Audit of Contract Management

Final Report

Foreign Affairs, Trade and Development Canada
Office of the Chief Audit Executive

March 2014

August 2014

Acronyms

Executive Summary

In accordance with its approved Risk-Based Audit Plan for 2012─2015, the Office of the Chief Audit Executive at the Canadian International Development Agency (CIDA)^Footnote1 conducted an internal audit of contract management. The objective of this audit was to provide reasonable assurance that adequate key management controls are in place and operational to ensure that CIDA’s contracting activities comply with Government of Canada contracting legislation and policy.

Contracts by CIDA are subject to Treasury Board Contracting Policy and Government Contract Regulations. In addition, Canada’s various trade agreements may be applied depending on the nature and value of the procurement requirement. The Grants, Contributions and Contracting Management Division (GCCMD) within the Chief Financial Officer Branch is mandated to provide contracting support to CIDA branches and to ensure that contracting management practices comply with Canadian government policies, regulations and standards.

The Agency delivers approximately $3.9 billion annually in the form of grants and contributions. Contracts are used extensively by the Agency's branches for assisting and implementing aid program delivery. With the approval in each Appropriation Act, CIDA is permitted to have contracts funded not only from the operation budget, but also from the aid budget. In the program branches, especially in the Geographic Programs Branch, aid contracts are used for delivering the Agency's bilateral projects through implementing organizations and private companies. Non-aid contracts are used for engaging sectoral, evaluation specialists, and other professionals providing expertise and services to the Agency's branches.

According to the Agency Information System, between April 1, 2011 and October 31, 2012, some 805 professional service contracts were awarded at CIDA headquarters. The total value of these contracts is about $200 million of which 94.6% falls under the aid budget.

The audit found that CIDA has developed contract management related policies, guidelines and tools that are aligned with the respective federal government’s regulatory framework.

Key processes related to various contract instruments were also established and generally followed by the Agency’s contract users. These processes have reflected the government contracting requirements relating to the test of public scrutiny in matters of prudence and probity, facilitating access, encouraging competition, and reflecting fairness in the spending of public funds.

Although risk factors of non-compliance with the federal government’s regulatory framework requirements for contracts are considered at both policy and operational levels, the establishment of a formal, documented, and integrated risk management framework would assist GCCMD to prioritize and meet the branch and program operational needs while ensuring openness, competition, and fairness in contract management practices and systems.

GCCMD has established several key oversight mechanisms, including internal and independent quality review, the creation of an Evaluation Review Board, and a monitoring and reporting function on certain contracting activities. A further strengthened and risk-based monitoring and reporting capacity would enhance the ability of the Agency to address trends and emerging risks regarding contracting and to assess the level of impact on other Agency’s programs and functions.

Key measures for meeting ongoing program needs and achieving operational objectives should be enhanced. Additional measures could include ways to evaluate contracting performance through service standards and a formal communication channel between GCCMD and Branches.

Conclusion

CIDA has key measures in place and operational to ensure its contracts activities comply with the federal government regulatory framework as it relates to the test of public scrutiny in matters of prudence and probity, facilitating access, encouraging competition, and reflecting fairness in the spending of public funds.

Opportunities were identified to formalize and integrate risk management practices specific to contracting activities to ensure the objectives of the contracting process and those of operations can be appropriately aligned, and operational requirements can be prioritized and met.

Statement of Conformance

In my professional judgment as the Chief Audit Executive, this audit was conducted in conformance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing andwith the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program. Sufficient and appropriate audit procedures were conducted, and evidence gathered, to support the accuracy of the findings and conclusion in this report, and to provide an audit level of assurance. The findings and conclusion are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management and are only applicable to the entity examined and for the scope and time period covered by the audit.

Chief Audit Executive

1.0 Background

The internal audit of contract management was part of the 2012─2015 Risk-Based Audit Plan recommended by the Audit Committee and approved by the President on March 16, 2012.

