2010 Legislative Session: Second Session, 39th Parliament

SELECT STANDING COMMITTEE ON PUBLIC ACCOUNTS

MINUTES AND HANSARD

MINUTES SELECT STANDING COMMITTEE ON PUBLIC ACCOUNTS

Wednesday, February 9, 2011

2:00 p.m.

Douglas Fir Committee Room

Parliament Buildings, Victoria, B.C.

Present: Bruce Ralston, MLA (Chair); Douglas Horne, MLA (Deputy Chair); Spencer Chandra Herbert, MLA; Guy Gentner, MLA; Rob Howard, MLA; Vicki Huntington, MLA; Kathy Corrigan, MLA; Richard T. Lee, MLA; John Les, MLA; Joan McIntyre, MLA; Lana Popham, MLA; John Rustad, MLA; Shane Simpson, MLA; Ralph Sultan, MLA

Unavoidably Absent: Norm Letnick, MLA

Others Present: John Doyle, Auditor General; Stuart Newton, Acting Comptroller General; Josie Schofield, Manager, Committee Research Services

1. The Chair called the Committee to order at 2:02 p.m.

2. The Committee considered the Auditor General's Report No. 1, 2010/11: IT Continuity Planning in Government

3. The Committee recessed from 3:19 p.m. to 3:26 p.m.

4. The Committee considered the Auditor General's Report No. 6, 2010/11: Follow-up Report: Updates on the implementation of recommendations from recent reports

5. The Committee considered the Auditor General's Report No. 9, 2010/11: Summary Report: results of completed projects

Witnesses:
• Michael Macdonell, Executive Director, Resourcing Group, Office of the Auditor General

6. The Committee considered the Auditor General's Report No. 10, 2010/11: Guide for Developing Relevant Key Performance Indicators for Public Sector Reporting

Witnesses:
• Paul Nyquist, Director, Governance, Accountability and Education, Office of the Auditor General
• Paige MacFarlane, Assistant Deputy Minister, Partnerships and Planning Division, Ministry of Education

7. The Committee adjourned at 4:59 p.m. to the call of the Chair.

The following electronic version is for informational purposes only.

The printed version remains the official version.

REPORT OF PROCEEDINGS
(Hansard)

select standing committee on
Public Accounts

Wednesday, February 9, 2011

Issue No. 14

ISSN 1499-4259

[ Page 383 ]

WEDNESDAY, FEBRUARY 9, 2011

The committee met at 2:02 p.m.

[B. Ralston in the chair.]

B. Ralston (Chair): Good afternoon, Members. Thank you very much for arranging your attendance during what are busy times for many members. I'd also note that Spencer Chandra Herbert is on the line here, and he's acknowledging that.

Before we begin, we have an agenda that's been prepared. I'm going to assume, unless I hear otherwise, that that will be the agenda as adopted. Okay.

And before we begin, I just want to remind members that we have circulated a draft of the report of the committee to all members. It's rather lengthy. We will be considering it tomorrow morning, first thing. If you do have any comments, you can either give them to myself or the Deputy Chair if you sense there should be any changes made before we discuss it tomorrow.

With that, I'd move to the first item on the agenda, which is IT Continuity Planning in Government — information technology. We have a number of witnesses, so perhaps if Mr. Doyle wanted to introduce the report, and then we'll introduce the respective witnesses.

Auditor General Report:
IT Continuity Planning in Government

J. Doyle: Thank you, Chair. Good afternoon, and good afternoon, Members. It's my pleasure to introduce the Information Technology Continuity Planning in Government report that we published recently.

Information technology management is a vital component in the delivery of many government programs. The province's reliance on IT has intensified over the last decade or so, and systems have also become more complex. Now they're actually embedded in many, if not all, day-to-day operations. More of the infrastructure is also being managed now by third parties, those under contractual arrangements outside of government itself.

A fire, an earthquake, a criminal act, other such emergencies or disasters could destroy vital information or our ability to process it, and this could have serious consequences. Government has recognized the importance of planning for disruptions. We found they had a number of very good practices that were in place and embedded in the work that they actually do on a day-to-day basis.

There were some aspects of the continuity planning that could be improved, and we mention them in our reports — we'll go over them briefly in a few moments — including the big one, which is the recovery from a major disaster.

Bill Gilhooly would normally present the findings. He's away on holiday. So we've got David Lau, who actually was the IT director who was responsible for the conduct of the audit, who will present and assist me in answering any questions.

I'll hand it over now to David to do the presentation.

[1405]

D. Lau: Thank you, John. Good afternoon, Chair and committee members. This presentation will provide you with a background on what IT continuity planning is, why it is important, what government has done, a summary of what we looked at during our audit, our key findings and what it means to the government.

The business continuity process requires several plans be in place to prepare for the response, recovery and continuity of government services. As you can see in this diagram, a disaster recovery plan is a subset of the IT continuity plan, and the IT continuity plan is an integral part of the business continuity plan. The business continuity plan addresses procedures to ensure that both manual and computerized processes are restored and resumed in the event of an interruption.

The IT continuity plan specifically addresses IT exposures and solutions based on business priorities set out in the business continuity plan. The disaster recovery plan outlines how to prepare for major events that result in the relocation of IT processing for an extended period of time. Each of these plans can be separate documents, or the IT continuity plan and the disaster recovery plan can be embedded in the business continuity plan.

The government's reliance on IT has increased. The delivery of many government services requires access to increasingly complex program systems. This access is usually dependent on availability of shared systems and services provided by branches within government and outside service providers.

In recent years international disasters, like the earthquakes in Haiti and Chile, are reminders to government that well-drafted and tested plans need to be in place so that services can carry on. This is particularly significant, as a large earthquake is predicted for the Vancouver Island and Lower Mainland regions.

Legislation established the business continuity management program, which includes policies, guides and assignment of responsibilities across the government. Emergency management B.C. oversees the operation of this business continuity management program and is responsible for the overall planning and development of governmentwide responses and recoveries.

One of government's initial steps in preparing for possible disruption of services was to identify its mission-critical business functions, along with the IT applications and supporting systems used to deliver services related to those functions. Emergency management B.C. compiled a governmentwide ranking of business functions that, in the end, identify 49 as being program mission critical and 22 as support mission critical.
[ Page 384 ]

Our audit focused on government's ability to recover and resume operation of the following sample applications and supporting systems. We looked at eight governmentwide supports of functions provided by Shared Services B.C.; the four operating systems, such as UNIX, Linux, Windows, OpenVMS and MVS operating systems; network services; directory authentication services; electronic messaging services; and IT security operations.

The three program-specific systems that provide the following business functions are Vancouver ambulance call centre, children and family services, the provision of casework and delivery of services, government payroll and human resource functions.

For each business function selected, we set out to determine whether the related businesses adequately identified risk and prioritized the recovery of services based on public and government need, developed IT continuity plans that aligned with business continuity plans and government policies, ensured that IT recovery plans and processes were remaining appropriate and complete to avoid critical restoration or processing delays, tested IT continuity plans regularly to ensure that the IT continuity plan is complete and did the logistic work, and kept IT continuity plans current to avoid out-of-date restoration processes.

Our public report summarizes and focuses on the following key findings: ministries recognized the importance of planning for disasters and have implemented business continuity management programs. Many best practice procedures are in place within these programs, but improvement in several areas of IT continuity planning would strengthen all business continuity plans.

There is a lack of an overall strategy for prioritizing the recovery of shared systems and program applications. Competing demands for resources by mission-critical government programs during or following a major disaster could result in a serious shortfall between the shared systems required and those available.

[1410]

Also, there is a lack of clarity by each ministry. Aren't dedicated operating environments provided by service providers about whether the ministry has made the necessary arrangements to ensure that these operating environments can be recovered within the time required to meet the needs of the ministry program area they support?

While those in our audit sample used some initial risk assessment and business impact analysis methods to identify and rank service recovery risks, generally no ministry prepared a formal assessment or updated it annually. Doing so ensures they reflect any significant change government makes to its business needs, applications and technology.

Formal disaster recovery plans have not been prepared for some network infrastructure, and it is unclear whether they have been prepared for certain operating environments. This creates a risk that in the event of a disaster these environments and infrastructures may not be restored within timelines required by ministry programs.

Not all disaster recovery plans examined are being tested routinely, according to government policy, to validate that plans are complete and the logistics work. Not all business continuity plans in our sample were updated on an annual basis, as required by government policy. This could result in out-of-date restoration processes.

Overall, in all business functions we sampled, adequate processes are in place to allow the recovery of critical systems from minor, localized disruptions, such as temporary power outages or equipment failure.

The situation is different in the case of a major disaster. Many of the government's critical systems run on shared computer environments, housing shared facilities. Given the interconnection, there is a risk that all of the supporting elements may not be in place to ensure critical systems can effectively be recovered.

Finally, in our audit we made a total of seven detailed recommendations to government relating to the five key audit areas we examined. These were grouped into nine key recommendations for the public report, which you can find along with the key findings on pages six and seven.

That concludes our presentation.

B. Ralston (Chair): Thanks very much.

Now we'll hear a response from Dave Campbell, who is the director of IT security operations, technology solutions division, Shared Services B.C., and Cam Filmer, the executive director, strategic planning, policy and legislation, emergency management B.C., Public Safety and Solicitor General.

Those are long titles. It's over to you.

Thanks very much, David. We'll hear a response.

D. Campbell: Good afternoon, Chair. Thank you, and to the members assembled, thank you for the opportunity to present this information. I apologize for the titles. They were not of my making.

B. Ralston (Chair): Probably better than not having one.

D. Campbell: Yes. We brought some representatives from the other agencies that were mentioned in the Auditor General's report, in case there were questions directly associated with those entities. I'd like to introduce Jean Marcellus from the Ministry of Children and Family Development, Bill Moffat from the B.C. Ambulance Service and Niki Sedmak and Ian Hennem from the B.C. Public Service Agency.
[ Page 385 ]

B. Ralston (Chair): Thank you, and welcome.

D. Campbell: Oh, and — sorry — Anne McKeachie from emergency management B.C.

Overall, we support the recommendations contained in the report. We find the recommendations were consistent with B.C. business continuity core policy and initiatives that we already have underway.

We broke the responsibilities into three specific areas. There is no one entity that is responsible for all of business continuity through government. It's very much a cooperative effort.

As was indicated, emergency management B.C. is responsible for coordinating the BCP initiatives across government, setting policy and providing assistance to the ministries. Shared Services B.C. technology solutions manages government's information technology, which is the underlying infrastructure for the bulk of government program delivery. The ministries, obviously, perform the real work of government, and they are responsible for managing compliance with B.C. management program core policy requirements. They are also responsible for funding ministry IT recovery strategies.

[1415]

You have seen the recommendations previously identified. The status, in response to the first recommendation…. We have revised the business impact analysis template, based on industry standards. BIAs are the underpinning for business continuity management. We authored a BIA guide and training materials to assist the ministry programs, conducted BIA training with ministry advisers and coordinators, and communicated risk-assessment requirements and core policy.

We have monthly business continuity advisory committee meetings, and there has been a SharePoint site created to make the templates and the training materials more accessible.

Prioritization of mission-critical applications. We wholeheartedly agree with this recommendation. Shared Services B.C. has engaged with ministries to determine the mission-critical sensitivities and priorities for servers that are associated with the migration to the two new data centres. Emergency management B.C. is reviewing and refreshing the cross-government mission-critical list.

We're going to combine that data from those two exercises to provide the basis for accurate planning and implementation of recovery priorities. Emergency management B.C. will incorporate the data that's captured from those exercises with the regular mission-critical updates and share that information with Shared Services B.C.

One point that's not on here. We also plan to do a dog-and-pony show, for lack of a better term, between emergency management B.C. and Shared Services B.C. with each of the ministry folks responsible for business continuity and their executive to outline the importance, outline options that may be available to them that they are not aware of and to enhance the requirement for completing this information to assist us in responding correctly.

The establishment of realistic and achievable recovery timelines has been difficult. With ministries determining business function recovery time objectives and choosing a course of action…. If the underlying recovery time objectives cannot support their requirements, we provide options that include manual workarounds, investment in high-availability solutions or simply executive acceptance of risk.

On the first of April we published a service bulletin to assist ministries in understanding their options, so that where systems are truly critical, they can put together technology that will ensure that those systems either will not fail or will ensure a very timely recovery. Shared Services B.C. and emergency management B.C. will promote the bulletin by hosting a number of information sessions.

Assessing the risk. Shared Services B.C. has entered into an agreement with HP Advanced Solutions to provide two new data centres. One is in Calgary — it's up and running now — and the other is located in Kamloops and will be up and running on the first of April. Both of those locations are in extremely low earthquake seismic zones. The risk of earthquake to those facilities is virtually zero.

