2nd Session - 43rd Legislature, Public Accounts 3, Mar 26, 2025

TIME – 6 p.m.

LOCATION – Winnipeg, Manitoba

CHAIRPERSON – Mr. Josh Guenter (Borderland)

VICE-CHAIRPERSON – MLA Jim Maloway (Elmwood)

ATTENDANCE – 9 — QUORUM – 6

Members of the committee present:

Mr. Brar, MLAs Compton, Dela Cruz, Mr. Guenter, MLAs Lamoureux, Maloway, Messrs. Nesbitt, Oxenham, Mrs. Stone

WITNESSES:

Tyson Shtykalo, Auditor General of Manitoba

MATTERS UNDER CONSIDERATION:

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2021

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2022

Auditor General's Report – Operations of the Office for the year ended March 31, 2023

Auditor General's Report – Operations of the Office for the year ended March 31, 2024

* * *

The Chairperson: Good evening. Will the Standing Committee on Public Accounts please come to order.

This meeting has been called to consider the following reports: The Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2021; and The Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2022; The Auditor General's Report–Operations of the Office for the year ended March 31, 2023; and The Auditor General's Report–Operations of the Office for the year ended March 31, 2024.

Before we get under way, I am tabling the following document, which has been provided electronically to all members: Responses from Shared Health to questions from the Standing Committee on Public Accounts meeting on March 5, 2025.

Are there any suggestions from the committee as to how long we should sit this afternoon?

Mr. Greg Nesbitt (Riding Mountain): I suggest 30 minutes.

The Chairperson: It's been suggested that we sit for 30 minutes.

Is that agreed? [Agreed]

In what order does the committee wish to consider the remaining reports?

MLA Jim Maloway (Elmwood): Global basis.

The Chairperson: It's been suggested that we consider the reports on a global basis.

Is that agreed? [Agreed]

At this time I will also ask the committee if there is leave for all witnesses in attendance to speak and answer questions on the record if desired.

Is that agreed? [Agreed]

I would also like to remind everyone that questions and comments must be put through the Chair using third person as opposed to directly to members and witnesses.

Before we proceed further, I'd like to inform all in attendance of the process that is undertaken with regard to outstanding questions. At the end of every meeting the research clerk reviews the Hansard for any outstanding questions that the witness commits to provide an answer to and will draft a questions-pending response document to send to the deputy minister.

Upon receipt of those–of the answers to those questions, the research clerk then forwards the responses to every PAC member and to every other member recorded as attending that meeting.

Does the Auditor General wish to make an opening statement?

Mr. Tyson Shtykalo (Auditor General): First I'd like to introduce the staff I have with me today.

I'm joined by Natalie Bessette-Asumadu, who is the Deputy Auditor General and chief financial officer for my office, as well as Melissa Emslie, who is the director of strategic operations for my office.

Mr. Chair, under The Auditor General Act, I am required to report to the Assembly annually on the audit work carried out by my office, and to bring to the attention of the Assembly anything I consider necessary. This requirement is fulfilled through the release and tabling of my annual operations report.

Today, I want to provide a brief overview of the operations reports I released in 2021 to 2024. These reports cover the organizational structure of my office, provide details about our various service areas and summarize the work we did in the previous years.

They also include discussions of our strategic priorities, the risks we must mitigate and the barriers we face to successfully implement our strategic plan.

While there are many–while there are steps my office can take to try and mitigate the risks we face, current legislation creates barriers that limit our ability to fully implement our strategic plan. I discussed three of these barriers in the most recent operations report of March 31, 2024.

The first barrier pertains to independence. A long-unresolved matter that impacts our actual and perceived independence from government is our relationship with the Public Service Commission, which makes staffing decisions that affect our office. A government organization that we audit should not be in a position to make decisions that have a direct impact on our operations. Only the Legislative Assembly, through one of its committees, should have that ability.

The second barrier pertains to access to information. In the 2024 operations report, I note that a restriction on our access to Cabinet confidences makes it difficult for us to access the information we need to do our work. The inability to access the information could result in a scope limitation for audits being performed.

