LEGISLATIVE ASSEMBLY OF MANITOBA

THE STANDING COMMITTEE ON PUBLIC ACCOUNTS

Wednesday, March 26, 2025


TIME – 6 p.m.

LOCATION – Winnipeg, Manitoba

CHAIRPERSON – Mr. Josh Guenter (Borderland)

VICE-CHAIRPERSON – MLA Jim Maloway (Elmwood)

ATTENDANCE – 9QUORUM – 6

      Members of the committee present:

Mr. Brar, MLAs Compton, Dela Cruz, Mr. Guenter, MLAs Lamoureux, Maloway, Messrs. Nesbitt, Oxenham, Mrs. Stone

WITNESSES:

      Tyson Shtykalo, Auditor General of Manitoba

MATTERS UNDER CONSIDERATION:

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2021

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2022

Auditor General's Report – Operations of the Office for the year ended March 31, 2023

Auditor General's Report – Operations of the Office for the year ended March 31, 2024

* * *

The Chairperson: Good evening. Will the Standing Com­mit­tee on Public Accounts please come to order.

      This meeting has been called to consider the following reports: The Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2021; and The Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2022; The Auditor General's Report–Operations of the Office for the year ended March 31, 2023; and The Auditor General's Report–Operations of the Office for the year ended March 31, 2024.

      Before we get under way, I am tabling the follow­ing docu­ment, which has been provided electronically to all members: Responses from Shared Health to questions from the Standing Com­mit­tee on Public Accounts meeting on March 5, 2025.

      Are there any sug­ges­tions from the com­mit­tee as to how long we should sit this afternoon?

Mr. Greg Nesbitt (Riding Mountain): I suggest 30 minutes.

The Chairperson: It's been suggested that we sit for 30 minutes.

      Is that agreed? [Agreed]

      In what order does the com­mit­tee wish to consider the remaining reports?

MLA Jim Maloway (Elmwood): Global basis.

The Chairperson: It's been suggested that we consider the reports on a global basis.

      Is that agreed? [Agreed]

      At this time I will also ask the com­mit­tee if there is leave for all witnesses in attendance to speak and answer questions on the record if desired.

      Is that agreed? [Agreed]

      I would also like to remind everyone that ques­tions and comments must be put through the Chair using third person as opposed to directly to members and witnesses.

      Before we proceed further, I'd like to inform all in attendance of the process that is under­taken with regard to outstanding questions. At the end of every meeting the research clerk reviews the Hansard for any outstanding questions that the witness commits to provide an answer to and will draft a questions-pending response docu­ment to send to the deputy minister.

      Upon receipt of those–of the answers to those questions, the research clerk then forwards the responses to every PAC member and to every other member recorded as attending that meeting.

      Does the Auditor General wish to make an open­ing statement?

Mr. Tyson Shtykalo (Auditor General): First I'd like to intro­duce the staff I have with me today.

      I'm joined by Natalie Bessette-Asumadu, who is the Deputy Auditor General and chief financial officer for my office, as well as Melissa Emslie, who is the director of strategic operations for my office.

      Mr. Chair, under The Auditor General Act, I am required to report to the Assembly annually on the audit work carried out by my office, and to bring to the attention of the Assembly anything I consider necessary. This require­ment is fulfilled through the release and tabling of my annual operations report.

      Today, I want to provide a brief overview of the operations reports I released in 2021 to 2024. These reports cover the organizational structure of my office, provide details about our various service areas and summarize the work we did in the previous years.

      They also include discussions of our strategic priorities, the risks we must mitigate and the barriers we face to suc­cess­fully implement our strategic plan.

      While there are many–while there are steps my office can take to try and mitigate the risks we face, current legis­lation creates barriers that limit our ability to fully implement our strategic plan. I discussed three of these barriers in the most recent operations report of March 31, 2024.

