Author: The Record
Published August 21, 2024

Photo courtesy
Sherbrooke Auditor General Yves Denis

By William Crooks

Local Journalism Initiative

On Aug. 20, Sherbrooke’s Auditor General Yves Denis tabled his 2023 annual report to the municipal council. The comprehensive report provides an in-depth analysis of the City’s management practices across multiple domains, including community partnerships, personal information protection, and cybersecurity. It also reviews the City’s compliance with regulations and its progress in implementing past recommendations.

In an interview conducted the same day, Denis highlighted key findings from the report, emphasizing that while the City has made significant progress in some areas, there are still opportunities for improvement.

Management of programs and agreements

The Auditor General’s report, as outlined in a press release, focuses heavily on the City’s management of partnerships with community organizations, which received $13 million in financial contributions in 2023. Denis, during the interview, explained the two primary approaches used by the City: the “do with” approach, which supports organizations directly, and the “do by” approach, where the City outsources services to external organizations. He clarified, “About 50 per cent of the funds are dedicated to the ‘do by’ approach, with external organizations delivering services on behalf of the City.”

Denis praised the City’s efforts, stating, “We have documented several good practices.” These practices include the City’s alignment with community development principles, the establishment of clear eligibility criteria, and the creation of a dedicated information desk to assist organizations. Currently, the City supports 307 organizations, a testament to its commitment to community development.

However, Denis also identified areas requiring improvement. He stated in the interview, “When it comes to programs and mandates… we found there was insufficient oversight in this area, where decisions may become somewhat arbitrary.” According to the report, the City’s processes for determining financial support are not always based on recent analyses, raising concerns about fairness and efficiency. Denis emphasized the need for updated financial data to ensure that the City is “not spending too much or too little.”

Protection of personal information

The Auditor General’s report also raised concerns about the City’s management of personal information (PI). During the interview, Denis noted, “There are significant challenges in managing personal information. Governance rules are not yet finalized, and the PI inventory remains incomplete.” The audit found that the City lacks adequate retention and destruction measures, has not conducted a proper risk analysis, and has no system in place to track confidentiality breaches.

Denis pointed out that the audit was conducted with the aim of ensuring that the City complies with legal requirements related to personal information protection. The report, as noted in the press release, resulted in 54 detailed recommendations, with Denis urging the City to develop a formal action plan to address these issues.

Cybersecurity governance

Denis’s audit on cybersecurity governance examined the City’s efforts to establish appropriate rules and frameworks to ensure its cybersecurity resilience. Though specific findings were not publicly disclosed for security reasons, Denis noted during the interview that the audit covered the period from January 2022 to December 2023, with recommendations provided to the City in July 2024.

Compliance with elected officials’ remuneration regulations

In addition to the governance and program audits, the report confirms that the remuneration of Sherbrooke’s elected officials between 2021 and 2023 complied with all relevant laws and regulations. Denis said, “While some discrepancies were detected, they were promptly corrected by the organizations concerned.” The audit found that the City and its mandated organizations maintained overall compliance.

Implementation of previous recommendations

Denis also introduced a system to track the implementation of recommendations dating back to 2011. According to the report, 58 per cent of the 425 recommendations have been implemented as of 2024. Denis explained in the interview, “Last year, we had 57 per cent. This year, we’re at 58 per cent, despite adding 35 new recommendations. The real rate is likely higher.” He emphasized that this tracking system provides a more accurate picture of the City’s progress in responding to previous audit findings.

Looking ahead: The multi-year audit plan

Finally, Denis presented his multi-year audit plan in the report, aimed at identifying future audit projects based on the City’s activities. This plan reflects a structured approach to evaluate all aspects of the City’s operations and its controlled organizations.

Denis concluded the interview by praising the collaboration between his office and City management, stating, “The cooperation from managers during the audits has been excellent. They understand the value that we bring to the organization.” This positive working relationship, according to Denis, is key to ensuring continuous improvement in governance and accountability.

The full 2023 report of the Auditor General of Sherbrooke is available on the City’s website: https://www.sherbrooke.ca/fr/vie-municipale/verificateur-general


The devil’s in the details

The 2023 Annual Report from the Auditor General of Sherbrooke highlights both the city’s successes and areas where critical improvements are necessary. The report underscores the city’s strengths in community engagement and governance while calling attention to significant gaps in cybersecurity, financial management, and governance structures.

In addition, the auditor noted in the report that “some see the Auditor General’s Office (BVG) as a political tool, while others associate it with the executive committee or as an easily accessible pool of consultants.” This disparity in understanding highlights a challenge in ensuring that the role and responsibilities of the office are clearly understood.