The third barrier relates to our financial statement audit portfolio. For several years, we've been working towards building a portfolio of financial statement audits that are of strategic importance to the Leg. Assembly. We no longer perform a number of smaller, less significant audits that we have been for many years; however, we're still restricted as to what financial statement audits we must complete each year. This is because legislation for numerous organizations requires the Auditor General to be the financial statement auditor.

We need a mechanism that allows us to strategically select and rotate the financial statement audits that we do so that we can maximize the value we deliver to the Legislative Assembly.

In conclusion, I would like to extend my thanks to my staff for their diligence and hard work. And I look forward to the discussion today.

The Chairperson: I thank the–excuse me–thank the Auditor General for his opening comments.

The floor is now open for questions.

MLA Maloway: I'll start off here.

I've always been interested in why and how governments get into such trouble on IT projects. I mean, it's just constant. I remember the Phoenix pay system when I was an MP. That thing was starting to boondoggle at that time, and I'm still reading about it today. Like, it's cost billions of dollars. Well, I don't know about billions, but it's cost huge amounts of money.

And so, we should be able to be on top of this stuff. For example, Autopac. I mean, this spans now two governments. We've got really bad numbers there. Like, there's got to be a better way of getting on top of these things. When you see something going wrong, you should be able to stop it, like, before it gets to be those kinds of numbers.

And it seems to be just–I'm sure that private business has similar issues, but you just don't read about it in the paper the way you do about government projects.

So I know that we are–right now, we're–we've got the SAP ERP and we're sticking with them. And now we're going on some kind of a cloud-based renewal and, you know, we don't want to see any boondoggles there.

But can you explain to me how we can avoid this and how these things keep cropping up on us?

Mr. Shtykalo: Audit, by its nature, is usually very backward looking.

We're–if we're not looking at the financial statements of a previous year, we're looking at a program and the operations of that program in a prior year.

* (18:10)

You know, the nature of audit just, by its nature, makes it difficult to perform proactive work. That being said, there are some things that we have had discussions in the office related to this. For example, the new SAP HANA ERP modernization initiative that the government is currently working on is something that would have a direct effect on our audit of the Public Accounts and, conceivably, all of our audits going forward. As such, part of our audit process, you know, requires that we identify these risks and address them.

So one of the things that we've been looking at as an office is if there's a way, you know, that we don't necessarily wait until a project is fully implemented and in process, but we can actually look back at–after certain stages or milestones of a project are complete.

Now, sometimes we will do that. The question then becomes on–you know, whether what we found would be in–would meet the test of strategic importance to the Leg. Assembly. We have started to make comments in our reports to the Leg. Assembly–especially, I can reference our report to the Legislature on our financial statements at December 31, 2024. We do bring up this risk of the moving to a new system and ensuring that the systems that are in place that are going into the new system are accurate before they go in. So you don't want to take something with issues or that is an unresolved problem, put it into a new IT system and hope that that new IT system will fix it.

So I anticipate, like, our role with respect to this large project will be similar going forward, because this is a multi-year project. So our intention is to monitor the progress of that project with respect to our largest audit of the Public Accounts on an annual basis.

MLA Maloway: Just as a follow-up question to that: I know that, like, when we first implemented SAP in the original version of that ERP, when we first did that, the companies that bid on it that lost were basically leaking to us like crazy, like on a daily basis almost, about all the boondoggles that were being perpetrated by the people that were putting in the original SAP. That was like 1992, right? Around in there.

So if we could get such good information from the competitors–I'm not saying it was all accurate information. It was–you know, these were the guys that lost the contract. They didn't–but they were–they had inside information, like, at any given time, and if you were a critic, you could find out about it, or–so the question is, like, if all that information's out there, we all know about it, then why are we still having all these cost overruns? I don't get it.

Mr. Shtykalo: I don't have an answer why we're having these cost overruns.

One of the things that–potentially that would be in line with a traditional audit would be to look at the role that the department plays in overseeing the implementation of such projects. This would be, again, as I mentioned, sort of after the fact, but certainly something that's always a possibility or a consideration for our office.