The mandate of the Grants, Contributions and Contracting Management Division (GCCMD) within the Chief Financial officer Branch (CFOB) is to provide contracting support to the various CIDA branches and to ensure that contracting practices comply with Canadian government policies, regulations and standards. The policy framework governing contract management practices includes Treasury Board (TB) Contracting Policy as well as Government Contract Regulations (GCRs) in support of the Financial Administration Act. CIDA’s procurement is also ruled by the TB decision that describes high-level governance and key elements of the proposal evaluation process. To ensure compliance with the regulatory framework, the Agency has developed various contract management policies, guidelines and bulletins accessible to its staff in assisting with day-to-day contracting management needs in a challenging international development context.

Contracts are used extensively by the Agency's branches to assist and implement program delivery. Both aid and non-aid budgets are used for the Agency’s contracts. In the program branches, especially in the Geographic Programs Branch (GPB), aid contracts are used to deliver the Agency's bilateral projects through implementing organizations and private companies. Non-aid contracts are also used to engage sectoral evaluation specialists, as well as other professionals providing expertise and services to the Agency's various branches.

According to a Contracting Services Benchmarking and Review done for the Agency in 2010, in comparison with other federal departments and agencies, CIDA has a unique model in which the contracting community is involved not only in traditional procurement activities, but also in program implementation activities. This high-level engagement from contracting officers in aid contracting activities signifies GCCMD’s critical role in contributing to program delivery effectiveness and efficiency.

The Agency has several options for the attainment of program/project results through contractual agreements with organizations in the public, for-profit and not-for-profit sectors. Each option is associated with a unique contracting process that is intended to reflect related policy requirements and required approval authorities. The following types of contracts are available in line with the nature and value of the required services:

• CIDA Call-ups
• Cooperant
• Professional Services > $25K
• Professional Services < $25K > $15K
• Professional Services < $15K
• Temporary Help

Since 2009, the Agency’s contract function, including contracting support to branches, has been centralized. Contracting officers providing services to branches are co-located within the various programs and report functionally to GCCMD. At the time of audit planning, GCCMD was contemplating a reorganization (a new service delivery model) of its contracting function structured by business centre, e.g. contribution agreement, grant, program-based approach and contract.

According to the Agency Information System, between April 1, 2011 and October 31, 2012, some 805 professional service contracts were awarded at CIDA HQ. The total current value of these contracts is about $200 million of which 94.6% falls under the aid budget.

2.0 Audit Objective, scope, approach and criteria

2.1 Objective

To provide reasonable assurance that adequate key management controls are in place and operational to ensure that CIDA’s contracting activities comply with Government of Canada contracting legislation and policy.

2.2 Scope

The audit focused on identified high-risk areas in managing the Agency’s contract activities in accordance with Government of Canada contracting legislation, policy and regulations, and with CIDA’s contracting policies and procedures, and the efficiency and effectiveness of its contracting controls.

The audit covered contracting undertaken for both aid and non-aid budgets, which are relative to CIDA’s Request for Proposal (RFP) selection mechanism and other processes resulting in the use of a contract as the financial instrument. To this end, the scope of the audit encompassed contracting activities that are subject to TB Contracting Policy and GCRs.

The audit tests were based on information provided by GCCMD through contracts awarded from April 1, 2011 to October 31, 2012. Audit population and sample included professional service contracts in support of program delivery. Additional details on the population and sample can be found in Appendix B and C, respectively.

The scope of the audit did not include contract administration after a contract has been signed, contracting activities outside of CIDA headquarters, and activities for purchasing goods.

2.3 Approach and Methodology

Based on identified and assessed key risks and internal controls associated with the related business processes, the methods used to gather audit evidence included:

• Reviewing contract management related policies and guidelines;
• Reviewing and analyzing previous studies, reviews and audits in relation to contracting management;
• Reviewing selected contract files and related documentation;
• Conducting interviews with various levels of officers and managers; and
• Analyzing financial and non-financial information.

2.4 Audit Criteria

Audit criteria were developed based on results of the risk and internal control assessment and the related Management Accountability Framework elements, taking into consideration of management concerns. The following audit criteria were shared with principal auditees:

• Criterion 1. Agency policies and guidelines for contracting management have been developed, implemented and are regularly monitored/overseen to ensure compliance with Treasury Board regulations and policies.
• Criterion 2. Authorities, roles, responsibilities and accountabilities for contracting in the Agency are clearly defined and communicated.
• Criterion 3. Contracting processes are risk-based, efficient and cost-effective and contribute to the attainment of Agency program objectives.
• Criterion 4. GCCMD services contribute to program delivery results while ensuring that appropriate risk-based management controls are in place.

