Manitoba needs more oversight on cloud computing, child care, auditor says

WINNIPEG – Manitoba is unlikely to meet its target of new child-care spaces, has not set up proper oversight on how some child-care grants were used, and needs to improve controls over data stored in online cloud services run by third parties.

Those were among the findings of two audit reports issued Thursday by auditor general Tyson Shtykalo. The NDP government accepted the reports’ findings and says it is already working on improvements.

Shtykalo’s office analyzed a 2021 agreement with the federal government, aimed at creating 23,000 new child-care spaces in Manitoba by this year and improving access for children from diverse and vulnerable backgrounds.

The government was less than halfway to its target as of November, and has not laid out a clear road map to meet the goal, Shtykalo found.

“Manitoba has opened 5,419 licensed, non-for-profit child-care spaces and committed to an additional 6,127 spaces,” the report said.

The audit examined grants given to child-care centres to reduce barriers for vulnerable children and kids from diverse backgrounds. Almost 10 per cent of the grant money in expense reports reviewed by the auditor general’s office did not account for how the grant money was used.

“While the department indicated that it was planning to ensure that facilities used the funding for eligible expenses, it had not performed any verification as of September 2025,” the report said.

Tracy Schmidt, minister for education and early childhood learning, said the NDP government has been ramping up the creation of child-care spaces since being elected in 2023 — two years after the agreement was signed. She promised to act on the report, including setting up stronger monitoring of expenses.

“We’re going to follow up on those recommendations,” Schmidt said.

The second report released by Shtykalo focused on the government’s use of cloud computing — data storage, applications and other items run by a third-party over the internet.

He found government departments lacked clear direction on when to use cloud services, security expectations were inconsistent, and contracts with providers were sometimes missing or incomplete.

“Taken together, these issues expose the province to significant security, operational and financial risks, and point to gaps in oversight and documentation,” the report said.

In some cases, important security requirements were not applied consistently in contracts with service providers, and some contracts were unclear about whether providers and subcontractors were authorized to access provincial information.

Tyson’s recommendations include updated contract language to clearly define security requirements, and increased monitoring that would involve the collection of security risk reports from providers.

The government promised to implement the ideas.

“Management agrees and will develop standardized contractual language for use in new cloud procurements and contract renewals by December, 2027,” the government said in its written response, included in the auditor’s report. 

This report by The Canadian Press was first published March 26, 2026