ArriveCAN Audit Report: “Impossible To Determine The Actual Cost Of The Application”
In a recent report to the Parliament of Canada, the Auditor General shed light on concerning management and contracting practices surrounding the development and implementation of the ArriveCAN application by government agencies. The Auditor General’s findings reveal a series of shortcomings in the project’s management, transparency, and accountability, raising questions about the efficient use of taxpayer dollars.
The Auditor General’s report primarily focuses on the Canada Border Services Agency (CBSA), the Public Health Agency of Canada (PHAC), and Public Services and Procurement Canada. These agencies, responsible for various aspects of the ArriveCAN application, repeatedly failed to adhere to good management practices throughout the project lifecycle.
“Overall, we concluded that the Canada Border Services Agency, the Public Health Agency of Canada, and Public Services and Procurement Canada did not manage all aspects of the ArriveCAN application with due regard to value for money. Deficiencies in contracting and procurement, documentation, and management of deliverables also made it impossible to determine the actual cost of the application,” the report said.
One of the key issues highlighted in the report is the lack of documentation and transparency in the contracting process. The CBSA’s decision to engage external resources without adequate justification or competitive bidding processes significantly inflated the project’s cost, estimated at approximately $59.5 million. Furthermore, the absence of clear deliverables and qualifications in the contracts raised concerns about the value for money.
The Auditor General also identified deficiencies in how contracts were managed, with essential information often missing from invoices and time sheets submitted by contractors. This lack of oversight resulted in an inability to accurately attribute costs to the ArriveCAN project, further compromising accountability.
Moreover, the report raises concerns about the quality assurance processes for the ArriveCAN application. Despite releasing numerous updates, there was often little to no documentation of testing, leading to instances where thousands of travellers were incorrectly instructed to quarantine. This highlights the importance of rigorous testing and quality control measures, especially in critical government applications.
Between April 2020, when ArriveCAN was initially launched, and October 2022, when the health requirements were terminated, the agency issued a cumulative total of 177 iterations of the application. An iteration is defined as the deployment of one or more modifications to software after it has been made accessible to users. Out of these 177 updates, 25 were classified as major updates, indicating significant alterations to the application’s functionality.
Another significant finding is the absence of a formal agreement between the CBSA and the PHAC, leading to confusion regarding roles and responsibilities. Without clear project management practices in place, essential tasks such as developing objectives, budgets, and risk management activities were neglected, further undermining the project’s success.
In response to these findings, the Auditor General’s report includes several recommendations aimed at improving the management and oversight of similar projects in the future, along with the responses from the CBSA and relevant stakeholders.
- Maintaining Accurate Financial Records
- Recommendation: The CBSA should ensure accurate financial records by correctly allocating expenses to projects and collaborate with contractors to obtain detailed invoices.
- Response: The CBSA agreed with the recommendation and outlined steps to centralize procurement functions, implement improvement plans, and enforce consistent financial coding by March and July 2024.
- Fully Documenting Interactions with Contractors
- Recommendation: The CBSA and the PHAC should document interactions with potential contractors and reasons for non-competitive procurement decisions.
- Responses: Both agencies agreed with the recommendation, outlining plans to enhance governance structures, introduce reporting requirements for staff, and conduct regular reviews to ensure compliance.
- Reviewing Contracts for Compliance
- Recommendation: The CBSA should review all contracts and task authorizations for compliance with policies and guidelines.
- Response: The CBSA agreed and detailed the establishment of a Contract Review Board to oversee procurement activities and ensure consistent compliance by July 2024.
- Preventing Vendor Involvement in Request for Proposal (RFP) Development
- Recommendation: The CBSA should prevent potential bidders from participating in RFP development and implement controls to enforce this.
- Response: The CBSA agreed and outlined training programs, reporting requirements for staff, and engagement sessions to ensure compliance by September 2024.
- Specifying Required Experience and Qualifications in Contracts
- Recommendation: The CBSA should ensure professional services contracts specify required experience and qualifications and document assessments of proposed resources.
- Response: The CBSA agreed and described updates to guidance, creation of a Contract Review Board, and workshops to ensure consistent compliance by September 2024.
- Defining Tasks and Deliverables in Contracts
- Recommendation: The CBSA and PSPC should ensure contracts specify tasks and deliverables.
- Responses: Both agencies agreed, with PSPC already taking action to ensure clear task authorizations and contracts by June and October 2024.
- Ensuring Valid Security Clearances and Supporting Evidence
- Recommendation: The CBSA should ensure all resources have valid security clearances and supporting evidence before work commences.
- Response: The CBSA agreed and outlined measures to confirm security requirements, document reviews, and improve finance team responsibilities by September 2024.
- Documenting Testing and Obtaining Release Approval
- Recommendation: The CBSA should document testing and obtain release approval before application or update releases.
- Response: The CBSA agreed and proposed streamlined testing documentation procedures and updates to testing procedures by June 2024.
The audit encompassed the timeframe spanning from January 1, 2019, to January 31, 2023. Nevertheless, to acquire a comprehensive comprehension of the audit’s subject matter, the audit team also investigated specific issues preceding the commencement of this period.
Information for this story was found via the sources mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.