Audit of contracting
Global Affairs Canada
Office of the Chief Audit Executive
Tabling Date
September 2018
Table of Contents
- Executive summary
- 1. Background
- 2. Observations and recommendations
- Conclusion
- Appendix A: About the audit
- Appendix B: Contracting at global affairs canada (as intended)
- Appendix C: Management action plan
- Appendix D: Acronyms
Executive summary
The objective of this audit is to determine whether Global Affairs Canada has effective controls in place to ensure that contracts are compliant with applicable regulations and policies.
An audit of contracting was selected in the Global Affairs Canada 2017-2020 Risk Based Audit Plan and was originally identified as one of nine subjects of a broader Continuous Auditing Strategy. Continuous auditing relies on readily available and quality data. In the planning phase of the audit, the audit team concluded that the availability and quality of data was not yet sufficient to support continuous auditing. As a result, this audit focused instead on controls rather than just compliance. However, this audit also helped establish a foundation for continuous auditing as it relied on data analytics and established computer assisted techniques to measure compliance.
Why it is important
Global Affairs Canada uses contracts to support its operational needs across Headquarters and Missions, including 178 missions in 110 countries across the world. These contracts cover employee relocation, professional services, purchase of computer equipment and software, temporary help services, legal services, construction of office buildings, and hospitality. From March 1, 2017 to February 28, 2018, the Department established or amended approximately 15,800 contracts for goods and services, for a total amended value of approximately $740MFootnote 1.
Contracting activities in the Government of Canada must comply with key legislation and specific regulatory, and policy requirements. The effective management of procurement and contracting is essential to acquiring goods and services and for carrying out construction in a manner that enhances access, competition, and fairness to achieve overall benefits to the Crown and Canadians. Departments are responsible for ensuring that their contracting activities are well managed and that suitable management practices and controls are in place and working.
The Office of the Auditor General of Canada’s Spring 2017 Report on Managing the Risk of Fraud included an assessment of Global Affairs Canada’s controls to manage the risk of fraud in procurement. Based on this work, the report recommended that the Department “ensure that contract files and contracting data are complete and accurate" and “conduct data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis."
What was found
The audit team concluded that Global Affairs Canada does not have effective controls to ensure that contracts are compliant with applicable regulations and policies. While some contracting controls have been implemented and key personnel interviewed demonstrated adherence to existing policies and procedures, they are not sufficient to monitor data, practices and control contracting activities and for taking early effective remedial action in areas where significant deficiencies are encountered or improvements are needed. The Chief Financial Officer (CFO) did, however, recognize the importance of addressing the findings of the audit and demonstrated his commitment to undertaking corrective actions.
Areas for improvement include:
- enhancing data quality to allow for reliable decision making and reporting;
- monitoring of compliance against Financial Administration Act, Treasury Board contracting policy and the departmental guidelines;
- updating the Service Level Agreement for contracting and Terms of Reference for the Departmental Contract Review Board.
Recommendations
Based on the findings above, the audit team recommended the following:
- The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should establish data entry controls, adequate monitoring and timely rectification of erroneous data to achieve data integrity.
- The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should ensure that the Terms of Reference for the Departmental Contract Review Board are updated to reflect an appropriate membership for approving contracts.
- The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should ensure that the Department strengthens controls to reduce the risk of non-compliance with applicable contracting regulations and policies.
- The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should implement authority controls for the initiation of the procurement of goods and services that are ordered through departmental automated systems.
- The Assistant Deputy Minister, International Platform Branch and the Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should:
- update the Service Level Agreement and identify its business owners and its client base; and
- share Service Level Agreement monitoring results on a regular basis.
Statement of Conformance
In my professional judgment as the Chief Audit Executive, this audit was conducted in conformance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and with the Treasury Board Policy and Directive on Internal Audit, as supported by the results of the quality assurance and improvement program. Sufficient and appropriate audit procedures were conducted, and evidence gathered, to support the accuracy of the findings and conclusion in this report, and to provide an audit level of assurance. The findings and conclusion are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management and are only applicable to the entity examined and for the scope and time period covered by the audit.
Chief Audit Executive
1. Background
An audit of contracting was selected in the Global Affairs Canada 2017-2020 Risk Based Audit Plan and was originally identified as one of nine subjects of a broader Continuous Auditing Strategy. Continuous auditing is an automated, ongoing process that enables internal audit to continuously collect data from business processes in order to achieve more timely compliance with policies, procedures, and regulations and increase audit effectiveness through IT solutions. Continuous auditing relies on readily available and quality data. In addition to concluding against an audit objective, this audit aimed to establish a continuous auditing methodology, which could assist Global Affairs Canada (Department) in fostering its internal control and monitoring practices.
In the planning phase of the audit, the audit team concluded that the availability and quality of data was not yet sufficient to support continuous auditing. As a result, this audit focused instead on controls rather than just compliance. However, this audit also helped establish a foundation for continuous auditing as it relied on data analytics and established computer assisted techniques to measure compliance.
