Audit of Procurement at Missions Supported By CSDP Mexico
June 2022
Table of contents
- 1. Background
- 2. Objective, Scope and Methodology
- 3. Findings
- 4. Conclusion
- 5. Recommendations and Management Response and Action Plan
1. Background
Policy Requirements
- Financial Administration Act (FAA)
- Treasury Board:
- Contracting Policy
- Policy on Materiel Management
- Policy on Financial Management
- Directive on Delegation of Spending and Financial Authorities
- Global Affairs Canada:
- Delegation of Financial and Contractual Signing Authorities Instrument
- Official Hospitality Outside Canada Policy
- Directive on Membership Fees
- Procedures Specified Purpose Accounts
Administration and Management
- The Contracting Authority (as per the Delegation of Financial and Contractual Signing Authorities) is accountable for ensuring the contracting process satisfies legal, policy, and trade obligations. The Contracting Authority exercising section 41 of the FAA will either be the mission or Mission Procurement (AAO).
- The Fund Centre Manager or Project Authority at mission or Mission Procurement (AAO), is responsible for expenditure initiation; administering and managing procurement; certifying financial commitments (FAA, section 32); and certifying contract receipt (FAA, section 34).
- The Common Services Delivery Point (CSDP) is responsible for approving requisitions for payments and authorizing payments (FAA, section 33) related to procurement transactions at missions.
- Contracting and Materiel Management Policy (SPP) is responsible for monitoring and enforcing procurement and materiel management policies and providing functional direction and advice.
- Financial Operations, International (SMFF) develops procedures and guidance on mission payments and monitors payments. Ensures, in consultation with Corporate Accounting Unit (SMOQ), that proper financial codes are inputted in FAS for mission payments.
- All procurement must be approved by the appropriate authorities and compliant with applicable policies listed on the previous slide.
Procurement Symbols and Terms
| Type | Symbol/Term | Description |
|---|---|---|
| Document Types and Tools | KR – Vendor Invoice | A direct invoice not associated to a Purchase Order. |
| RE – Invoice Receipt | An invoice associated to a Purchase Order. | |
| Financial Commitments | PO – Purchase Order | Contractual commitment for goods or low complexity, low risk service contracts below $10,000 CAD. |
| PS1 | Contractual commitment for high complexity service contracts above $25,000 CAD. | |
| PS2 | Contractual commitment for low complexity service contracts between $10,000 CAD and $25,000 CAD. | |
| Confirming Order | Payment mechanism, used in limited circumstance, to pay for services where a financial obligation exists. A Confirming Order is not a mechanism to initiate a contract. |
2. Objective, Scope and Methodology
About the Audit
Objective
- The objective of the audit was to determine whether Global Affairs Canada has effective controls in place to support compliance of mission procurement activities with applicable regulations and policies.
Criteria
- The Department put in place appropriate and effective oversight and monitoring controls to mitigate risks of non-compliant procurement activities.
- Procurement activities at missions comply with applicable regulations and policies.
- Information regarding procurement activities at missions is accurate and complete.
Scope
- Population Testing
- FY 2018-19 to 2020-2021
- 26 missions
- 97 021 transactions (KR and RE)
- $111 million
- Sample Testing
- FY 2020-2021
- 21 missions
- 278 samples representing 616 transactions
- $3.5 million
Statement of Conformance
The audit was conducted in conformance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and with the Treasury Board Policy and Directive on Internal Audit, as supported by the results of the external quality assurance assessment.
Methodology - Data Analytics
Risk-Based Planning
- Conduct an assessment of high risk procurement and contracting practices in South America region
- Develop in-depth quantitative understanding of data
Data Analytics and Testing
- Assess control effectiveness, identify control deficiencies, and detect potential fraud (e.g., double payment)
- Population analysis
- Transaction testing as required
- Conduct contextual and informational interviews
Implementation of Continuous Monitoring Approach
- Explore data analytics monitoring practices
- Provide timely information and potential findings related to key controls and management of processes
- Transfer data analytic scripts to program area and internal controls.
