Archived - Audit of Contracting

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Prepared by Internal Audit and Evaluation for:
Department of Finance
Audit and Evaluation Committee
August 28, 2012

Table of Contents

Executive Summary
Background
Audit Objective and Scope
Statement of Conformance and Audit Approach
Conclusion
Findings by Audit Criteria
Recommendations and Management Action Plan

Appendices

Appendix A – List of Finance Employees Interviewed
Appendix B – Key Reference Documents Consulted
Appendix C – Members of the Audit Team

Executive Summary 

Contracting and procurement activities in the Government of Canada are governed by a complex legislative and policy framework which includes the Financial Administration Act (FAA), the Government Contracts Regulations, the Treasury Board of Canada (TB) Contracting Policy, the Treasury Board of Canada Secretariat (TBS) Guidelines on the Proactive Disclosure of Contracts and other related guidance documents.

The objective of government procurement contracting is to acquire goods and services and to carry out construction in a manner that enhances access, competition and fairness. The TB Contracting Policy supports this objective by providing a framework which allows for the procurement of goods and services consistent with these principles and “results in the best value or, if appropriate, the optimal balance of overall benefits to the Crown and the Canadian people.”

The audit objective was to provide reasonable assurance on the adequacy and effectiveness of the Department’s control framework for contracting activities and its compliance with the TB Contracting Policy and related guidance.

The audit concluded that the Department’s control framework for contracting activities was adequate and effective, enabling compliance with the TB Contracting Policy and related guidance. Specifically, this includes the selection of appropriate contracting vehicles and proper commitment authorization, monitoring and reporting mechanisms, the delivery of contracting services in accordance with established standards, and consistency with the core controls identified by the TBS’ Manage Procure to Payment Guidelines.

While contracting activities were well managed within the Department and in line with policy requirements, opportunities for improvement were noted regarding further strengthening documentation of contracting files and enhancing existing monitoring practices.

Background  

The Audit of Contracting was confirmed as part of the Department of Finance’s (the Department) three-year risk-based audit plan (RBAP), tabled at the Departmental Audit and Evaluation Committee (DAEC) meeting on March 2, 2012.

Within the Government of Canada, contracting and procurement activities are governed by a complex legislative and policy framework that helps acquire goods and services and carry out construction in a manner that enhances access, competition and fairness. The Treasury Board Contracting Policy supports this objective by providing a framework which allows for the procurement of goods and services consistent with these principles and “results in the best value or, if appropriate, the optimal balance of overall benefits to the Crown and the Canadian people.”

Internal Audit and Evaluation has been advised that TBS will be introducing a revised principle based contracting policy framework in 2012-13. Our audit aimed to provide reasonable assurance to senior management on the effectiveness of the current control framework, in order to support the Department as it transitions towards implementing the new policy.

Contracting and procurement activities within the Department are managed by the Contracting and Procurement Division (CPD) within the Financial Management Directorate of the Corporate Services Branch. CPD provides a centralized contracting service by providing advice and guidance on the contracting process, recommending appropriate contracting strategies, and preparing appropriate solicitation and contract documents. CPD reviews contract and procurement requests for compliance with the laws, policies and best practices related to government contracting activity, and advises managers of potential risk, as they utilize a variety of procurement methods and tools, including supply arrangements and standing offers issued by the Department of Public Works and Government Services Canada (PWGSC).

Audit Objective and Scope 

Objective

The audit objective was to provide reasonable assurance on the adequacy and effectiveness of the Department’s control framework for contracting activities and its compliance with the TB Contracting Policy and related guidance.

Scope

The audit scope includes all contracting related transactions completed in the Department between April 1, 2011 and May 31, 2012. These included:

  • Contracting transactions processed through the Department’s financial commitment authorities;
  • Departmental contracting transactions processed through Standing Offers and Supply Arrangements; as well as
  • Departmental contracting transactions processed through PWGSC's financial authorities.

The scope did not include:

  • The specific management of individual contracts by the contracting authorities in the Branches once the contract has been awarded; and
  • Any transactions related to purchases on Government Acquisition Cards.

Statement of Conformance and Audit Approach 

The audit was conducted in conformance with the internal audit standards of the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program. The audit was planned and performed in such a way as to obtain reasonable assurance that the audit objective was achieved. During the audit, appropriate procedures were followed and sufficient evidence was obtained to support the accuracy of findings and the overall audit opinion presented in this report. The findings are based on a comparison of the conditions, as they existed at the time of the audit, against the audit criteria identified within this report, which was accepted by management. The opinion is applicable only to the entity examined and are supported by relevant and sufficient evidence to ensure its integrity.

Audit procedures included, but were not limited to, interviews, observations, review of supporting documentation, and analytical testing. The audit criteria used to develop the required audit tests were based on good management practices such as (1) the Treasury Board Contracting Policy and (2) relevant elements of the Office of the Comptroller General’s Audit Criteria Related to the Management Accountability Framework.

In total, seven individuals were interviewed in the context of this audit (list of interviewees is provided in Appendix A). These departmental employees were consulted on one or more criteria, and to different levels of depth, depending on their role related to Contracting and Procurement processes. The audit team also conducted a review and analysis of applicable authorities and policies, as well as others documents from various relevant sources (list of key documents consulted is provided in Appendix B).

The audit approach allowed for the audit results to be communicated in such a manner as to enable management to review and provide feedback on the findings and conclusions before they were finalized.

Conclusions 

The audit concluded that, overall, the Department’s control framework for contracting activities was adequate and effective, enabling compliance with the TB Contracting Policy and related guidance.

Specifically, the following good management practices are worth noting:

  • The Department’s controls related to contracting activities are effective in ensuring the selection of appropriate contracting vehicles, proper commitment authorization and documented files.
  • Monitoring mechanisms and controls exist to identify and mitigate risks related to unacceptable contracting practices.
  • Contracting activities are reported in a timely manner.
  • Contracting services within the Department are generally delivered in accordance with established standards.
  • The Department’s control framework related to contracting is consistent with the core controls identified by the TBS Manage Procure to Payment Guidelines.

Although, overall, contracting activities were well managed within the Department and in line with policy requirements, opportunities for further enhancements were noted in the following areas:

  • Further strengthening the documentation of contracting files and;
  • Enhancing existing monitoring practices.

Findings by Audit Criteria  

The following pages present the assessment of risk exposure identified in the audit. Risk exposure for each audit criteria is categorized as follows.

High exposure
Medium exposure
Low exposure

A high, medium or low ranking corresponds to the potential risk exposure auditors believe may have an impact on the achievement of Department objectives, and is indicative of the priority management should give to the recommendations.

The assessment summarizes the audit observations based on the factual evidence gathered and analyzed during the audit. Based on these assessments, issues/themes along with potential causes, impacts, management initiatives and recommendations are summarized in the “Recommendations and Management Action Plan” section.

Findings by Audit Criteria
Criterion Risk Exposure Assessment
1.0 Controls for Compliance
The Department has effective controls in place to ensure compliance with the TB Contracting Policy and related procedures. Low

The Department has controls in place to ensure compliance with the TB Contracting Policy and related procedures.  

The TB Contracting Policy provides a framework for contracting and procurement activities in the Government of Canada to acquire goods and services and carry out construction in a manner that enhances access, competition and fairness. This framework allows for the procurement of goods and services consistent with these principles and results in the best value or optimal balance of overall benefits to the Crown and the Canadian public.

The audit conducted tests to assess whether contracting activities were conducted in compliance with TB Contracting Policy in relation to unacceptable contracting practices. These audit tests were conducted using ACL, a data analytics software, and were specifically designed to identify unacceptable practices such as contract splitting, retroactive contracting and repetitive sole-sourcing contracts. The tests were designed based on guidance and support provided by an ACL subject matter expert from the Office of the Comptroller General (OCG).

The audit also conducted transactional testing to determine whether appropriate contracting vehicles were selected to procure goods and services; contracting transactions were properly authorized for commitments; and whether contracting transactions were supported by well documented files during the audit period.

The audit did not find evidence of non-compliance with the TB Contracting Policy. Specifically, the audit did not identify unacceptable practices in the population tested; and confirmed that contracting vehicles were properly selected to procure for goods and services and transactions were properly authorized for commitments.

The audit also found; however, that documentation of contracting files was not always maintained in a consistent and structured manner, making it challenging in some instances to find key information. The TB Contracting Policy requires procurement files to be established and structured to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions.

The CPD advised the audit team that they will be developing mandatory checklists to standardize documentation required in contracting files, as well as providing a brief summary of key facts.

As such, the audit recommends that these checklists be developed and completed in a timely manner, in order to further strengthen documentation of contracting files and facilitate file reviews.

2.0 Monitoring
The Department has appropriate monitoring mechanisms to identify and mitigate risks related to unacceptable contracting activities. Low Monitoring mechanisms and controls exist to identify and mitigate risks related to unacceptable contracting practices.

The TB Contracting Policy states that departments are responsible to ensure that adequate control frameworks for due diligence and effective stewardship of public funds are in place and working. Such control frameworks include preventive and/or detective controls to ensure accuracy and compliance with the laws, regulations and policies. Monitoring mechanisms help deter or minimize the occurrence of errors and irregularities, as well as provide management with important early warning signals that enable managing risks before they materialize.

The audit assessed whether the Department had appropriate monitoring mechanisms in place to identify and mitigate risks related to unacceptable practices such as contract splitting, repetitive sole-source contracts and retroactive contracting activities.

The audit found that management monitored activities through weekly team meetings to discuss ongoing files, informal file reviews, and additional correspondence with contracting officers, as required.

The Department’s has nine branches and no regional offices. The Department’s contracting function is a centralized division, within the Financial Management Directorate, and approximately 90% of the total value of contracts is awarded through PWGSC mechanisms. Furthermore, the audit did not find evidence of unacceptable contracting activities. As such, the audit team does not believe a complex monitoring regime would be warranted, considering the level of risk.

Nonetheless, current informal monitoring practices could be enhanced through the development of additional formal reporting mechanisms, including the use of analytical reporting tools. Enhancing monitoring through these reports will allow CPD management to monitor risks of non-compliance in a more systematic manner and maintain documentation demonstrating review activities are being conducted.
3.0 Reporting
The Department reports on its contracting activities in a timely manner. Low  The Department reports on its contracting activities in a timely manner.

The TB Contracting Policy requires departments to provide annual reports to key external stakeholders such as TBS, PWGSC and Aboriginal Affairs and Northern Development Canada (AANDC) on their contracting activities. Furthermore, the May 2009 OCG Horizontal Internal Audit: Contracting Information Systems and Monitoring, which included the Department, highlighted the opportunity to implement strategic reporting processes to support departments in their assessment of performance.  Internal strategic reports on contracting activities to senior management help address trends and deficiencies in management practices and controls, as well as enable better communication to effect change.

The audit assessed whether the Department reported on its contracting activities externally and internally in a timely manner.

The audit found that the Department complies with pro-active disclosure’s reporting requirements and also provides external stakeholders such as TBS, PWGSC and AANDC with timely reports on its contracting activities.

The audit also found that, internally, the Department has appropriate governance mechanisms in place to report to senior management, as required, on its contracting activities in a timely manner. For instance, a quarterly review of proactive disclosure data takes place prior to posting of contract information on the departmental website. These reviews are conducted by an Associate Deputy Minister in consultation with the Assistant Deputy Minister of Corporate Services Branch, the Director of CPD and other departmental officials. Furthermore, the audit found that existing departmental committees, such as the Management Advisory Committee, could be used as a venue to provide senior management with reports on critical issues, if such discussions were required.
4.0 Efficiency in Service Delivery
The Department’s contracting activities are conducted in an efficient manner in accordance with established service standards and supported by appropriate guidance for departmental employees. Low The Department’s contracting activities are conducted in accordance with established service standards and supported by guidance for departmental employees.

A sound management control framework consists of a number of integrated management controls, processes, and systems directed at the achievement of specific departmental objectives and goals. Within this context, the conduct of contracting activities according to established service standards and with the support of appropriate guidance form part of the control framework which allows the Department to achieve its contracting objectives in an efficient manner.

The audit assessed whether (1) the Department maintains up to date and relevant service standards to process various types of contracts; (2) contracting services were provided according to these service standards and; (3) procurement personnel and employees with delegated authority were provided with appropriate tools/guidelines.

The audit found that the Department’s Managers’ Guide to Contracting contained relevant service standards for the processing of contracting requests and that, overall, contracting services were provided in accordance with these service standards.

The audit also found that the Department’s Managers’ Guide to Contracting contained, in general, relevant and value added information for departmental managers regarding the contracting process.
5.0 Alignment with TBS’ Manage Procure to Payment Guidelines
The Department’s contracting control processes are consistent with TBS’s Manage Procure to Payment guidelines. Low The Department’s control processes include core controls identified by TBS’s Manage Procure to Payment Guidelines.

TBS has recently issued a guideline on the management of the Procure-to-Pay Process within the federal government. This document is part of a set of guidelines designed to assist federal departments in implementing common financial management business processes. The guideline presents the "should be" model for Manage Procure to Payment which involves operational or capital procurement using a purchase order or other type of contract.

The audit assessed whether the Department’s control framework is consistent with the core controls identified by the TBS’ Guideline on Manage Procure to Payment. Specifically, the audit sought to confirm the existence of the nine sub-processes included in the Manage Procure to Payment guideline within the Department. These nine sub-processes covered key controls which begin with the proper identification of procurement needs and end with a finalized payment issued by the Receiver General.

The audit found that all nine of the key controls identified in TBS’ Manage Procure to Payment guideline exist in the Department’s current control framework for procurement and financial management activities.

Recommendations and Management Action Plan

The following section presents the key opportunities for improvement identified during the audit. The impact and recommendations are also presented. When applicable, relevant management initiatives already underway are included.For eachrecommendation, management has provided:

  • an action plan, which addresses the recommendation;
  • the position responsible for implementing the action plan; and,
  • the target date for completion.

1. Further Strengthening the Documentation Process

Observations and Impact

According to the TB Contracting Policy requirements, procurement files are to be organized in such a manner to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions.

The audit found that contracting documentation was not always maintained in a consistent manner and that in some instances, key information and documentation could not easily be found. For example, the justification for sole sourcing or explanation of best-value was not always easily identified within the documentation of some files. This is not to say that no justification existed, rather that the justification were not always clearly documented within the files.

A lack of a standard documentation structure for contracting files, could lead to inefficiencies when reviewing a file, be it managerial review or external reviews (i.e. audit) and may not provide for a clear audit trail in support of contracting decisions.

During the audit, CPD advised that they were in the process of drafting mandatory checklists for their files to standardize documentation of files, ensure completeness and facilitate quality reviews. These checklists would also include brief summaries of key information, such as justification for sole sourcing or explanations for best value. Implementing a more standardized documentation system will facilitate the review and management of procurement files.

Recommendation

The audit recommends that CPD standardize documentation requirements of files, through the development of checklists or other tools they deem fit, in a timely manner. Such tools would further strengthen documentation of contracting files and facilitate file reviews.

Management Response

CPD agrees with the recommendation. The Director, Contracting and Procurement will lead the development of standardized checklists, which is currently in progress. Full implementation is expected by October, 2012.

2. Enhancing Monitoring Approach

Observations and Impact

The TB Contracting Policy states that departments are responsible to ensure that adequate control frameworks for due diligence and effective stewardship of public funds are in place and working. Such control frameworks include preventive and/or detective controls to ensure accuracy and compliance with the laws, regulations and policies. Monitoring mechanisms help deter or minimize the occurrence of errors and irregularities, as well as provide management with important early warning signals that enable managing risks before they materialize.

The audit assessed whether the Department had appropriate monitoring mechanisms in place to identify and mitigate risks related to unacceptable practices such as contract splitting, repetitive sole-source contracts and retroactive contracting activities.

The audit found that management monitored activities through weekly team meetings to discuss ongoing files, informal file reviews, and additional correspondence with contracting officers, as required.

The Department’s has nine branches and no regional offices. The Department’s contracting function is a centralized division, within the Financial Management Directorate, and approximately 90% of the total value of contracts is awarded through PWGSC mechanisms. Furthermore, the audit did not find evidence of unacceptable contracting activities. As such, the audit team does not believe a complex monitoring regime would be warranted, considering the level of risk.

Nonetheless, current informal monitoring practices could be enhanced through the development of additional formal reporting mechanisms, including the use of analytical reporting tools. Enhancing monitoring through these reports will allow CPD management to monitor risks of non-compliance in a more systematic manner and maintain documentation demonstrating review activities are being conducted.

Recommendation

The audit recommends existing monitoring practices of contracting activities be further enhanced through the development of formal reporting mechanisms, including the use of analytical reporting tools.

Management Response

CPD agrees with the recommendation. The Director, Contracting and Procurement and Senior Director, Financial Management Directorate will lead a review of existing reporting mechanisms as well as the efficacy of implementing specific analytical reporting tools, which will be completed by August, 2012. Recommendations arising out of this review will be implemented by December, 2012.

Appendix A – List of Department of Finance Employees Interviewed

  • Assistant Deputy Minister, Corporate Services Branch
  • Director, Contracting and Procurement, Financial Management Directorate, Corporate Services Branch
  • Acting Senior Director, Financial Management Directorate, Corporate Services Branch
  • Team Leader, Contracting and Procurement, Financial Management Directorate, Corporate Services Branch
  • Senior Procurement and Contracting Officer, Contracting and Procurement, Financial Management Directorate, Corporate Services Branch
  • Procurement and Contracting Officer, Contracting and Procurement, Financial Management Directorate, Corporate Services Branch
  • Senior Financial Analyst , Departmental and Public Debt Reporting,  Financial Management Directorate, Corporate Services Branch

Appendix B – Key Reference Documents

Legislation

  • Financial Administration Act
  • Government Contracts Regulations

Policy and Guidelines

  • TB Contracting Policy
  • TBS Guideline on Common Financial Management Business Process 3.1 - Manage Procure to Payment
  • TB Policy on Internal Control
  • TB Policy Framework – Management of Assets & Acquired Services
  • TBS Guide for Managers and IA-Procurement and Contracting
  • TBS Guidelines on the Proactive Disclosure of Contracts

Other Documents

  • OCG’s Audit Criteria Related to the Management Accountability Framework
  • OCG May 2009 Horizontal Audit - Contracting Information Systems and Monitoring

Documents Specific to Finance Canada

  • Managers’ Guide to Contracting (draft)
  • Financial Signing Authorities Manual
  • Additional Departmental documentation related to contracting activities

Appendix C – Members of the Audit Team

This audit was conducted by:

  • Abdillahi Roble, CGA, B.Comm - Senior Auditor, Internal Audit and Evaluation
  • Olivia Zhu, MPA, CIA, CRMA, CFE - Senior Auditor, Internal Audit and Evaluation
  • Ziad Shadid, CGA, B.Comm - Audit Manager, Internal Audit and Evaluation
  • Chantale Dumornay, BAA – Auditor, Internal Audit and Evaluation
  • Christian Kratchanov, MBA, CIA, CMC - Chief Audit and Evaluation Executive