Archived – Follow-up Audit of Contracting

Archived information

The Standard on Web Usability replaces this content. This content is archived because Common Look and Feel 2.0 Standards have been rescinded.

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Project Number 6B100
Final Audit Report
March 30, 2009

Table of Contents

List of Acronyms

ADM - Assistant Deputy Minister
CS - Corporate Services
DMC - Departmental Management Committee
IAD - Internal Audit Directorate
MAP - Management Action Plan
MCF - Management Control Framework
RCM - Responsibility Centre Manager
TBS - Treasury Board Secretariat

1.0 In brief

The purpose of the Follow-up Audit of Contracting was to determine the extent to which completion of the Management Action Plan (MAP) from the December 2006 Audit of Contracting has sufficiently strengthened the management control framework governing the Department’s contracting practices.   

This follow-up audit determined that of the 11 recommendations from the December 2006 audit report, 5 recommendations have been sufficiently addressed and 6 are partially addressed.  Management actions are being implemented for those recommendations that are not fully addressed.  Appendix A of this report provides a detailed description of the status of each MAP item as of December 2008.

In our opinion, steady progress has been made in implementing the MAP from the December 2006 audit report on contracting.  Several management and process improvement initiatives have been completed or are in the process of being implemented.  Collectively, when fully implemented, we expect that these initiatives will address all the audit recommendations and will strengthen the management control framework governing the Department’s contracting practices.

2.0 Background

In 2005, the Internal Audit Directorate (IAD) conducted an audit of contracting practices in the Department.  The overall objective of the audit was to assess the adequacy of the control framework in place for administering contracting activities and to confirm that Fisheries and Oceans was in compliance with Treasury Board Secretariat (TBS) and departmental contracting policies and directives.

The report was published in December 2006.  The audit concluded that:

The Management Control Framework (MCF) governing the Department’s contracting activities was generally in place and being administered in accordance with central agency and departmental policies and directives; however, accountability and monitoring activities, and the quality of information for decision-making needed to be strengthened.  The audit team concluded that the weaknesses identified during the audit were for the most part administrative in nature.

Corporate Services prepared a MAP in October 2006 to respond to the 11 recommendations contained in the audit report.  The MAP included the implementation of a formal overarching risk management strategy for contracting, the implementation of a national approach to monitoring and the development of related procedures and processes, and the utilization of standardized reports and methodology.

Follow-up Audit

In keeping with the Departmental Internal Audit Policy, IAD carried out a follow-up audit from July to November 2008 to determine the extent to which the recommendations were implemented and whether the resulting action plans corrected, or were likely to correct, the issues that led to the audit observations and recommendations.

The audit approach included interviews with Corporate Services, procurement staff, and responsibility center managers (RCMs), as well as the review of relevant documentation.  A statistical sample of contract files that were awarded without competition between November 1, 2007 and May 31, 2008 were examined in two regions (Pacific and National Capital) to test compliance with the initiatives identified in the 2006 MAP.

3.0 Observations

This section of the report describes the measures taken by the Department to implement the management action plans.

For the purpose of this follow-up audit report, the audit recommendations, MAP measures and audit assessment have been grouped under two lines of enquiry:  the Management Control Framework and Compliance with Contracting Regulations and Policies.

3.1 Management control framework

3.1.1 Accountabilities (Partially completed)

Conclusion from the December 2006 Report on the Audit of Contracting:  An accountability framework for contracting has been defined and established in accordance with delegated Contracting and Financial Authorities and responsibilities.  However, the contracting thresholds for the involvement of Regional Procurement Groups and account verification practices of Regional Finance groups need to be made consistent to ensure compliance with Government Contract Regulations and Department policies and to ensure that only justified expenses are processed for payment.

The Finance and Administration Directorate has two major initiatives underway that will significantly strengthen the accountability framework for the management of contracting, specifically: (1) the Renewal of the Finance and Administration Organizational Structure; and (2) the Financial Statement Audit Readiness Assessment Project’s work on strengthening Account Verification and Quality Assurance.

During the period in which the follow-up audit of contracting was conducted, these initiatives were in the early stages of implementation.  The auditors reviewed project documentation for the two initiatives and are of the view that, if these initiatives are implemented according to plan, they should have a positive impact on strengthening the accountability framework for management of contracting in the Department. 