In addition, the Office of the Auditor General of Canada’s Spring 2017 Report on Managing the Risk of Fraud included an assessment of the Department’s controls to manage the risk of fraud in procurement. Based on this work, the report recommended that the Department “ensure that contract files and contracting data are complete and accurate" and “conduct data analytics and data mining to evaluate controls and identify signs of potential contract splitting, inappropriate contract amendments, and inappropriate sole-source contracting on a risk basis."
1.1 Departmental Context
Contracting activities in the Government of Canada are governed by the legislative, regulatoryFootnote 2, and Treasury Board Contracting Policy and Directive that determines how government procurement and contracting is to be conducted. In the Department, contracts are used at headquarters (HQ), regions and missions across the world. The Department employs contracts to support its business requirements by procuring goods (e.g. computer equipment and software), professional services, temporary help services, legal services, the relocation of employees, the construction of office buildings, and for hospitality.
Currently, there are two methods to initiate the procurement of good and services at the Department:
- Two automated systems to order goods and services through Shop@DFATD and Mission Request Online (MRO) systems; and
- A manual process which is based on an e-mail approval from manager.
The Department relies on a Financial Administration System (FAS) for accounting, including procurement and asset accounting. All financial and materiel transactions of the Department are reflected in FAS. The Department requires that all relevant contractual information to be accurately recorded in the Financial Administration System’s Materiel Management module (FAS/MM). Recording of contracts in FAS/MM follows the Department’s Directive on Recording Contracts in FAS/MM and data entry is performed by employees from Business Management Offices (BMO) and procurement specialists in Canada, and by employees in missions and Common Service Delivery Points (CSDP) for missions.
From March 1, 2017 to February 28, 2018, the Department established or amended approximately 15,800 contracts for goods and services, for a total amended value of approximately $740MFootnote 3. Many of those contracts were initiated in support of the Mission Network, with both Canada and foreign-based vendors (see Table 1).
| Contracts established and/or amended (Mar 1, 2017 – Feb 28, 2018) | Contracts for HQ and Regions under $25K (serviced by BMOs) | Contracts for HQ and Regions >= $25K (serviced by ACM4) | Contracts for Missions under $10K (serviced by CSDP) | Contracts for Missions >= $10K (reviewed by RCRB and serviced by CSDP or by ACM) | Totals |
|---|---|---|---|---|---|
| # of contracts | 2,115 | 832 | 10,245 | 2,612 | 15,804 |
| Value | $20M | $422M | $28M | $270M | $740M |
| Average value | $9,3K | $508K | $2,8K | $104K | |
| 4 Since April 1, 2018, serviced by SCM | |||||
Source: Financial Administration System (FAS)
1.2 Key Governance Bodies for Contracting
The Department‘s governance for contracting includes the following committees:
- Departmental Contract Review Board (DCRB) – The DCRB reviews and approves procurement strategies, as well as all procurements for services above $200K. All procurement proposed at HQ or missions for services above $200K, and those that are sensitive or represent a significant risk to the Department, must be submitted to the DCRB for review and approval of the procurement strategy. The DCRB is accountable to the Assistant Deputy Minister, Corporate Finance and Operations Branch as CFO;
- The Real Property Contract Review Board (RPCRB) – The RPCRB is responsible for review and approval of procurement strategies for proposed real property-related service contracts and construction contracts that exceed thresholds in the range of $100K to $150K. The RPCRB is accountable to the Assistant Deputy Minister, International Platform Branch (ACM) and to the DCRB for all procurements related to departmental properties, including construction; and
- Seven Regional Contract Review Boards (RCRB) – The RCRBs within the seven CSDPs (three remain to be fully rolled out by December 2018), service procurements for the Mission Network, to ensure effective management and oversight of mission procurement activities and approving mission contracts, amendments, supply arrangements and standing offers over $10K and below $25K for goods and $100K for services. Each RCRB is chaired by a CSDP Manager of Operations.
1.3 Key Stakeholders
Within the Department, there are four groups responsible for contracting:
- Within the Corporate Planning, Finance and Information Technology Branch (SCM), the Contracting and Material Management Policy division (SPP) is in charge of procurement policy, oversight and monitoring, and procurement training. In particular, SPP is responsible for the development, communication and interpretation of governance frameworks and instruments, advising senior management on significant instances of non-compliance and recommending follow-up actions, and reporting. As well, the division is the business owner of system enablers, including Shop@DFATD, and the Financial Administration System’s Materiel Management module (FAS/MM). It also acts as the Secretariat for the DCRB and oversees all the contract review boards within the Department.
- Within the International Platform Branch (ACM) two divisions, Domestic Procurement Operations (AAC) and Missions Procurement Operations (AAO), staffed by procurement specialists responsible for domestic procurement above $25K for HQ, and over RCRB thresholds or with Canada-based vendors for missions. Project Delivery, Professional & Technical Services (AWD) is responsible for real property construction and acquisition contracts.
- 16 BMOs for processing contracts below $25K in Canada.
- Delegated managers who have signature authority to enter into contracts for their fund center.
