ARCHIVED - Audit of Contracts Over $25,000 - 2007-2008

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

ARCHIVED - Audit of Contracts Over $25,000 - 2007-2008 (PDF, 292 KB)

Executive Summary

Background

This audit report presents the findings of the National Research Council (NRC) of Canada's annual compliance audit for contracts over $25,000. The decision to conduct this audit was approved by the President following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007 as part of the NRC 2007-2008 to 2009-2010 Risk-Based Internal Audit Plan. Under the plan, contracts over $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. Construction contracts are audited separately due to their unique characteristics. Accordingly, expenditures in 2006-2007 for contracts less than $25,000 were audited last year and those related to construction contracts in 2006-07 and 2007-08 were audited this year, the results of which can be found in separate reports. Expenditures in 2007-2008 for goods and services contracts over $25,000 amounted to $68.6 million of which $31.5 million was for goods contracted by Public works and Government Services Canada (PWGSC).

Audit objective, scope and methodology

The audit objective is to provide assurance that NRC's 2007-2008 contract transactions greater than $25,000 are in compliance with Government of Canada contracting policies and directives as well as NRC policies. This audit objective also allowed us to make observations with respect to the extent which NRC contracting directives and policies correspond with Treasury Board requirements. As part of this objective the audit team conducted procedures to determine the adequacy of the procurement management control framework established by NRC for contracts over $25,000.

A sample of five institutes, branches or programs (IBPs) was selected for detailed testing based upon risk and control analyses performed during the planning stage of the audit as well as to ensure that no one IBP at NRC is audited more so than others or conversely that smaller entities are ignored entirely in NRC's five-year audit cycle. Eleven to 12 contracts over $25,000 were selected for each IBP except for one IBP which had only five contracts over $25,000.

The audit was conducted using a series of detailed audit criteria that addressed the audit objective, against which we drew our observations, assessments and conclusions. These audit criteria, presented in Appendix A, were derived primarily from the Treasury Board Contracting Policy and Policy on Delegation of Authorities as well as the Financial Administrative Act (FAA).

Audit opinion and statement of assurance

Within the limitations of the samples drawn and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC contracting policies and directives is adequate in that most areas of practice / process for contracts over $25,000 are in compliance but there are some opportunities for improvement. These areas for improvement pertain to sufficient documentation supporting non-competitive contract awards and receipt of goods and services, timing of budget commitments and commencement of work, management of contract amendments, and the identification of non-purchase order contracts.

Within the limitations of the audit procedures performed, we found that the procurement management control framework for contracts over $25,000 is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and performing data analytics of contract patterns and trends as part of more rigorous monitoring activities.

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on a comparison of the situations as they existed at the time against the audit criteria. The evidence was gathered in accordance with the Treasury Board Policy, directives and standards on Internal Audit, and the procedures used to meet the professional standards of the Institute of Internal Auditors.

Conclusions and recommendations

Within the limitations of the samples drawn and the audit procedures performed, we found that overall the application of Government of Canada and NRC contracting policies and directives is adequate in that most areas of practice / process for contracts over $25,000 are in compliance but there are some opportunities for improvement Footnote 1. For example, we found several instances where work was performed prior to contract award and where documentation was not available to support that goods or services were provided in accordance with the contracts' terms. There were two instances where the competitive process was set aside for the reason "only one person is capable of performing the contract" but sufficient documentation was not available to support this conclusion. Problems noted in last year's audit of contracts less than $25 000 regarding FAA Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities are being addressed.

Within the limitations of the procedures performed, we found that the procurement management control framework over contracting transactions greater than $25,000 was adequate but some areas could be strengthened. In support of its contracting activities, NRC has established a procurement management control framework, including procurement processes and policies to mitigate procurement risks and to help ensure compliance with Government of Canada directives and policies. Five key components of the procurement management control framework that were examined included the control environment, control activities, risk assessment, information and communication and on-going monitoring. Some areas for improvements were observed. There is no single repository of guidance that consolidates all of the procurement policies and procedures to assist management and Procurement Officers in contracting. Various manuals on the procurement process are available in either hard or electronic copy formats. Some IBPs informed us that they were not aware of the existence of some manuals. Clarification on the procurement process provided by Administrative Services and Property Management Branch is currently done through emails and training. Finally, other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper contracting practices.