Population
26 Missions supported by CSDP Mexico:
- Acapulco
- Bogota
- Buenos Aires
- Cancun
- Caracas
- Guadalajara
- Guatemala
- Havana
- La Paz
- Lima
- Los Cabos
- Managua
- Mazatlán
- Mexico
- Monterrey
- Montevideo
- Panama
- Playa del Carmen
- Puerto Vallarta
- Punta Cana
- Quito
- San Jose
- San Salvador
- Santiago
- Santo Domingo
- Tegucigalpa
Procurement Numbers by Fiscal Year:
| Description | 2019 | 2020 | 2021 | Total |
|---|---|---|---|---|
| * Less than 1% (25) of the 2,507 contracts are above $100,000 CAD. | ||||
| Expenditures (Millions, $CAD) | 40 | 39 | 32 | 111 |
| Transactions | 37,858 | 36,727 | 22,436 | 97,021 |
| Contracts* | 1,136 | 824 | 547 | 2,507 |
Methodology - Sample Selection
The audit team selected and tested 278 samples representing 616 transactions from fiscal year 2021:
- The samples were selected using a risk-based approach where results cannot be extrapolated to the population:
- This approach allows identification of instances where controls may have been absent or not functioning as intended.
- Data analysis was used to categorize transactions, identify trends and anomalies, and analyze available contracting data. The audit team used this information to identify risk-based selection criteria for the sample.
- The selection criteria were based on:
- Mission risk factors such as frequency and volume of transactions, total spending, local environment, and mission characteristics;
- Transaction and contracting information such as commodity type, procurement instrument, and approval requirements; and
- Outlier transactions and potential split contracts or duplicate payments.
- The samples were selected from fiscal year 2020-2021 to take into account recent changes to procurement policy as well as operations during the pandemic.
- The tests assessed compliance and operating effectiveness.
| Missions | Samples | Total Transactions included in Samples (RE and KR) | Total Amount |
|---|---|---|---|
| Bogota | 38 | 160 | $441,127 |
| Buenos Aires | 20 | 34 | $88,250 |
| Caracas | 10 | 12 | $69,414 |
| Guadalajara | 4 | 32 | $18,306 |
| Guatemala City | 20 | 33 | $292,214 |
| Havana | 23 | 84 | $620,530 |
| La Paz | 4 | 4 | $19,243 |
| Lima | 25 | 51 | $229,135 |
| Managua | 9 | 11 | $44,168 |
| Mexico City | 21 | 27 | $175,961 |
| Monterrey | 7 | 11 | $14,381 |
| Montevideo | 12 | 14 | $68,145 |
| Panama City | 11 | 14 | $282,744 |
| Punta Cana | 5 | 11 | $24,835 |
| Quito | 10 | 25 | $111,332 |
| San Jose | 10 | 38 | $165,668 |
| San Salvador | 7 | 7 | $165,489 |
| Santiago | 13 | 13 | $50,242 |
| Santo Domingo | 19 | 25 | $521,701 |
| Tegucigalpa | 10 | 10 | $98,799 |
| Total | 278 | 616 | $3,501,691 |
3. Findings
Overall Assessment
| Criteria | Assessment | Findings | |
|---|---|---|---|
| Criterion 1 | The Department put in place appropriate and effective oversight and monitoring controls to mitigate risks of non-compliant procurement activities. | Needs ModerateImprovement | 41% of sampled contracts were not documented at theappropriate level. |
| Closed funds were being repurposed while keeping the sameidentification number, which may be misleading whenmonitoring expenditure trends. | |||
| 14 contracts were not proactively disclosed and did not haveany rationale for non-disclosure. | |||
| Criterion 2 | Procurement activities at missions comply with applicable regulations and policies. | Needs Improvement | There were 73 instances of non-compliance with the FAAsuch as delegated authority not exercised in appropriate order. |
| There were 22 instances where missions did not use theappropriate procurement instrument. | |||
| There were two instances of contract splitting. | |||
| Criterion 3 | Information regarding procurement activities at missions is accurate and complete. | Needs ModerateImprovement | Transactions were accurately recorded into the FinancialAdministration System, except for a $500 million contractthat was erroneously recorded. |
| 89 contracts did not have complete copies of contractsuploaded into the Financial Administration System. | |||
3.1 Data Integrity
Requirement
- According to TB’s Policy on Financial Management and GAC’s Directive on Recording of Contracts in FAS/MM, timely and accurate departmental financial information should be available to support decision making in the department and across government.
Controls
- The mission ensures that all information is recorded accurately in the financial administration system before certifying that goods have been delivered or services have been rendered (Section 34 of the FAA).