1.4 Contracting Delegation of Authority
At HQ and Canadian regional offices, delegated fund centre managers can approve contracts within their delegated authority, which is generally up to $25K for goods and services, and $400K for Temporary Help Services (THS). These contracts are processed by the branch BMOs, which are not procurement specialists. All proposed procurements above these limits are to be submitted to AAC that handles domestic procurement. Since April 1, 2018, the responsibility for the procurement of goods and services in support of the Department’s operations within Canada as well as all Department-wide information technology (IT) goods and services requirements was transferred from the AAC division of the International Platform Branch (ACM) to the SPP division of the Corporate Planning, Finance and Information Technology Branch (SCM). International Platform Branch (ACM) remains responsible for all goods and services procurement requirements abroad, including contracts related to real propertyFootnote 5.
Abroad, contracts below $10K for goods and services and $25K for construction can be approved by an individual with appropriate authority in the mission. Above this limit, a RCRB, established within the seven CSDPs must approve goods valued between $10K and $25K, services valued between $10K and $100K, and construction valued between $25K and $100K. All proposed procurements above the RCRB limits are to be submitted to AAC or AAO that handles mission contracting within the ACM Branch. If a mission requires goods that need to be purchased from Canada-based vendors, the AAC or AAO division of the International Platform Branch (ACM) remains responsible for these procurements.
2. Observations and recommendations
This section presents the audit’s observations and recommendations on data quality regarding contracting; contracting oversight and monitoring; compliance of contracting activities with regulations and policies; and efficiency in meeting operational needs.
2.1 Data Quality Regarding Contracting
The departmental Directive on Recording Contracts in FAS/MM states that “to ensure data integrity within FAS/MM, the information recorded must be as accurate as possible, with particular attention with regard to amounts, dates and coding requirements". The audit team expected that information regarding contracting activities captured in the FAS system would be accurate and complete and that the information would be consistent with that captured in the Shop@DFATD system.
2.1.1 Data Quality for Accurate Reporting
Data quality in the departmental financial systems is dependent on the employees entering the data. The audit team interviewed management involved in procurement and determined that there is an overall concern with reliability and accuracy of data for reporting. Currently, data must be verifiedprior to being used for analysis or decision making.
The audit team performed a reliability test on a random selection of 37 contracts. In the absence of a departmental expected error rate, the team set an expected standard error rate of 3% based on an industry best practice of 3-5% error rate for well controlled financial processesFootnote 6. The audit team concluded that the true error rate of the FAS system is above 3%Footnote 7 . As such, reliance on data to support departmental reporting is limited and requires manual adjustments.
In addition, through analysing the entire population of contracts created or amended between March 1, 2017 and February 28, 2018, the audit team noted other data integrity issues that stem from insufficient controls over data entry that may impact the quality of reporting on contracting activities. These issues are related to accuracy and completeness of data:
Accuracy:
- Certain contracts had a value in the system that was not reflective of the actual amended value;
- For service contracts in FAS the team found 295 contracts over $10K that were incorrectly using the “PO" document typeFootnote 8, totalling $18 million;
- Additional contracts created for payment purposes only, where original contracts already existed but cannot be modified;
- Competitive contracts were recorded in FAS as non-competitive; and
- Two instances were noted of contracts with vendor name, in the “contracting authority" field on the purchase order (PO) document, which resulted in system errors.
Completeness:
- 13 contracts recorded in the system had a zero value due to system time out which cannot be corrected or negative value due to exchange rate corrections;
- 54 call-ups did not have the standing offer and supply arrangements (SO/SA) number recorded which made it difficult to track the call-ups to the originating SO/SA document; and
- In the Shop@DFATD system, 22 orders were manually entered by the procurement officers, resulting in contracts valued at $2.25M where the S.32 approver was not recorded in the Shop@DFATD system.
2.1.2 Manual Entry of Shop@DFATD Orders in FAS
The information between Shop@DFATD and the FAS financial system was entered manually, leading to data entry errors. Such errors prevented matching requests made in the Shop@DFATD system with contracts in the FAS system. For example:
- 842 contracts in FAS for a t.30 210otal of $187M had an indicator for a Shop@DFATD order, yet we were not able to match to the current orders. This is due to contracts related to previous years’ orders being amended and also to data entry errors between systems of the Shop@DFATD Order ID, which are more likely to occur during rush periods at the end of fiscal year;
- Of 6,695 requests made in Shop@DFATD from March 2017 to February 2018, the audit team was able to only match 2,786 requests (42%) with contracts in FAS (See table 2); and
- Amounts of Shop@DFATD orders were different from the contracts in FAS related to these orders. In one instance, a mistake in the unit value for an order of 1,000 USB keys resulted in a total cost of $15M; the related contract in FAS was only $8.3K.
| Segments | Shop@DFATD | FAS | ||||||
|---|---|---|---|---|---|---|---|---|
| # requests | % requests | Total Cost | % of Cost | resulting FAS Contracts # | % of # | Resulting Contracts Value | % of Value | |
| <10k | 2,189 | 79% | $2,981,121 | 4% | 2,609 | 79% | $3,442,419 | 5% |
| 10k-<25k | 319 | 11% | $5,682,872 | 7% | 374 | 11% | $6,936,712 | 11% |
| 25k-<100k | 164 | 6% | $8,241,661 | 10% | 188 | 6% | $10,005,352 | 16% |
| 100k-<500k | 89 | 3% | $18,530,600 | 22% | 90 | 3% | $17,518,722 | 28% |
| >500k | 25 | 1% | $47,634,088 | 57% | 21 | 1% | $25,346,058 | 40% |
| Totals | 2,786 | 100% | $83,070,341 | 100% | 3,282 | 100% | $63,249,263 | 100% |
The data quality issues mentioned above were mainly caused by data entry activities. Proper monitoring of data quality in a timely manner is necessary to rely on data for reporting on the Department’s procurements made using the Shop@DFATD system.
