Audit of Contracting

Final Report
December 19, 2014

[PDF 68 KB]

Table of Contents

  1. 1.0 Introduction
    1. 1.1 Authority
    2. 1.2 Objective
    3. 1.3 Scope
    4. 1.4 Background
    5. 1.5 Approach and Methodology
    6. 1.6 Statement of Conformance
  2. 2.0 Audit Conclusion
  3. 3.0 Audit Findings and Recommendations
    1. 3.1 Contract Requirements
    2. 3.2 Managing Commitments
    3. 3.3 Managing Contracts
    4. 3.4 Administering Contracts and Deliverables
    5. 3.5 Reporting and Disclosure
  4. 4.0 Management Response
  5. 5.0 Management Action Plan
  6. Appendix A – Audit Criteria and Sources

1.0 Introduction

1.1 Authority

The Audit of Contracting was approved by the Clerk of the Privy Council Office (PCO) as part of the 2013-2016 Risk-Based Audit Plan.

1.2 Objective

The objective of this audit is to provide assurance that procurement and contracting activities at PCO are conducted in a fair, open and transparent manner in accordance with legislative and policy requirements.

1.3 Scope

The scope of the audit included the processes and controls to manage requirements, control commitments, procure goods and/or services, manage contracts, administer contracts and deliverables, and report on contracts at PCO. A sample of transactions from the population of all commitments and contracts (with a value greater than $5,000) from April 1, 2012 to December 31, 2013 were tested.

1.4 Background

Government-wide policy requires that procurement and contracting practices result in openness, fairness and transparency in the spending of public funds. Federal procurement and contracting activities are governed by a complex set of policies, regulations, legislation, reporting requirements and other authorities. The objective of these requirements per the Treasury Board Contracting Policy is for government departments to “acquire goods and services in a manner that enhances access, competition and fairness and results in best value or, if appropriate, the optimal balance of overall benefits to the Crown and the Canadian people” while carrying out responsible stewardship of financial assets and reporting results to Canadians. Departments are required to ensure an effective framework of controls is in place to meet and implement these requirements.

At PCO, Procurement and Contracting Services, located within the Administration Division of PCO’s Corporate Services Branch, is responsible for purchasing the majority of goods and services required by the department. The organization is responsible for preparing the necessary documents to enter into a contract and its dedicated team of contracting officers is available to provide advice and guidance in all areas of contract administration. Oversight for contracts and procurement at PCO is provided by its Contract Review Committee (CRC). The CRC provides advice and guidance on the compliance of contracts or contract amendments with departmental and Treasury Board policies and procedures on contracting.

1.5 Approach and Methodology

During audit planning, procurement controls and the risks to contract management, administration and delivery at PCO were identified and assessed. Based on this risk assessment, we focused the audit on testing key controls to meet and manage: legislative and policy requirements, stakeholder expectations, departmental process requirements, and the prevention and detection of irregularities. Auditors then developed an audit plan which included audit criteria sourced from Treasury Board policies, directives and guidelines (see Appendix A), and obtained management concurrence with these criteria. Processes and controls were tested: to manage requirements, to provide oversight, to control committements, to manage and administer contracts, and to confirm receipt of deliverables.

The examination phase consisted of a verification of controls through the testing of 42 contracting and financial files, and a walkthrough of key steps in data entry and reporting processes. The sample of 42 files consisted of 22 randomly selected files and 20 files selected judmentally based on procurement risks. Judgemental files consisted of high dollar value contracts, contracts which included amendments, contracts tendered with former public servants and contracts near in value to requirement thresholds (such as proactive disclosure, bid solicitation exemptions, and legislative open bidding requirements).

Audit findings were validated with the Procurement and Contracting Services Unit and with the Director of Administration Division, as well as with the Financial Policies, Systems and Internal Control Unit, and with both the Chief, Accounting Operations and the Executive Director, Finance and Corporate Planning Division. A draft report was prepared and provided to the Assistant Deputy Minister, Corporate Services for response and for development of a management action plan to address the audit’s recommendation (see Section 5.0). Draft audit reports, including management’s action plans, are tabled at PCO’s Audit Committee for review and acceptance, after which they are jointly recommended by the Chief Audit Executive and the Chair of the Audit Committee to the Clerk of the Privy Council for formal approval.

1.6 Statement of Conformance

In my professional opinion as Chief Audit Executive, this audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of PCO’s quality assurance and improvement program.

Original signed by

Signature of Chief Audit Executive

Jim Hamer

2.0 Audit Conclusion

Procurement and contracting activities at PCO are conducted in a fair, open and transparent manner and are generally in accordance with all applicable legislative and policy requirements.