Regional Procurement Services (Completed)

A contract file checklist was implemented in July 2007 to assist in the identification of high risk contracts that should be handled by Regional Procurement Services.  Regional Chiefs of Material Management and Corporate Material Management have also expanded the list of ‘restricted contracts’ for which RCMs must use the services or advice provided by Regional Contracting Units or Public Works and Government Services Canada (e.g., for expert witness, vessel charter, and diving contracts).  A directive was also being drafted for procedures related to departmental use of expert witnesses.  A customized report containing an overview of the Department’s contract activity was developed for the Deputy Minister.

Account Verification (Partially Completed)

Strengthening of the Account Verification function is being addressed through the departmental Audit Readiness Assessment Project on Account Verification and Quality Assurance.  Corporate Services is updating related practices such as procedures, system changes, and measurement of the impact of proposed changes on Corporate Services' and Regional Offices' resources.  A "pilot" of the new Account Verification Framework is planned for January to March 2009 with full implementation in all Regions planned for 2009-2010.

A review of documentation related to the Readiness Assessment Project identified the following items that remain to be addressed:  

  • Implementing an organizational model for Quality Assurance group;
  • Establishment of account verification/QA working groups; and
  • Development of a post-audit approach which includes acceptable risk levels and thresholds by transactions type, statistical sampling, and trend analysis techniques.

3.1.2 Internal Communications/Awareness/Training (Partially Completed)

Conclusion from the December 2006 Report on the Audit of Contracting:  There is adequate internal communication, awareness and training to ensure that parties at more senior levels of management are aware of their roles and responsibilities; however, there is a need to provide training to those who assist management in exercising their roles and responsibilities (e.g., Administrative Assistants and Project Authorities).

Generalized training material for departmental Administrative Assistants is being finalized.  The draft training material includes a module on procurement and asset management.  Further work relating to the Administrative Assistant training, however, is dependant upon resources for curriculum development, training delivery and renewal of the Finance website.  A business case for additional resources was in preparation for Departmental Management Committee (DMC) approval.  A completion date was not identified during the period of this follow-up audit. 

3.1.3 Monitoring (Completed)

Conclusion from the December 2006 Report on the Audit of Contracting:The Department needs to implement a more comprehensive risk-based monitoring and reporting capability to identify any trends and ensure contracting activities are consistent with policy requirements. 

A national monitoring strategy document was issued in December 2007.  This strategy outlined the compliance review process for non-competitive contracts less than $10,000, contracts where vendors are repeatedly used, and other types of contracting.

The monitoring strategy also included a web-based reporting module that was developed and tested by the Regions and released in September 2008.  The audit team was informed that reporting on the first monitoring exercise will take place in January 2009.

Based on interviews and the review of documentation, the audit team has concluded that the monitoring strategy could be further strengthened by:

  • Including all key error types;
  • Better articulating and communicating to Regional Office Procurement Groups the processes and procedures for analyzing contract-splitting and employer-employee relationships; and
  • Communicating the importance of maintaining independence and objectivity for contracts processed through Regional Office Procurement Groups.

3.1.4 Reporting and Quality of Information for Management Decision Making (Completed)

Conclusion from the December 2006 Report on the Audit of Contracting:Improvement is needed in the quality of contracting data in the Department's enterprise resource management system in order to ensure the overall reliability and relevance of contracting information provided to Central Agencies and departmental management.  In addition, access to a wider range of contracting data and more meaningful reports is required to ensure managers have the necessary information for monitoring or decision-making.

Departmental system reporting capabilities have been expanded to allow for increased monitoring and reporting of contract activities.  Further, the Purchase Order input procedure was modified to improve the quality of information.

To further improve system reporting capabilities, a parameter-based report referred to as the DFO Purchase Order Contract Monitoring Report was developed.  The availability of the Report was communicated via a Bulletin issued by Regional Support Units on April 26, 2007.   The Purchase Order Contract Monitoring Report allows users to monitor contracting activity on an on-going basis and provides assistance to users in producing the Departmental Procurement Activity Report. 

Interviews indicated that the quality of information in the contracting database has improved, including information from the verification and approval process.  Corporate Material Management is continuing to investigate other means to reduce the amount of manual system intervention including resolving interface issues with central agency systems. 