Recommendation 1:
The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should establish data entry controls, adequate monitoring and timely rectification of erroneous data to achieve data integrity.
2.2 Contracting Oversight and Monitoring
2.2.1 Contracting Monitoring
The Treasury Board Contracting Policy states that “it is the responsibility of departments and agencies to ensure that adequate control frameworks for due diligence and effective stewardship of public funds are in place and working". This requirement is supported by a departmental Directive on Information Management for Procurement and Contracting, which stipulates that compliance should be monitored and reported on a regular basis by the Contracting and Material Management Policy division (SPP).
The audit team observed that SPP conducts a number of monitoring activities. On a monthly basis, SPP monitors THS limits and certain FAS data elements for contracts using Public Services and Procurement Canada (PSPC) methods of supply. On a quarterly basis as part of its Proactive Disclosure reporting work, SPP monitors contracts exceeding the $10K mandatory publication threshold. Monitoring is performed for factors pertinent to Proactive Disclosure such as incorrect use of GL accounts, changes in award dates, contracts entered after the award dates, and currency issues among others. The focus of this monitoring was contracts that required attention from a public disclosure perspective, such as sensitive and excluded contracts.
Based on a review of the Proactive Disclosure reporting and monitoring of PSPC Methods of Supply performed by SPP, the audit team noted that limited monitoring controls exist in regard to: contract splitting, delegated authority for contracts over $25K, THS limits, amendments exceeding 50% of contract value and former public servants. However, SPP informed the audit team that they did not have sufficient resources to monitor and take remedial action for all contracts falling within the established parameters.
2.2.2 Oversight Bodies - Contracting Review Boards
Treasury Board Contracting Policy states that it is the responsibility of departments to ensure that an adequate control framework is in place. Additionally, contracting authorities are encouraged to establish and maintain a formal challenge mechanism for all contractual proposals.
A level of oversight is carried out by both HQ and mission level of Contracting Review Boards. These boards aim to “demonstrate sound stewardship and risk management in the control of public funds administered through materiel management and procurement activities, ensuring that integrity, transparency, fairness and prudence are evident in the process to effectively and efficiently meet program needs, while achieving best value for the Crown."Footnote 9
The audit team reviewed the oversight function of the RCRBs over Mission Network contracts as defined in their Terms of Reference (ToR). The oversight process includes: reviewing the strategy and approach used to select the contract, verification of compliance with mission authority and reviewing whether the decision to pursue non-competitive or competitive processes is acceptable. The ToRs for RCRBs were recently updated by SPP as of February 2018.
However, staffing was still ongoing for three of the seven RCRBs. The ACM branch, which is responsible for staffing the RCRB, assigned each board with support resources composed of Canada-based staff and Locally Engaged Staff (LES). These support positions are trained through a new LES certification program endorsed by Treasury Board Secretariat.
The audit team also reviewed the functioning of the DCRB which is responsible for approving contracts over $200K and promoting compliance with contracting practices. The committee’s ToR (dated 2012), indicate that quorum of six voting members is required for approvals of procurements of goods and services contracts. The purpose of a quorum is to give contracting decisions sufficient authority to allow binding action. However, the audit team found that despite a quorum not being achieved for the period between March 2017 and February 2018, approvals for 82 contracts were still being made. Certain members were not replaced at the end of their term due to organizational changes and the rotational nature of these member positions.
Recommendation 2:
The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should ensure that the Terms of Reference for the Departmental Contract Review Board are updated to reflect an appropriate membership for approving contracts.
2.3 Compliance of Contracting Activities with Regulations and Policies
The audit team expected that the Department would have appropriate controls in place to ensure that contracts are compliant with applicable regulations and policies. The team examined high risk areas to determine whether sufficient controls existed to ensure compliance with regulations and policies. Although there were data quality issues as indicated in the previous section, the audit team was able to analyse risk areas by using Computer Assisted Audit Techniques (CAAT) to perform high level reviews of the totality of the available data, and then performed testing of sampled contract files to confirm whether the control deficiencies existed. The results of this analysis are presented below.
2.3.1 Controls to Ensure Compliance
According to the departmental Policy on Procurement, “the Chief Financial Officer is responsible for monitoring, reporting, oversight and compliance within the department".