      The first barrier pertains to in­de­pen­dence. A long-unresolved matter that impacts our actual and perceived in­de­pen­dence from gov­ern­ment is our relationship with the Public Service Com­mis­sion, which makes staffing decisions that affect our office. A gov­ern­ment organi­zation that we audit should not be in a position to make decisions that have a direct impact on our operations. Only the Legis­lative Assembly, through one of its com­mit­tees, should have that ability.

      The second barrier pertains to access to infor­ma­tion. In the 2024 operations report, I note that a restric­tion on our access to Cabinet con­fi­dences makes it difficult for us to access the infor­ma­tion we need to do our work. The inability to access the infor­ma­tion could result in a scope limitation for audits being performed.

      The third barrier relates to our financial statement audit portfolio. For several years, we've been working towards building a portfolio of financial statement audits that are of strategic importance to the Leg. Assembly. We no longer perform a number of smaller, less sig­ni­fi­cant audits that we have been for many years; however, we're still restricted as to what financial statement audits we must complete each year. This is because legis­lation for numer­ous organi­zations requires the Auditor General to be the financial statement auditor.

      We need a mechanism that allows us to strategically select and rotate the financial statement audits that we do so that we can maximize the value we deliver to the Legis­lative Assembly.

      In conclusion, I would like to extend my thanks to my staff for their diligence and hard work. And I look forward to the discussion today.

The Chairperson: I thank the–excuse me–thank the Auditor General for his opening comments.

      The floor is now open for questions.

MLA Maloway: I'll start off here.

      I've always been interested in why and how govern­ments get into such trouble on IT projects. I mean, it's just constant. I remember the Phoenix pay system when I was an MP. That thing was starting to boon­doggle at that time, and I'm still reading about it today. Like, it's cost billions of dollars. Well, I don't know about billions, but it's cost huge amounts of money.

      And so, we should be able to be on top of this stuff. For example, Autopac. I mean, this spans now two gov­ern­ments. We've got really bad numbers there. Like, there's got to be a better way of getting on top of these things. When you see some­thing going wrong, you should be able to stop it, like, before it gets to be those kinds of numbers.

      And it seems to be just–I'm sure that private busi­ness has similar issues, but you just don't read about it in the paper the way you do about gov­ern­ment projects.

      So I know that we are–right now, we're–we've got the SAP ERP and we're sticking with them. And now we're going on some kind of a cloud-based renewal and, you know, we don't want to see any boondoggles there.

      But can you explain to me how we can avoid this and how these things keep cropping up on us?

Mr. Shtykalo: Audit, by its nature, is usually very backward looking.

      We're–if we're not looking at the financial state­ments of a previous year, we're looking at a program and the operations of that program in a prior year.

* (18:10)

      You know, the nature of audit just, by its nature, makes it difficult to perform proactive work. That being said, there are some things that we have had discussions in the office related to this. For example, the new SAP HANA ERP modernization initiative that the gov­ern­ment is currently working on is some­thing that would have a direct effect on our audit of the Public Accounts and, conceivably, all of our audits going forward. As such, part of our audit process, you know, requires that we identify these risks and address them.

      So one of the things that we've been looking at as an office is if there's a way, you know, that we don't necessarily wait until a project is fully imple­mented and in process, but we can actually look back at–after certain stages or milestones of a project are complete.

      Now, sometimes we will do that. The question then becomes on–you know, whether what we found would be in–would meet the test of strategic importance to the Leg. Assembly. We have started to make com­ments in our reports to the Leg. Assembly–especially, I can reference our report to the Legislature on our financial statements at December 31, 2024. We do bring up this risk of the moving to a new system and ensuring that the systems that are in place that are going into the new system are accurate before they go in. So you don't want to take some­thing with issues or that is an unresolved problem, put it into a new IT system and hope that that new IT system will fix it.

      So I anticipate, like, our role with respect to this large project will be similar going forward, because this is a multi-year project. So our in­ten­tion is to monitor the progress of that project with respect to our largest audit of the Public Accounts on an annual basis.

MLA Maloway: Just as a follow-up question to that: I know that, like, when we first imple­mented SAP in the original version of that ERP, when we first did that, the companies that bid on it that lost were basically leaking to us like crazy, like on a daily basis almost, about all the boondoggles that were being perpetrated by the people that were putting in the original SAP. That was like 1992, right? Around in there.

      So if we could get such good infor­ma­tion from the competitors–I'm not saying it was all accurate infor­ma­tion. It was–you know, these were the guys that lost the contract. They didn't–but they were–they had inside infor­ma­tion, like, at any given time, and if you were a critic, you could find out about it, or–so the question is, like, if all that infor­ma­tion's out there, we all know about it, then why are we still having all these cost overruns? I don't get it.

Mr. Shtykalo: I don't have an answer why we're having these cost overruns.

      One of the things that–potentially that would be in line with a traditional audit would be to look at the role that the de­part­ment plays in overseeing the imple­men­ta­tion of such projects. This would be, again, as I mentioned, sort of after the fact, but certainly some­thing that's always a possi­bility or a con­sid­era­tion for our office.

Mr. Nesbitt: So the Auditor General has identified the three barriers toward–that they see towards imple­men­ting the strategic plan. And I understand the office is an in­de­pen­dent office of the Legis­lative Assembly. What I would like to know is, these concerns have been identified starting in 2014 and, you know, as recent as the latest report here, especially in the in­de­pen­dence part of it.

      And so I guess I'm wondering, these reports, they come to us, but does the Auditor General then have access to de­part­ments of gov­ern­ment or min­is­terial–ministers of de­part­ments so that they can understand what the Auditor General's office needs in order to not have these barriers.

Mr. Shtykalo: Sure. Well, I'll speak to the in­de­pen­dence one; that's the barrier that you were speak–asking about.

      So, yes, this has been a long-standing issue with our office, not unlike de­part­ments that have frustra­tions with the inability to make staffing decisions, and with regard to classification or pay rates and that sort of thing. The distinction with our office, being that we're an in­de­pen­dent office and it's a de­part­ment, or the Public Service Com­mis­sion is subject to our audit mandate, making direct decisions over the operations of our office. So that, by its nature, creates a conflict and, you know, could be viewed to impede on our inde­pen­dence.

      Now, we have been flagging this issue for many years in our operations report, but we've also been having discussions with the civil service com­mis­sion at the time, and now the Public Service Com­mis­sion. But I think what we find is we come up, we–there's only so far we can take those discussions.

      So we come to a workable solution that's–you know, I have nothing but respect for the people in the com­mis­sion and the workers. We have a good work­ing relationship with them and we always have. But there's limited action that they can take.

      Now, you'll see there's a break in the dates in my report, where we reported up until 2019. What hap­pened in 2019 was around the time that the new Public Service Act, replacing the old civil service act, came into place. What that new act had was a distinction between the core public service, allied public service, which is what the in­de­pen­dent offices were con­sidered under the current act, and the external public service, which are Crown cor­por­ations, et cetera.

      So at the time there were discussions that we had had with the com­mis­sioner, saying that once the new act was in place there would be an op­por­tun­ity now, under the new act, to address some of these concerns about our ability to make the staffing decisions that we wanted. And so I stopped including that concern in the operations report for a few years.

       However, nothing changed, and the–although the act allowed, or contemplated, a different sort of frame­work for the allied public service, including our office, it remained largely the same.

      Now, I acknowledge that, during that time, there was a pandemic and people were dealing with other priorities. But I still found that, when I issued my report in 2024, we were in the same position that we were several years ago.

      So, to answer your question, I do have access to make my concerns known, but I think we've come up against a wall of what can be done further. But I will continue to work with the Public Service Com­mis­sion and–in flagging the areas that are problematic going forward, so.

Mr. Nesbitt: Thank you very much for that answer.

* (18:20)

      So as to access to infor­ma­tion and the Cabinet con­fi­dence material that you have trouble getting, has that been from successive gov­ern­ments in the past? Is it getting better? Is it getting worse? Is more things being deemed con­fi­dential that is hindering your audits? And is that decision made by the–I mean, the Premier (Mr. Kinew)? The clerk of the Executive Council? Who makes those decisions in terms of what's Cabinet con­fi­dence and what isn't?

Mr. Shtykalo: The restriction on our access to Cabinet con­fi­dences has been in our act for many years. The mechanism in the act is to refer our access to that under the freedom of infor­ma­tion and privacy of personal infor­ma­tion act, which is a, like, basically a complete ban on any type of access to Cabinet con­fi­dences.

      Back in my act there is an exception to that where the clerk of the Executive Council can make an exception and allow our office to view Cabinet con­fi­dences or allow access to Cabinet con­fi­dences.

      So, over the years that–while the restriction has always been there, Cabinet con­fi­dences, basically defined as anything that is provi­ding advice to Cabinet, can be considered a Cabinet con­fi­dence, and you can have a very broad inter­pre­ta­tion of that, which would still legally fit.  

      But, over the years, we have had access to Cabinet con­fi­dences through this provision that allows the clerk to make the exception. I will say that, over the last probably 15 years that I've been with the office, we have seen those exceptions getting smaller and smaller. At one time, for example, we had full and open access to all Treasury Board minutes, as well as Treasury Board submissions.

      And I can't remember the date, but several years ago the access to Treasury Board submissions stopped and sort of the free access, and it turned to more of an on-request access. From that point, we still received Treasury Board minutes and we could make requests for individual Treasury Board submissions.

      Move a couple years from there, the Treasury Board minutes started to contain redactions, and so we're seeing that access tighten even more. We have–so we're finding ourself in a spot now where we're trying to–we've seen an effect on our audit of the Public Accounts because the access to these Treasury minutes are redacted and are coming to our office later and later in our audit cycle.

      This is forcing some delays on our conduct of the Public Accounts audit and is also causing additional work because we have to follow up on the nature of the redactions to ensure that, you know, there's not some sort of unreported liability that exists there that we should consider for the Public Accounts.

      So the restriction's always been there as written, but we have seen, sort of, the en­force­ment of that restriction on Cabinet con­fi­dences getting tighter and tighter over the years.

MLA Carla Compton (Tuxedo): Actually, kind of adding on a little bit to my colleague across the way's questions, kind of shifting into the realm of solutions, from what you've shared I'm curious, do you have ideas of solutions to these barriers? Is it updates, changes to legis­lation that's needed, or within what exists, is it inter­pre­ta­tion that maybe needs to shift? Because you talked about how, you know, access to infor­ma­tion–sorry, I realize I'mbut the access to infor­ma­tion has been tighter, for example, through Cabinet.

      Is the legis­lation okay if we just maybe re-evaluate how we're interpreting it, kind of thing?

Mr. Shtykalo: So now, in my report, I identify the three barriers: in­de­pen­dence, access to infor­ma­tion and our financial statement audit portfolio and being able to pick and choose which financial statement audits that we do.

      Each of those barriers is created by legis­lation. So yes, a quick and easy answer would be for me to say, yes. If legis­lation would change, that would eliminate these barriers. And the changes, you know, that I think of that would be made wouldn't be out of line with other legis­lative audit offices across the country. I'm not proposing, you know, radical changes; just, in some areas, bringing the legis­lation in line with other juris­dic­tions. But I can't control that.

      So in each of these–for each of these barriers, we have workarounds. And I talked a little bit about the workaround that we have with our in­de­pen­dence and our relationship with the Public Service Com­mis­sion. You know, moving forward without a change in legis­lation, I'm pushing to head to work whether it's a memorandum of under­standing that we can work on between in­de­pen­dent offices and the com­mis­sioner, or perhaps even just a con­ver­sa­tion about agreeing on inter­pre­ta­tions of things that are mentioned in the act. So that will help. It's a slow progress. It's not–doesn't make it as easy as legis­lative change, but it's possible.

      Under the access to infor­ma­tion, similarly, I have regular meetings with the clerk of Executive Council, and we work ourselves through this issue. And, if we're getting–if we're not receiving the Treasury Board minutes, we'll work together and make sure that we get that access. If there's a Treasury Board sub­mission, we'll work together. Now that's time-consuming, but it works.

      So what I'm–to take that further, without a change in legis­lation, I'm currently working on a similar docu­ment that I can share with–or that both I and the clerk of an Executive Council, that basically lays out the terms of our audit and the require­ments of our audit, our respon­si­bilities and our ex­pect­a­tions, and get the clerk's agree­ment on what the–how the gov­ern­ment will meet those responsibilities.

      Again, this is based on similar memorandums of understandings that I've seen in other juris­dic­tions. So again, legis­lation would be a quick answer, but I am working towards an alter­nate solution.

      And then, finally, for our financial statement audit portfolio, similarly, a change giving us sort of a type of right of first refusal on all audits in the gov­ern­ment reporting entity, would facilitate the process of us being able to develop sort of a long-term plan and scheduling audits years in advance to facilitate that process.

      In absence of that, it's a more intensive process where we're identifying entities where their current con­tract with their auditors are coming up, and we will approach the entity or the organi­zation and tell them that we want to be the auditor and to work us into their board negotiations. I don't have the author­ity of the act to require that, but just through normal ap­point­ment pro­cesses, we can do that. And we've most recently done that with–for this fiscal year, ending March 31, we have been appointed the auditors of Shared Health and the WRHA.

      We've had to use agents on some other audits that we're still required to be, under legis­lation, an auditor, but that works. So again, we've got a workaround to go around what a change in legis­lation could change.

* (18:30)

The Chairperson: All right, so we're due to rise at 6:32.

      Is it the will of the com­mit­tee to extend our sitting for another 15 minutes to complete our busi­ness? [Agreed]

      So we will rise at–or revisit, I guess, if we have to–at 6:47. Perfect.

MLA Maloway: I wanted to ask you–ask through the Chair, a question about where the physical 'serval'–server farms are for the various programs that we deal with. Like, I'm assuming SAP has a server farm somewhere; I don't know where it is, right. Autopac had their data stored in some IBM server farm in Ontario, but that could just as easily be Chicago, like, because it's an IBM-owned farm.

      And I just don't know how many others there are there. We ask about Shared Health last meeting, and they assured us that it was a Canadian company they were dealing with. I think they told us the server farm was in Canada, but I don't know that they told us where.

      Do you–can you give us a, kind of, a breakdown based on what you might know about all this stuff, about how many different entities we've got and where the server farms would be located? Physic­ally.

Mr. Shtykalo: Unfor­tunately, I don't have that infor­ma­tion with me, nor do we necessarily even have it on file. But what I can tell you is that I have recently initiated an audit looking at the gov­ern­ment's manage­ment of cloud service providers.

      So we have just recently announced that, so our–the first step in any audit is to collect a bunch of infor­ma­tion. So one of the first things that we're going to be doing is identifying what contract with cloud service providers exist and then deter­mine, you know, where we want to focus the audit: whether it's on every­thing.

      So, through that process, we'll certainly learn more about what we're asking.

MLA Maloway: Well–and my follow-up is essentially that. That's good that you want you–you're going to do that, because otherwise our alter­na­tive would be, we'd have to go through, like, every single de­part­ment. It would take us a whole year, and I think that people are interested in knowing today, like, as soon as possible, where the farms are, right. I just think we want to know that, given the state of relations with the States at the moment.

Mr. Diljeet Brar (Burrows): As per my ex­per­ience with this com­mit­tee, whenever we meet, there are various, various reports that we discuss and we get that op­por­tun­ity to ask the de­part­ments. I've seen reports where, like, 100 per cent of the recom­men­dations have been imple­mented. There are other cases where it's 50 per cent and then there is follow up, I think, after every two years, if I am under­standing that correctly.

      So what happens if a de­part­ment fails to imple­ment those recom­men­dations for years? So is it under the scope of AG's office to take care of it or maybe follow up with the de­part­ment again and again? So what are the, you know, implications if a de­part­ment fails to follow the recom­men­dation?

      How many follow-ups would be happening and how long?

Mr. Shtykalo: Yes, I'll talk a little bit about our follow-up process. When I issue an audit with however many recom­men­dations, my work and my respon­si­bilities or my author­ities or my powers pretty much ends with issuing the recom­men­dations. My reports then come to this com­mit­tee for its con­sid­era­tion.

      In order to assist the com­mit­tee, I do follow-ups. And my follow-ups are essentially designed to just–to provide that infor­ma­tion. Two years after an audit's been conducted, I will do a follow-up and obtain the statuses of the recom­men­dations. And normally two years after that. So the second and final follow-up is usually four or five years after a report's been issued.

      In my ex­per­ience, very rarely has 100 per cent–it happens, some do, but very rarely. So we have to draw the line somewhere, otherwise we'd be doing–follow-ups would be taking up all of our time. But one of the things that the public com­mit­tee has the power to do is to request progress reports. And so part of my con­sid­era­tion when I'm–when I've created this two-year, four-year follow-up, is that if there are outstanding recom­men­dations, Public Accounts Com­mit­tee can at any time in the future request a progress report, which is–basically provides the same infor­ma­tion as a follow-up that our office does.

      I can help the com­mit­tee in reviewing the project statuses and under­standing, and the de­part­ment could be called at that point in time. So I've said before at this com­mit­tee that in order for me to realize, kind of, the maximum impact for our office, I need de­part­ments to take our recom­men­dations seriously and imple­ment them. But what I lack is any sort of en­force­ment or stick to make them do that. And that's what I look to the Public Accounts Com­mit­tee to do. So I think the Public Accounts Com­mit­tee has the tools, especially with the ability to request action reports on the release of a report and then progress reports any time into the future. And I'm quite willing to assist in that.

      So the follow-up plays a role, but there is also some abilities that the com­mit­tee has that can help ensure that these de­part­ments don't just escape off into the–without addressing all of the recom­men­dations.

Mr. Brar: So if I understand it correctly, is that–then it's up to the com­mit­tee to directly request the de­part­ment for the progress report, keeping the AG office away, right? Like, you won't be part of the–because one party is requesting, another party is respon­si­ble for imple­men­ting the recom­men­dations. So we can ask directly to the de­part­ment, whichever de­part­ment it is. But you offer yourself to help us during that process?

Mr. Shtykalo: Yes.

The Chairperson: Hearing no further questions, perfect.

      Auditor General's report Operations of the Office: Performance for the year ended March 31, 2021–pass; Auditor General's report Operations of the Office: Performance for the year ended March 31, 2022–pass; Auditor General's report Operations of the Office for the year ended March 31, 2023–pass; Auditor General's report Operations of the Office for the year ended March 31, 2024–pass.

      The hour being 6:39, what is the will of the com­mit­tee?

An Honourable Member: Com­mit­tee rise.

The Chairperson: Com­mit­tee rise.

COMMITTEE ROSE AT: 6:39 p.m.


 

Public Accounts Vol. 3

TIME – 6 p.m.

LOCATION – Winnipeg, Manitoba

CHAIRPERSON –
Mr. Josh Guenter
(Borderland)

VICE-CHAIRPERSON –
MLA Jim Maloway
(Elmwood)

ATTENDANCE – 9
QUORUM – 6

Members of the committee present:

Mr. Brar,
MLAs Compton, Dela Cruz,
Mr. Guenter,
MLAs Lamoureux, Maloway,
Messrs. Nesbitt, Oxenham,
Mrs. Stone

WITNESSES:

Tyson Shtykalo, Auditor General of Manitoba

MATTERS UNDER CONSIDERATION:

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2021

Auditor General's Report–Operations of the Office: Performance for the year ended March 31, 2022

Auditor General's Report – Operations of the Office for the year ended March 31, 2023

Auditor General's Report – Operations of the Office for the year ended March 31, 2024

* * *