- Mission Procurement (AAO) monitors activities by sampling transactions to verify the accuracy and completeness of documentation and data entry.
Findings
- Based on population and sample testing results, transactions were recorded accurately into the financial administration system.
- Exception: The audit team noted a contract valued at $500 million, which is unusual since no mission has a budget of that magnitude. This was confirmed to be an error. This contract never reached signature point (ratification) and therefore, no payment was made against it. Existing system controls did not prevent the recording of such a high amount.
- As part of the analysis of proactive disclosure of contracts above $10,000 CAD, the audit team identified system and manual errors in the financial administration system that resulted in 9 contracts not being disclosed as required.
Recommendation 1:
The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) should identify data inaccuracies caused by the financial administration system and take corrective measures.
3.2 Compliance
Requirements
- All financial transactions must comply with the requirements of the Financial Administration Act (FAA).
- According to TB’s Contracting Policy, contracting authorities must not split contracts or contract amendments in order to avoid obtaining the appropriate approval required by legislation or policies.
- According to department’s Standard on Pre- and Post- Contractual Work, when the work is performed in absence of a written agreement and the value is greater than $2,000 CAD, a confirming order is required before an invoice can be paid. This threshold increased to $5,000 during the pandemic.
- As per departmental guidelines (i.e. Procedures for Petty Cash, Directives on Recording of Contracts in FAS), monetary thresholds determine which procurement instruments must be used when obtaining goods and services.
Controls
- The mission oversees that the nature and purpose of the request for purchases are accurate and comply with all applicable policies and procedures through appropriate delegation of authorities.
- Mission and HQ staff exercising FAA delegated spending and financial authorities have specimen signature cards documenting the extent of their delegated authority. These signature cards are available in the financial administration system to allow verification of transactions. Staff must complete departmental training before being granted FAA delegated authorities.
- The CSDP reviews any supporting documentation submitted by the mission before authorizing payment and can challenge purchases made by the missions.
Findings
57 samples out of 278 (21%) had 73 instances of non-compliance with the Financial Administration Act (FAA)
- 37 instances – FAA delegated authority not exercised in the right order
- 15 instances – FAA signatures not dated
- 10 instances – Invalid specimen signature card
- 7 instances – FAA delegated authority not documented
- 4 instances – Segregation of duties not properly exercised
In addition:
- 2 instances: The audit team identified contract splits that had multiple contracts for the same good or service, location, and period.
- 22 instances: The mission did not use the correct procurement instrument.
Recommendation 2:
The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) and the Assistant Deputy Minister of International Platform (ACM) should:
- Continue to provide support to missions to enable greater compliance with applicable procurement policies and the Financial Administration Act, especially the delegation of authority.
- Continue the implementation of electronic signatures across all Common Services Delivery Points so that approvals on key documentation comply with the Financial Administration Act.
3.3 Supporting Documentation
Requirements
- As per TB’s Policy on Contracting, the departmental Directive for Recording of Contracts in FAS-MM, and GAC’s Directive on Information Management, procurement activities should be fully documented and recorded, including contractual commitments and payments.
- According to the Finance and Materiel Management Service intranet page, as of October 2, 2018, procurement officers are required to attach a complete copy of the signed contract and any subsequent amendments to the contract document in the Material Management module (FAS-MM).
Controls
- Departmental guidance is in place to outline supporting documentation to upload into the financial administration system.
- Contracting authorities and program managers at missions receive training on procurement and payment documentation requirements.
- The CSDP reviews and can challenge supporting documentation submitted by the mission before authorizing payment (Payment Authority - Section 33 of the FAA).
- Contracting and Materiel Management Policy (SPP) and Mission Procurement (AAO) conduct monitoring to assess completeness of data entry.
Findings
99 Contracts were signed after October 2, 2018
- Out of the 88 contracts initiated at the missions, 86 had an incomplete copy of the contract in the system.
- Out of the 11 contracts initiated at headquarters, 3 had an incomplete copy of the contract in the system.
In addition:
- Among the 278 samples, there were 8 confirming orders, of which 2 did not have justification forms attached.
- 15 samples out of 278 did not have all the required documentation (such as invoices or hospitality forms) attached in the financial administration system.