Overlapping contracted resources working for different Fund Centres
The audit team found instances where professional services contracts using the same contracted resource to provide services simultaneously for different fund centres were in effect. Data analytics found 131 contracts that were overlapping in the period between beginning and end dates with the same resource name (see Table 3 below for breakdown).
| Contracts established and/or amended (Mar 1, 2017 – Feb 28, 2018) | Contracts for HQ and Regions under $25K (serviced by BMOs) | Contracts for HQ and Regions >= $25K (serviced by ACM) | Contracts for Missions under $10K (serviced by CSDP) | Contracts for Missions >= $10K (reviewed by RCRB and serviced by CSDP or by ACM) | Totals |
|---|---|---|---|---|---|
| # of contracts | 41 | 28 | 62 | 0 | 131 |
| Value | $564K | $6.15M | $87K | $0 | $6.8M |
| Average value | $ 14K | $ 220K | $ 1.4K | $0 |
The audit team reviewed four such instances and found two resources with overlapping time sheets. Another instance was indicative of data entry errors, while another instance presented no issue. For example, one contractor worked up to 60.5h per week, which exceeded the 48h maximum regulated by the Canada labour code. Management agreed that the monitoring of overlapping contracts with the same resource with different fund centers would be a useful control, which would also be beneficial to detect potential fraud.
Duplicate Vendors
The Department’s Directive on Recording Contracts in FAS/MM defines a contract as “a legally binding document agreed between a purchaser and a vendor" and indicates that the fund centre manager or project authority is responsible for participating in the selection of vendors. Existence of duplicate vendors in the FAS/MM system is an issue, as multiple records of the same physical vendor will increase risk for inappropriate and/or fraudulent payments. The audit team noted that there are a number of duplicate vendors in the FAS system, as can be seen in the graphic below:
Based on the results of the above data analysis, there are 305 instances of duplicate vendors at HQ (0.6% of all vendors in HQ) and 706 instances of duplicate vendors in missions (0.3% of all vendors in Missions). Of those, 20 HQ vendors and 62 mission vendors had payments against all of the duplicates, which present a fraud risk. Payments for contracts established against these vendors totalled $1.5M.
Payment of duplicate invoices
The audit team found 38 invoices related to contracting for a value of $290K that had the same invoice number, same vendor and same amount. Of these 38, a judgemental sample of 12 instances was selected, corresponding to six cases of unique invoice numbers, vendors and amounts, totalling
approximately $91K. The audit team found that in two cases, both invoices were paid. In both instances, the duplicate payments were credited by the vendors on subsequent invoices, effectively reimbursing the Department for the duplicate payments. Of four remaining cases, three did not have double payments and one lacked appropriate documentation for the review.
Contract Splitting
The audit team performed data analytics on all the contracts awarded and amended within the scope of the audit and found the following areas of potential contract splitting:
- 4,298 contracts with the same vendor, same fund centre, same period; and
- 2,902 contracts with a short period between the end of the first contract and start of the second contract;
The audit team found that, in one instance, two contracts for renovation work valued at $22.5K and $24.9K were entered in the system as different types of contracts, yet a review of the service provided determined that they were for the same project. In another instance, two contracts for consulting services valued at $24K each were for related services delivered over the same period. In both cases the contracts were under the $25K limit allowing for sole-sourcing.
Temporary Help Service (THS) Contracts over Mandated Limits
As per PSPC regulation, the audit team expected that no THS contract would exceed $400K and that all THS contracts exceeding 48 weeks were extended for no more than an additional 24 weeks. The audit team reviewed 14 THS contracts that exceeded 48 weeks and determined that none of them exceeded the mandatory maximum of 72 weeks.
Over the course of the audit, SPP has been pursuing an opportunity to automate the monitoring of compliance by building an in-house monitoring tool containing over 120 validation rules, which would help improve detective controls.
Recommendation 3:
The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should ensure that the Department strengthens controls to reduce the risk of non-compliance with applicable contracting regulations and policies.
2.3.2 Verification Controls for Procurement
The audit team expected that, according to the Treasury Board Directive on Delegation of Spending Authorities, contracts would be initiated by employees with appropriate financial authority under S.32 of the Financial Administration Act (FAA).
The audit team found control deficiencies in the two automated systems used by the Department to order goods and services. In the first instance, the MRO system did not ensure that the requestor using the system had S.32 authority. For Shop@DFATD system, there is no automated control to ensure that the person identified as initiator actually has the S.32 authority to initiate the contract. The audit team was informed that the self-identification of S.32 authority is dependent on an “honor based system".
The current automated system method for procurement lacks verification controls to ensure compliance with government policies and regulations. As such, there is a risk that contracts could be initiated by non-authorized employees.
Given this inherent risk, the audit team reviewed contracts linked to Shop@DFATD tracking numbers and found that 81% names had S.32 approval authority, while 6% at HQ and 13% at Mission did not (see Table 4).
| For HQ | For Mission | |||||||
|---|---|---|---|---|---|---|---|---|
No risk | 44 names without FAA S.32 (6%) | 89 names without FAA S.32 (13%) | ||||||
Matched FAA S.32 | Management | Management | Admin | Consultant | Management | Other/IT/OGD | Admin | LES |
561 names | 21 names; | 16 names; | 3 names; | 4 names; | 14 names; | 18 names; | 1 names; | 56 names; |
81% | 3% | 2% | <1% | <1% | 2% | 3% | <1% | 8% |
Not matched with FAA S.32 = 133 names; 19% | ||||||||
Text version
Catalog | Shop@DFATD Orders approved by LES which resulted in a contract |
Gift Bank and Promotional | 18% |
Household Furniture and Appliances | 3% |
IT Hardware and Peripherals | 5% |
Office Supplies | 57% |
Physical Security Equipment | 2% |
Professional Services | 1% |
Representation, Communications & Official Portraits | 9% |
Miscellaneous Items | 5% |
LES do not have S.32 authority to initiate contracts other than in certain specific positions where they perform duties similar to a Management and Consular Officer (MCO) or a Deputy Management and Consular Officer (DMCO). From March 2017 to February 2018, LES without S.32 authority approved 151 requests which resulted in $365K of contracts in the FAS system, of which 57% were for office supplies ($40K in 96 contracts) and 1% were for professional services ($242K in 2 contracts) (see graphic below for a distribution of these orders).