Mr. Nesbitt: So the Auditor General has identified the three barriers toward–that they see towards implementing the strategic plan. And I understand the office is an independent office of the Legislative Assembly. What I would like to know is, these concerns have been identified starting in 2014 and, you know, as recent as the latest report here, especially in the independence part of it.

And so I guess I'm wondering, these reports, they come to us, but does the Auditor General then have access to departments of government or ministerial–ministers of departments so that they can understand what the Auditor General's office needs in order to not have these barriers.

Mr. Shtykalo: Sure. Well, I'll speak to the independence one; that's the barrier that you were speak–asking about.

So, yes, this has been a long-standing issue with our office, not unlike departments that have frustrations with the inability to make staffing decisions, and with regard to classification or pay rates and that sort of thing. The distinction with our office, being that we're an independent office and it's a department, or the Public Service Commission is subject to our audit mandate, making direct decisions over the operations of our office. So that, by its nature, creates a conflict and, you know, could be viewed to impede on our independence.

Now, we have been flagging this issue for many years in our operations report, but we've also been having discussions with the civil service commission at the time, and now the Public Service Commission. But I think what we find is we come up, we–there's only so far we can take those discussions.

So we come to a workable solution that's–you know, I have nothing but respect for the people in the commission and the workers. We have a good working relationship with them and we always have. But there's limited action that they can take.

Now, you'll see there's a break in the dates in my report, where we reported up until 2019. What happened in 2019 was around the time that the new Public Service Act, replacing the old civil service act, came into place. What that new act had was a distinction between the core public service, allied public service, which is what the independent offices were considered under the current act, and the external public service, which are Crown corporations, et cetera.

So at the time there were discussions that we had had with the commissioner, saying that once the new act was in place there would be an opportunity now, under the new act, to address some of these concerns about our ability to make the staffing decisions that we wanted. And so I stopped including that concern in the operations report for a few years.

However, nothing changed, and the–although the act allowed, or contemplated, a different sort of framework for the allied public service, including our office, it remained largely the same.

Now, I acknowledge that, during that time, there was a pandemic and people were dealing with other priorities. But I still found that, when I issued my report in 2024, we were in the same position that we were several years ago.

So, to answer your question, I do have access to make my concerns known, but I think we've come up against a wall of what can be done further. But I will continue to work with the Public Service Commission and–in flagging the areas that are problematic going forward, so.

Mr. Nesbitt: Thank you very much for that answer.

* (18:20)

So as to access to information and the Cabinet confidence material that you have trouble getting, has that been from successive governments in the past? Is it getting better? Is it getting worse? Is more things being deemed confidential that is hindering your audits? And is that decision made by the–I mean, the Premier (Mr. Kinew)? The clerk of the Executive Council? Who makes those decisions in terms of what's Cabinet confidence and what isn't?

Mr. Shtykalo: The restriction on our access to Cabinet confidences has been in our act for many years. The mechanism in the act is to refer our access to that under the freedom of information and privacy of personal information act, which is a, like, basically a complete ban on any type of access to Cabinet confidences.

Back in my act there is an exception to that where the clerk of the Executive Council can make an exception and allow our office to view Cabinet confidences or allow access to Cabinet confidences.

So, over the years that–while the restriction has always been there, Cabinet confidences, basically defined as anything that is providing advice to Cabinet, can be considered a Cabinet confidence, and you can have a very broad interpretation of that, which would still legally fit.

But, over the years, we have had access to Cabinet confidences through this provision that allows the clerk to make the exception. I will say that, over the last probably 15 years that I've been with the office, we have seen those exceptions getting smaller and smaller. At one time, for example, we had full and open access to all Treasury Board minutes, as well as Treasury Board submissions.

And I can't remember the date, but several years ago the access to Treasury Board submissions stopped and sort of the free access, and it turned to more of an on-request access. From that point, we still received Treasury Board minutes and we could make requests for individual Treasury Board submissions.

Move a couple years from there, the Treasury Board minutes started to contain redactions, and so we're seeing that access tighten even more. We have–so we're finding ourself in a spot now where we're trying to–we've seen an effect on our audit of the Public Accounts because the access to these Treasury minutes are redacted and are coming to our office later and later in our audit cycle.