3.0 Audit Findings and Recommendations

3.1 Contract Requirements

Contract files contain appropriate documentation to support legislative, policy and regulatory requirements.

We verified that contract files contained the appropriate documentation to support contracting requirements. We reviewed procurement processes to certify that the process for tendering contracts had been recorded and appropriately justified. We also assessed the effectiveness and efficiency of oversight by PCO’s CRC over contracting practices.

In addition to compliance with legislative, policy and regulatory authorities, government contracting is required to be conducted in such a way that it: meets operational requirements, stands the test of public scrutiny, encourages competition, and reflects value for money. To meet these authorities, contract requirements must be clearly defined and documented at the outset of the contracting process. Procurement decisions must be documented in order to demonstrate transparency and support fairness in decision making. Any restrictions to process or requirements must be documented and justified by management to demonstrate due process and consideration of overall contracting objectives. Oversight of the contracting process is necessary to prevent and detect any real or perceived improprieties which could affect the integrity, fairness, or openness of the process (e.g. contract splitting or tailoring requirements towards preferred vendors).

3.1.1 Contracting Requirements and Decision Making

We found all contracts reviewed were tendered in a fair, open and transparent manner in accordance with procurement requirements. An appropriate statement of work was defined at the outset of each process to define contract requirements and appropriate analysis was on file to demonstrate value for money. Competitive bids were selected in accordance with pre-defined fair, open and transparent selection criteria and we observed the appropriate use of mandatory procurement methods.

3.1.2 Contract Oversight

We found that PCO’s CRC was effective in performing its mandate per its Terms of Reference and providing advice and guidance and challenging any perceived improprieties. The CRC reviews specific types of contracts above specified dollar value thresholds, for example, professional services contracts whose value exceeds $10,000. All other contracts falling outside the specified parameters are not subject to independent review, unless the Manager, Procurement and Assets, Administration Division, deems a particular contract to raise issues that warrant CRC review. Given that the CRC is a key, risk-based control, and the likelihood that PCO’s contracting profile, associated risks, and risk tolerances are bound to change over time, it is reasonable to validate that the CRC’s mandate continues to align with PCO’s contracting profile and risk tolerances. This is particularly important in light of the ever-evolving government procurement environment.

Recommendation

  1. The Assistant Deputy Minister, Corporate Services should review the mandate of the Contract Review Committee to ensure that it is aligned with PCO’s contracting requirements and risk tolerances.

3.2 Managing Commitments

3.2.1 Effective controls are in place to initiate expenditures as well as to authorize and record commitments

The crown has an obligation to pay its debts. Requirements for commitment controls exist to ensure that funds are set aside to pay debts as they arise. We verified that a delegated authority had certified that sufficient funds were available to pay the contracted obligation, and that a commitment had been recorded in the financial system prior to the contract start date. We found that all contracts reviewed had been authorized by a delegated authority and a commitment was made in the financial system to set aside funds for payment.

3.3 Managing Contracts

Appropriate documentation is on file to support the management of contracts and contract amendments.

We verified that contracts had been documented and signed by an appropriately delegated authority. We confirmed that any amendments had been justified and authorized prior to the expiry of the contract. We also verified effective contract management controls were in place to identify and address any potential intellectual property rights and to confirm the security clearances of vendors.

Contracts are in effect legal agreements between two parties. Thus, contracts and amendments should be documented to clearly define deliverables and requirements, and they must be authorized in accordance with the delegated authorities of the department. Security and intellectual property requirements are required to be defined in the contract document (where applicable). Confirmation that vendors meet the security requirements should be confirmed prior to the receipt of goods or services.

3.3.1 Contracts and amendments are generally appropriately documented and well managed

We found that all contracts and amendments reviewed were signed by an appropriate delegated authority. We also found that large contract amendments and the one retroactive contract amendment in our sample were referred to the Assistant Deputy Minister, Corporate Services for review and approval, as required by PCO’s Policy on Procurement. We found security requirements were appropriately identified in all contract files reviewed and documentary evidence confirming security clearances was found on all but two files reviewed. In all contracts reviewed, intellectual property rights were defined where required.

3.4 Administering Contracts and Deliverables

Effective controls are in place for the administration of contacts and to confirm the receipt of contract deliverables.

We assessed the controls in place to certify receipt of contract deliverables. We reviewed the effectiveness of controls in place for payment of contract deliverables within contracted terms. We also verified that an appropriate segregation of duties was in place between those individuals with authority to enter into a contract and those certifying receipt of goods and services, as well as the segregation controls in place over individuals with access to modify vendor information in payment systems.