3.0 Main Audit Findings and Recommendations

3.1 Policy and Governance Structure

Policies and Legislative Framework

In terms of funding instruments used across the Agency, contracting represents the most significant financial management challenge due to the complexity of the compliance environment and the rules and regulations established by the central federal agencies. When CIDA makes a payment in exchange for goods or services under a contractual agreement, it is subject to TB Contracting Policy and the GCRs, which focus on the requirement for, and exceptions related to, seeking proposals through competitive bidding processes. Additionally, Canada’s various trade agreements may apply depending on the nature and value of the procurement requirement.

To ensure compliance with the federal government’s regulatory framework in relation to contracting and procurement, the Agency has developed various contract management policies, guidelines and bulletins accessible to its staff in assisting with day-to-day contracting management needs. For example, the Contracting Guide for Managers in CIDA was developed to help managers choose the appropriate contracting process, including the procedures required to award or use a particular agreement or arrangement.

The sample of 29 files reviewed shows that in general, contract processes related to various contract instruments were respected and reflected TB Contracting Policy and related CIDA policies and guidelines.

Governance Structure

The audit team reviewed the current contracting management framework to determine if the governance structures were in place to review and act upon contracting trends and risks.

The existing governance structure consists of various levels of formal meetings and forums taking place regularly within CFOB. Main initiatives and issues relating to contracting operations are presented and discussed at various corporate committees including Management Board and Corporate Management Committee. There are also two management groups, the Weekly Directorate Management Group and the Extended Directorate Management Group, in place for sharing information on the results of ongoing communication between Director General (DG) of GCCMD and senior management as well as for discussing new and ongoing issues that require the special attention of GCCMD management.

In addition, the Contracting Management Forum is an internal committee within GCCMD that is mandated to provide support and leadership to the Agency’s contracts community on contracting and transfer payments through discussions, sharing experiences and lessons learned. Attended by directors and managers, this forum generally occurs biweekly.

The Evaluation Review Board (ERB), an additional component of the governance structure, is responsible for conducting an independent assessment of the solicitation process for competitive contracts valued at $500,000 and above as well as Advance Contract Award Notices over $100,000. Its role is to advise Agency decision makers of the compliance, fairness, openness and transparency of the solicitation process. ERB reviewed 19 awarded contracts during the period under audit.

Furthermore, CFOB participates in corporate bodies providing a challenge function to programs. Since April 23, 2012, contract directors are members of the Branch Investment Review Committee (BIRC), which determines the merit of individual investment initiatives.

Authorities, Roles, Responsibilities, and Accountabilities

The Agency’s Delegation of Selection Authorities and Contractual and Financial Signing Authorities Document distinguishes between the Aid and Operating budgets and specifies the authorities for selecting and signing competitive and non-competitive contractual agreements and financial documents. We found that sample files reviewed were compliant with contracting authorities.

Clearly defined and communicated roles, responsibilities and accountabilities for key stakeholders involved in day-to-day contracting activities, administration and management ensure that the contract management framework operates effectively on a sustained basis.

Contracting roles and responsibilities are documented through GCCMD's draft organizational chart and a matrix. The audit found that GCCMD staff has a clear understanding of their accountabilities as contracting advisors. However, program management and staff were not entirely clear on contracting officers’ accountabilities.

The draft Contract Management Framework, which is pending final approval, includes a matrix of accountabilities that outlines the accountabilities and responsibilities of both contracting and program officers during the life cycle of a contractual agreement.

3.2 Risk-based Contract Activities and Processes

Integrated Risk Management

Managing Risk at CIDA: 2010 to 2020 addresses the risk environment and provides the Agency’s approach to Integrated Risk Management (IRM). IRM’s significance at CIDA is reflected in its ability to increase development effectiveness, while supporting the Agency’s due diligence procedures.