Given these findings, there is a risk that contracts that were initiated by non-authorized employees may not have been originally required.
Currently, other government departments such as Canada Post and Health Canada have established systems to enhance effectiveness of the organization’s workflow and allow end-to-end transaction processing. Moving forward, SCM branch has proposed a project to establish automated S.32 and S.34 signature function in the FAS system to foster better practices in procurement and contracting.
Recommendation 4:
The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should implement authority controls for the initiation of the procurement of goods and services that are ordered through departmental automated systems.
2.3.3 PSPC Mandatory Vendors for Furniture Purchases for Missions
PSPC established mandatory standing offer and supply arrangements (SO/SA) that apply to all departments for a list of commodity groups, such as furniture, office supplies, vehicles and professional services. We expected that most transactions that fall into these categories would use the mandatory PSPC SO/SA.
Through data analysis, the audit team determined that the highest dollar value of potential non-compliance with the mandated PSPC SO/SA was in the furniture commodity group. From March 2017 to February 2018, the Department initiated or amended $19.4 million dollars of contracts for furniture. Of these, $11 million (56%) in contracts had Canada-based vendors that were not on the mandatory PSPC SO/SA list (see graphic on next page for a distribution of these contracts).
Text version
The diagram includes a pie chart that illustrates the proportion of furniture contracts with Canada-based vendors from and not from the mandatory Standing Offer and Supply Arrangements list. The proportion of contracts with vendors not from the mandatory Standing Offer and Supply Arrangements list is further broken-down by the type of furniture and the destination for its use.
The distribution of furniture contracts with Canada-based vendors from and not from the mandatory Standing Offer and Supply Arrangements list is as follows:
- 671 contracts, valued at $8.5 M or 44% of the total value, are contracts with a Mission vendor or Canada-based vendor from the mandatory Standing Offer and Supply Arrangements list; and,
- 1518 contracts, valued at $10.9 M or 56% of the total value, are contracts with Canada-based vendors not from the mandatory Standing Offer and Supply Arrangements list. Of these 1518 contracts, which represent a risk of not following the Public Services and Procurement Canada Standing Offer and Supply Arrangements for furniture:
- 53 contracts, valued at $601 K or 3% of the total value, are for Office Furniture for HQ;
- 1004 contracts, valued at $6.2 M or 32% of the total value, are for Household Furniture for Missions; and,
- 461 contracts, valued at $4.1 M or 21% of the total value, are for Office Furniture for Missions.
The Mission Procurement Operations (AAO) bureau is aware of the risk of non-compliance when purchasing office furniture from non-PSPC approved vendors. In order to reduce this risk, there is an effort to consolidate 1,600 suppliers to minimize purchases of furniture for missions from Canada-based vendors. In addition, according to management, there is a potential opportunity of reducing shipping costs by approximately $170K per yearFootnote 10.
2.4 Efficiency in Meeting Operational Needs
The departmental policy on procurement states that “individuals occupying positions within the department are accountable for effectively and efficiently managing their resources and related deliverables." The audit team expected that departmental contracting practices are appropriate to meet operational needs, ensure efficiency, and respect service level agreements established by the department.
2.4.1 Small Value Contracts
The Treasury Board Contracting Policy outlines that contracts involving purchases made using acquisition cards are exempted from certain rules such as reporting on T1204 slips. Moreover, the PSPC directive on acquisition card purchases exempts such purchases from additional provisions aiming to eliminating administrative burden to procure, including eliminating verification requests against overlapping transactions.Footnote 11
Currently, the Department has many purchase orders under $2K, which represents 26% of all contracts (4,169 of 15,804) reviewed by the audit team (see table 5). These contracts could potentially be either consolidated into larger contracts, or processed through acquisition cards to gain efficiency.
| Purchase orders under $2k | For HQ | For Missions | |||
|---|---|---|---|---|---|
| # | value | # | value | ||
| All PO under or equal $2K | 620 | $ 420,969 | 5,048 | $3,489,994 | |
| Less: Covered by SO/SA arrangement | (158) | ($132,768) | (1,341) | ($814,505) | |
| Potential to use acquisition cards | 462 | $ 288,201 | 3,707 | $ 2,675,489 | |
| Average value | $624 | $722 | |||
The audit team was advised by the AAO bureau that an industry estimate for processing a procurement card transaction is $20, compared to $200 for a purchase order. Therefore, the potential cost saving for transferring the 4,169 purchase orders identified above (462 for HQ and 3,707 for mission) to acquisition cards would be $750K (($200-20) x 4,169). In addition, procurement personnel estimate that it typically takes between 0.5h to 1h of work to prepare a purchase order. Using acquisition cards, which require less time than preparing purchase orders, could reduce workload.