Those data centres are state of the art with respect to security and survivability. They can survive indefinitely without hydro power. They are very, very solid facilities — very secure. We think this risk is well underway to being addressed.

[1420]

Finalizing business continuity plans for all mission-critical functions. All mission-critical IT business units within Shared Services B.C. now have current business continuity plans. Revised core policy specifically talks to this point. That's on target for the core policy amendments in the spring.

Emergency management B.C. has revised the status reporting tool, which will support the audit recommendations. It incorporates new performance measures and improves the amount of information that's available. We think this will greatly assist visibility and the maturity of business continuity.

Preparation of disaster recovery plans. The significant operating environments that were identified will all be housed in the new data centres. They are covered by the vendors' disaster recovery plans and business continuity plans. Shared Services B.C. network services has begun work on a comprehensive disaster recovery plan for critical network infrastructure.

Provisions for preparation and testing of business continuity plans. Revised core policy will require the inclusion of continuity provisions in formal agreements
[ Page 386 ]
with providers. All new contracts for IT services include requirements for the service provider to implement and annually test and update BCPs, DRPs and operation centre plans, conduct annual BIAs and provide detailed confirmation of compliance to the province.

Testing of continuity plans. Again, revised core policy will require regular testing of continuity plans and restoration procedures for all mission-critical systems and apps. The new service provider contract includes obligations for the regular testing of continuity plans and restoration procedures.

As far as updating, again, revised core policy will reinforce the minimum requirement for annual continuity plan maintenance. The new scorecard reflects revised policy by asking ministries to report on the business continuity plan, review and maintenance. The semi-annual reporting deadlines for the scorecard will help trigger maintenance cycles.

That's the end of the report.

B. Ralston (Chair): Thanks very much.

Members, questions.

K. Corrigan: I have a few questions. I was particularly interested, first of all, in the comment by the Auditor General and the concern that the majority of the infrastructure for Shared Systems is located in a primary data centre facility in Victoria and that it's on an earthquake fault line. The response seems to indicate that there are new data centres being opened that are not on fault lines.

My question is…. I'd like to get the Auditor General's response on whether this basically addresses the risk of that data centre.

Also, I'm just wondering whether, because these are done by contract…. I notice that there's reference to new contracts requiring certain provisions being included that would cover some of the deficiencies. Has this been a challenge for government because the requirement for a data centre and some of these processes were not included in the original contract?

I'm wondering if we know how much money was associated with the changes in service levels that were required or the changes that were required — what the money is that's associated with that.

[1425]

J. Doyle: I can answer the first part of the two questions. We haven’t done any work yet — any detailed analysis — on the alternative site. It is our expectation, however, that it will fulfil and fit into an appropriate response to the risk. We will come back and look at that in more detail at a later stage.

The issue about developing one of these backup sites is that it's a long, detailed, complicated, timely and expensive process. All that needs to be done, which is why it's hard to say yes, it will solve all the problems. It's actually got to be done very well, and we have the expectation that it will be done well. But we haven't actually tested it yet.

So we will keep a watching brief on that. If there are issues that we see developing, we will raise them directly at the time in a timely way and possibly do some work at some time in the future in regard to how well these recommendations have been dealt with.

B. Ralston (Chair): The question about the cost of this…. Was there any cost associated with revisions of the contract?

J. Doyle: We haven't examined that aspect. It's a good question, and I'd leave it to the ministry to explain, as they're closer to it than we are.

D. Campbell: The short answer is: I don't know. There is certainly additional cost in having the service provider meet all of the provisions of policy that we were required to meet. I don't think it was a significant amount of money over….

It's very difficult to answer, because we couldn't ask for a service that didn't meet policy. We had to have all of those provisions in the contract. The vendor had to meet all of those provisions in order to provide the service. So it's very difficult to say, if we had a service that didn't meet all of our disaster recovery or business continuity plans, how much we would have saved. I'm not sure we can do that. I can follow up.

K. Corrigan: Can I just ask a follow-up question on that? Okay, then I'm misunderstanding a bit, because I saw references to new contracts having certain provisions in them, and I assumed that meant that the existing contracts did not have those provisions and that there would be costs added on. But you're saying that the contracts that we're referencing, in terms of having this alternate data site, already included provisions that required that the vendor provide those solutions. So there is no extra cost.

D. Campbell: No, sorry. The services that are being provided by HP Advanced Solutions today were being provided internally by Shared Services B.C. prior to this contract. They did not meet the terms of policy with regard to business continuity and disaster recovery, and they were clearly on the fault line. We have three major data centres. Two are in Victoria; one is in Vancouver. All three are on the fault line. So when the joint solutions procurement was entered into, it was made clear to all of the vendors that any new data centre must be off a fault line. That's why it's difficult….

I can identify what it cost to do it previously, and I can identify what it's costing to do today. But it's really
[ Page 387 ]
not an apples-to-apples comparison, because there is far more being done today than was being done previously.

K. Corrigan: Okay, so this is a new contract thing you're talking about.

D. Campbell: This contract is approximately a year and a half old. Yes.

K. Corrigan: Okay. I may ask another question later, if that's all right.

G. Gentner: Your Worship…. I thought I was in a Delta council meeting.

B. Ralston (Chair): I am not the mayor of Delta, just for the record. I don't occupy such an exalted position.

G. Gentner: No, with due respect, hon. Chair.

Nevertheless, Chair, last week I had a power surge. Thank heavens my next-door neighbour is Trek Computers, and they were able to rescue me. After two or three hours we got back on line. That was last week, and to this moment we still don't have our printers up and running, and we're waiting for some help.

[1430]

I guess where I'm somewhat confused in all of this…. I know that we're talking about internal functions, on the continuity, but I just don't know how we are going to deal with a disaster. From the intergovernmental relationship — I guess subliminally I was talking about Delta municipal hall — we've got the fire department over here, which is municipal, you've got the B.C. ambulance system, which is provincial, and we have E-Comm, which is local government. We had an earthquake preparedness drill. I think it was two or three weeks ago. I don't know how many MLAs here actually participated in that.

The coordination is somewhat…. I don't know. I just don't know whether…. If we have a disaster, how does the interrelationship work when we have different IT systems with different jurisdictions? The answer to that probably is: it's not your function or your care, but how…?

B. Ralston (Chair): Just wait for the answer.

G. Gentner: Okay.

I haven't seen it from the Auditor General or, of course, from the government, so bring me up to speed. What am I missing here?

C. Filmer: From an emergency management perspective, first off, support to local governments has been well refined and an international best practice now for a number of years. The first thing, to local governments in their entirety, is: what can we do to support a local government? Obviously, there's a part where local governments — you mentioned fire departments, etc. — need to be able to be self-sufficient to some degree, and they also have to have plans in place for all hazards. Within local governments, they need to look at all hazards and how they may affect their communities.

The provincial role is to support them as and when required, knowing that they most likely will have their own ability to work on their own or through mutual aid or support through their other local governments. The support comes through provincial regional centres and then also into a central centre. We have six of them around the province.

It could be a myriad of questions coming in from local governments, from support on taking care of displaced people, displaced animals, to roadways that are currently blocked. It could even be food and water and how they would get them into a community.

IT historically has had a fairly rare occurrence of support requirement. I would say that the primary requirement for support there has probably been around mapping, so geographical systems–wise, we have shared mapping with local government.

The other one that we've shared with local government as part of IT is critical infrastructure, and that of course has a lot of sensitivities to it. In the last ten years we've done a lot of work with local governments and first-response communities and others — the E-Comms of the world — to look at critical infrastructure. From an IT and IT informations perspective, that's probably been the other major area where we have shared information.

Specific IT support, small-town B.C. Sometimes, if they're going to activate a big centre, it can be troublesome for them, but they in turn can put those services in place any way they deem necessary, and then they can look for some reimbursement from the province for those services, specific IT support.

I'll turn to Dave here just to make sure I've got this completely accurate. Fairly limited requirements in the past on direct support requested by local governments.

D. Campbell: Chair, that's correct. Government has participated in a number of instances on an unofficial basis in assisting small municipalities with IT requirements simply because we have expertise and they need help. We're usually informed of that through the provincial emergency program. We have fairly close ties to that organization as well, but there's no official aid agreement along those lines.

My personal opinion: it would be wonderful if we could tie all those systems together. But then you run the risk of having everything in the same spot again, which is an issue.

On the emergency response side, with the exception of E-Comm, which is very, very robust, fire departments and police departments typically don't have as much
[ Page 388 ]
reliance on IT as the rest of government does. I mean, those folks are feet on the ground. They can fight a fire and maintain order without IT. Some of them will tell you they do it better without IT.

G. Gentner: That's scary.

B. Ralston (Chair): Thanks very much. A follow-up?

G. Gentner: A follow-up. Some kind of answer to one question. Who's going to fix my modem?

D. Campbell: I'm not sure anybody knows how to fix a modem anymore.

[1435]

B. Ralston (Chair): Ask the conflict commissioner.

R. Sultan: I think my questions are more or less in the same vein as the questions preceding.

As I understand it, we have three main data centres now — Victoria, Vancouver. We have set up alternative sites in Kamloops and Calgary. Given the sheer magnitude of the government and I'm sure the vast complexity and variation of all the systems in play, it is mind-boggling to imagine that some standby facility operated by Hewlett-Packard, as I understand it, in Kamloops or in Calgary would spring into action and sort of seamlessly take over in the event of a catastrophe. Obviously, I don't think any of us could expect that that's a realistic possibility.

But I would find it helpful to understand, with maybe some case examples, what they can do. They obviously, I presume, cannot do everything. You refer to "mission-critical functions" or phrases like that. Can you give us an example of what we could expect some continuity in and the stuff that's just going to have to be sheared away and forgotten maybe for weeks or months until order is restored?

D. Campbell: The current data centres — the two in Victoria and the one in Vancouver…. The infrastructure within those data centres is actually physically being moved to Kamloops and Calgary. So the Kamloops and Calgary data centres will not be a backup facility. They will be our data centres. There will be no critical data housed on the Island or the Lower Mainland once those data centres are fully populated. We're looking at approximately three more years before that takes place.

The two data centres are…. This is where I usually get into a whiteboard. Calgary, Kamloops, Vancouver and Victoria are all interconnected by dual data feeds. Those dual data feeds are on separate physical paths, and they're in independent carriers. So the two lines that go from Calgary to Kamloops, each one is with a different carrier to prevent single failure. They follow a different physical route to deal with physical disaster.

Murphy aside, regardless of what happens, we should be able to communicate to either one of those data centres at any time — regardless of what's going on in the province.

Now obviously, if Victoria suffers a massive earthquake, data communications between Victoria and the rest of the world are going to be interrupted for some time. But the new situation as it is rolling out would allow the business of the province to continue from Vancouver or Kamloops or Prince George or any other site that's not affected. So it's a significant improvement in the survivability of our systems.

Two or three weeks ago the mainframe computer, which has been in Victoria since it was established, moved to the new facility in Calgary. So the data that was associated with the mainframe…. The big applications within government — Children and Family Development, Finance, etc. — are running on that mainframe. That data is housed in Calgary. The data is also seamlessly backed up to a facility in the east of Canada, where there is another mainframe that we have under contract. So should that mainframe fail, we have current data and a new mainframe that can be stood up within 72 hours.

With having Kamloops and Calgary in place, ministries now have the option…. Should it be absolutely critical that an application can never fail, they can run them in parallel in the two separate data centres on two separate sets of data. If Kamloops went away or the server in Kamloops went away, that facility would be absolutely seamless. It would continue to run on the one in Calgary.

R. Sultan: Supplementary?

B. Ralston (Chair): Sure.

R. Sultan: Well, that's reassuring. So I hear you saying that to some extent, then, Kamloops backs up Calgary and vice versa.

D. Campbell: Yes, that's correct.

[1440]

R. Sultan: How about B.C. Hydro, WorkSafe B.C., ICBC — these other very data-intensive Crown corporations? Are they within the domain that you look at, and how are they doing on emergency measures?

D. Campbell: I can talk about what they're doing as far as IT. Many of those entities that you've named are actually moving into the facility in Kamloops to take advantage of the survivability and also to get away from the Lower Mainland. I can't comment on what their business continuity practices are, however.

C. Filmer: Further to their businesses continuity practices, from a British Columbia emergency response management system perspective, Crown corporations
[ Page 389 ]
do follow that as well. My own experience working with them for let's call it 20 years, more on the emergency management side, has been that most of the Crown corporations have taken those functions extremely seriously. When you look at the structures they've had in place, we have found them to be very robust, and that's been for many years in practice.

We work with them daily. They're on all of our conference calls. They're part of our integrated planning. If we see a threat or risk coming that's predictable — for instance, fire or flood anywhere in B.C. — many of those that you just mentioned are at the table with us planning.

They do have business continuity plans in place and, as I've said, for a great many years. It has been personal experience that they've taken that very seriously.

V. Huntington: Given the level of experience, both within, I guess, the Auditor General's office and your own in terms of looking at the continuity issue and particularly with disaster management, do you have any facility for taking any of this knowledge out into the community? We know that disaster that impacts business — small business, medium-size business…. If they aren't up and running within 30 days, basically, they aren't going to start up again.

I have very little sense that the business communities are really developing systems to protect their continuity. I'm wondering to what extent you have collated usable information that could be transferred to the business community by any of us or by organizations.

C. Filmer: Why don't I start on that and sort of give a front end on that, and Dave can maybe provide further information on the backside?

There's a group in British Columbia called the Emergency Preparedness for Industry and Commerce Council, and that does exactly what you have just said. The intent of the group is exactly that. It is a cross-sectoral representation on that board. It's been in place for probably 20 to 25 years. Their prime job is to reach out to businesses, and they're like a compendium of all information. They have business continuity plans. They have general disaster response plans. They're like a storehouse of information. They can go to businesses specifically. They have a very good website that has a lot of information on it.

What we have done with them, as much as possible…. I'll go back to the flood threat of 2007. We brought EPICC on board with us, and we actually had membership at the table. We looked to make sure that that membership received all threat analysis work on the flooding, and they went out to the business community around B.C.

We've had issues in fires up in the oil and gas sector, and I imagine some of the members here may be from those areas. Again, looking at how you would utilize business continuity planning in the oil and gas sector, we bridge them in…. Last year we probably had a call with over…. It was about 200 to 300 oil and gas sector people on line, including from Calgary, and we made sure that there was an EPICC representative on board, and we bridge those individuals straight into EPICC — that storehouse.

V. Huntington: If I could just comment. That's the emergency preparedness for industry council. I can assure you that small and medium-sized business know nothing about that organization.

Given they're over 50 percent of the economy and the employment, do you have any tools, or would that council have any tools that could be utilized by the smaller communities within their chambers or business organizations?

[1445]

C. Filmer: Absolutely. I think there are two places to get tools. The provincial emergency program website is one. Even going back to, say, 2003, when the fires were approaching Kelowna, those two servers received almost 1.3 million hits in 24 hours. Those queries on the servers…. There is entire business continuity there.

To the member: much of what you're speaking of there is on the provincial emergency program website and then on the EPICC websites as well.

V. Huntington: That's very helpful. Thank you. Can I ask one other?

Perhaps it would be helpful, at least for me, if I had sense of whether or not Shared Services B.C. or the Solicitor General's department, emergency planning, were involved in or would have stepped in at some point to the computer crash that occurred at the end of January.

How long would it have taken you to anticipate continuity? What would happen if — and my staff give me this language — a distributed-denial-of-service attack…? I would not otherwise know what the proper terminology was.

How, in your planning, are you preparing for those eventualities, and is that part of what you do?

D. Campbell: It's a huge part of what we do. I was specifically involved in the recovery. Part of my role at Shared Services B.C. is that I'm the recovery director. So when something bad happens, I'm usually…. That's not going to sound right. I'm usually involved. I'm involved in trying to recover from those situations.

In that particular case — and it's a pretty standard approach — we assembled a SWAT team of network experts, and they each had a task in trying to determine, first of all, what actually had happened, which is usually the toughest thing in attempting to fix a problem.
[ Page 390 ]

What we did to recover was…. Our network is, I think, still the second-largest private network in Canada. We have the ability to segment it and break it down into manageable chunks and protect those chunks from the rest of the world.

For the record, this was not a distributed-denial-of-service attack.

V. Huntington: No, it wasn't.

D. Campbell: But that's the strategy we use. We see denial-of-service attacks all the time. Everybody loves to attack government.

In order to be effective, we can't hide. Large businesses can hide significant pieces of their infrastructure from the rest of the world and protect it that way and just put a web presence up, and everybody's happy.

Government — we can't do that. We protect ourselves by having a network that we can gain control of very quickly, segment very quickly and then deal with the issues.

The issue on that Monday — I can't remember the date; I should be able to remember it — was an issue that was caused by a change that was approved and was not expected to have any impact. They're always the ones that get us in trouble.

V. Huntington: Sorry. You were going to say something.

C. Filmer: I was just going to add to Dave's comments.

For that event, also, it was an example of the newer concept of operations being used, where Shared Services B.C. and the emergency management side are coming together more. I think those are good new developments.

In 2007, for the first time ever, we had what we called a government services centre under our provincial operating structure, and that had Shared Services people associated with it. For that event we actually activated the Provincial Emergency Coordination Centre. We activated a government services branch. Again, these are all new things in the last couple of years.

We worked with Shared Services over two or three hours, and they sort of gave us information. They sent information in to ministries, and they worked with the ministries. From a broader consequence management perspective, they kept us up to date on how we were doing.

Ministries had people coming in from two different directions. They had us coming in if required from an emergency management perspective, which in this case really was not required, and they had people coming in from Shared Services. We used it as a good test ground the other night.

[1450]

V. Huntington: So this issue had to do with a new system or new procedure you were putting in place and not the volume of traffic, which is what we were told?

D. Campbell: It was a routine maintenance change that was being done.

In order for us to be able to communicate….

Sorry, let me back up one step. We maintain two separate, independent connections to the Internet. They're with two separate vendors. They're physically diverse. They're vendor diverse.

In order to make all of that infrastructure work, we have to exchange route information with those vendors. It's done through a complex of equipment, in Victoria and Vancouver, that is replicated. They were simply cleaning up route information in those two specific areas.

In an attempt to be more efficient, they were being done at the same time. So one technician was doing Victoria; one was doing Vancouver. That seems to have triggered a response from our two vendors, where they thought it was appropriate…. I mean, they didn't think. It was the machines that saw an action and said, "The province has lost its routes; we'll give them to them, all right now," and that's what crashed the system.

We triggered a response from our vendors that created a volume problem for us.

V. Huntington: Okay. I see.

One last question: was it the Auditor General's report that spurred the decision to move into site relocations?

D. Campbell: No. That was well underway before the Auditor General's report. It was just serendipity.

V. Huntington: Good. I'm glad to hear that.

B. Ralston (Chair): Did the Auditor General want to respond? No, I'm just kidding.

K. Corrigan: I had a couple of questions about Shared Services B.C. as it relates to the B.C. Ambulance Service and children and family services.

One of the findings by the Auditor General is that there is a critical gap, in that there's no strategy for prioritizing the recovery of shared systems and mission-critical program applications. I understand from the government presentation that Shared Services B.C. is seeking to remedy that.

My first question is: given that there are critical systems, what are we talking about in terms of timelines, in terms of prioritizing the recovery of mission-critical applications? When will that work be done?

D. Campbell: It's ongoing. We do have mission-critical information today. I keep identifying all of these failures, but…. When we lost power to the data centre at Thanksgiving three years ago, we used the information we had, which is collected by emergency management B.C. and does identify priorities. We used that to prioritize the recovery of the servers, to bring them up. We
[ Page 391 ]
couldn't bring every server up at the same time, so we had to start somewhere. But there are gaps.

It was the best information we had, but it was somewhat out of date, in some circumstances, and there wasn't, I think, an effective way of keeping that up to date and gathering new information as ministry organizations change and as their applications change.

That's the work that emergency management B.C. and Shared Services B.C. are doing, in conjunction with the ministries — to gather that information and have a way of keeping it up to date so that if we face a situation like that, we're looking at information that is, worst case, six months old.

[1455]

K. Corrigan: I note from the detailed report that the Auditor General has identified, cited, a couple of areas of the B.C. Ambulance Service and also, and I think even more, children and family services, where the IT function is provided, at least partially, by Shared Services B.C.

I look at some of the work. I mean, I would assume, for example, that when we're looking at the necessary recovery times of three hours, which seems to be the shortest required recovery time, that maybe that would involve the B.C. Ambulance Service.

I guess the reason why I asked the previous question is that I'm trying to get a sense of how comforted, if there was a major event that was to knock out the systems — and that's what this report deals with — we as citizens can be that these processes are in place to prioritize and make sure that, for example, the B.C. Ambulance Service gets on line first. Because one of the criticisms that the Auditor General had was that everybody is going to be trying to access the system at the same time, and if there are not clear priorities, perhaps the most critical systems won't get on first.

I'm trying to get a sense of how close we are to making sure that those systems work appropriately in the appropriate order and that all those systems are protected.

D. Campbell: We hope to have that information gathered by this spring, but again, I certainly don't want to mislead this body. By prioritizing systems, it simply means that when we are able to recover, we will recover system A before we recover system B. Simply prioritizing and saying this system is absolutely important to the health and safety of the province doesn't guarantee it will be back in three hours.

There are realities around recovery that aren't tied to a clock. If we had a major event today…. We're not blind as far as priorities are concerned. We do have existing information identifying which systems are more important than others. The difficulty is if a ministry has brought up an application that is critical and hasn't identified it, then we don't know that. That's why it's important to have the information current and accurate. With the new scorecard and the information-gathering that's going on, I think we'll have that by this spring.

K. Corrigan: Can I just ask the Auditor General, through you, Mr. Chair…?

B. Ralston (Chair): Go ahead.

K. Corrigan: Does the Auditor General have any response to that at all?

J. Doyle: I think this is a complex area, and it's critical that the way that applications get brought on line after a disaster is carefully considered. But I think you've got to remember that just because there's a disaster, it doesn't mean to say there's going to be a set list of applications that have gone down. It could be any variety, and so there has got to be flexibility in the recovery process.

Careful consideration has got to be put to what is mission-critical. Does it really matter, if there's a major disaster, that auditing can be done? The answer, in my humble opinion, would be no, it doesn't. Therefore, whilst it may be mission-critical for me that I have access to my working papers, I don't think it ranks very highly if there's a major disaster.

It's putting it through that lens, which is the role of the emergency management process and Shared Services, that is the important issue. What is needed to assist citizens in a disaster situation? What has happened and how they build up from there is a complex process. I think that the work that they're doing to get the list, to refine it, to work on the reticulation is good. As always, I will be happy to come back at some time in the future and follow up on the recommendations we've made to see how well and robust those processes actually are.

[1500]

R. Lee: My question actually has been partially answered as to the…. When you have a limited bandwidth, how do you transmit all that data back to the system when you have a disaster? So I think that my question is: how much data is actually getting stored in those centres? With privatizing transmission, would there be congestion, as has happened just recently? And how do you address that in the future?

As well, we know that the Kamloops centre has been in operation for many years already. The physical security of that centre — what would that be when they are physically under attack? Of course, two centres under the same attack may be a remote chance.

Also, another question is: in terms of the storage, reduction of costs of storage, can it have more physical storage, with time delay, for the data and the security of that data, etc.?

D. Campbell: The storage scheme we've come up with for those data centres is a tiered approach. If we lose an entire data centre, the surviving data centre will have the information it would require to function when we brought the data centre back on line.
[ Page 392 ]

For example, if we lost Kamloops for some reason — if it was physically destroyed — once that data centre was rebuilt and the servers were repopulated, we would simply move the data over the wire on a gradual basis, because the other data centre in Calgary would be providing the processing. So it doesn't have to all go at once.

As far as physical security is concerned, they certainly meet the province's standards for physical security of data centres. They meet best practices.

They have gone out of their way to protect the identity of the sites, so the site in Calgary…. You know, there's no neon light on the outside of it saying: "Government Data Centre." It's just a very innocuous-looking building in the middle of nowhere. They've done an extremely good job of hiding the generators and the exhaust stacks from the generators that would give a clue that there's something other than a warehouse, and the same practice has been done in Kamloops.

They're as secure as they can be made within the constraints that we have. You know, we could build a data centre inside a mountain, as they've done in Sweden. They used an old NATO control site, but we didn't have that available to us.

Some of the considerations that you may find interesting in siting the data centres…. They're close to telecommunications carriers' facilities, so we can take advantage of multiple carriers. They're not on a flight path. They are not on a floodplain. As we've stated, they're not in a seismic zone of any consequence. They're close to a highway but not so close as to be involved in collateral damage from an accident, and they're close to rail lines but, again, not so close that a spill or a disaster would affect them.

R. Lee: Okay, just one further question. What's the size or terabyte of the data actually getting stored from government?

D. Campbell: I believe we're approaching five petabytes at the moment.

R. Lee: Five petabytes — okay. Thank you.

B. Ralston (Chair): I had a question, just more to the emergency preparedness. Obviously, there have been real events, whether it's a San Francisco earthquake or ice storms in Quebec.

[1505]

To what extent do your recovery times measure against the reality of recovery that took place in other events that have occurred in the last, say, ten years?

C. Filmer: I think recovery has probably been one of the areas…. Emergency management is divided into four phases. There's planning, there's mitigation, there's response, and there's recovery. Response, historically, had been focused on quite a lot. The other three pillars have been the majority of focus for the last ten years for a lot of players.

Our plans, in regards to those jurisdictions…. First of all, British Columbia is a national leader for emergency management practices. For many good reasons we have actually taken international best practices from other systems. There were systems used throughout the world in different countries, including the U.S. We took advantage of those systems. We brought people in. They've been in place for about, probably….

A lot of work really coalesced in the late '90s. That put B.C. as what is seen as a national leader in emergency management. The fact that we have permanent centres now is a good thing. Those centres are robust. We have business continuity practices in between those centres. We have permanent staffing. Government also now has a pool of individuals that can fill these centres. We can bring others in as required.

Overall, the actual system itself is well-trained. I guess the one disadvantage to B.C. is that we're very busy all the time because of the topography and the demographics. It's a system that is tested routinely. You look at small-town B.C., for instance. A lot of small communities see things, really, on a daily basis. On the other hand, that keeps us sharp, on our toes and well-practised.

I think we have a lot of leading experts in it. We are also, though, very willing to learn. We just had a delegation here from New Zealand. We just did a simulcast with New Zealand to learn from the New Zealand earthquake. There were representatives from local governments here in the capital regional district and also from Metro Vancouver who went over. We have also been webcasting and had experts come here from New Zealand. So at the same time, we're sharing information.

In regards to how we would do, I think we would do fine. I think that in a relative way. You've still got people suffering loss and damage, and it could even be worse than that. But on the other hand, the system that's in place is robust. It's well-trained. For good or for bad, it's well-exercised, and it is nationally leading. That includes recovery components.

S. Simpson: I just had a question for the Auditor General. In your report you make nine recommendations, essentially. Could you tell us: are you generally satisfied with the substantive response to those recommendations and the timeliness of the response, the strategies for response? If there are, you think, ongoing challenges that still need to be addressed, what are they?

J. Doyle: Thank you for the question. This is a summary report. There were, in fact, 71 recommendations. We summarized them into nine recommendations for
[ Page 393 ]
the purpose of this particular report. The reason we do that is that sometimes we don't want to reveal the detail of particular recommendations when we can talk about the generalities. When we follow up, we will be following up the 71.

The normal process is that we would ask for an action plan on how these matters are all going to be addressed and dealt with. A lot of work is in the pipeline to be done early this year. Some of it, as you've heard, is not going to be completed for a while yet. The major construction work in Calgary and Kamloops…. I think you said it was going to be another couple of years before that was ready.

What we will do is assess the situation. This report was published in April, I think. We're following it up right now, so I'll be in a position to publish on the first of April the current situation in regard to all the recommendations that we've made and made public. Watch this space, and in a very short period of time you'll have the answer to your question.

B. Ralston (Chair): Thanks very much. I don't see any other….

S. Chandra Herbert: I've got one.

B. Ralston (Chair): Spencer's got one. Pardon me.

[1510]

S. Chandra Herbert: Earlier in the discussion it was mentioned about the data facilities moving to Kamloops and Calgary because of a potential quake in Victoria. That way government could be maintained and up and operational in a quick way on the Mainland.

I'm just curious. What about Vancouver Island? What's the plan to get government services up and operational on the Island, should one of these earthquakes happen?

B. Ralston (Chair): Could you hear that? The question was: just what would be done to help Vancouver Island recover, assuming that there are these data centres in Kamloops and Calgary and Vancouver Island is cut off?

D. Campbell: If I understood the question, I think it was related to the operation of government on Vancouver Island. I'm sorry; I can't answer that. Cam may be able to give some insight.

C. Filmer: If it's regarding broad emergency management, again local governments of course are mandated, legislated, to have plans in place. There are a number of communities. There are the Mid-Island Emergency management group, the lower island emergency management group. They meet routinely. There are mutual support workings in place between all of them.

Again, they are looking at some of the international best practices, and they are moving forward on those. They are also, for instance, sharing. There's really good information exchanged between Metro Vancouver and capital regional district on items as they move forward because between the two of them they have quite a few items in commonality.

We do have, as said, a brand-new facility at Keating Cross Road. Luckily it has probably tripled our operational space that we have available to run large emergencies. It's a very good building. It's very robust. It has a very strong UPS and a generator that is able to power a very substantial area. So we have a brand-new facility there. Within that it also has a brand-new provincial-regional emergency operations centre.

So as we come together from purely a coordination perspective and a support to local governments, which has definitely put us into a much stronger place.

B. Ralston (Chair): Spencer, any follow-up?

S. Chandra Herbert: I guess what I'm trying to understand is IT continuity. Obviously the data is being backed up in Calgary, Kamloops, what have you, to keep the business of the province running.

Let's say the data management system, whatever, in Victoria is inoperable. What happens then in terms of the communication with the IT continuity, the information which is housed on the Mainland? Is there any thought to that in terms of…. If we need the data during an emergency, we'll need it on the Island as well as on the Mainland, if you get my meaning. I'm just trying to figure out what the backup plan is for the Island.

D. Campbell: It's a very difficult question because in the type of emergency we're talking about here, where there's a significant seismic event, we are wholly reliant on the telecommunications carriers for connecting us to the rest of the world. So until those connections are re-established, we have no capability to access that data.

Now there are some stopgaps. If the cellular network comes back quicker than the terrestrial network, we may be able to access some information. But in an event of that scale, my sense would be that the operations would have to be conducted from the Mainland.

Government on many occasions has made the statement that in an event of that description, the citizens have to be prepared to survive for 72 hours without government assistance. If we're talking about that type of event, that's what we're talking about, because it's going to be at least that amount of time to re-establish communication to the Island.

C. Filmer: Just adding to those comments. There are, so everyone appreciates that, ministry-specific applications. The information from SSBC that went out
[ Page 394 ]
in 178 talks about disaster recovery planning for those specific applications. That's done through ministry ITSD people.

[1515]

So there are two items there. The first is that the people have plans in place for those applications. In some cases, too, the ministries, from more of a business continuity perspective, have also looked at workarounds. So in some cases you can have computer systems that can be down, as was referred to earlier. Those may not be in areas that are deemed mission-critical.

It's also a complex thing in that you have people that are mission-critical. Some of them have their own specific applications and can be self-reliant on that. They will have disaster response plans in place for those specific applications. Some would be affected by network service maybe more than others, and some have workarounds in place.

When we do our dog-and-pony show here later this spring, one of our goals is to talk about workarounds. In many cases, or in some cases, people will be able to freely move the actual computer systems, and that will not inhibit them moving forward.

B. Ralston (Chair): Thank you. I don't see any further questions.

Oh, Dave, did you want to add…?

D. Campbell: Chair, sorry. I just wanted to respond to something the Auditor General said with regard to the two new data centres.

B. Ralston (Chair): Sure. Go ahead.

D. Campbell: I just wanted to be clear that the data centre in Calgary is fully commissioned. It's up and running. We're actually running applications out of that centre right now. Kamloops is built. They're just doing the last fitting out, and it will be up and running on the first of April.

The timeline that I mentioned, the two- to three-year timeline, is the actual migration of the physical server assets from Victoria and Vancouver to those data centres, and that's a financial concern. We can't transfer government assets to a private data centre until they're…. We're waiting till they're fully amortized before applications are stood up on new hardware.

In the event of a major disaster here, Calgary is up and fully running. You know, in a disaster on the scale we're talking about, we would simply provision new servers in that site, rather than wait to try and re-establish a site in Victoria.

S. Simpson: Just a quick question. Maybe I missed something earlier on. You said private data centres. Who owns these data centres? Who owns and operates the data centres?

D. Campbell: The data centres are owned by a company called Q9, and that's all they do: build and run data centres. The actual server infrastructure is being managed under a contract with HP Advanced Solutions.

S. Simpson: But all the propriety around everything — the information, the technologies, all that — we own that in some way? That belongs to government?

D. Campbell: We haven't relinquished ownership of the data. Government still owns the data. HP Advanced Solutions is simply the data custodian.

S. Simpson: Right. So they have no capacity to use that data in any way unless directed by us.

D. Campbell: Oh, absolutely not. In fact, in the contract their staff are prohibited from even accessing the data unless there is a specific requirement for them to do that.

B. Ralston (Chair): Thank you for that further clarification. I think we're done on this report. Thank you very much for coming.

I'm going to suggest we recess for about five minutes or so, and then we'll continue on.

The committee recessed from 3:19 p.m. to 3:26 p.m.

[B. Ralston in the chair.]

B. Ralston (Chair): The next item is what's entitled the Follow-up Report: Updates on the Implementation of Recommendations from Recent Reports. This was issued in September 2010. We have Mike Macdonell, who is the executive director, resourcing group, Office of the Auditor General, and Stuart Newton, the acting comptroller general, office of the comptroller general.

I think Mike is going to make a presentation. John, did you want to introduce the topic?

J. Doyle: Just a few words if I may, Chair.

B. Ralston (Chair): Sure, go ahead.

Auditor General Report:
Follow-up Report: Updates on the
Implementation of Recommendations
from Recent Reports

J. Doyle: As you know, I follow up on all reports six months to one year after they have been published. The follow-up reports are an agency self-assessment as to their progress in implementing the recommendations they have previously accepted and provide us with an action plan about how they are actually going to deal with it.
[ Page 395 ]

Overall, I am very pleased that agencies are reporting progress in implementing all recommendations. Such a high implementation rate reinforces the relevancy of the work that's being done and also assists in promoting efficient, effective and economical management in government. As always, I seek feedback from the committee in regard to any topics that they feel deserve or warrant more detailed follow-up.

I'll now turn over to Mike Macdonell, as previously introduced, to provide a brief overview of this particular report.

M. Macdonell: Thank you, John, and good afternoon, ladies and gentlemen.

We've heard from legislators that it's not enough for the Auditor General to issue recommendations and just hope that they'll be acted upon, and we share this point of view. Our staff invests considerable time and energy and have pride in their work, and we also want to know that our efforts are making a difference.

Following up is critical to ensuring that our work has a positive influence and that British Columbians receive full value for our services. For this reason, beginning in October 2008, and on a semi-annual basis thereafter, we followed up with organizations we've audited and asked them to provide an update on their progress.

We have three forms of follow-up. The first is the action plan. Within three months of publishing the initial report, organizations are asked to provide an action plan describing how they will implement our recommendations and by when. Often we are able to publish action plans in the initial report, but if not, they are posted on our website once received.

In our second form of follow-up, within six months to a year after reports are issued, agencies are asked to provide self-assessments of the progress they've made in implementing our recommendations, as well as plans going forward. We publish these submissions unedited and in their entirety so that readers can assess for themselves whether or not the progress has been satisfactory. To be clear, these are management's representations.

While we read each update and, in some cases, discuss them with the entity, they are not audited in any way, and we offer no assurance concerning their fairness, completeness or accuracy. We expect that most recommendations will be cleared in this initial follow-up. Subsequent follow-ups may be required on outstanding recommendations or certain key recommendations that have not been satisfactorily addressed.

[1530]

A third form of follow-up involves auditing the self-assessment of certain recommendations. We have yet to select any submissions for this level of examination but anticipate doing so within the coming year. The results of progress audits will be published in the next available follow-up report.

Our latest follow-up report, published in October 2010, contained 12 detailed updates representing 66 recommendations. Six of the 12 reports were initial follow-ups, with the other six being subsequent follow-ups.

I'm pleased to report that auditor organizations have reported that 100 percent of our recommendations have been actioned, at least to some extent. For us this is both encouraging and gratifying.

So 45 of the 66 recommendations, or 68 percent, were fully or substantially implemented, or the organization chose to take alternate action to address the recommendation. Some 32 percent of the recommendations were partially implemented.

We have issued five follow-up reports since October 2008 representing 511 recommendations in total. Over this time 475 of the 511, or 92 percent of the recommendations, have been fully or substantially implemented, or alternate action has been taken; 35, or 7 percent, have been partially implemented. No substantial action has been taken on only one of the 511 recommendations issued.

That concludes our presentation.

B. Ralston (Chair): Thanks very much. Stuart is going to respond. Looks like he has a couple of slides as well.

S. Newton: I'll be very brief. Thank you, Chair and Members. On government's behalf, we're very pleased with the progress on meeting all the recommendations. Just repeating the statistics that you just heard from Mike, so I'll move to the next slide.

With recommendations and the implementation, progress varies, depending on the nature and the extent of the recommendation needing to be met. The previous presentation that you just saw was an example of where sometimes it takes a considerable amount of time to get the recommendations implemented. But since 2008 government has managed to meet those recommendations.

There are times where alternate means to meet the recommendations are developed on the part of programs. I think this speaks to the programs understanding their business, their current priorities, what's changed — to be able to come up with alternate ways to meet the recommendations. That's encouraged.

We find this has been a very valuable process. The electronic self-assessment form has been very easy to use. I think it speeds up the process.

The last point I'd like to make, though, in relation to the recommendations is that it always is the ministry's or the program's or the organization's responsibility to determine what the most appropriate response is. Even if they're given a recommendation, they have to look at it in terms of what their program's objectives are and their current constraints before they make a decision. That's why sometimes the recommendations will vary.
[ Page 396 ]

B. Ralston (Chair): Okay, thanks very much.

Questions?

K. Corrigan: I have a question, first of all, for the Auditor General. You mention in your presentation and in your report that there can be follow-up to this self-assessment. I'm wondering whether the Auditor General does things like spot checks of this self-assessment. You mentioned that there can be further assessment, but I'm wondering if there is any process in place to check and validate the self-assessment that has been done.

J. Doyle: Thank you for the question. There are two aspects to that. The first is when we first receive the self-assessment prior to publication. We do some work looking at it and testing it for reasonableness. There have been some occasions when we've gone back to ministries and discussed the form and content of their representations because we felt that they could be amended.

Typically, they have been amended. What we have brought forward is the agreed one from the ministry. I will emphasize that I don't change a word in their presentations. These are entirely self-assessments.

[1535]

The second form of secondary analysis or review is…. After we have published, and after we have presented the self-assessment, we might still go back and keep in contact with the group where we conducted the audit to find out how things are progressing, what's happening, what's being done. We keep a watching brief. Sometimes we have a lot of energy put into that watching brief, and sometimes we have less energy put into it. That's a risk-based decision, which I don't share with anyone, but it's part of the way that the office operates.

The third component is a detailed review of the recommendations, of how they've actually played out and whether they've made a difference. That used to be the way that we conducted this work before I started. There used to be a report and then a detailed review sometime in the future, but I felt that this was a more effective and efficient mechanism to actually conduct overview.

Now, I'm willing to accept suggestions from members, if they have a particular one which they feel that we should go and have a look at, but as always, the decision to conduct any work still rests with the office.

K. Corrigan: Can I follow up on that, then?

B. Ralston (Chair): Sure.

K. Corrigan: Well, I'm thinking of two of the reports that are mentioned in here. There are several of them — seismic safety….

The PARIS system was one. The Auditor General report was particularly critical about the gaps and lapses in access with regard to access and security to the PARIS system for community care services, in the original report. That, I guess, would be an example.

In a case like that, where you had been quite critical, would you take particular care? The words you're using are "checking for plausibility in review," which is a different kind of standard than an audit standard. I'm wondering if there is an appetite — in that one, for example — to say: "Well, the lapses were particularly noticeable, so we have an appetite to go back and do closer checking, rather than relying on the self-reporting."

J. Doyle: In that particular one, and it's a good example, we didn't publish until they had effectively corrected or implemented many of the recommendations that we put forward.

If you recall, when we did the presentation we actually gave the Vancouver Coastal Health Authority an opportunity to bring in, substantially, the changes, because we felt that to air those weaknesses before the changes had occurred would actually bring in a risk that wasn't necessary. For that particular one, the team did a lot of work assessing how the recommendations had been addressed. We got assurances and documentation in regard to what had actually happened and, as I say, we didn't publish until we were satisfied that good progress had already been made.

We still went back and asked how things were going, and then we followed the routine I described earlier. I think we covered that off because of the nature of the risk that was involved in that particular report.

K. Corrigan: Can I have one more follow-up on that? Another one of the reports that a follow-up has been done on is the apprenticeship and training program in B.C. I went and checked with an organization that obviously has an interest in it. I said: "Okay, what are your feelings about the report, the follow-up, and what has been done?" That was the B.C. Federation of Labour. They felt very strongly that some of the representations…. Well, of course they do have an interest. They are an advocate organization. I don't deny that.

They did have a strong feeling on some of the recommendations, on what is being represented in this self-reporting, that that is not reflective of the truth. It's another example where, of course, there is a point of view, but there is a feeling that the report does not reflect what has or hasn't actually happened. That's why I was asking the question.

[1540]

J. Doyle: This committee discussed that particular report late last year. You will recall that the…. I've forgotten the CEO's name, but….

B. Ralston (Chair): Kevin Evans.
[ Page 397 ]

J. Doyle: Yeah. You recall that he was explaining all the changes that were being brought in. At the time, I suggested that if it's that good, then we should come back and have another look just to see how it's all done. It's on our list of potential ones that we could go back and have a look at.

There are always different perspectives from different audiences in regard to how well or not well the recommendation is actually implemented and whether it has changed or made a difference. If you like, it's that process which is always going to be value-driven, which is why we do the follow-up the way that we do and bring it to the committee's attention the way that we do. We're open to conduct further work if the committee feels it's appropriate or if indeed I feel that the risks are such that we should go in and have another look.

Now, with that particular one, I think it's worthy of going in to have another look. But when we make the decision, that has got to be weighed up with the resources that I've got and the timing to actually conduct that work. It's in my hopper, but I haven't made the decision yet.

B. Ralston (Chair): Thanks.

The oil and gas site contamination report — it's on page 10 of this summary report. Recommendation 7, on page 10. As I recall, the report said, basically, that security deposits were too low — I think they were a couple of hundred dollars — and it was recommended that they be increased.

What's reported here is that they're establishing an environmental licensee rating program. I just want to quote, because I want your help in interpreting this.

"The licensee liability rating program is currently under further revision to implement a framework that will routinely review security deposits for all operators and ensure their environmental liabilities do not exceed their deemed assets. This comprehensive framework will be discussed with industry and will be phased in over the next year as facilities data integrity is confirmed and information systems are in place."

My question is: are they going to raise deposits or not?

J. Doyle: My understanding of it is that they are going to look at the deposits and match them to the risk of the entity that's conducting the work.

The last part of what you read out was: can the operator pay for any damage? Are their assets matching their environmental liabilities? That was that component. That's a danger sign at the bottom, the downside. It doesn't actually say whether or not the deposits are going to go up. When the presentation was made by the Oil and Gas Commission…. Their current actions have been…. I think that they were thinking about having higher levels of deposits than had previously been the case when we had conducted the work.

Now, we haven't gone in and done a detailed analysis of the counterparty risk that may exist between the government and the various operators. But it is something that it's in my mind that we should be looking at, at sometime in the future. We've got to wait for the commission to, first of all, structure their new process and then to see how it's actually operating.

Another point is that the organization can come back and answer that question should you wish it to do so. The idea about this is that it does invoke further discussion. It's not a closure process. It's a continuation from a previous audit review. I don't know the practicalities of how you would organize that, but there's certainly no reason at all why the agency can't respond to that kind of question.

B. Ralston (Chair): Let me consider that. That might be something that they could respond to in writing, to a specific question, rather than bringing someone from Fort St. John. I'll consider that and discuss it with the Deputy Chair.

[1545]

G. Gentner: Recommendation 5, on page 9, as well, is relative to the oil and gas. I guess why I'm bringing it up is it just seems to me that when we had the Oil and Gas Commission here, we were rushed through. We really had a lot of hanging questions, and a lot of the recommendations have not really been acted out — although partially, according to your matrix.

But I want to know…. You're suggesting here, if I have it correct, that section 10 of the new Oil and Gas Activities Act, which came into force in fall 2010, provides authority for the Ministry of Environment to order an audit of performance of the commission in relation to the protection of the environment.

Where are we with that? Has it? Will it? Do we have some understanding of its performance? What is the Auditor General going to do relative to see…? Now that it is an act, when will the commission actually come forward and answer that?

J. Doyle: I heard a couple of questions in there. The first is that the Ministry of Environment now have a power which they can exercise. I don't think that has anything to do with me other than if I do an audit in the future which is looking at how they're exercising those powers. So I can't answer for something that's going on inside the ministry. The ministry itself will be better placed to respond to that.

The recommendation 5 is about accumulated effects, and I have had some discussions with different people within government about how accumulated effects get measured and why they should be factored into decision-making and deliberations. I think that agenda is moving forward, but I have not yet seen anything written out in policy or legislation in regard to it.

As far as going back to the Oil and Gas Commission and asking them about the progress for some of these,
[ Page 398 ]
they made it clear to us that they had an action plan. They are following that action plan. I think that most of the…. I think we're following them up again for this particular cycle, so we've got another report coming out on the first of April. When I get that, I will know whether or not that action plan has been met in detail.

If it hasn't been met, then obviously that gives me the option then to go back and start asking some of the questions that you're floating.

S. Simpson: My questions relate to page 27, the homelessness-related issues. These may or may not be questions that the Auditor General can answer, and it may be one of those areas where we want to have a discussion with the folks from B.C. Housing again.

Let me just make a couple of observations. As relates to the first recommendation, we know that B.C. Housing has quite a long list of initiatives related to homelessness that have been pursued, whether it's SRO purchases, some development of new units and that. My recollection of the report on homelessness didn't so much question all of the individual initiatives. It talked about overall objectives and targets and timelines and what the strategy was and where this all fit into a bigger context of strategy.

I don't get the sense from this…. I know that it is talked about as an alternative action rather than progress on the recommendation. I don't see here where B.C. Housing or the ministry has got at that question of the bigger objective target timeline. Maybe I'm missing it, but I'm not seeing that here.

I guess that relates also in relation…. I know in the second recommendation that was made about lead agencies and assigning roles and responsibilities around homelessness, the references in the actions taken talk about the Ministry of Housing and Social Development. It talks about those, and that made some sense because it encompassed housing, but it also encompassed income assistance and a number of other programs.

Those responsibilities have now been divided into separate ministries. So you have housing here, and you have a whole lot of those other initiatives related to income assistance and other programs that sit in a separate, stand-alone Ministry of Social Development.

I'm wondering whether there has been any update about how that changes what at this point of this response to the recommendation said, when it was an integrated ministry — that this is where it's going to rest. That now is somewhat different.

[1550]

I would note that we're dealing here not just with a housing need. What's recognized, quite properly, throughout all of this is that people who are often hard to house have a complexity of other social issues over and above the fact they don't have a roof over their head. Those are things that B.C. Housing may or may not be able to deal with or may be dealt with under Social Development more appropriately. I'm curious about that.

One more issue that I'd raise is that I know…. I have a number of other questions, but I'm just going to raise one more under recommendation 6, which talks about strengthening and the government's strength in its approach to preventing homelessness by taking steps to ensure that people leaving health care, child protection, etc., are not homeless upon their release.

It goes down…. In "Actions taken" there's a discussion here about an evaluation of the homelessness intervention project, one of the key initiatives that's identified throughout these recommendations. That's taking place in March 2011. I'm wondering whether your office knows about the nature of that evaluation and how that might fit into your assessment of whether we're getting where we have to go.

J. Doyle: Thank you for the three questions.

B. Ralston (Chair): That was a very sincere thank-you.

J. Doyle: No, no, it was.

The first one is that you're dead right. The original report talked about the strategic process for eliminating homelessness. It was a government priority. It was established in policy that homelessness needed to be addressed.

The response that we got dealt with an element of homelessness but not the big issue. We identified that right at the beginning and gave that response to the ministry. So their alternative action is basically looking at a different aspect than I actually made the recommendation on. That's for the ministry to present and other people to evaluate.

The second component and third component are about what action is actually being taken in regard to some of these. I'm glad this discussion is taking place, because I think there are two things that can be done — or one of two things. One is that we can go back and redo the work or redo work in the ministry itself, and that's the audit team. The second is that the information that's required by members of the committee can actually be provided by the ministry coming and making a supplementary presentation on progress.

If you recall, all the recommendations were agreed on. Therefore the satisfactory progress in regard to those recommendations…. This is just what the ministries are saying at the moment, and if additional work is being done, it can be done in two ways, as I say: additional questioning, or I can do additional work.

At the moment it's on my watch list to go back again and look at homelessness, or different aspects of homelessness. But at the moment I don't have the resources
[ Page 399 ]
to do that in the next three to six months. It is something, however, where we are having discussions to find out what these words actually mean as it plays out on the ground. As you'll appreciate, homelessness is a hot topic, and so there's plenty of information, reports, documentation that's going out there, and good work is being done in actually alleviating this problem.

So as always, it's been a complex area, and there are multiple players in it. But from the point of view of this committee, those questions that you were asking me are really addressed to the ministry rather than to myself.

S. Simpson: I appreciate that, and I would concur. I know, in discussions I've had with B.C. Housing and others, that it's a complex issue, and there is a lot of attention being paid to it. When you talk about assisted housing, there are questions about if there are enough resources going into the assistance, how you balance resource needs with resource availability. I know that that's a live issue, but it is one that's here.

I guess that maybe it's to the Chair. I understand that the House will prorogue here next week, and we will disappear as a committee, and there will be a new committee that some of us may or may not be on.

[1555]

I don't know if it's appropriate here for us or for me to suggest a recommendation that the newly constituted committee ask B.C. Housing, or whoever the appropriate people in the ministry are, to come back to the committee and maybe just take us through the response to recommendations they've made so that the committee can have a better sense about some of these questions that the Auditor General has talked about, particularly since the Auditor General, because of resource limits, won't have an opportunity to get at this for some period of time.

B. Ralston (Chair): I don't think we can bind the incoming committee or the new Chair — if it's me or someone else — but certainly that's….

S. Simpson: But we can make a suggestion?

B. Ralston (Chair): I think you could make a suggestion on the record and that could be conveyed.

S. Simpson: Yeah. Well, I would do that. I understand that it's their prerogative to do what they want to do.

B. Ralston (Chair): Okay. Well, I think the suggestion has been made on the record there, so I think that's probably sufficient.

V. Huntington: I won't be long because many of my comments were spoken by Shane. I have some of the same concerns and would really welcome an opportunity to discuss some of these responses with the ministry. I guess, to the Auditor General: is there any way that self-assessments — your criteria — can be strengthened so that it creates a more specific response on a self-assessment to each recommendation?

J. Doyle: There are ways of strengthening it, but I've got to bear in mind that, if I'm not careful, all my resources will go into follow-up, and I can't do that. So what we've done is implement a risk-based process so that if issues are drawn to our attention, then we can focus on those particular issues and go and do some additional work, which will then be published in the same document at a future stage.

I actually think that there's a lot of collegiality and goodwill in the fact that the ministries have been making self-assessments, and although maybe members didn't notice it, some entities made an assessment at one point in time, and they actually downgraded their own assessment at a subsequent point in time because they had a rethink about whether or not they had actually achieved the implementation, and then they finally got it all together, and it all worked.

You might have missed that…

V. Huntington: No, I didn't.

J. Doyle: …and I won't tell you which one it was. But it has been a positive process for my teams to go back to speak to the entities concerned and ask them how they are getting along. It sort of closes a loop, and it also gives the agencies the opportunity to demonstrate that they are actively doing a lot of work to try and address the issues that may have been raised in the reports. I think that's something that can be missed sometimes in the provision of a report and the early examination of that.

I'm not sure that I want to investigate every response. I think what I've put in place at the moment is a risk-based approach, and I'll still rely on the fact that if members wish to bring things to my attention — for example, what Kathy brought in just now, which said that there's a stakeholder that felt that there were problems and that the fact that there was misrepresentation — I'll be quite happy to go back and have a look at that at a later stage, once it's brought to my attention.

V. Huntington: Could I just comment? No, I agree that there's quite a range of response you get in the self-assessments, and it's quite obvious that some ministries are almost eager to follow up on recommendations and to correct some of the deficiencies that you may have spotted or problems. I could almost ask you: have you categorized the types of response? Others seem to defer it to a higher authority. Others seem to almost dismiss. Others seem to be working away at trying to understand how to rearrange their own priorities.
[ Page 400 ]

But when I see some of the responses from the Oil and Gas Commission and from the Housing Ministry, I am troubled that there is…. Particularly in relation to the housing, I feel that some of the recommendations are either not being answered properly or being dismissed as not part of their action plan or policy plan and therefore almost irrelevant.

[1600]

That's why I was wondering whether there was some more…. Not to create more work for your office but perhaps to make it easier for members of a committee such as this to understand how they are really responding, to have a response to something as specific as: "Provide guidance to municipalities in collecting homeless count data consistent with…" etc. You get a response that's basically, "Alternative actions taken," where there's something very specific that you've noted should be looked at. In fact, the ministry says: "We think we've done the job" or "It's been done another way."

I feel like there's a disconnect, and I just wondered if there was some way that these self-assessments could be more readily understood by the reader in terms of what the response really means.

J. Doyle: Chair, could I just observe that this follow-up report is for you. You as a committee have read the recommendations and endorsed them or approved them — or not. In this case, all of them have been approved or endorsed. I don't know which word to use. In fact, this is not my follow-up of the report; it's your follow-up.

There's nothing in my mandate that actually says: "Go and do a follow-up." It's obviously an extension of what we do just to make sure that everyone is doing the appropriate thing regarding recommendations.

What we're tracking here is what ministries or agencies have done that they said they would do at the time the report was published, with an action plan. You read those reports, and basically, what's happening now is you are getting supplementary information about what action has taken place. So you've looked at the recommendations and formed a view. The view of the committee was that they were okay. The view of the ministry was, arguably, mostly okay. I can't remember any that have been rejected. The issue then is: well, what's happened about them?

When I first brought this process in, I thought I'd expressed in a way which says: "This is your report." We do the work for you, but it's actually the follow-up for the PAC to do, and that's why I'm reluctant to intervene, although I will intervene and do a follow-up block of work, a special piece of work, on request. But I've been reluctant to intervene, because otherwise I'll be monitoring and examining every report and every recommendation I do, and basically, I won't have enough resources to do it.

If the committee wishes me to do things or wishes to follow up on these things, I think that's part of the committee process as I understand it, and I'm more than happy to fit into whatever it is the committee would like me to do, bearing in mind my limited resources.

V. Huntington: Thank you very much. Could I ask the Chair, then, because…? This comes back to an issue that I've wondered about and haven't seen us particularly do, and that is, to say as a committee: "We're not entirely satisfied with these responses, and we would like to look more deeply into some of these issues, and we would like to go back to the commission, the ministry, whatever."

Even if we pinpoint one or two areas and follow up on them, how is that done by this committee? Is it something that as a group we are interested in, or is it always going to be opposition versus government, or is there a concern that there is a problem that should be looked at in a genuine, non-partisan manner? I don't understand…. I haven't seen that approach in this committee, and I guess, as a relatively new member, I'd like to know: does the committee ever operate in that manner?

B. Ralston (Chair): I don't know the answer offhand. It's within our jurisdiction to do that, but that's something that before taking any steps, I'd want to discuss with the Deputy Chair and make a decision and also sound the committee out. But it has been raised now, I think, a couple of times in relation to this report, so that's something that in the time that the Deputy Chair and I have left in our positions before Monday, we might turn our minds to.

[1605]

J. McIntyre: I'd just like to comment that as the previous Deputy Chair, going back to whatever it was — 2006 or '07 — there was some discussion, actually, when the new Auditor General arrived. He made a recommendation, and we had some debate as a committee about how we would address follow-up reports. Basically, I think the will of the committee, or certainly the decision of the committee, was that we….

The Auditor General may want to refine this or correct me, but I think the feeling was that we were relying on the Auditor General, really, in a sense of where and what — his discretion on what to follow up, and his assessment. We have an opportunity here, as we go through these follow-up reports, to have a discussion.

But basically, we did not want to direct it, because we didn't want to politicize some of the…. Directing him, "We'd like to look into homelessness" or "We'd like to look into the Oil and Gas Commission" — the very subjects we're talking about…. We declined from directing the Auditor General where we wanted particular subjects or particular reports or groups followed up.

My sense of the feeling at the time was that we would like to leave it in the Auditor General's hands.
[ Page 401 ]

B. Ralston (Chair): I think that's certainly…. I hadn't recalled that discussion.

V. Huntington: Could I just comment?

What I'm hearing from the Auditor General, though…. I appreciate that — not to further politicize the subject, if that's the way the committee wants to do it. But if the committee wishes to pursue….

What I'm hearing the Auditor General say is that if we wish to pursue the issues that we see in a self-assessment report further, we can do that absent the Auditor General. I think that sometimes, at least, this committee should be concerned in specific arenas and areas. That's our job, and if we feel that there is something that should be pursued, I'm just wondering (a) if it has ever been, and (b) how we go about doing it in a non-partisan fashion, because it's a concern.

B. Ralston (Chair): I think it's a discretion that exists for the committee to recall witnesses, but I don't think it's something that you'd want to do lightly, because the signal that would be sent would be a very strong one. So I think that's a discretion that you'd want to exercise carefully.

As I say, we have the benefit of this discussion. The Auditor General has given some assistance on that. Maybe we can at least fashion a recommendation for myself as Chair and the Deputy Chair, if we are so fortunate as to be reappointed, and if not, the incoming Chair and Deputy Chair who might occupy these positions in the future. We could give them the benefit of our advice. I don't think we can do more than that today.

K. Corrigan: My next question — my last question — follows right up on that, because one of the follow-ups that I was interested in was the planning for school seismic safety follow-up. I do want to say to the Auditor General that I appreciate that the follow-up reports are done. I find it very helpful. Unfortunately, the extra work that you are doing in providing us information — the member for Delta South says that she appreciates it as well — then creates more questions and more problems and, perhaps, work. But I think all the members of the committee do appreciate these follow-ups.

I look at some of the recommendations, particularly a couple of the recommendations and the response to the recommendations in the seismic safety report. One of the recommendations was that the ministry "make it a matter of urgency to implement a program delivery model and commit sufficient resources to it." The response, to me, is not…. I would like more information, to put it as non-partisan as I can, because I think a very important issue for the public is: how are we doing in that? I would certainly like more information on that one and to get an update — and perhaps from the ministry.

The other one was the issue of recommendation 7, to give the public opportunities to understand what's going on with seismic upgrading, and the response to that one also doesn't seem to indicate that that is available yet.

[1610]

I think that's of a great deal of importance to parents and the public generally around the province. So perhaps it's just another one on a list where I would like to get more information and do some follow-up in some manner.

B. Ralston (Chair): I don't see anyone else on the list, then, so with that, I think we'll conclude that. We still have two other, briefer reports that we want to deal with before we adjourn, so if we can switch over to Mike Macdonell, he's got another. He has conduct of the next one, so we can switch over.

The Deputy Chair has suggested…. I'm wondering how long you expect your presentation to be, Mike, because there are two witnesses for the other one, and he was wondering whether they would be available tomorrow if we didn't finish this, which is probably a good, thoughtful question.

J. Doyle: Chair, all our presentations are quite short. It's really an issue of how many questions that….

B. Ralston (Chair): I set myself up for that one — didn't I?

Paul Nyquist and Paige MacFarlane — are they available for tomorrow morning, should we…? We're reconvening at ten tomorrow. They look enthusiastic. That's great.

Over to you, Mike, then.

Auditor General Report:
Summary Report:
Results of Completed Projects

J. Doyle: You've not seen a summary report before, so I'd better explain what I'm about and why I've decided to report in this way.

A significant amount of work is often done and results achieved, frankly, which are outside of our public reports. We issue management letters, good practice guides. We put up information on our website, and we use other tools. This is the first time I've used a summary report as a mechanism to communicate. This particular report details work we have done in seven distinctly different areas, and there are just two or three pages around each one.

I'll give you an example and just work through why we felt this was an important and useful communication tool for the committee. I'll use the hand hygiene work that we did as an example.

We have good relationships, collegiate and productive relationships, with entities. Often we find that entities
[ Page 402 ]
respond quickly to issues that we may bring up and discuss with them, or we may determine, as indeed we did in this particular case, that the hand hygiene programs weren't as developed as they could have been and a lot of work was required.

Rather than just issue a report that expressed things as they were, the response from the health authorities was to set up a process whereby the hand hygiene process would come starkly into focus and that there would be a good deal of energy around what should happen and the compliance rates with those hand hygiene programs.

What we did was worked with the different agencies concerned, and they took the initiative not only to develop the provincial working group but to focus a lot of attention to this particular issue. This particular issue came out of our infection control report that we had done some years before, and it is based on the fact that if you don't have clean hands, you're very good at, basically, spreading germs around, which is not a good look in a hospital.

What we've done is stepped back and allowed the health authorities to consider the issues, put into place robust processes, and we've made it clear what the reporting should be in regard to all of those. They've taken all that on board, and they're building it into a program to actually make a difference.

Rather than issue a report that says this, we've decided to step back and allow them to grow into a position where, in fact, we're able to form different values, judgments, at a later stage.

[1615]

The summary report really is a group of major blocks of work that we have done that haven't actually gotten through to a large public report. Some of them are because we found good work being done and didn't feel it was necessary to conduct a major audit, but we still needed to give the credit for the good work that had been done and was being done.

Others were that we didn't think there was an audit report there, even though it was a good idea at the time, but we were able to work with the agency — whichever agency it was — and they were able to look in detail at some of our observations and comments. We issued them management letters so that they could deal with those kinds of things. A management letter is not published. It's a letter between the auditor and the auditee.

Publishing this report really allowed me to talk about some of the good work that we detected that didn't actually end up resulting in a full-blown audit report but nevertheless merited comment because it is good work.

I have with me Mike Macdonell.

By the way, we plan to publish these reports probably on an annual basis to cover off. So it's an accountability program for me as well — how I'm using the resources. You wouldn't get to hear about this work if I didn't publish them in some way.

We have been to agencies in regard to each one of these blocks of work and asked for comments. Sometimes the comments were in a form that we could put into the report, and so you'll see some comments actually built into the few pages. Others were just acceptance from the agency that if there had been recommendations, they are actually carrying out the recommendations, and they've given us action plans in regard to what it is that they're doing.

I'll ask Mike to go through the presentation that we've got, and I'll be more than happy to field any questions about any one of them afterwards.

M. Macdonell: Thank you, John.

Hello again. As the Auditor General mentioned, for a variety of reasons work is done and results are achieved outside of our traditional public reports, and this afternoon I'll provide you with brief overviews of seven separate pieces of work. You can see from the list that the subjects are diverse, reflecting the wide range of topics that the Auditor General examines.

The first piece of work was a self-assessment we completed on the topic of hand hygiene. In 2007 we released a report on infection prevention and control practices in B.C.'s health care system. Given the importance of this area to the public, we determined that a second look was warranted in 2010. We focused on hand hygiene practices, as they have long been recognized as one of the most simple yet important ways to prevent and reduce transmission of infection in health care settings.

To help us understand the state of hand hygiene practices, we asked each of the province's regional health authorities, plus the Ministry of Health Services, to participate in a self-assessment. The purpose of the self-assessment was to gauge the current status of accountability framework for hand hygiene as well as the level of maturity of the five regional authorities in developing effective compliance programs.

Given that these were self-assessments, we asked each entity to provide documentation to support their assertions so that we could ensure rating consistency and achieve a reasonable basis of comparison across entities.

The ministry reported that it had developed components of a provincial accountability framework but that much of the work was still in progress. The health authorities reported that they had components of health-hygiene-compliance programs in place, although they varied considerably in their degrees of maturity. Given the amount of work that was being reported to us as in progress, we determined that we'd allow this work to progress and follow up in a year's time to determine if further work was warranted.

The second piece of work relates to governance and internal controls at the Langley school district. We conducted an examination at the request of the Langley school board and district senior management pursuant
[ Page 403 ]
to their well-publicized budget challenges. We examined board governance, internal controls over key financial processes and long-term planning.

Our report to the board contained a number of recommendations, the most notable being that trustees must find ways to work together effectively. Other recommendations focused on improving internal controls and longer-term planning.

We met with the board to deliver our report in July 2010, and the board released the report publicly in September 2010. We were encouraged by the board's response to the report. They accepted all of our recommendations, making a united commitment to addressing the issues raised, and they continue to work on implementing an action plan.

[1620]

As part of this work, we also issued a management letter with detailed recommendations to address internal control weaknesses we detected. Management is working on their action plan in this area too.

We'll be following up with the district in 2011 on the implementation of these action plans. I should also note that we'll be performing the district's annual financial statement audit beginning this fiscal year, allowing us to stay in touch with the district's progress on an ongoing basis.

Moving on. The third piece of work concerns the Insurance Corporation of B.C. In January 2008, ICBC became aware of issues at their Material Damage Research and Training Facility, or MDR&T. There were concerns that some of the vehicles being repaired at the facility were sold with a repair history that was incorrectly documented and not disclosed to buyers. In April 2008 the Solicitor General requested the Auditor General's assistance in completing an independent review.

We considered this request but decided to defer until the work of PricewaterhouseCoopers, who had already been contracted by ICBC to perform a review, was complete. ICBC released PricewaterhouseCoopers findings and recommendations in July 2008 and committed to taking steps to remedy the issues identified.

In February 2009, ICBC wrote the Auditor General, stating that it had completed or substantially completed all the actions that it had committed to. We began an examination of these actions, seeking to verify the progress reported and document lessons learned.

We found that ICBC had substantially implemented the actions to which they'd publicly committed, based on the recommendations in the PricewaterhouseCoopers report. While employee survey results show that challenges still remain, ICBC has taken strong steps to improve leadership in ethical issues that were identified as some of the causes of the MDR&T situation.

We found that oversight mechanisms are in place to monitor progress and future challenges in good governance at ICBC. We encountered a number of good practices at ICBC. However, most of them did not arise from the crisis at MDR&T but were already in place or were planned. We may add these good practices to findings from other projects and audits we conduct to assist other organizations in improving their governance.

The guide for developing relevant key performance indicators will be discussed more fully as it's the next item on today's agenda — or tomorrow morning, depending on how things go. But in the interim, here are a few key points from our work.

Stakeholders of public sector organizations need relevant key performance indicators, or KPIs, if they're to evaluate performance and hold management accountable for the results achieved. Developing relevant KPIs can be challenging, so to help public sector organizations, we created a guide to developing relevant KPIs. In developing and testing our guide, we worked with the Ministry of Education. This experience was very helpful, and we greatly appreciated the ministry's active participation.

We assess the ministry's current practices against procedures and activities outlined in the guide. We found that the processes used to develop KPIs in the ministry's annual service plan report were largely consistent with the guide. We also identified some areas where improvements could be made.

The ministry could improve the relevancy of their KPIs by engaging in more regular and formalized consultation with its stakeholders, by better aligning KPIs with the ministry's major activities and in making KPIs more reflective of widely used benchmarks. The ministry agreed with the office's findings and has overhauled its service plan as a result.

The fifth piece of work in this report focused on natural resource information. Information about our natural resources supports a wide range of decisions and activities that impact the quality of life in British Columbia. Management of the land base and its natural resources supports government's goals of a vibrant economy, healthy communities and a sustainable environment.

In 2009 we reviewed government's management of natural resource information and shared our understanding with the integrated land management bureau, or ILMB, in the form of a results preliminary review. This document conveyed our understanding to date of key processes, providing observations on government's direction and framework for managing natural resources information, the management of natural resource information by ministries and the integration of information by ILMB.

In response to our preliminary review, ILMB's board of directors directed management to prepare an action plan addressing our observations. We'll follow up on the action plan over the coming months.

[1625]

The sixth piece of work related to the management of oil and gas incentive programs. Oil and gas royalty
[ Page 404 ]
programs are significant resource development initiatives. Credits issued under these programs totalled $168 million the year ended March 31, 2010. Our work was aimed at determining whether the Ministry of Energy was managing these programs for results. Managing for results is a fundamental aspect of good governance and involves focusing on results through every aspect of program management. As noted in the document, we identified seven managing-for-results criteria.

As we were planning our work, it became apparent that the ministry did not have a formal set of performance measures to evaluate achievement of the program's goals and was not publicly reporting or explaining performance results. When this was pointed out to the ministry staff, they agreed to immediately address our concerns. The ministry developed a set of performance measures focused on program goals, developed and published a performance report specifically focused on program results and publicly committed to continue reporting out on these programs.

Based on our assessment of these developments, we concluded that the ministry met our seven managing-for-results criteria and that expending further resources to conduct an audit on this topic was no longer warranted.

The final piece of work included in the summary report looked at information security management. For a number of years the office of the chief information officer, or OCIO, and the Ministry of Citizens' Services have used a tool known as a security health check as part of a program of ministry self-assessments to monitor government's level of compliance with security policies, standards and practices. The annual results from the security health check are used by the OCIO and ministries to make informed decisions around information security across government.

In this audit we selected a sample of ministries and assessed their security management. We assessed whether the security health check information was reliable and if government was monitoring the adequacy and appropriateness of IT operational security control practices in its ministries.

We noted several deficiencies and concluded that government had not fully implemented an effective process to ensure that security health check information was reliable. As a result, we made six recommendations to the ministry. The ministry stated they'd addressed many of our recommendations and developed a plan to address the remainder.

In the coming year we will follow up with OCIO to assess its progress in addressing our recommendations. We'll also review how British Columbia's efforts compare to those of other jurisdictions.

And that concludes this presentation.

B. Ralston (Chair): Thanks very much.

Questions.

V. Huntington: Are we able to get any of the more specific information that you uncovered in your audits? Not that they're really audits, but in your performance assessments. Or are they not public at all — your comments? For instance, I would be interested in hearing much more about your observations on the natural resource information and what recommendations you were making that the board was so interested in.

J. Doyle: When we went to look at the ILMB, we found that the structures were all in place, but they weren't really performing to their own expectations. Initially we were going to conduct an audit around how effective they were in bringing together all the layers of information that are required for basically mapping minerals, geographical population, and how all this information and data can be coordinated within government so there's one source — multiple layers.

What we found was that that was quite difficult — to actually conduct what we would normally consider a typical audit on. First of all, we had to seek assistance as to what the actual role of the bureau was and how it was managed. There was a time when the bureau was in a little bit of flux in regard to how it was structured.

So what I did was provide a resource to speak with them over a period of time regarding what they're doing. We will go back at some time in the future and have a look at the function of that particular group and how it actually brings together that information and makes it available across the system.

[1630]

To release all the details about our management letters and everything else is in fact quite different from what we would normally do. I'm happy to go through a conversation around what we found with the ILMB, but if we were to do that in granular detail, I think it only fair that they would be available to respond as well.

We found the whole process, which was started off as a preliminary review, a very useful one. The feedback I've got personally from those it involved — this is not from my staff but the agency or the bureau — was that it was a very positive exercise and it helped guide them as they went forward.

B. Ralston (Chair): I'm just mindful of the time. Obviously, we can have questions. It's just that if we want to get to the other one, we are close to 25 to five. So go ahead.

K. Corrigan: I just had a question about how the report on the security health checks fits in with the changes in government and the use of shared services, as referenced in the IT continuity planning in the government report. I know it's slightly two different aspects. One's talking about disaster, and one talks about security.

Is this a changing world where there's going to be more continuity across ministries? In fact, since this check was originally done, is it more harmonized across government?
[ Page 405 ]

J. Doyle: The original health check was done a number of years ago. What it entailed was each agency providing information to the chief information officer. What then happened was they realized that original health check survey document questionnaire needed to be refined to match into standards and to be simplified to some extent to collect the right information that was required.

The second health check that was conducted, which is the subject of this particular block of work, was then brought in. We found one agency that hadn't switched over, so there was a little bit of difficulty in regard to that agency in providing comparative data.

Our expectation was that the chief information officer, having got all this information, which is basically risk information, would then consider what needs to be done in regard to frameworks, what changes needed to be brought in, how this actually turns government into a learning organization.

If you like, there's a time delay in that. It's as at a certain date — 31st of March. They've collected and they've got it all summarized by September, and they're actually taking action.

Since this one was done, there is another one that's been done. We'll get the results of that and analyze them as a third exercise. Again, we can track, then, the collection of this information and how government is adapting to the risks that are being identified as part of this whole process.

It's a very healthy, useful exercise. It takes up quite a lot of resources, and the CIO's office has got to be commended for not only doing it but actually getting everyone to agree to do it as well. It basically means sending in or providing information that is quite useful in assessing your own agency's situation in regard to risk in IT systems. There is evidence that different agencies are completing the questionnaire and then sitting there and saying, "Well, what do we need to do about some of this stuff?" which again is very, very positive.

First of all, it's a formal process to collect the information in a standardized way. They can track themselves against other agencies that exist within the government entity, and they can also take advantage of the strategy and information that are being built in by the CIO's office to actually bring about change and mitigate any risks that are identified. This is an ongoing, never-ending process where we expected to see shifts and changes and adaptions taking place in a timely way.

[1635]

Now, the second one, which is the one that was the subject of this particular review, was actually completed in 2009. The information was available probably in late 2009. We really got to look at it all in early 2010.

What we're going to be doing with this one is going back and having another look at it to see what has actually happened based on that information and then the response time for the new information that's come out with the 2010 health check questionnaire. So it's a watch-this-space type of situation. But it is a good example of best practice being deployed by a government agency to try and lift the general quality of risk assessment and appraisal right across the system.

R. Sultan: I don't really have a question, Chair. I did review this annual summary of activities — 60 pages long — and it gives me a certain amount of pride in this committee to report to you my impressions that this committee, in a year, has watched the interaction of government witnesses defending themselves and being put on the spot by the Auditor General and people on both sides of the House in this committee applying their best wisdom to what they see happening and whether it's acceptable for the taxpayer of British Columbia.

I think it's a pretty proud report card, myself. I think this system is working rather well. It's the astonishing array of issues that have been brought before this committee — all the way from the details of high-technology computer security to whether we're washing our hands frequently enough. It illustrates the range of issues upon which we're expected to pass judgment as legislators.

I think all parties in this process are trying very hard to do their job well, and I think that by and large, this committee deserves a bit of a self-pat on the back for having a pretty good annual report. That's my report on the report.

V. Huntington: I would just like to ask one more question with regard to the integrated land management bureau and what you may have found as you looked at their procedures.

A number of years ago, just in my own experience early on in the treaty negotiation process, the mapping that was required to do the negotiations effectively was extraordinary. The system could not provide it. I think much of what is now resting in the integrated land management bureau is a result of a lot of the mapping and detail and overlay that was required for a treaty negotiation. So I believe that much of the land designation — for instance, the agricultural land reserve — is available, right down to the PIDs on the lots.

I go back to your earlier report on the Agricultural Land Commission and the lack of up-to-date mapping that they're dealing with and the age of their maps. Did your office find that the integrated land management bureau and its services were available to or known to other government entities that could avail themselves of it?

J. Doyle: Thank you for the question. I don't recall us exploring that line of inquiry about the availability of information. What I do recall is that there was a board made up of deputy ministers or very senior people across a range of ministries that would probably need to have access to this kind of information and maps and for that information to be available to them. So they were part
[ Page 406 ]
of the process of, first of all, developing the information and then accessing and using it and populating it.

When we went over there and started talking about, "Who's your customer, and how do you provide good service?" and so on, it was quite clear it was a very innovative idea to bring this group together and to actually have this layered mapping process that would be suitable for multiple uses by multiple agencies and maybe even individuals.

[1640]

But they needed to work some more on resourcing. They needed to work some more on the data collection. They needed to work some more on coordination of how they actually get the information from different agencies and bring it together. It's captured once but used by many. That was part of their action plan. There was this vision of how they would go about doing that and how they would bring that into reality.

Now, the ILMB currently resides with the Ministry of Natural Resource Operations. My guess — and it's only a guess because I haven't conducted any audit work on it — is that they will have to consider what is next and where they are going with that. We haven't gone back yet at this stage to go and ask them what the plans are in regard to that. I have an expectation that this function is required and that it will be developed as we roll forward. That's exactly what we were trying to identify when we first conducted the audit.

J. McIntyre: I just wanted to provide some feedback to the Auditor General. You had said and explained that this is the first time you've reported this, so I just wanted to say that I thought it was an excellent idea — a very good way of getting at particular issues. This is the first we've seen of this, so I just wanted to say that it was a good idea.

B. Ralston (Chair): Thanks very much. That was delivered as promised. That was great. I think, then, we're finished on this report.

What I'd like to do, then, is perhaps….

Would Mr. Nyquist be first, then? Perhaps you could introduce Mr. Nyquist, and he could proceed. Then if we have time for Paige to respond, we'll do that. Otherwise, we'll bump it over to tomorrow morning. And then we'll probably save the questions for tomorrow. Okay, John, if you're ready.

Auditor General Report:
Guide for Developing
Relevant Key Performance Indicators
for Public Sector Reporting

J. Doyle: As members will be aware, B.C. subscribes to the B.C. reporting principles. Part of that process is to have relevant and valid key performance indicators presented. Those are also embedded in legislation in the service plans that are provided by many entities and made available to the public so that they can see how well or not well an agency is performing in any given period of time.

The key issue is: how do you get the right indicators of performance, and how do you put them into place with a little bit of science as well as the judgment that is required?

Now, we identified that there was perhaps a need for some guidelines in regard to this because of feedback that we had received, so we worked closely with the Ministry of Education in developing these guidelines. I've really got to express my appreciation for not only their contribution and how they did it but also the gentle way they dealt with us.

We've produced this guide to help organizations develop these indicators, and it can be used by any entity within the system. I must say that these look better than the ones that I had seen in other jurisdictions around the world. These also actually help or give a segue into better accountability in that more reliance can be placed on key performance indicators if they've been built in a constructive, sensible, logical, fair and open manner.

This guide builds on a suite of good practice tools, which we're putting up on our website and making available for public sector entities.

[1645]

Anyway, what I would like to do now is turn you over to Paul Nyquist. Paul is a director within the office who has got a lot of expertise in performance management. He works in the governance area. He'll provide a brief overview of the guide.

P. Nyquist: Good afternoon. I will try to be quick.

The Budget Transparency and Accountability Act requires public sector organizations to report out to their stakeholders. We've created a guide to help government organizations do that — to report out relevant key performance indicators. Also, our guide was designed to supplement some of the existing guidance that was already being provided to government entities.

Our goal in creating this guide was to help public sector organizations develop relevant key performance indicators so that the performance information being provided to their stakeholders is both meaningful and useful.

We expect, as well, that this guide will help ensure greater consistency in the relevancy of key performance indicators being provided by government organizations. Achieving these ends should lead to greater use of annual service plan reports and other performance documents by the broader public, special interest groups and others.

Relevancy can be assessed from a number of perspectives. Public sector organization stakeholders, like
[ Page 407 ]
legislators and the public, are better able to hold management accountable for the results they've achieved and evaluate how well the organization is doing when they are provided with information on the aspects of performance they're most interested in.

Relevant key performance indicators, therefore, are an important component in effective public sector accountability. The development and utilization of relevant key performance indicators also benefit the reporting organization itself. They help inform management's decisions, they can promote the sharing of good practice, and they can help the organization gauge how well it is doing relative to other organizations in the same sector working towards similar goals. In other words, relevant key performance indicators can also help in the benchmarking of performance.

Developing relevant key performance indicators can be very challenging. In our review of the literature on the topic, we did not find a single comprehensive source of guidance written specifically to help public sector organizations develop relevant key performance indicators.

In developing our guide, we drew from good-practice guidance from within the B.C. government itself, other provincial audit offices across Canada and the government audit offices in the U.S., the U.K., Australia and New Zealand, as well as professional audit associations and Canadian post-secondary institutions.

We identified five steps to developing relevant key performance indicators through our analysis. They are to create key performance indicators that relate to the organization's purpose and its priorities, that link with the organization's activities and the outcomes of those activities, that influence the organization's decision-making, that are consistent with widely used benchmarks where appropriate and, also, that are meaningful and useful to the organization's key internal and external stakeholders.

Our guide also includes a set of 33 self-assessment questions organized around these five steps, designed to help organizations ensure the relevancy of their own set of key performance indicators. As well, our guide includes hyperlinks to related tools and information, and a bibliography for readers seeking further information on some of the specific topics contained within the guide.

As John mentioned, this project is part of a growing series of good-practice guides that our office has produced. Some of the recent topics have included managing fraud risk in government, public sector board use of information, managing knowledge, public participation and public sector governance.

In looking forward, we expect that this guide will serve as an easy-to-use tool for all public sector organizations in the province to develop their own set of relevant key performance indicators. As well, the good-practice strategies captured in this guide will also help us better understand how organizations are doing in this important area and will inform future work by our office.

Thank you for your time. That concludes this presentation.

B. Ralston (Chair): Okay.

I suppose we've got time, Paige. We will have the discussion tomorrow. I don't mean to hurry you, but people sometimes have travel plans that are based on a fixed adjournment time, so we will adjourn promptly at five.

[1650]

P. MacFarlane: Thank you very much, actually, for having me here today. I am pleased to be here on behalf of the Ministry of Education.

As has been said, this was a collaborative exercise with the Ministry of Education and the Office of the Auditor General. We're pleased to be able to collaborate with them in this work, because I do believe that it will help our ministry and other ministries and organizations to do a better job, quite frankly, at key performance indicators.

The guide is cross-ministry in nature, cross-government in nature. The summary report, or at least the…. There was a management letter that was directed to the Ministry of Education, which of course focuses on the ministry. As noted, there are three basic recommendations that have been put forward. The report noted that the processes used to develop performance measures within our ministry, the Ministry of Education, were largely consistent with the guide and that the ministry already meets many of our good-practice expectations. But of course it did also point out areas for improvement, and there will be useful recommendations. In fact, they've already contributed to discussions within the ministry with Auditor General staff.

Recommendations. The first recommendation, then, in that ministry KPIs are not as consistent as perhaps they should be with widely used benchmarks…. With regard to this recommendation, I think it's fair to say that it's not that there are widely used benchmarks that we are simply ignoring. It's that the report acknowledges that such benchmarks in the education sector can be difficult to find.

As I'm sure you're aware, education is a provincial and territorial responsibility, which in effect means that there are 13 separate education systems across the country. Each one takes a slightly different approach to measurement. Even something that you would think would be as simple as completion or graduation is measured differently in all 13 jurisdictions. So it can be quite a challenge to find a benchmark that is comparable across the entire country.

That said, the ministry is working through the Council of Ministers of Education Canada to better align measurement. In fact, there's a subcommittee called
[ Page 408 ]
CESC, which is a partnership of CMEC and Statistics Canada, and work is ongoing to try to make sure that when we are comparing across jurisdictions, we're comparing apples to apples.

We're also working to make more information available to enable relevant comparisons. For instance, within the most recent service plan we've included the standard B.C. approach, which is a six-year completion rate. We've also included contextual information around how other jurisdictions across the country measure completion, so that we're providing as much apples-to-apples comparison as we can, given that there are so many different ways to measure that piece of information.

We also note the importance of British Columbia's participation in international assessments. Obviously, we want to measure ourselves within a global context. We participate through a number of international assessments such as the pan-Canadian assessment program, the programme for international student assessment, the progress in international reading literacy study and the programme for the international assessment of adult competencies, just again to situate that in a global benchmarking perspective.

The second recommendation is that the relevance of the ministry's key performance indicators could be improved if they were more closely aligned with the outcomes of major activities.

We will try and continue to try to improve the relevance of our KPIs. The Ministry of Education is data-rich. Through school districts we collect information on enrolment, on achievement, on transition and on satisfaction. The OAG's guidelines note that public reporting should focus on the few critical aspects of performance, and our challenge can be in determining which are most critical and then taking the information that we have and turning that data into something that is meaningful and relevant for the audiences that we're trying to reach.

[1655]

It's important to recognize that the service plan is not, of course, the only vehicle for public information. Much information is publicly available through our website, and in some cases we tailor information for specific audiences. One example of that would be the How Are We Doing? report, which speaks to aboriginal student achievement. That is a very specific audience, and we worked with the FNESC, First Nations Education Steering Committee, on that report. It's an annual report. It is publicly available. It's not within our service plan, but it is another of the supplemental reports that we do have available, based on the data that we gather within the ministry.

With regard to alignment of the ministry's major activities, the most recent annual service plan report reports out on completion for all students. It also breaks out aboriginal student completion. It reports out on student satisfaction with career or post-secondary preparation, on student and parent satisfaction with program choice, and it reports out on student achievement, focusing on reading at grade 4 and grade 7, adult literacy and school readiness.

The third recommendation is that the relevance of the ministry's key performance indicators could be improved if they were focused on aspects of performance identified as most important by key stakeholders. We are always working to improve our performance indicators through enhanced communication with education partners, and of course, we are committed to working with all education partners and to strengthening the relationships that we do have.

The most recent iteration of the ministry service plan attempts to tell a story of the effectiveness of the ministry's work through the life span — starting with early learning, through K-to-12 and into adult literacy.

We can and do tailor information to meet the specific needs of partner groups — for instance, that aboriginal How Are We Doing? report I mentioned. We also have comprehensive data packages, compiled by school districts for school districts, with our data and the data that's created at the school district level. Those packages inform ongoing conversations between the ministry and school districts about student achievement.

Government's interest in moving towards more open data and engaging with citizens more directly is also welcome direction for the ministry. I think there is quite a bit there that we can explore in further defining our performance indicators, based on what stakeholders and the public find most relevant.

The fourth, I guess, and final recommendation is that the ministry could engage in more regular formalized consultation with its stakeholders, and we are certainly willing to consider how we can improve our consultation and engagement with our education partners.

In the meantime, as I'm sure you're aware, we have mechanisms in place — such as the Learning Roundtable, the statutory Education Advisory Committee — and we have continual liaison work between the field and the ministry's superintendents of achievement, as well as the opportunity for presentations and discussion between ministry staff and key education partners, associations, etc. That work is regular and ongoing.

In summary, the ministry has been pleased to participate in this exercise with the OAG. It is with the spirit of continual improvement that we have, as was mentioned, addressed and revised our service plan, in discussion with the OAG, as a result of these discussions. Again, we expect to continue that work. We do appreciate the importance of accountability to the public and of the role that service plans and annual service plan reports can play in effective reporting around that accountability.

B. Ralston (Chair): Thank you very much. I'm going to have the discussion tomorrow, so I apologize to you
[ Page 409 ]
and Mr. Nyquist for having to bring you back, but there you are.

Before we adjourn, I just want to remind members that for the first item tomorrow morning at ten, we'll go in camera to consider the report of the committee. So once again, if you do have any concerns, I'd encourage you to express them either to myself or the Deputy Chair beforehand so that we might use our time expeditiously. So far I haven't received any, and I don't think he has, but if you have an opportunity to peruse the 75-page report this evening, perhaps you'll come up with something. Thanks very much.

With that, we're adjourned, and we'll see you tomorrow. Motion to adjourn?

Motion approved.

B. Ralston (Chair): We'll see you tomorrow at ten.

The committee adjourned at 4:59 p.m.

[ Return to: Public Accounts Committee Home Page ]

Hansard Services publishes transcripts both in print and on the Internet.
Chamber debates are broadcast on television and webcast on the Internet.
Question Period podcasts are available on the Internet.

Copyright © 2011: British Columbia Hansard Services, Victoria, British Columbia, Canada