Integrating the risk management function into existing strategic management and operational processes ensures that risk management is a key component of decision-making, business planning, resource allocation, and operational management. It also allows organizations to capitalize on existing capacity and capabilities. In the context of procurement and contracting activities, this risk-informed management approach supports the Agency in prioritizing and meeting branch and program operational requirements while ensuring openness, competition, and fairness in the procurement process. This approach will allow effective and efficient use of scarce resources, commensurate with risk and complexity.

In this regard, the audit expected to find a formal and documented IRM Framework for the Agency’s contracting activities, where risks related to the operational needs of the branches, the achievement of program results, and the compliance with related policy requirements are considered in supporting contracting processes. More specifically, the Framework should guide policymaking, guidance and tool development, quality review and assurance, monitoring contracting activities and processes.

The audit found that risk of non-compliance with federal government’s regulatory framework requirements for contracts was taken into account at both policy and operational levels. For example, contracts over $500,000 are subject to more rigorous review processes such as an independent quality control and a final tendering process review by the ERB. Nevertheless, the risks that the program operational needs may not be met are not given sufficient consideration, which may cause the following consequences:

• Significant changes to project plan established by the Agency programs or implementing organizations;
• Missed international development opportunities;
• Inappropriate selection of contracting instruments for the subsequent phase of the project implementation;
• Reduced confidence of program delivery partners; and
• Lapsed funds if contract is not signed prior to fiscal year-end.

At the operational level, the lack of a documented approach to risk management for contracting instruments was also noted.  In other words, no specifically identified and documented risks and key controls directly related to the individual contracting instruments were found.

When initiating a contracting process, GCCMD is responsible for providing guidelines, guidance and tools for the different types of contracting instruments for contract users’ reference. The selection instruction for each contracting instrument is determined by the nature of the required services, funding source, certain financial threshold, and the existence of an appropriate mechanism. A review of the guidelines and tools associated with the available contracting instruments indicates that GCCMD did not provide guidance on how risks should be considered for individual contracting instruments.

The sample file review and interviews also revealed that very limited risk consideration was presented to support the choice of each contracting instrument and its related process. For example, in 10 contracts over $25,000, the audit could not find evidence that a formally documented risk assessment of the contracting instrument was performed except for three contract files where informal discussions, e.g. emails, on risk assessment took place between contract and program officers. We were also told by contract officers who provide contract advice and conduct quality review for the branches that they maintain a risk awareness specific to individual contracting instruments which they apply in their work. However, this risk-awareness usually varies depending on the level of experience and subject matter knowledge. Systematically assessed risk and appropriate mitigation strategies based on an overall IRM Framework would assist both contracting officers and branches in possessing a common understanding of both the potential risks and the ways they could be managed when selecting and implementing the appropriate contracting mechanism.

Recommendation 1

The Director General of GCCMD should implement a formal integrated risk management framework specific to contract management that would include a guide for assessing risks and measures at the contracting instrument level.

Informal Quality Assurance and Quality Control

To ensure the quality of contracting documents and the integrity of the proposal evaluation process, the Agency is currently implementing a number of quality assurance review processes. These reviews take place from drafting terms of reference, developing evaluation grid, posting RFP on website, to evaluating proposals, and consist of a significant component of the contracting process.

Three levels of reviews are presently in place: (1) an informal quality assurance review by GCCMD Contracting Operations; (2) a formal quality control process implemented by GCCMD Contracting Policy; and (3) an independent assessment of the bid solicitation process by the ERB. A primary focus of these reviews is to identify potential procurement risks and propose associated mitigation solutions by quality reviewers.

The first two levels of reviews are performed through provision of comments and advice on the terms of reference and the evaluation grids prepared by Branch responsible officers. Interviews and file reviews indicate that comments and advice provided by junior contract officers, senior contract officers and contract managers are helpful but not always consistent, which has added considerable time to the overall contracting process.

The proposed new service delivery model, reorganized by business centre and closely supervised by subject matter experts, is intended to enhance the quality and consistency of the contracting services to branches by increasing focus, fostering specialization by contracting type, and reducing review cycles.