3.1.5 Risk Management (Partially Completed)

Conclusion from the December 2006 Report on the Audit of Contracting: The current risk management approach that has been adopted for contracting is done on a piecemeal basis; a formal overarching risk management strategy is needed.  This strategy should identify all risks and risk-handling processes related to contracting so that a focus can be made on strengthening and monitoring the high-level risks relating to contracting.

Three major initiatives have been undertaken by Corporate Services to address risks associated with the administration of contracting activities, specifically:

  • A National Monitoring Strategy that will involve a departmental-wide compliance review of risk-based contracting activity every 6 months;
  • The development of a strategy for a risk-based Account Verification and Quality Assurance Framework, and
  • The renewal of the Finance and Administration organizational structure and the standardization of work descriptions.  The proposed organization structure includes positions for monitoring contracting activities.

The audit team was informed that the implementation of these initiatives is dependent upon future funding that is not guaranteed.

3.2    Compliance with contracting regulations and policies

3.2.1 Procurement Planning (Partially completed)

Conclusion from the December 2006 Report on the Audit of Contracting:  Overall, contracting practices applied within the Department are in compliance with Government Contract Regulations, TBS guidelines and DFO policies.  Efforts are made to award and manage contracts in relation to best value, open access, fairness and transparency.  However, these efforts are not consistently supported by documentation on file.  The audit also found anomalies in compliance with departmental and TBS contracting policies, particularly with respect to clearly defining statements of work and deliverables, methods of contracting that risk establishing an employer-employee relationship and contract-splitting.   

Corporate Services issued a number of internal communications to reinforce the requirements for maintaining well documented contract files and to provide awareness of departmental and TBS contracting policies.  Specifically:

  • A bulletin by Corporate Material Management Division (CMMD) was issued and posted on the CMMD website in January 2007, to remind staff of the key objectives, basic principles for the acquisition of goods, and their responsibilities related to maintaining adequate documentation.  The bulletin addressed contracting practices such as: maintaining appropriate records including documenting quotes; clearly justifying sole source contracts regardless of contract amount; obtaining a copy of signed contracts with amendments information; confirming receipt of goods or services and any related communication; and the proper recording of contracts and amendments in system including instructions for capturing multi-year purchase orders.
  • Further, a formal memorandum from the ADM, Corporate Services to DMC members was sent in July 2007 and a subsequent bulletin was issued on October 12, 2007 to reinforce:  the proper completion and retention of file documentation; the mandatory use of file checklists; the completion and retention of the vendor performance and evaluation form; and the recording of contract amendments in the Department’s enterprise resource management system.  A sample Statement of Work was attached to the bulletin as a guide to assist staff in the preparation of a Statement of Work.

From our review of the Department’s Procurement Policy, we noted that the Policy had not been amended to reflect these new mandatory requirements. 

Our sample file review found that there are still inconsistencies between Regions in the level of support documentation retained on contract files.  It is worth noting that the Pacific Region  recently introduced mandatory completion of the Requisition for Service form for all contracts (including contracts <$10K).  This form requires capturing key contract information such as a security assessment, a former public servant assessment and a sole source contract justification.

3.2.2 Contract Administration (Partially completed)

Conclusion from the December 2006 Report on the Audit of Contracting: Contract file documentation needs to be strengthened to provide a complete audit and monitoring trail to ensure compliance with policies.

File Documentation

Two checklists for contract files were developed by Corporate Services.  The purpose of file checklists is to ensure that contract files include sufficient and relevant information to provide a complete management and audit trail, and support efficient monitoring.  One of the checklists is to be completed by the Project Authority; the other by the Contracting Officer.

A memorandum from the ADM, Corporate Services dated July 2007, and a subsequent Bulletin dated October 2007, clearly stated the requirement to use the contract file checklists.  Our sample file review conducted in the course of this follow-up audit found that the mandatory checklists were not consistently being used.

Security

The Safety and Security Branch conducted presentations across the Regions related to safety and security issues.  The presentations included a training module on security requirements to be applied during the contracting process.  Based on interviews the audit team conducted, these presentations have significantly improved awareness of security measures that need to be taken during the contracting process.

Our examination of contract files found that security assessments are not always on file.  Auditors were informed during interviews that the absence of security assessments on contract files was due in part to the significant time delays in waiting for security clearance documentation to be completed and forwarded to the program areas.