This is forcing some delays on our conduct of the Public Accounts audit and is also causing additional work because we have to follow up on the nature of the redactions to ensure that, you know, there's not some sort of unreported liability that exists there that we should consider for the Public Accounts.

So the restriction's always been there as written, but we have seen, sort of, the enforcement of that restriction on Cabinet confidences getting tighter and tighter over the years.

MLA Carla Compton (Tuxedo): Actually, kind of adding on a little bit to my colleague across the way's questions, kind of shifting into the realm of solutions, from what you've shared I'm curious, do you have ideas of solutions to these barriers? Is it updates, changes to legislation that's needed, or within what exists, is it interpretation that maybe needs to shift? Because you talked about how, you know, access to information–sorry, I realize I'm–but the access to information has been tighter, for example, through Cabinet.

Is the legislation okay if we just maybe re-evaluate how we're interpreting it, kind of thing?

Mr. Shtykalo: So now, in my report, I identify the three barriers: independence, access to information and our financial statement audit portfolio and being able to pick and choose which financial statement audits that we do.

Each of those barriers is created by legislation. So yes, a quick and easy answer would be for me to say, yes. If legislation would change, that would eliminate these barriers. And the changes, you know, that I think of that would be made wouldn't be out of line with other legislative audit offices across the country. I'm not proposing, you know, radical changes; just, in some areas, bringing the legislation in line with other jurisdictions. But I can't control that.

So in each of these–for each of these barriers, we have workarounds. And I talked a little bit about the workaround that we have with our independence and our relationship with the Public Service Commission. You know, moving forward without a change in legislation, I'm pushing to head to work whether it's a memorandum of understanding that we can work on between independent offices and the commissioner, or perhaps even just a conversation about agreeing on interpretations of things that are mentioned in the act. So that will help. It's a slow progress. It's not–doesn't make it as easy as legislative change, but it's possible.

Under the access to information, similarly, I have regular meetings with the clerk of Executive Council, and we work ourselves through this issue. And, if we're getting–if we're not receiving the Treasury Board minutes, we'll work together and make sure that we get that access. If there's a Treasury Board submission, we'll work together. Now that's time-consuming, but it works.

So what I'm–to take that further, without a change in legislation, I'm currently working on a similar document that I can share with–or that both I and the clerk of an Executive Council, that basically lays out the terms of our audit and the requirements of our audit, our responsibilities and our expectations, and get the clerk's agreement on what the–how the government will meet those responsibilities.

Again, this is based on similar memorandums of understandings that I've seen in other jurisdictions. So again, legislation would be a quick answer, but I am working towards an alternate solution.

And then, finally, for our financial statement audit portfolio, similarly, a change giving us sort of a type of right of first refusal on all audits in the government reporting entity, would facilitate the process of us being able to develop sort of a long-term plan and scheduling audits years in advance to facilitate that process.

In absence of that, it's a more intensive process where we're identifying entities where their current contract with their auditors are coming up, and we will approach the entity or the organization and tell them that we want to be the auditor and to work us into their board negotiations. I don't have the authority of the act to require that, but just through normal appointment processes, we can do that. And we've most recently done that with–for this fiscal year, ending March 31, we have been appointed the auditors of Shared Health and the WRHA.

We've had to use agents on some other audits that we're still required to be, under legislation, an auditor, but that works. So again, we've got a workaround to go around what a change in legislation could change.

* (18:30)

The Chairperson: All right, so we're due to rise at 6:32.

Is it the will of the committee to extend our sitting for another 15 minutes to complete our business? [Agreed]

So we will rise at–or revisit, I guess, if we have to–at 6:47. Perfect.

MLA Maloway: I wanted to ask you–ask through the Chair, a question about where the physical 'serval'–server farms are for the various programs that we deal with. Like, I'm assuming SAP has a server farm somewhere; I don't know where it is, right. Autopac had their data stored in some IBM server farm in Ontario, but that could just as easily be Chicago, like, because it's an IBM-owned farm.