The level of quality assurance review is primarily determined by contract value. The higher the contract value, the more rigorous the review processes. For example, contract value under $500,000 is only subject to an informal quality assurance review, but contracts over $500,000 are subject to all above-mentioned three reviews. While the materiality of the contract value has been taken into consideration, other program‑related risk factors such as the nature of the contract and the implementing organization’s record of accomplishment in doing business with CIDA, should also be used to determine the depth of the quality review.

A formal integrated risk management framework would ensure that both procurement risks and the risks that the program operational needs may not be met are appropriately addressed. (See audit recommendation 1)

Contracting Activity Monitoring

An effective monitoring regime consists of several key components, such as a monitoring strategy and plan based on an integrated risk management framework, communication strategy for monitoring results, and corrective measures for management action.

In addition to the oversight mechanisms mentioned in the above section, GCCMD has put in place a unit whose role is to monitor the different procurement processes carried out specifically by branches in order to get a better understanding of the overall status of the Agency’s compliance with applicable contract policies and guidelines.

An annual monitoring schedule is developed based on the results of monitoring activities carried out during the previous year, ad hoc demands from different levels of management, and resource availability. We reviewed the 2012─2013 schedule and found that it included different types of procurements with the estimated timeframes. However, the schedule did not always include a rationale for the selected procurement activities.

In recent years, the monitoring unit has reviewed multiple types of procurement processes, including sole source contracts, temporary help services, and, most recently, contracts with former public servants. The unit also performs contracting reviews of some contracts issued in the field. These reviews are performed at the request of program managers to ensure that local management practices comply with the applicable guidelines.

Following each monitoring review, a report is prepared that includes information about the sample, a summary of the findings, and recommendations based on the information gathered. However, the audit found the reports lacked a risk-based rationale for the sample selection that could facilitate samples representative of identified risk areas, thus helping to ensure that significant risks the Agency may encounter are appropriately monitored in a timely manner. In addition, the reports did not always present findings related to the previously established criteria, making it difficult to identify trends.

The audit found that the recommendations of monitoring reports are linked to the findings of the monitoring activities and were all addressed to GCCMD management for further action. However, some significant or recurring findings continue to be observed. Approximately half of the reports’ recommendations have been implemented to date. We found that the GCCMD has no formal follow-up process in place for implementing those recommendations resulting from its monitoring reports. Without a formal follow-up process for recommendations, it is possible that some recommendations will not be implemented and the problems they are intended to address may persist, which may compromise the effectiveness of monitoring activities.

Once the report is finalized, it is shared with CFOB management. The monitoring unit also offers contracting and administrative officers the opportunity to attend a debriefing session on their reviewed contract files. Attendance at these debriefing sessions is not mandatory; however, the monitoring unit has recommended to have mandatory debriefing sessions for both sole source and temporary help service files.

Recommendation 2

The Director General of GCCMD should strengthen the contracting monitoring capacity through enhanced risk-based analysis; communicate and report the results to appropriate management levels, and develop a formal follow-up processfor the recommendations.

Contract Activity Reporting

Appropriate and timely financial and non-financial reporting related to contracting activities helps management identify, analyze and act on trends and issues.

GCCMD prepares several reports on procurement and contracting activities. These reports consist of internal as well as quarterly external reporting to meet the proactive disclosure requirements of the Agency. The audit found that the proactive disclosure report was posted on CIDA’s website in a timely fashion, and that the information was generally accurate. However, internal activity reporting to branch and program management, and to senior management, is ad hoc, at the transactional level and reactive in nature. Contracting information management with an additional focus on more strategic and integrated aspects (e.g. into long-term human resources planning) would support monitoring and risk management activities and allow the Agency to address trends and deficiencies in management practices and controls and respond to changes and priorities more effectively.

The contracting information to support risk management and decision-making, which was suggested by the Office of Controller General of Treasure Board in the Horizontal Internal Audit of Large Department and Agencies: Contracting Information Systems and Monitoring, specifies the following:

• Contracting data and trends;
• Extent and use of standing offers;
• Instances of not using a standing offer where such a vehicle should have been used;
• Proportion of sole sourced contracts under $25K;
• Amendment analysis by vendor;
• Contracting in excess of $25K that was sole sourced; and
• Number of contracts and value of contracting over a period of time by vendor.

