By William Crooks
Local Journalism Initiative
On Aug. 20, Sherbrooke’s Auditor General Yves Denis tabled his 2023 annual report to the municipal council. The comprehensive report provides an in-depth analysis of the City’s management practices across multiple domains, including community partnerships, personal information protection, and cybersecurity. It also reviews the City’s compliance with regulations and its progress in implementing past recommendations.
In an interview conducted the same day, Denis highlighted key findings from the report, emphasizing that while the City has made significant progress in some areas, there are still opportunities for improvement.
Management of programs and agreements
The Auditor General’s report, as outlined in a press release, focuses heavily on the City’s management of partnerships with community organizations, which received $13 million in financial contributions in 2023. Denis, during the interview, explained the two primary approaches used by the City: the “do with” approach, which supports organizations directly, and the “do by” approach, where the City outsources services to external organizations. He clarified, “About 50 per cent of the funds are dedicated to the ‘do by’ approach, with external organizations delivering services on behalf of the City.”
Denis praised the City’s efforts, stating, “We have documented several good practices.” These practices include the City’s alignment with community development principles, the establishment of clear eligibility criteria, and the creation of a dedicated information desk to assist organizations. Currently, the City supports 307 organizations, a testament to its commitment to community development.
However, Denis also identified areas requiring improvement. He stated in the interview, “When it comes to programs and mandates… we found there was insufficient oversight in this area, where decisions may become somewhat arbitrary.” According to the report, the City’s processes for determining financial support are not always based on recent analyses, raising concerns about fairness and efficiency. Denis emphasized the need for updated financial data to ensure that the City is “not spending too much or too little.”
Protection of personal information
The Auditor General’s report also raised concerns about the City’s management of personal information (PI). During the interview, Denis noted, “There are significant challenges in managing personal information. Governance rules are not yet finalized, and the PI inventory remains incomplete.” The audit found that the City lacks adequate retention and destruction measures, has not conducted a proper risk analysis, and has no system in place to track confidentiality breaches.
Denis pointed out that the audit was conducted with the aim of ensuring that the City complies with legal requirements related to personal information protection. The report, as noted in the press release, resulted in 54 detailed recommendations, with Denis urging the City to develop a formal action plan to address these issues.