And I just don't know how many others there are there. We ask about Shared Health last meeting, and they assured us that it was a Canadian company they were dealing with. I think they told us the server farm was in Canada, but I don't know that they told us where.

Do you–can you give us a, kind of, a breakdown based on what you might know about all this stuff, about how many different entities we've got and where the server farms would be located? Physically.

Mr. Shtykalo: Unfortunately, I don't have that information with me, nor do we necessarily even have it on file. But what I can tell you is that I have recently initiated an audit looking at the government's management of cloud service providers.

So we have just recently announced that, so our–the first step in any audit is to collect a bunch of information. So one of the first things that we're going to be doing is identifying what contract with cloud service providers exist and then determine, you know, where we want to focus the audit: whether it's on everything.

So, through that process, we'll certainly learn more about what we're asking.

MLA Maloway: Well–and my follow-up is essentially that. That's good that you want you–you're going to do that, because otherwise our alternative would be, we'd have to go through, like, every single department. It would take us a whole year, and I think that people are interested in knowing today, like, as soon as possible, where the farms are, right. I just think we want to know that, given the state of relations with the States at the moment.

Mr. Diljeet Brar (Burrows): As per my experience with this committee, whenever we meet, there are various, various reports that we discuss and we get that opportunity to ask the departments. I've seen reports where, like, 100 per cent of the recommendations have been implemented. There are other cases where it's 50 per cent and then there is follow up, I think, after every two years, if I am understanding that correctly.

So what happens if a department fails to implement those recommendations for years? So is it under the scope of AG's office to take care of it or maybe follow up with the department again and again? So what are the, you know, implications if a department fails to follow the recommendation?

How many follow-ups would be happening and how long?

Mr. Shtykalo: Yes, I'll talk a little bit about our follow-up process. When I issue an audit with however many recommendations, my work and my responsibilities or my authorities or my powers pretty much ends with issuing the recommendations. My reports then come to this committee for its consideration.

In order to assist the committee, I do follow-ups. And my follow-ups are essentially designed to just–to provide that information. Two years after an audit's been conducted, I will do a follow-up and obtain the statuses of the recommendations. And normally two years after that. So the second and final follow-up is usually four or five years after a report's been issued.

In my experience, very rarely has 100 per cent–it happens, some do, but very rarely. So we have to draw the line somewhere, otherwise we'd be doing–follow-ups would be taking up all of our time. But one of the things that the public committee has the power to do is to request progress reports. And so part of my consideration when I'm–when I've created this two-year, four-year follow-up, is that if there are outstanding recommendations, Public Accounts Committee can at any time in the future request a progress report, which is–basically provides the same information as a follow-up that our office does.

I can help the committee in reviewing the project statuses and understanding, and the department could be called at that point in time. So I've said before at this committee that in order for me to realize, kind of, the maximum impact for our office, I need departments to take our recommendations seriously and implement them. But what I lack is any sort of enforcement or stick to make them do that. And that's what I look to the Public Accounts Committee to do. So I think the Public Accounts Committee has the tools, especially with the ability to request action reports on the release of a report and then progress reports any time into the future. And I'm quite willing to assist in that.

So the follow-up plays a role, but there is also some abilities that the committee has that can help ensure that these departments don't just escape off into the–without addressing all of the recommendations.

Mr. Brar: So if I understand it correctly, is that–then it's up to the committee to directly request the department for the progress report, keeping the AG office away, right? Like, you won't be part of the–because one party is requesting, another party is responsible for implementing the recommendations. So we can ask directly to the department, whichever department it is. But you offer yourself to help us during that process?

Mr. Shtykalo: Yes.

The Chairperson: Hearing no further questions, perfect.

Auditor General's report Operations of the Office: Performance for the year ended March 31, 2021–pass; Auditor General's report Operations of the Office: Performance for the year ended March 31, 2022–pass; Auditor General's report Operations of the Office for the year ended March 31, 2023–pass; Auditor General's report Operations of the Office for the year ended March 31, 2024–pass.

The hour being 6:39, what is the will of the committee?

An Honourable Member: Committee rise.

The Chairperson: Committee rise.

COMMITTEE ROSE AT: 6:39 p.m.