Below is a detailed overview taken directly from the report of what Sherbrooke is doing well, where it needs to improve, and the Auditor General’s recommendations.

What Sherbrooke is doing well

1. Strong non-profit partnerships:

   Sherbrooke has effectively harnessed the power of non-profit organizations to enhance municipal services across various sectors such as social services, education, and environmental sustainability. The city’s commitment to fostering community-based initiatives is evident in its support for local organizations through both financial and logistical assistance. The city has strategically aligned non-profit activities with municipal objectives, ensuring that community needs are met in a complementary fashion.

2. Clear policy and engagement framework:

The city has implemented a robust framework for managing relationships with non-profit organizations. Through a centralized portal known as the “Guichet des organismes,” non-profits can access resources, verify their eligibility for municipal support, and apply for financial aid. Furthermore, Sherbrooke’s administration has fostered ongoing communication with non-profits through the creation of sector-specific roundtables. These include forums for day camps, community centres, and youth services, ensuring that dialogue remains open and productive.

3. Governance reforms:

In 2022, the Auditor General recommended a restructuring of the city’s audit committee, which the city has since implemented. The new structure includes two elected officials and three independent members, bringing Sherbrooke in line with best practices for municipal governance. This reform is seen as a critical step toward enhancing transparency and accountability within city operations.

Where Sherbrooke is falling short

1. Complex and inefficient governance structure:

Despite its successes, Sherbrooke’s governance structure for managing non-profit partnerships remains overly complex and slow. The current process requires non-profit agreements and decisions to pass through multiple layers of oversight, including the executive committee and city council. This bureaucratic bottleneck delays essential funding and support to organizations, impacting the timely delivery of services to the community.

2. Cybersecurity deficiencies:

Sherbrooke’s cybersecurity framework is insufficient to protect against modern threats. The Auditor General’s report warns that the city’s data—particularly personal information stored in cloud-based systems—is vulnerable to potential cyberattacks. Despite several attempts to breach city systems in 2022, Sherbrooke lacks robust, real-time threat detection systems and is understaffed in its IT security team. The current plan to address cybersecurity risks is moving too slowly, leaving critical gaps in the city’s defense mechanisms.

3. Lack of financial accountability in non-profit contracts:

The Auditor General expressed concern over Sherbrooke’s management of financial agreements with non-profit organizations. In some cases, there is no clear, documented process for determining the value of support provided, leading to potential underfunding or overcompensation. For example, non-profits managing municipal facilities such as sports complexes or cultural centres have often been underfunded due to outdated cost assessments, impacting their ability to maintain services.

4. Resource constraints and overreliance on external professionals:

A significant portion of Sherbrooke’s operational capacity—80 per cent—comes from external professionals, whose services have become increasingly expensive due to rising market rates. The Auditor General noted that this overreliance on external contractors has eroded the city’s internal capacity to manage strategic operations efficiently. The costs associated with hiring these professionals have outpaced the city’s budget, leading to a reduction in available resources for other critical projects.

Key recommendations

1. Streamline governance and decision-making:

To reduce bureaucratic delays, the Auditor General recommends that the Service du sport, de la culture et de la vie communautaire (SSCVC) be given more authority to manage non-profit relationships directly, without requiring every decision to be escalated to the executive committee and city council. This would expedite the approval and renewal process for non-profit agreements and ensure that funding and support reach organizations faster.

2. Accelerate and strengthen cybersecurity efforts:

The Auditor General urges Sherbrooke to fast-track its five-year cybersecurity plan. Immediate actions include increasing staffing levels within the IT security department, implementing automated threat detection systems, and conducting regular penetration tests. Adopting the National Institute of Standards and Technology (NIST) cybersecurity framework was also recommended to bolster the city’s defenses against cyber threats.

3. Enhance financial oversight of non-profit contracts:

The Auditor General calls for a more rigorous approach to financial management in the city’s dealings with non-profits. This includes conducting regular, up-to-date cost assessments to ensure that organizations are fairly compensated for their work. Additionally, future contracts should include provisions for periodic reviews and adjustments based on actual expenses. This would help prevent discrepancies and ensure that public funds are being used efficiently.

4. Increase internal capacity to reduce reliance on external professionals:

The Auditor General recommends that Sherbrooke gradually build up its internal workforce, reducing its dependence on external professionals. By investing in internal staff, the city can lower costs associated with outsourcing while improving its capacity to manage key operations independently.

Scroll to Top