'd like an explanation. What you are about to say, Mr. Leahy, is important.
Why did you omit to tell me about GC Strategies just now?
Mr. Moor, in the letter that you signed, we see an allusion to GC Strategies for the first time, although the company isn't named.
Were you aware that the supplier that you were recommending in that letter to the deputy minister of PSPC was a company composed of BDO Lixar and GC Strategies?
I was not aware of that. The letter was provided to me by the individuals who were responsible for preparing it, and, as you said, it did not refer to the actual name. That's why I asked Mr. Leahy to answer, because he was aware of the names.
I would say for my comment that the reference was not to an individual company that I was aware of. Also, it was a reference to a company which was doing commercial goods rather than doing traveller goods with ArriveCAN—
I know that French and English interpretation is a factor to take into consideration, but you are hesitating. You are avoiding saying the names of these two companies, which are not mentioned in the letter.
We now know, following Mr. Leahy's revelations, that this presentation was given by both companies, which work together without necessarily being connected by contracts or shareholders. This is the first time, then, in this letter, that any mention is made of allowing these companies to bypass the normal procurement process.
This is the first time that GC Strategies is involved in the file.
I believe that GC Strategies was awarded sole-source contracts prior to the June 1 letter.
It's important to make a distinction between a justification for awarding a sole-source contract subject to rules and an exemption granted for national security reasons when international agreements exist.
Mr. Moor, I'm going to ask you to comment on the following.
Since the information about ArriveCAN has come to light, the RCMP is looking at ArriveCAN. The ombudsman procurement office has provided a report on the management gaps around ArriveCAN. The Auditor General has provided a report around the management gaps, financial gaps and documentation gaps around ArriveCAN. We will be hearing from the Competition Bureau Canada. As I understand it, they will coming here as a witness. We've also asked the Public Sector Integrity Commissioner to possibly appear and provide testimony on this issue, as I understand it.
At the same time, there is an ongoing internal CBSA investigation, as we have heard. At the same time, PSPC suspended GC Strategies back in November of 2023. I believe that the CBSA has followed suit as well, suspending contracts with GC Strategies. On March 6 of this year, we understand, PSPC suspended security status for GC Strategies as well.
Can you comment on what's taking place right now in terms of the investigations and studies on ArriveCAN? Are we missing something? Are there other agencies or bodies that we could bring to bear on this issue?
I don't feel that we're missing anything. There have been an awful lot of studies. I would put them into two categories.
I think we know that issues arose during the pandemic, and we are grateful for the lessons learned. I think the lessons learned are fairly similar across most of the studies. As I've said before, we're putting in place a very detailed procurement improvement plan as well as a wider management improvement plan, which includes financial management.
I think the second category is wrongdoing. We take allegations of wrongdoing very seriously, and we are committed to acting on any wrongdoing that is found.
It's probably worth just sort of thinking about our wider investigations. In 2022, we had 212 founded allegations, and we took disciplinary action on 144 of those founded allegations. We do see, sadly, investigations and allegations that have been made, and we have a very professional team that completes that work. Clearly, there's also an investigation going on with the RCMP, so I can't talk about the wrongdoing, and I would leave that up to the experts.
What I can say is that we have already put in place very clear improvement plans around the lessons to be learned. I don't think there's necessarily anything we missed in the lessons learned. As the comptroller general said a few meetings ago, perhaps this is now the time to allow the CBSA to get on and deliver those improvements because, really, we have a lot to do. I think we recognize the problems. We are disappointed in a lot of those problems, and now we are working to address them.
It's been asserted that the $50-million-plus cost of ArriveCAN has ballooned out of control. However, we heard today in your testimony that in fact, in the first year, $5 million was approved for the ArriveCAN system—not just the app, but the system. Then, in year two, additional funding allocations were made of about $25 million. Then, in year three, an additional $25 million was provided to run the ArriveCAN system.
Can you speak to that and to the assertion that the CBSA was not aware of the costs?
A lot have talked about value for money. Actually, I spent the first 10 years of my career as an external auditor, and I'm very aware of value-for-money studies. Value for money is made up of three core functions: economy, efficiency and effectiveness. I do believe that ArriveCAN provided value for money. I don't believe it provided the best value for the taxpayer.
The examples I'll use on that one.... It is very clear to us that in terms of effectiveness, it was providing information to the Public Health Agency so that the agency could enforce quarantine on a timely basis. That was not being provided by the paper-based system, and the Auditor General recognizes that in her report.