The Department’s Procurement Policy and Procedures Manual does not provide information or guidance to RCMs or Regional Procurement Officers on responsibilities for protecting sensitive information and assets during the contracting process.

Auditors were informed that security requirements will be integrated into the departmental Procurement Policy and Procedures Manual by March 2009.

3.2.3 Contract Close-Out (Partially Completed)

Conclusion from the December 2006 Report on the Audit of Contracting:  For contracts where it is relevant, if contractor performance is not monitored it leaves the Department at risk of not being able to ensure that it achieved the principle of best value when expending public funds and that the contractor delivered the requested goods, services or construction according to the terms and conditions.  While this information may be too late to use on a newly completed contract, it could be valuable for use in future contracts as a cross-check for contractor quality or a source of lessons learned.

A vendor performance checklist was developed and communicated across the Department at the same time as the new contracting file checklists, through the ADM’s memorandum of July 2007 and Bulletin of October 2007 referred to in Section 3.2.2.

Our sample file examination found that the vendor performance checklist was not being consistently used.  Further, the Procurement Policy and Procedures Manual had not been updated to include the roles and additional responsibilities of RCMs or Regional Procurement Services Officers relating to file maintenance and documentation including the contractor evaluation report.  We were informed that further work in this area is to be completed, pending resource considerations.

4.0 Conclusion

A substantial effort has been made towards the MAP which addresses recommendations in the December 2006 audit report on contracting.  Several management and process improvement initiatives have been implemented or are in the process of being implemented.  Collectively, these initiatives should have a positive impact towards strengthening the overall management control framework (MCF) governing the Department’s contracting practices.

While this follow-up audit has observed improvements in the contracting MCF, some areas still require sustained efforts, such as the organization and completeness of contract file documentation and on-going monitoring.  It is expected that the management of contract activities will continue to improve with the full implementation of the new Account Verification Framework.

The proposed influx of new temporary funding into the Department from the Government Economic Stimulus Plan (as referenced in the Deputy Minister’s e-mail of January 28, 2009) will put additional stress on the procurement framework.  We expect procurement units to be faced with a significant increase in contract demands and a requirement to accelerate contracting processes to meet new demands by program areas wanting to rapidly implement initiatives from new funding.  To ensure compliance with government contracting policies and procedures during this projected increase in contracting activity, it is crucial that the measures identified for improving the account verification framework be promptly and fully implemented.

Outstanding MAP items should be followed-up by the Departmental Audit Committee as part of the regular MAP update process.

Appendix A – MAP Completion status Summary

2005-06 Audit Report Recommendations

Audit Report Reference

Current Status

Initial Estimated Completion

Current Estimated Completion

MANAGEMENT CONTROL FRAMEWORK

1.   The Director General, Finance and Administration in conjunction with the Regional Directors General should:
i)    re-assess the current approach for processing contracts through Regional Procurement Services groups. Consideration should be given to a risk-based approach for determining the type and value of contracts that should be tendered through those groups;

3.1.1

Partially Completed

September 2007

Completion date is dependent on DMC approval of the
Business Case

Spring 2009

ii)   define a consistent approach to Section 33 account verification using a standard statistical sampling method based on a risk assessment.

3.1.1

Partially Completed

March 31, 2007

Spring 2009

2.   The Director General, Finance and Administration, in conjunction with the Regional Directors Finance (or equivalents), should identify where the necessary training is required to ensure they carry out their responsibilities in compliance with departmental policies.
This includes Financial and HR delegation training as well as training packages to Administrative Assistants, clerks, etc.

3.1.2

Partially Completed

March 31, 2007

Completion date is dependent on DMC approval of the
Business Case

Spring 2009 / Ongoing

3.   The Director General, Finance and Administration, in conjunction with the Regional Directors General (or equivalents), should:
i)    implement a formally recognized approach for monitoring that is consistently applied nationally and makes use of standardized reports, methodology for sampling, and tools; and

3.1.3

Completed

September 2007

Completed

ii)   establish a process for documenting and periodically reporting the results of monitoring activities to senior management.