Recommendation 3:
The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) and the Assistant Deputy Minister of International Platform (ACM) should review supporting documentation requirements and communicate these requirements to strengthen awareness and reinforce compliance.
3.4 Contract Monitoring and Reporting
Requirements
- According to TB’s Contracting Policy:
- The department is responsible for establishing, monitoring and maintaining internal controls over contracting activities to support effective stewardship of public funds and compliance with legislative and policy requirements; and
- Contracts valued at $10,000 CAD or above must be proactively disclosed every quarter. There are limited exceptions, most notably related to national security and legal services.
- As per departmental approval authorities, contracts above certain monetary thresholds must be approved by various committees or Mission Procurement (AAO) and those decisions must be documented.
Controls
- The department put in place Regional Contract Review Boards (RCRBs) and a Departmental Contract Review Board (DRCB) to support effective management and oversight of mission procurement activities.
- DCRB and RCRB decisions are manually tracked through Excel spreadsheets.
- Contracting and Materiel Management Policy (SPP) is responsible to track and report contracts over $10,000 CAD.
Findings
Of the 121 contracts included in the 278 samples, 49 contracts did not have documented evidence demonstrating that they were approved at the appropriate level.
- 37 contracts signed before November 2020 were informally tracked and therefore RCRB approvals were not readily available.
- 8 contracts out of the 9 signed after November 2020 that had to be approved by RCRB did not have documented approval. As of November 2020, it was mandatory for all procurement activities to be processed through Shop@DFATD, and CSDPs started using the automatically generated identification number to track RCRB decisions.
- 1 contracts out of the 8 that had to be approved by AAO did not have documented approval; and
- 3 contracts out of the 3 that had to be approved by DCRB had documented approval.
There were 575 contracts above $10,000 that were required to be disclosed.
- 57 of these contracts were not publicly disclosed of which 14 did not have rationale for the non-disclosure.
- Included in the 14 contracts that had no rationale for non-disclosures are the 9 contracts mentioned at finding 3.1 that were not disclosed because of system and manual errors. Please see Recommendation #1 for this issue.
In addition:
- When funds are closed, some of them are simply repurposed into new and different funds while keeping the same identification number. Consequently, when monitoring these funds, expenditure trends may be misleading with no information to explain it as a result of a loss of an accurate audit trail.
Recommendation 4:
The Assistant Deputy Minister of International Platform (ACM) should accurately track decisions made by the Regional Contract Review Board that is coordinated by the Common Service Delivery Point-Mexico.
4. Conclusion
The effectiveness of controls were assessed on a risk-based sample of transactions using data analytics as the main methodology and as such, this audit report documents results that are exceptions.
Based on an examination of procurement activities of missions supported by the Common Service Delivery Point - Mexico, effective controls were generally in place to support compliance with applicable regulations and policies. Overall, transactions were recorded accurately into the financial administration system based on the population and sample testing results. To support a stronger mission procurement program, areas of improvement include monitoring, compliance, and information management.
5. Recommendations and Management Response and Action Plan
| Audit Recommendation | Management Response | Management Action Plan | Area Responsible | Expected Completion Date |
|---|---|---|---|---|
| 1. The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) should identify data inaccuracies caused by the financial administration system and take corrective measures. | SCM agrees and accepts the recommendation. While the target is 100% accuracy for data entry, there will always be a certain number of errors due to human or system factors. Since SAP is a government-wide system, fixing system issues require the involvement of several stakeholders beyond the department. Considering this, the department put alternative measures in place to detect these type of errors, as described in the action plan. | SCM/SPP: 1) SPP has a rules based monitoring tool that currently flags data entry errors on a weekly/monthly basis. This tool is continuously improved, when required. In its current state, it enables the monitoring team to catch data entry errors quickly so that notifications can be sent to the contracting officers for corrections. 2) SPP has increased the monitoring team in order to capture and correct data entry errors more quickly. This has been necessary due to the many changes in procurement reporting mandated by TBS in the last few years. 3) SPP will consult with Centre for Corporate Services Learning (CFSS) to advise of the need for their training sessions and materiel to be revised to highlight the importance of the difference of corrections versus amendments as well as the impacts of purchase orders placed on hold. | ADM of SCM | 1) Complete 2) Complete 3) December 2022 |