This information will support GCCMD’s monitoring practices, oversight activities, day‑to‑day and long‑term planning decisions. It will also enhance their ability to support their risk mitigation strategies with respect to the contracting function.

Recommendation 3

The Director General of GCCMD should define the reporting needs for the contracting activities and provide reports to management accordingly.

3.3 Meeting Agency Program Objectives

Treasury Board Contracting Policy states, “Government contracting shall be conducted in a manner that will stand the test of public scrutiny in matters of prudence and probity, facilitate access, encourage competition, and reflect fairness in the spending of public funds; and ensure the pre-eminence of operational requirements.”^Footnote2 Meeting operational requirements while withstanding public scrutiny can be a challenging and formidable risk management issue.

To this end, key measures should be in place and functioning for meeting ongoing business needs and achieving operational objectives through provision of contracting service excellence. These measures include:

• Evaluating the performance of services;
• Proactively engaging contract users for new contracting management initiatives and new tool development; and
• Establishing a formal communication channel between GCCMD and branches for sharing and understanding challenges, risks, lessons learned, and new developments in business direction and processes.

This engagement and feedback should be analyzed and incorporated within the contracting management strategy and in day-to-day contracting activities.

Service Delivery and Performance Measurement

The audit expected to find information demonstrating to what extent the services provided by GCCMD would contribute to meeting Agency program objectives. To this end, appropriate performance measures for assessing the quality and efficiency of contract activities should be developed and monitored. Service standards are an important element of service management excellence, which enable performance management, help clarify expectations for contract service clients, and support client satisfaction.

Through interviews, the need for service standards for contracting activities was also identified as a priority. However, GCCMD management advised us that such service standards did not exist.

Because of the absence of key quantitative performance information, such as the time and cost to process various types of contracts or relevant service standards for the processing of contracting requests, qualitative evidence of the level of service and quality of outputs from GCCMD was gathered through interviews with various levels of contract users.

Those interviewed felt, in general, that there is a good working relationship between program officers and contracting officers, which is essential for an efficient and effective program delivery. However, while indicating that contracting services have met essential operational needs, program staff also told us they strongly suggest that more consistent and timely advice from contracting officers would go a long way in supporting optimal program delivery.

GCCMD is currently implementing a new contracting service delivery model meant to increase efficiencies and effectiveness as well as to standardize practices and procedures. The new model is based on Business Centres acting as centres of expertise for different types of contracting. Branches will liaise directly with Business Centre managers on individual investment initiatives. The intent of this reorganization is to enhance the quality and consistency of contracting services by increasing focus, fostering specialization by contracting type, and reducing review cycles.

Recommendation 4

The Director General of GCCMD should develop, implement and monitor contract service level agreement and standards in order to measure the procurement and contracting performance.

Communication with Branches

Branches are responsible for developing terms of reference and evaluation grids for RFPs and other contracting instruments when needed. The quality of these documents contributes to the overall efficiency and effectiveness of the contracting process. When advising responsible officers preparing these documents, contracting officers are positioned to share common errors, lessons learned, and good practices experienced in implementing policies, tools and templates. Additionally, engaging branches in developing new policies and tools would ensure that business needs and operational requirements are simultaneously taken into consideration while ensuring that the objectives of the contracting process and those of operations are appropriately aligned.

GCCMD currently uses various corporate committees to present new management initiatives that may have an Agency-wide impact, such as the reorganization of the GCCMD functions and new reporting requirements on former public servant contracts. In addition, contracting directors, as mandatory members, participate in two GPB internal committees, BIRC and the Directors of Strategic Planning and Operations Committee, Ad hoc meetings are also held between DG GCCMD and DG Operation of GPB when needs are warranted.

GCCMD has put in place two forums for internal communication and knowledge sharing within the contracting community: the Contracting Management Forum and the PG Café. Both forums provide support, leadership and opportunities for CIDA’s contract officers and managers to disseminate and exchange information, discuss contracting issues, and share lessons learned and best practices. However, to increase the efficiency of the processes, there is an opportunity to engage and communicate lessons learned more formally and in a timely manner with branches that are involved in contracting processes.

During our interviews, concerns were raised with respect to the level of consultation by GCCMD. For example, we were told that the introduction of new policies, guidelines and templates that have a direct impact on program delivery and the changing of contract officers assigned to a project team were not appropriately discussed with branches. Program Branch managers also advised us that they do not have a specific venue where they can discuss contracting matters of mutual interest with GCCMD management.

Recommendation 5

The Director General of GCCMD should put in place an appropriate communication mechanism aimed at engaging, consulting and sharing new policies, guidelines, templates, good practices and lessons learned with branches.

Appendix A: List of Recommendations and Management Action Plan

Recommendation 1

The Director General of GCCMD should implement a formal integrated risk management framework specific to contract management that would include a guide for assessing risks and measures at the contracting instrument level.

Responsibility: Director General of GCCMD

Proposed Management Measures:

GCCMD will perform a benchmark exercise in consultation with other departments, including PWGSC, to identify existing risk assessment tools.

GCCMD will develop and formalize an integrated risk management framework, and a guide (specific to contract management) in consultation with program branches, legal services, and risk management experts to ensure risk management activities are consistent, integrated, and aligned with the document entitled “Managing Risk at CIDA: 2010 to 2020”.

Target Date: Complete

Recommendation 2

The Director General of GCCMD should strengthen the contracting monitoring capacity through enhanced risk-based analysis, communicate and report the results to appropriate management levels, and develop a formal follow-up process for the recommendations.

Responsibility: Director General of GCCMD

Proposed Management Measures:

GCCMD will conduct a risk-based analysis, in consultation with program branches and contracting management services, to identify areas where monitoring is required and integrate them into the annual monitoring plan.

GCCMD will first communicate the results of monitoring to management to provide them with an opportunity to question findings and contribute to the action plan. GCCMD will subsequently publish results annually on the intranet.

GCCMD will produce an annual monitoring follow-up action plan that will be approved by the DG and communicated to branches through corporate committees.

Target Date: Complete

Recommendation 3

The Director General of GCCMD should define the reporting needs for the contracting activities and provide reports to management accordingly.

Responsibility: Director General of GCCMD

Proposed Management Measures:

GCCMD will review the suggestions of the Officer of Controller General of Treasury Board in order to identify information that would be useful to support risk management and decision-making.

GCCMD will then define the reporting needs and provide reports to management.

Target Date: Complete

Recommendation 4

The Director General of GCCMD should develop, implement and monitor contract service level agreement and standards in order to measure the procurement and contracting performance.

Responsibility: Director General of GCCMD

Proposed Management Measures:

GCCMD will develop, implement and monitor contract service level agreements and standards.

Target Date: Complete

Recommendation 5

The Director General of GCCMD should put in place an appropriate communication mechanism aimed at engaging, consulting and sharing new policies, guidelines, templates, good practices and lessons learned with branches.

Responsibility: Director General of GCCMD

Proposed Management Measures:

In collaboration with program branches, GCCMD will inventory potential communication mechanisms (including CIDA@work).

GCCMD will then integrate formal steps for (1) consultation prior to new policy development and (2) communication of new policies, guidelines, templates, good practices and lessons learned into the Annual Policy Action Plan.

Target Date: Complete

Appendix B: Audit Population

The Agency procures professional services through a variety of contracting instruments. Information from these contracts is captured in the Agency Information System. Between April 1, 2011 and October 31, 2012, some 805 professional service contracts were awarded at former CIDA’s headquarters. Non-aid contracts represent the bulk (65.8%) of contracts issued in terms of quantity; however, aid contracts account for 94.6% of the value of all contracts issued during that period.

The table below provides a breakdown between aid and non-aid contracts, for each type of contracting instrument included in the scope of the audit.

Appendix C: Sample Contract Details

The audit selected 29 sample contracts for review, representing different contract vehicles, funding sources, vendors and branches. The total current dollar value of the sample contracts was almost $100 million, or about 50% of the total audit population value.

Of the selected files, 65.5% were aid contracts, representing 99.3% of the total sample value.