Recommendations

  1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN).
  2. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards and receipt of goods and services, timing of contract commitments and commencement of contract work, security requirements and contract amendments.
  3. Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual contracts on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as temporary help services contracts.

The detailed management action plans that address these recommendations can be found in Appendix C: Management Action Plan.

Jayne Hinchliff-Milne, CMA, Chief Audit Executive

NRC Audit Team Members Footnote 2:
Jean Paradis, CA, CIA, Audit Manager

Introduction

2.1 Background and context

Following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007, NRC's President approved this audit of Contracts Over $25,000 as part of the NRC 2007-2008 to 2009-2010 Risk-Based Internal Audit Plan. Under the plan, contracts over $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. Due to their unique nature and requirements, construction contracts are excluded from the annual compliance work and continue to be audited on a five-year audit cycle with formal follow-up procedures approximately two years thereafter.

Several Government of Canada regulations and policies govern how NRC and other government departments must conduct their contract activities. Government procurement is highly regulated and is based on a strong policy framework, including but not limited to the Treasury Board Contracting Policy, Policy on the Delegation of Authorities and the Financial Administration Act (FAA), the North American Free Trade Agreement (NAFTA), the Agreement on Internal Trade (AIT) and the World Trade Organization – Agreement on Government Procurement (WTA). There are no special contracting provisions resulting from NRC's status as a departmental corporation.

Like other government departments, NRC has in place construction procurement and contracting policies that NRC employees must follow. It is within the authority of each department to establish its own policies and guidelines as long as they continue to comply with the government established policies and guidelines. In other words, departments can define policies that are more restrictive than government policies but not the reverse.

NRC's Management Control Framework for Procurement and Contracting

In fiscal-year 2007-2008 NRC purchased close to $160 million in goods and services excluding purchases paid by acquisition cards Footnote 3. The exhibit below presents these purchases by category of contracting procedures:

Exhibit 1
NRC Procurement and Contracting Transactions
April 1, 2007 to March 31, 2008

CATEGORIES OF CONTRACTS CONTRACT VALUE ($) PERCENTAGE ($) NUMBER OF CONTRACTS PERCENTAGE (#) AVERAGE VALUE ($)
Less than $25,000 (excluding construction) 70,624,861 44.2% 28,107 96.8% 2,513
Goods over $25,000 (PWGSC) 31,553,039 19.8% 252 0.9% 125,210
Goods over $25,000 (NRC) 8,106,229 5.1% 182 0.6% 44,540
Services $25,000 to $84,000 6,426,569 4.0% 140 0.5% 45,904
Services over $84,000 22,511,272 14.1% 71 0.2% 317,060
Construction Contracts 20,532,540 12.9% 272 0.9% 75,487
Total 159,754,510 100.0% 29,024 100.0% 5,504

In accordance with government policy and directives, NRC has full contracting authority for goods up to $25,000, services up to $2 million and construction up to $6 million.

As shown in Exhibit 2, contracting authority at NRC has been delegated to procurement staff in Administrative Services and Property Management (ASPM) Branch and to Regional Material Management Offices (RMMO) residing in Institutes outside the national capital region (NCR). Whereas all purchases under $25,000 can be non-competitive or sole-sourced and controlled at the IBP level, all purchases over $25,000 must be made on a competitive basis with limited exceptions and controlled by NRC Procurement Services located within ASPM Branch, Regional Material Management Offices have contracting authority that is limited to $25,000 for goods and $25,000 for services, as well as all call-ups against standing offers below various values.

NRC buyers can contract directly with some suppliers through call-ups against standing offers. Standing offers are agreements that have been pre-negotiated by Public works and Government Services Canada (PWGSC) for goods and services or by NRC Procurement Services for specialized services. The call-up limit varies but is usually around $40,000.

Other than call-ups against standing offers, PWGSC is responsible for goods contracts over $25,000. Buyers must forward all goods requirements above this value to PWGSC via ASPM Branch for IBPs located in the NCR. Regional IBPs contact PWGSC directly. If requestors want to deal with a particular supplier they must include a sole source justification with their requisition. Amendments to goods contracts with original values less than $25,000 can be amended without Treasury Board approval if the cumulative value of the amendments does not exceed $40,000.

Exhibit 2
NRC Construction Contracting Authorities

Contracting Authorities ASPM RMMO PWGSC
Goods or Services Contract less than $25,000
(NCR)
 
Goods Contracts over $25,000    
Services Contracts over $25,000    
Call-up against NRC services Standing Offers (vary by standing offer - usually $40,000))
(NCR)
 
Call-ups against PWGSC Goods Standing Offers  

2.2 About the Audit

Objective

The audit objective is to provide assurance that NRC's 2007-2008 contract transactions greater than $25,000 are in compliance with Government of Canada contracting policies and directives as well as NRC policies. This audit objective also allowed us to make observations with respect to the extent which NRC contracting directives and policies correspond with Treasury Board requirements. As part of this objective, the audit team conducted procedures to determine the adequacy of the procurement management control framework established by NRC for contracts over $25,000.

A risk-based approach was used to determine the audit objective as well as the audit criteria. Key issues and risks relating to the procurement process, specifically for contracts over $25,000, were considered in order to prioritize specific audit activities and to focus on areas of greatest importance.

Scope

The audit was limited to four categories of contracts over $25,000: goods over $25,000 where PWSGC was the contracting authority; goods over $25,000 where NRC was the contracting authority; services valued between $25,000 and $84,000; and services over $84,000. These distinctions were drawn due to the different contracting regulations that apply to these threshold authority limits.

Due to their unique nature and requirements, construction contracts were excluded from annual compliance work and will continue to be audited on a five-year audit cycle as identified in the NRC 2008-2009 to 2010-2011 Risk-Based Internal Audit Plan.

Given the current availability of audit resources and the fact that these audits are undertaken on an annual basis, it was determined that sufficient coverage over a five-year period could be provided by an annual audit sample of 50 procurement and contracting transactions. A total of five IBPs were selected to examine contracts over $25,000. A sample size of 10 transactions for each of the five IBPs selected for this audit was assessed as being sufficiently robust to determine whether there are any systemic problems with respect to compliance that may exist at the IBP level as well as at the corporate level. Based on this approach and excluding construction contracts, a total of 16 percent of the total expenditures for contracts over $25,000 in 2007-2008 or $11.0 million were examined.

Those contracts selected for audit are shown in exhibit 3 below by type of contract and region.

Exhibit 3

2007-08 Contracts Sampled by Contract Type and Location

TYPE OF CONTRACT NUMBER OF CONTRACTS REVIEWED
  NCR OUTSIDE NCR
Goods over $25,000 PWGSC 11 12
Goods over $25,000 NRCFootnote 4 2 3
Services between $25,000 and $84,000 5 6
Services greater than $84,000 9 2
Total 27 23

The audit field work was conducted in two stages. The first stage covering transactions for the first four months of fiscal year 2007-2008 took place from February 25 to March 31, 2008. The second phase covering the last eight months of the fiscal year took place from June 2 to July 31, 2008.

Approach and Methodology

The individual IBPs audited were selected for detailed testing based upon risk and control analyses performed during the planning stage of the audit as well as on the basis to ensure that no one IBP at NRC is audited more so than others or conversely that smaller entities are ignored entirely in NRC's five year audit cycle. The approach also ensured that each of the five IBPs came from a different sector, i.e., Executive Offices including Council, Life Sciences, Physical Sciences, Engineering, Technology and Industry Support, Corporate Services, Finance Branch or Human Resources Branch.

Individual contracts were selected using a risk-based approach where 60 percent of the sample was selected from contracts with a higher probability of risk (e.g., higher dollar value, more frequent amendments and / or non-competitively awarded), and 40 percent of the sample was selected from contracts that were considered to have a lower probability of risk. As one selected IBP had only five contracts over $25,000, 11 to 12 contracts were selected in the other four IBPs.

Interviews were conducted with key personnel in order to examine program processes, procedures and practices. These included managers and staff in Administrative Services and Property Management Branch, Finance Branch and the five IBPs selected for audit. We reviewed relevant program documentation which included, but was not limited to, Treasury Board and NRC policies and guidelines vis-à-vis the detailed transactions recorded in the paper files and electronically in SIGMA – NRC's integrated management information system (based on SAP) that is used to collect financial, human resources, payroll, asset and real property information. Data mining techniques were also employed to detect, among other things, risks for the five IBPs as a whole as well as evidence of potential contract splitting.

In order to determine the adequacy of the procurement management control framework, we compared NRC's framework against defined criteria for five key components that can be found in the control models developed by the Canadian Institute of Chartered Accountants (CoCo – Criteria of Control) and by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (Internal Control – Integrated Framework, Enterprise Risk Management – Integrated Framework). These components included the control environment, control activities, risk assessment, information and communication, and on-going monitoring. Information used to assess the adequacy of the procurement management control framework was obtained from survey questionnaires completed by ASPM Branch representatives, RMMO Procurement Officers and IBP Budget Managers as well a review of available relevant documents.

The audit was conducted using a series of detailed audit criteria that addressed the audit objective, against which we drew our observations, assessments and conclusions. Prior to finalizing the audit criteria, process control flowcharts were prepared and walkthroughs of several transactions for contracts over $25,000 were conducted to assess the areas of greatest risk. These audit criteria were derived primarily from the TB Policy on Contracts, Policy on Delegation of Authorities and the Financial Administration Act and can be found in Appendix A: Audit Criteria and Detailed Findings.

Audit Findings

3.1 Audit Objective: To provide assurance that NRC's 2007-2008 contracting transactions over $25,000 are compliant with Government of Canada and NRC contracting policies and directives

Overall Conclusion

Within the limitations of the sample drawn and related audit procedures performed, we found that overall the application of Government of Canada and NRC contracting policies and directives is adequate in that most areas of the practices / processes for contracts over $25,000 are in compliance Footnote 5. However, improvements required in the application of certain directives are noted below:

  • Sufficient documentation supporting non-competitive contract awards;
  • Timing of budget commitments and commencement of work;
  • Management of contract amendments;
  • Sufficient documentaion supporting goods or services are received;
  • Detection of non-purchase order contracts; and
  • Centralized procurement guidelines and monitoring.

Detailed findings for the entire sample of transactions by audit criterion can be found in Appendix A: Audit Criteria and Detailed Findings.

We also found that the procurement management control framework for contracts over $25,000 is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and performing data analytics of contract patterns and trends as part of more rigorous monitoring activities.

Findings

The audit team noted a number of significant strengths with respect to compliance with government and NRC contracting policies and directives. These included very high compliance rates for the following:

  • Financial Administration Act Section 32 and 34 approvals were correctly obtained (48 of 50 contracts (96 percent) for FAA 32; and 47 of 49 contracts (96 percent) for FAA 34);
  • For competitive contracts awarded through the MERX electronic bidding system or a limited tendering processes, requirements were defined prior to the bidding process and sufficient documentation on the competitive process was present (8 of 8 contracts);
  • Advance Contract Award Notifications (ACAN) were used appropriately (15 of 15 contracts);
  • PWGSC was the responsible procurer of goods over $25,000 (23 of 23 contracts);
  • PWGSC mandatory standing offer arrangements were made use of or had the required exemption on file (3 of 3 contracts and 0 cases found through data mining of all transactions for the five IBPs examined);
  • Call-ups against standing offers were within specified limits (5 of 5 contracts);
  • Contracts were signed in accordance with NRC Financial Signing Authorities for contracting (29 of 29 contracts Footnote 6);
  • There was no evidence of contract splitting (18 of 18 contracts and 0 cases found through data mining of all transactions for the five IBPs examined);
  • Appropriate documentation was on file to ensure no employer-employee relationships would result (22 of 22 contracts); and
  • Contract amendments were within the set limits established by the Treasury BoardContracting Policy (18 of 18 contracts);

Appropriate FAA Section 32 and 34 approvals

Key government controls for procuring, verifying and paying for purchases rest with FAA Section 32, 34, and 33 approvals. These three sections require the following:

  • That funds be available and committed for the purchase (Section 32);
  • That verification of the purchase of goods or services had been performed, supplied, or rendered, and the price was as stated in the contract and that the person with delegated financial authority certifies (via signature) that the verification has been completed (Section 34); and
  • That no payment for a purchase be made unless it has been properly requisitioned and certified (Section 33).

In accordance with the Treasury Board Policy on Delegation of Authorities, we expected to find that NRC has delegated spending authority to responsibility centre managers in relation to their budgetary responsibilities in order to ensure they have adequate authority and full responsibility for their decisions. The policy also makes provisions for the use of central staff to record commitments and confirm price and performance in conformance with Sections 32 and 34 of the FAA when this is more effective and economical or in support of the manager who has budgetary responsibility. NRC's delegation document, "Financial Signing Authorities", makes use of these provisions by delegating this authority, among others, to Invoice Clerks. However, in our opinion, this does not negate the necessity to have an adequate audit trail that can be traced back to the responsibility centre manager with budgetary responsibilities for these expenditures. We limited our expectations to verifying that in the absence of responsibility centre managers exercising their authority electronically in Sigma to some form of written communications from them such as an email or a signed purchase requisition or invoice.

Last year's Internal Audit report Limited Annual Assurance Compliance Audit - Contracts under $25,000 and Acquisition Card Purchases 2006-2007 provided recommendations in regard to FAA Section 32 and 34 certifications indicating that there needs to be a verifiable link to the actual "Budget Holder" with budgetary responsibilities. At the time of the current audit, we found evidence that these issues are being addressed. Internal memos have been provided to personnel by ASPM Branch and Finance Branch stating the importance of FAA controls and detailing specific procedures, and financial delegation training was provided to all staff who have budget responsibilities. We also observed that responsibility centre managers as of June 2008 are required to provide their approval electronically for FAA Section 34 certifications that goods or services have been received and that invoices can be approved for payment. Invoices greater than $25,000 have always required that responsibility centre managers certify FAA Section 34 by their signature.

With respect to FAA Section 32, we observed only two of 50 contracts (4 percent) in one of the IBPs examined where the purchase requisitions were not approved by the delegated responsibility centre manager in accordance with NRC directives. With respect to FAA Section 34, we observed that six of 49 invoices (12 percent) in four of five IBPs examined were not certified by the delegated responsibility centre managers - four of these invoices were approved solely by centralized Invoice Clerks. Only two of the 49 invoices (4 percent) in two IBPs examined were not certified by appropriate delegated responsibility centre managers in accordance with NRC directives.

Finance Branch in consultation with ASPM and Treasury Board will continue its ongoing review of processes for verifying internal practices pertaining to FAA Section 32 and 34 with due regard for associated risks.

Sufficient Documentation Supporting Non-Competitive Contract Awards

During the course of the audit, 50 contracts over $25,000 were reviewed of which 28 were competitively awarded either through the MERX electronic bidding system or a limited tendering process (8), by advertising the proposed award through Advance Contract Award Notices (15) or by using existing PWGSC or NRC Standing Offer Arrangements (5). The remaining 22 contracts were sole sourced, i.e., not subjected to a competitive process.Footnote 7

For NRC, the Treasury Board Contracting Policy allows for only four exceptions to set aside the competitive process. They are:

  1. The need is one of pressing emergency in which delay would be injurious to the public interest;
  2. the estimated expenditure does not exceed
    • $25,000,
    • $40,000 Footnote 8, where the contract is for the acquisition of architectural, engineering and other services required in respect of the planning, design, preparation or supervision of the construction, repair, renovation or restoration of a work, or
    • $100,000 where the contract is to be entered into by the member of the Queen's Privy Council of Canada responsible for the Canadian International Development Agency and is for the acquisition of architectural, engineering or other services required in respect of the planning, design, preparation or supervision of an international development assistance program or project;
  3. the nature of the work is such that it would not be in the public interest to solicit bids; or
  4. only one person is capable of performing the contract.

Justification for any use of the four exceptions to the bidding requirement must be fully documented. Of the 22 contracts sampled that did not use a competitive process, the documentation on file for the majority (18) sited that only one person was capable of performing the contract, three had values originally less than $25,000 and the remaining contract was given Treasury Board's approval. The policy and guidelines are clear that setting aside the competitive bidding process for this reason should not be used because a proposed contractor is the only one known to management. This exception is quite definitive and should only be used where patent or copyright requirements or technical compatibility factors and technological expertise suggest only one contractor exists. In these instances, the contract authority is "encouraged whenever possible" to advertise the proposed award through an Advance Contract Award Notification (ACAN). If no statement of capabilities meeting the requirements set out in the ACAN are received within 15 calendar days, the proposed contract is deemed to be competitive and may be awarded. The importance of this procedure was illustrated by one of the 50 contracts sampled which commenced with an ACAN but was later changed to a competitive process following a response that its requirements could be satisfied by another supplier. It was later awarded competitively.

Of those contracts that were sole sourced, we found that two of 22 (nine percent) contracts in two different IBPs provided justifications on file that were not supported by sufficient documentation that "only one person is capable of performing the contract". The remaining sole source contracts had supporting documentation on file that they involved patent protected technology or software compatibility issues that were only available at the contracted firm.

Recommendation 1:

Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN).

NRC Management Response:

Agreed. If a sole source cannot be clearly documented or where there is doubt that there is only one supplier, a Procurement Officer will post an ACAN. Where there is no doubt that only one supplier exists, the rationale will be fully documented and include supporting documentation. If it cannot be fully documented, an ACAN will be posted.

Timing of Budget Commitments and Contract Commencement

We observed in one IBP that FAA Section 32 commitments (completed via paperbased purchase requisitions) were not recorded electronically in Sigma which resulted in funds not being committed prior to work commencing. As well, we observed in four of five IBPs where work for five of 50 contracts (10 percent) was performed prior to the contract being signed. We were informed by ASPM Branch and observed that certain purchase requisitions for contracts over $25,000 were created at the time or a few days prior to the contract being issued; therefore, contracting activities took place prior to the commitments being recorded.

Section 32 of the Financial Administration Act indicates that no contract should be entered into unless there is a sufficient unencumbered balance available. Furthermore, records of commitments should be maintained. If several commitments are unrecorded, management will not have complete information to be able to confirm funds will be available when invoices for payment are received and that NRC will be legally obligated to pay. Management informed us this practice has rarely, if ever, resulted in the cancellation of a requirement due to insufficient funds. While we were not able to confirm this assertion, we did not find any instances where this occurred.

Management of Contract Amendments

The Treasury Board Contracting Policy indicates contracts should be properly administered to avoid unanticipated amendments except to change the scope of the initial work. Every effort should be made to avoid inadequate initial funding and that pre-planning and work definitions should be carefully developed. Amending a contract for unforeseen circumstances or an amendment that is very small relative to the original work are acceptable reasons. A good rule of thumb is that when amendments are above 50 percent of the original contract value, a new contract should be considered and its justification carefully documented; this does not mean that no contract may be amended above 50 percent of its original value if there is a good reason. However, when the other deliverables are distinct from the first one, then a new contract should be issued rather than an amendment.

We did not note any instances where contracts appeared to be split in order to avoid obtaining either the required approval or to avoid a competitive process in our sample of 50 contracts selected for detailed review. We did, however, note improper administrative procedures in three of 18 amended contracts (17 percent); however, all of them were particular to one IBP. For a contract with an initial value of $3,000 dated April 16, 2007, we found that it had been amended at least seven times over the course of a month as a result of additional distinct services being requested; the final value was $36,979 as of March 12, 2008. The other two contracts were issued from standing offers which were repeatedly amended as a result of additional distinct laboratory services rather than issuing new contracts. One contract issued on May 25, 2007 with an initial value of $29,144 was amended seven times over five and a half months for a final value of $105,963 on December 15, 2007. The third contract was supported by a purchase order dated July 13, 2007 with a value of $3,330 which was subsequently amended eight times for a final value of $41,818 as of December 8, 2007. The other four institutes included in our sample used amendments appropriately for the remaining 15 contract amendments selected for detailed examination.