2. The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) and the Assistant Deputy Minister of International Platform (ACM) should:
| SCM agrees and accepts the recommendation. • Compliance with procurement policies is the responsibility of all: SCM, ACM and Program Managers in Geographic and Common Services branches. SMFF is responsible for the payment process at mission, on a risk-based methodology whereby all high-risk transactions are verified 100% before the payment is issued, and a number of the low risk transactions based on a statistical sample are verified after the payment is issued. The transactions with errors raised in the audits are part of the low risk transactions and will be part of the population of low risk transactions verified post-payment. SMFF is continuously working with CSDPs to implement the standardization of financial and procurement compliance. • SMFF will continue its effort to implement the electronic S.34 for all document types, across all missions this fiscal year. | SCM/SMFF/SPP: 1) The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology sent a message to each specimen signature cardholder on March 23rd, 2022 urging them to take part in a training on Financial management at GAC. This course aims to help Program Managers with budget management responsibilities to fully assume their accountabilities in their function. 2) Management intends to continue its efforts in providing training on procurement policies to Program Managers going abroad and administrative staff at the Embassy, in collaboration with CFSS. 3) SMFF, functional lead of the finance stream of the CSDP will reinforce the importance of training CSDP staff on procurement policies at its monthly meeting with the Financial Section Manager (FSM). 4) SMFF is also working with Corporate SAP – Finance and HR (SMSF) on the development and implementation of the electronic S.34. SMFF has developed an implementation calendar and is working closely with the CSDPs to carry out this plan. The target of completion is FY 2023. 5) SPP will continue to update Procurement Policy as new Government of Canada changes come into effect via Policy revisions to the Intranet and complimentary Broadcast Notices as and when required. | ADM of SCM | 1) Complete 2) Annual/December 2022 3) Annual/June 2022 4) March 31, 2023 5) SPP/Ongoing |
| ACM agrees with the recommendation. | 6) Mission Operations, Policies and Innovation (AFS), Mission Procurement (AAO) and the CSDPs will continue on-going efforts to emphasize and reiterate the required documentation to mission clients via various communication channels (one-on-one; newsletters; how-to sessions; open houses, information sheets, etc.) | ADM of ACM | March 2023 | |
| 3. The Assistant Deputy Minister of Corporate Planning, Finance and Information Technology (SCM) and the Assistant Deputy Minister of International Platform (ACM) should review supporting documentation requirements and communicate these requirements to strengthen awareness and reinforce compliance. | SCM agrees and accepts the recommendation. • SMFF reviews and updates on an annual basis, the financial procedures related to mission operations, including the requirement for supporting documentation. These procedures are available on MODUS. | SCM/SMFF: 1) SMFF will communicate the importance of documentation requirements and stress the importance of continuous training to the CSDP at monthly meetings with the CSDP FSM. | ADM of SCM | 1) Annual/June 2022 |
| ACM agrees with the recommendation. | 2) Mission Operations, Policies and Innovation (AFS), Mission Procurement (AAO) and the CSDPs will continue to provide support to missions to enable greater compliance through the aforementioned mechanisms. AFS and AAO will continue to liaise with the Canadian Foreign Service Institute (CFSI) in respect of courses specific to enabling greater compliance such as Chief Service Officer (CSO)/Common Service Assistant (CSA) training, Integrated Program Managers Abroad (IPMA) Pre-Posting, MCOU, Management Consular Officers (MCO) pre-posting, Foreign Service Executive Administrative Assistant (FSEAA) and Program Assistant training, CSDP open houses, and other training opportunities. AFS and AAO will support CFSI recommendation to mandate the Financial Management Course to ensure the accountability of the delegation of authority is understood and respected. | ADM of ACM | March 2023 | |
| 4. The Assistant Deputy Minister of International Platform (ACM) should accurately track decisions made by the Regional Contract Review Board coordinated by the Common Services Delivery Point - Mexico. | ACM agrees with the recommendation | Since November 2, 2020 (communicated through a Broadcast Message Mandatory use of Shop@DFATD for procurement/contracting requests made to CSDPs as of November 2), all procurement requests are processed via Shop@DFATD, which includes a standardized solution to track approvals. AAO will continue to strengthen and monitor compliance to ensure the accurate tracking of all Regional Contract Review Board Committee decisions coordinated by all CSDPs. | ADM of ACM | March 2023 |
- Date Modified:
