Case of privilege relating to the leaks of the Auditor General’s report on the audit of the Senate
Opening Statement to the Senate Standing Committee on Rules, Procedures and the Rights of Parliament
Case of privilege relating to the leaks of the Auditor General’s report on the audit of the Senate
17 May 2016
Michael Ferguson, CPA, CA
FCA (New Brunswick)
Auditor General of Canada
Madam Chair, Honourable Senators, thank you for inviting me today to take part in the Committee’s study of the leaks of audit information and excerpts of my Office’s report on the audit of senators’ expenses. With me today are Clyde MacLellan, Assistant Auditor General, Susan Gomez, Director and Jean-Charles Parisé, Departmental Security Officer.
I would like to begin by emphasizing to senators that protecting the confidentiality of the information we collect over the course of an audit, as well as that of our reports until they are tabled, is a matter of significant importance to our Office.
My Office follows a set of established precautions for all the audits we undertake in order to safeguard against the public release of audit information before our reports are tabled. These precautions are spelled out in our security policies, guidelines and audit manuals, and our employees and contractors are reminded of them regularly, as well as at the outset of every audit.
Madam Chair, the details of the safeguards in place for all of our audits are outlined in the letter we sent to the Committee on April 6. This letter was issued in response to the Committee’s questions about the way we manage and safeguard information throughout our audits. We were keenly aware of the sensitivity of the audit of senators’ expenses. For this reason, in addition to our established precautions, we implemented enhanced information management and security measures, specifically for this audit.
For example, to protect the privacy of individual senators, we implemented a numbered coding system instead of using people’s names to refer to our files. Any hard-copy files we received from senators were kept at the Chambers Building, at 40 Elgin Street. We also added security measures at the Chambers Building, including installing card readers to monitor access as well as motion detectors and alarms, and requiring that computers and papers be stored in locked cabinets at the end of each workday.
All staff assigned to the audit of senators’ expenses received specific training on security. At the beginning of the audit, the Office’s Security Team presented two awareness sessions on security to the audit team. These sessions covered the team’s responsibilities relating to information management, access to information, and privacy. Reminders of the need for added vigilance were provided to staff throughout the audit.
Madam Chair, audit information is shared with those we audit in order to validate facts and present our observations. At the beginning of each audit, we require that persons with overall responsibility for the subject matter of the audit maintain the confidentiality of all OAG protected and controlled documents. In the audit of senators’ expenses, we asked that each senator sign a similar letter committing to not disclose audit information until the report was made public.
In the period leading up to the publication of the report, additional measures were put in place to restrict and monitor access to the report’s content. Access was limited to those employees with a direct business need, and any access to content was logged. On June 4, 2015, we hand delivered 12 hard copies of our final report to the Speaker’s office.
Despite the measures outlined above, much information about the audit—some accurate, some not—made its way into the public domain at various times before the report’s release.
We were very concerned by the numerous leaks of audit information, including information contained in our final report. As a result, we engaged an external security consultant to investigate whether an Office employee or contractor was responsible for the leak. Based on the results of the investigation we received, I am confident that no leak of information came from our Office.
Madam Chair, this concludes my comments. We are pleased to answer any questions you may have.