With small-value contracts under $2K occurring predominantly for missions, the AAO division is developing tools to identify opportunities for reducing suppliers, increasing savings, and consolidating small value contracts.
2.4.2 Service Level Agreements to Meet Operational Needs
The audit team expected that departmental contracting practices would be appropriate to meet operational needs. The departmental procurement follows the Service Level Agreement (SLA) established in 2013 by the Contracting and Materiel Management division of the International Platform Branch (ACM). One of the guiding principles of the SLA was to achieve value for money and sound stewardship in the management of contracts through an efficient and effective business process. SCM branch is responsible for monitoring whether the SLA is met, on a quarterly basis. The SLA applies to contracts initiated through the Shop@DFATD system and excludes those procured outside of the procurement systems, with direct help from BMOs.
The audit team found that the Department did not meet the SLA for more than half of the requests in Shop@DFATD (54%). This was confirmed by management with regard to the length of time it takes to issue contracts, especially when the contracts are competitive and with values over $25K, which is above the threshold serviced by BMOs.
Source: SPP division
Text version
Fiscal Year 2015-16 | Fiscal Year 2016-17 | Fiscal Year 2017-18 | |
Total number of Shop@DFATD requests | 10365 | 7188 | 7430 |
Number (percentage) of requests meeting the service standard | 7803 (75%) | 5527 (77%) | 3451 (46%) |
Number (percentage) of requests not meeting the service standard | 2562 (25%) | 1661 (23%) | 3979 (54%) |
AAC and AAO officials told us that the SLA is not up-to-date to reflect current business needs. Moreover, since the 2013 SLA only specifically includes the BMO of ACM branch, it is unclear whether the SLA applies to all BMO offices. As such, the BMOs were not aware of any service standard applying to them. Currently, a pilot project of two BMOs is monitored against this SLA.
The audit team noted that the results of the monitoring conducted by SPP on SLA were not shared regularly with the SLA owners within the ACM branch. The quarterly reports were only shared during the yearly departmental reporting periods. Receiving these monitoring results on a regular basis could potentially improve awareness of not meeting the SLA and allow for course-correction.
Furthermore, having three separate operational business units (AAC, AAO and SPP) under two branches providing procurement services may cause challenges to achieve service delivery expectations for clients. In addition, the workflow of the procurement specialists in the two branches, including application of standards, development of tools and capturing of information in automated systems may vary, which could affect the efficient delivery of services as intended.
Recommendation 5:
The Assistant Deputy Minister, International Platform Branch and the Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch should:
- update the Service Level Agreement and identify its business owners and its client base; and
- share Service Level Agreement monitoring results on a regular basis.
Conclusion
The audit team concluded that Global Affairs Canada does not have effective controls to ensure that contracts are compliant with applicable regulations and policies. While some contracting controls have been implemented and key personnel interviewed demonstrated adherence to existing policies and procedures, they are not sufficient to monitor data, practices and control contracting activities and for taking early effective remedial action in areas where significant deficiencies are encountered or improvements are needed. The Chief Financial Officer (CFO) did, however, recognize the importance of addressing the findings of the audit and demonstrated his commitment to undertaking corrective actions.
Appendix A: About the audit
Objective
The objective of this audit is to determine whether Global Affairs Canada has effective controls in place to ensure that contracts are compliant with applicable regulations and policies.
Scope
The audit covers all contracts and amendments issued between March 1, 2017 and February 28, 2018. To ensure the audit objective is achieved, the audit focused on key components of the Department’s contracting activities, including compliance with contracting policies; oversight and monitoring; and data integrity.
The audit scope did not include any aid contracts funded under Vote 10 (grants and contributions funding). This reflects the direction from the Continuous Auditing Strategy, which determined that there was insufficient data to test grants and contributions through continuous audit. These types of contracts will be assessed under other audit engagements.
Criteria
The following criteria were developed based on the results of audit risk assessment and on the controls expected to be in place:
- The Department has appropriate and effective oversight and monitoring controls in place to mitigate risks of non-compliant contracting activities.
- The Department’s contracting activities comply with applicable regulations and policies.
- Information regarding contracting activities captured in the FAS database is accurate and complete.
Approach and Methodology
The audit was conducted in accordance with the Treasury Board Policy on Internal Audit. This required that the audit be planned and performed in such a way as to obtain reasonable assurance that the audit objective is achieved.
In order to conclude on the audit objective, the following methods were used to gather evidence:
- Identify and review relevant policies, directives, and guidelines;
- Perform walkthroughs and mapping of the Departmental contracting processes, from which related key risks and controls are identified;
- Conduct detailed testing on the contract population and selected samples;
- Perform data analysis of financial and non-financial information;
- Conduct interviews with employees involved in the contracting process; and
- Apply other relevant methods as deemed necessary by the audit team.
Specifically, the audit findings are a result of data analysis of the contract information recorded in the FAS and Shop@DFATD databases, review of 94 contract files and more than 10 interviews with departmental key personnel in the areas responsible of establishing, managing and monitoring contracts for the Department.
The audit team used data analytics using the Computer Assisted Audit Techniques (CAAT), a method that uses automated tools for data analysis. This technique is designed to provide proactive identification of potential control issues that could be occurring. It focuses on core controls and risk areas that could enhance internal controls.
Appendix B: Contracting at Global Affairs Canada (as intended)
Text version
The Appendix B is a flowchart created by the audit team in consultation with all related stakeholders. It illustrates the processes and key players involved in contract initiation and award at Global Affairs Canada under different thresholds.
Source: The process map was initially developed by the audit team based on reviewing of documentation and interviews with auditees. This flowchart was confirmed with Domestic Procurement Operations division and Missions Procurement Operations division.
Description:
process map shows the groups involved in contract initiation and award at Global Affairs Canada. For HQ-initiated contracts, procurement orders under $25k or call-up against Public Services and Procurement Canada standing offers are processed by Business Management Offices; orders less than $25k or IT procurement are processed by the Contracting and Material Management Policy division of the Corporate Planning, Finance and Information Technology Branch, with procurements over $200k being posted on Government Electronic Tendering System; most contracts exceeding trade agreement thresholds have to be posted on Government Electronic Tendering System (exceptions would include Supply Arrangements or Standing Offers done through Public Services and Procurement Canada), and reviewed by the Departmental Contract Review Board. The intended tool for placing the orders is Shop@DFATD.
For Mission-initiated contracts, there are two options 1) for procurement orders requiring purchase from Canada-based vendors are processed by the Domestic Procurement Operations division of the International Platform Branch (or the Missions Procurement Operations division for some purchases of vehicles, furniture and certain specific items, the Missions Procurement Operations division may purchase from Canada-based vendors; however reliance on Canada-based vendors is in process of being reduced. For certain security items the Domestic Procurement Operations division purchases from Mission-based vendors). 2) for procurement orders requiring purchase from Mission-based vendors, procurement orders under $10k are processed by mission staff; procurement orders over $10k to Regional Contract Review Board’s thresholds are reviewed by the RCRB and contracts are created by Common Service Delivery Points; for procurement orders exceeding RCRB threshold, the orders are placed through the Shop@DFATD tool and processed by the Missions Procurement Operations division of the International Platform Branch (or the Domestic Procurement Operations division for certain security items), with procurements over $200k being posted on Government Electronic Tendering System and reviewed by the Departmental Contract Review Board.
Appendix C: Management action plan
Audit Recommendation | Management Action Plan | Responsible Area *Note* | Expected Completion Date |
|---|---|---|---|
| The Assistant Deputy Minister, International Platform Branch and the Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch agree with this recommendation. ACM and SCM agree to work together to enhance procurement data integrity by:
| SCM ACM
| Review of procurement data entry controls: March 31, 2019. Review of guidance documentation: FY 2019/20. Correction of erroneous data: Immediate and ongoing |
| The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch agrees with this recommendation. SCM will ensure that the Terms of Reference (ToR) for the Departmental Contract Review Board (DCRB) are updated to reflect an appropriate membership for approving contracts. | SCM | Update of membership: December 31, 2018. Publication of updated DCRB ToR on internal website: March 31, 2019 |
| The Assistant Deputy Minister, International Platform Branch and the Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch agree with this recommendation. SCM agrees to lead in consultation with ACM:
| SCM ACM | Review of procurement controls: March 31, 2019 Review and update of training documentation with the CFSI: FY 2019/20 Review of operations controls March 31, 2019. |
| The Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch agrees with this recommendation. SCM will strengthen authority controls for the initiation of the procurement of goods and services by:
| SCM | Implementation of Section 32 Validation procedure: March 31, 2019.
|
| The Assistant Deputy Minister, International Platform Branch and the Assistant Deputy Minister, Corporate Planning, Finance and Information Technology Branch agree with this recommendation. ACM and SCM will work collaboratively to:
| ACM SCM | Update of Service Level Agreements (SLA): March 31, 2019. Implement SLA monitoring framework: March 31, 2019 Sharing of monitoring results: FY 2019/20 |
* Note *
As of April 2018, responsibility for domestic procurement was transferred to SCM. Therefore, both ACM and SCM now jointly share responsibility for procurement operations in the department. Procurement policy, monitoring and controls remain with SCM.
Appendix D: Acronyms
BMO | Business Management Offices |
CAAT | Computer Assisted Audit Techniques |
CFO | Chief Financial Officer |
CSDP | Common Service Delivery Point |
DCRB | Departmental Contract Review Board |
DMCO | Deputy Management and Consular Officer |
FAA | Financial Administration Act |
FAS | Financial Administration System |
FAS/MM | Financial Administration System’s Materiel Management module |
HQ | Headquarters |
LES | Locally Engaged Staff |
MCO | Management and Consular Office |
MRO | Mission Request Online |
PO | Purchase Order |
PSPC | Public Services and Procurement Canada |
RCRB | Regional Contract Review Board |
RPCRB | Real Property Contract Review Board |
SO/SA | Standing Offer and Supply Arrangements |
SLA | Service Level Agreement |
THS | Temporary Help Services |