3.1.3

Completed

March 31, 2007

Completed - Ongoing

4.   The Assistant Deputy Minister, Human Resources and Corporate Services, should:
i)    review the Department's enterprise resource management system reporting capabilities to allow for increased monitoring which will thus reduce the deficiencies in its contracting data

3.1.4

Completed

March 31, 2007

Completed - Ongoing

ii)   in conjunction with Regional Directors General, review the information requirements of delegated managers engaged in the contracting process to determine what type of data needs to be accessed and the type of standardized reports that need to be developed; and

3.1.4

Completed

October 2007

Completed

iii)   re-examine the existing process used to assemble the annual Procurement Activity report with a view to reducing the amount of manual interventions and improving the verification and approval process.

3.1.4

Completed

May 2007

Completed - Ongoing

5.   The Director General, Finance and Administration, in conjunction with the Regional Directors Finance, should consider the implementation of a formal overarching risk management strategy for contracting that ultimately:
i)    identifies high-risk contracts and develops procedures to follow for their implementation and monitoring

3.1.5

Partially Completed

September 2007

Spring 2009

ii)   promotes the use of competitive contracting practices and the necessity for justification of all non-competitive contracts

3.2.1

Completed

December 2006

Completed

COMPLIANCE WITH CONTRACTING REGULATIONS AND POLICIES

6.   The Director General, Finance and Administration, in conjunction with the Regional Directors General, should ensure that the Department’s procurement documentation is updated to:

i)   include instructions for completing contract justification and approval forms as well as examples of a statement of work to show how deliverables are clearly linked to payments and timeframes;

3.2.1

Completed

 

 

 

March 2007

 

 

 

Completed

 

 

 

Note from MAP: “DFO Procurement Policy will be amended to include these tasks under “Roles and Responsibilities” for RCMs and RPS”.   Partially Completed September 2007 Spring 2009

ii)   emphasize that these documents are to be retained on either the contract or project authority file.

3.2.1

Completed

March 2007

Completed

iii)   include the requirement for retaining all support documentation on file relating to a contract amendment; and

3.2.1

Completed

March 2007

Completed

iv) state the importance of recording contract amendment information in the enterprise resource management system.  In addition, monitoring practices should be enhanced to ensure that contract amendments are accurately recorded in the enterprise resource management system.

3.2.1

Completed

March 2007

Completed

7.   The Assistant Deputy Minister, Human Resources and Corporate Services should ensure that a strategy is developed for monitoring those contracts that are non-competitive and less than $10,000.

3.1.3

Completed

September 2007

Completed

8.   The Director General, Finance and Administration, in conjunction with the Regional Finance Directors (or equivalents), should ensure that Regional Procurement Services periodically review the procurement activity of the Regions to identify those contracts where the vendors are repeatedly used to determine whether contract splitting is occurring.

3.1.3

Completed

September 2007

Completed

9.   The Director General, Finance and Administration, in conjunction with the Regional Finance Directors (or equivalents), should:
i)    put in place a mechanism, such as file checklists, to ensure that contract files contain sufficient and relevant information that provides a complete audit and monitoring trail, and a mechanism that provides periodic reviews of contract documentation that should be carried out by Regional Procurement Services to confirm that contract file documentation is being adequately maintained;

3.2.2

Completed

February 28, 2007

Completed

ii)   ensure that the quality of competitive information is adequate to support equal opportunities for all contractors to access Government business.

3.2.1

Completed

December 2006

Completed

iii)   provide ongoing communication and awareness of the key standard documentation that needs to be retained on either the contract or project authority file.

3.2.1

Completed

December 2006

Completed - Ongoing

10. The Assistant Deputy Minister, Human Resources and Corporate Services, should:
i)    ensure that the Department’s security and procurement policies and procedures are cross-referenced so that RCMs and Regional Procurement Services Officers are informed of their responsibilities for protecting sensitive information and assets during any phase of the contracting process;

3.2.2

Partially Completed

June 2007

Spring 2009

ii)   provide ongoing communication and awareness of the key documentation that needs to be retained on either contract or project authority file.

3.2.2

Completed

June 2007

Completed - Ongoing

11.  The Director General, Finance and Administration, in conjunction with the Regional Directors General, should ensure that the departmental Procurement Policy and Procedures Manual is updated to include a template to evaluate contractor performance and ensure that these evaluations are retained on project authority files.

3.2.3

Partially Completed

June 2007

Spring 2009