Standard financial management and contract administration controls require that sufficient documentation and authentication be provided to certify the delivery of goods and services. It is equally important to verify the obligation(s) of the contract have been fulfilled before payments are made and the contract is settled. Effective controls should be in place to verify that all goods and services are received in accordance with the contracted requirements. Another standard financial control, segregation of duties, is required to reduce the risk of fraud or errors.

3.4.1 Contract administration and the receipt of goods and services

We found that with few exceptions, appropriate documentation was on file to support the receipt of goods and services in accordance with contracted terms. The few exceptions noted in the more than 430 invoices reviewed included six professional service invoices which did not have supporting timesheets attached. All invoices reviewed were certified by an appropriate delegated authority. We found controls were properly segregated between those ratifying a contract and certifying deliverables, as well as between those employees with access to modify vendor information and those who paid invoices.

3.5 Reporting and Disclosure

Effective controls are in place to report on and disclose contracts in accordance with Government of Canada requirements.

We assessed the controls in place to identify and report contracts with former public servants as well as the controls to proactively disclose contracts and contract amendments.

To support transparency and strengthened accountability, departments are required to proactively disclose on their websites contracts valued at $10,000 or more. These contracts should be disclosed accurately, consistently, and in a timely manner. To minimize the risk of any real or apparent conflict of interest and support the integrity of the public service, any contracts with former public servants must be identified, reported, and publicly disclosed. Efficient effective controls must be in place to identify, track, and report any of these required contracts.

3.5.1 Identification of Former Public Servants and Proactive Disclosure

We found that the controls in place to identify and report contracts with former public servants were generally effective. Procurement and Contracting Services requires vendors to sign an attestation to signify whether or not they are a former public servant in receipt of a pension. In one case where it was not clear following this attestation whether or not the vendor was in fact a former public servant, further clarification was sought and received. All required contracts reviewed were proactively disclosed where required.

4.0 Management Response

[Management accepts this report and will oversee the implementation of its recommendation.]

5.0 Management Action Plan

Audit of Contracting
Recommendation Response and Planned Actions Responsibility Due Date
  1. The Assistant Deputy Minister, Corporate Services should review the mandate of the Contract Review Committee to ensure that it is aligned with PCO’s contracting requirements and risk tolerances.
[The Administration Division, Corporate Services Branch will review the Contract Review Committee (CRC) terms of reference to examine membership, mandate and scope of work addressed by the CRC. The review will identify opportunities for improvement, examine the level and mandate of the CRC chair and seek to better align the CRC mandate to manage contracting risk at the Privy Council Office.

The services of an external contracting expert will be utilized to review the CRC to better ensure impartiality.]
[Director, Administration Division] [March 31, 2015]

Appendix A – Audit Criteria and Sources

Audit Criteria

Line of Enquiry 1: Contract files contain appropriate documentation to support legislative, policy and regulatory requirements.

Audit Criteria

Appropriate documentation is on file to support that contracts are tendered in a fair, open and transparent manner in accordance with procurement requirements.

Procurement tendering processes have been appropriately justified and documented.

Effective, efficient oversight is exercised over contracting practices.

Line of Enquiry 2: Effective controls are in place to record and authorize commitments.

Audit Criteria

Funds commitment availability is certified by someone with the delegated authority prior to the expenditure initiation at the value expected to be incurred (Financial Administration Act s32).

Line of Enquiry 3: Appropriate documentation is on file to support the management of contracts and contract amendments.

Audit Criteria

Contracts are signed by an appropriate delegated authority prior to the receipt of goods or services (Financial Administration Act s41).

Contract amendments are properly justified and authorized by an appropriate delegated authority prior to the expiry of the contract.

Appropriate documentation is on file to support effective contract management (e.g. confirmation of security clearance, intellectual property rights are addressed etc…).

Line of Enquiry 4: Effective controls are in place for the administration of contacts and to confirm the receipt of contract deliverables.

Audit Criteria

Appropriate controls and documentation are in place to certify receipt of contract deliverables in accordance with contract terms.

There is an appropriate segregation of duties in accordance with policy requirements.

Line of Enquiry 5: Effective controls are in place to report on and disclose contracts in accordance with Government of Canada requirements.

Audit Criteria

Contracts with former public servants are identified and reported.

Contracts and amendments are proactively disclosed as required.

Criteria Sources

The following sources were used to develop the audit criteria used during the conduct phase of the audit:

  • Financial Administration Act
  • PCO’s – Policy on Procurement (includes the Contract Review Committee’s Terms of Reference)
  • Public Works and Government Services Canada - Policy on Green Procurement
  • Treasury Board
    • Contracting Policy
    • Directive on Expenditure Initiation and Commitment Control
    • Directive on Account Verification
    • Directive on Delegated Financial Authorities and Disbursements
    • Guideline - Common Financial Management Business Process 3.1 – Manage Procure to Payment