In terms of efficiency, it's also clear that the ArriveCAN app was costing around about a dollar per person. We had 60 million travellers processed, and it was around about $60 million in terms of the cost. That compares to three dollars per person with the paper-based system.
Economy is a much more difficult thing to prove, and it also requires judgment and hindsight to look at economy. I do not believe that we necessarily had the best value for the taxpayer, and we learned a lot of lessons there. However, we were in an emergency crisis situation. We overused contractors; I think elsewhere we would take more time and would do less of that. If we hadn't been in a crisis, we would have had a project plan and we'd actually have treated this as a project. We would have had a plan and we would have implemented it.
Therefore, yes, I think it has provided value for money, but not necessarily the best value for the taxpayer.
Colleagues, before we adjourn, I need to approve a couple of quick budgets, please. One is on the supplementary (C)s, and the other is for the main estimates. One is $500, and one is, I think, $1,000. It's just for headsets and meals. We probably won't use the headset money, and we won't use all the meals.
Actually, they're $1,000 and $1,000. As usual, it's for a contingency in case we need to send out headsets, which I don't think we will.
I see thumbs-up and general agreement for the supplementary (C)s for $1,000.
It's the same for the main estimates: $1,000. I see thumbs-up all around. Thank you very much.
Before we adjourn, colleagues, as a committee we've been dancing around several issues of disclosure with various witnesses in terms of Botler's communications with the CBSA, the misconduct report that started the internal investigation, the referral to the RCMP, and, lastly, the whole issue regarding the deleted emails in the report generated by the CBSA.
Mr. Chair, I'm prepared to move a motion at this time. It is in both official languages. Perhaps the clerk could distribute the motion to the committee.
Colleagues, I'm very flexible in terms of the timing here. The motion reads as follows:
That the Committee direct the Canada Border Services Agency (CBSA) to present, no later than April 2nd, 2024: (a) all Botler AI communication with Erin O’Gorman and other employees of the CBSA; (b) the misconduct report received from Botler AI in the fall of 2022, and (c) any and all evidence pertaining to the deleted and/or missing CBSA emails attributed to Minh Doan.
Mr. Chair, I'd just ask for a little bit of time to suspend here so that my colleagues and I have a chance to review this motion and discuss it, please.
My camera is off when it should be on, and my mic is on when it should be off. What can I tell you?
We would like to propose an amendment to this motion. I'm just waiting for it to come out.
With regard to the timing, because so many of these things are ongoing, we'd like to extend it. We also want to deal specifically with items (a), (b) and (c) accordingly.
Right now, you have April 2 as a possibility. We're suggesting that the timing may have to go farther in order to allow for some of the work that's being done, particularly around item (c).
I do. I believe we are suggesting the 19th, but I'm awaiting the final amendment in this regard.
I think item (b) is already established. We should be able to obtain the materials in (a) and (b) effectively within this timeline, but perhaps not (c). I don't believe it will be. It's being reviewed now, I believe, by other committees as well.
Give me just a moment. I'm talking to try to allow myself the opportunity to see the final amendment, Mr. Chair.
I'm getting some indication.... I apologize. It's difficult because you're not in the room. I'm getting some indication that the parties are fine with eliminating (c), just because the OIC is looking at that.
I think we all get your point on the timeline on that as well.
It reads, “That the Committee direct the Canada Border Services Agency (CBSA) to present, no later than April 19th, 2024: (a) all Botler AI communication with Erin O’Gorman and other employees of the CBSA; (b) the misconduct report received by Botler AI in the fall of 2022, and (c) any and all evidence pertaining to the deleted and/or missing CBSA emails attributed to Minh Doan.”
If it's being suggested that we delete item (c) from the amendment, I'm okay with that as well.
Can we get UC on Mr. Sousa's amendment, which is changing “April 2nd” to “April 19th”—we'll say “at noon”, if that's okay, because we need a time—and then eliminating item (c)?
I'm sensing a thumbs up all around for Mr. Sousa's amendment.
(Amendment agreed to [See Minutes of Proceedings])
We're back on the amended motion.
Does anyone wish to speak, or can I safely assume we're all in agreement with the motion? Do we need to have it read back to be on the safe side, or are we fine?
(Motion as amended agreed to [See Minutes of Proceedings])
The Chair: Wonderful. Thanks very much, everyone.
If there's nothing else, colleagues, we are adjourned.