In addition to the 50 contracts examined in the five IBPs, we employed data mining techniques used to examine amendments, on a limited basis, for the whole of NRC. Excluding construction contracts, we found 38 contracts in 17 of 32 IBPs that had an original value less than $25,000 which were amended on the same day or within 364 days. Many of them were increased more than a 100 percent of their original value – some significantly more than that. Seven contracts were amended within 35 days Internal Audit, National Research Council of Canada of the original contract; two of these were amended the same day. These contracts involved all of the five IBPs examined for this audit. The risk occurs that these contracts may appear to be deliberately under valued in order to circumvent the $25,000 competitive threshold for competitive bidding.

Also of concern is public reporting requirements of contracts over $10,000 under the Treasury Board Policy on Proactive Disclosure on Contracts over $10,000. Our analysis as noted above shows that amendments can within a very short timeframe increase over $10,000 but they have not been publicly reported. Four of the 38 contracts that were amended above had an original value less than $10,000 as low as $968 with final values up to $44,245. At the time of the audit, the policy only required contracts with an initial value of $10,000 or more to be reported and not those amended above that amount. The Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000is a recent government measure to ensure greater transparency of government contracts – an area of public controversy from time to time in regard to the manner in which they are awarded among other things. The non-disclosure of non-competitive contractual arrangements which accumulate significantly above $10,000 may also have adverse reputational risks for NRC as it may give the appearance that IBPs are using amendments to avoid disclosing contracts. Revisions to the Treasury Board Policy are imminent which require as of September 1, 2008, the disclosure of all contracts including amendments above $10,000.

Problems with respect to contract amendments can be addressed by more comprehensive communications of guidelines as well as a more rigorous monitoring regime with investigative capacity. Recommendations are made later in this report that pertain to both.

Sufficient Documentation Supporting Goods or Services Are Received

In accordance with the Treasury Board Contracting Policy, we found that contract files were generally well established with a complete audit trail that contained the contract and, if applicable, amendments including their rationale and related approvals. However, in five out of 49 Footnote 9 contracts (10 percent) where the "goods receipt" was recorded, we observed that the receiving / shipping slips in support of goods received or documentation in support of services provided (e.g., consultant's report) and / or time sheets were not in the contract files. We observed this in four of five IBPs examined.

There is no specific requirement in the Guide to NRC Procurement Process requiring that such documentation be retained. Goods or services received are substantiated through the recording of the "goods receipt" in Sigma and matching to the invoice prior to payment. Documentation in support of goods or services provided should be retained to demonstrate that the goods or services as set out in the contract have in fact been provided and to provide for an audit trail.

Problems with respect to demonstrating goods or services have actually been received can be addressed by more comprehensive communications of guidelines as well as a more rigorous monitoring regime. Recommendations are made later in this report that pertain to both.

The Need for Centralized Procurement Guidelines and Monitoring

We found certain directives in the Guide to NRC Procurement Process Guide that were not applied in a consistent manner. As noted elsewhere in this report, these included sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, contracts initiated without purchase orders and not reported under Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000, contract amendments and sufficient documentation supporting that goods or services are received.

Finally, we also found no evidence that contractors in four separate contracts that would have had access to protected assets and information did not receive appropriate security screenings in three of five IBPs examined.

Assignment of contracting responsibility and procedural guidelines for contracting are detailed in the procurement guide which is available in electronic form on the ASPM Branch Material Management web-site. This document provides a procurement process map and includes information on the procurement process, roles and responsibilities from the creation of a purchase requisition to the payment of invoices. Additional information is available in four other manuals: (1) Financial Management Manual; (2) Procurement Reporting-User Guide for Data Entry; (3) Public Tenders Procedures; and (4) Invited Tenders Procedures. Electronic copies of the first two manuals are available although some sections of the Financial Management Manual are still in progress. The other two manuals are available in hard copy format only. Additional procurement information is also available to Procurement Officers on NRC's common drive (e.g., checklists, templates, and security documentation) and on the ASPM Material Management web-site (e.g., information on contracting, employer-employee relationships, contracting limits, security requirements). Clarification provided by ASPM Branch on the procurement process is currently done through emails and training. There is no single, centralized procedures document for the procurement process. Our survey questionnaire and interviews indicated that some RMNOs and managers are not aware of the existence of some manuals which could help to explain non-compliance.

Recommendation 2:

Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards and receipt of goods and services, timing of contract commitments and commencement of contract work, security requirements and contract amendments.

NRC Management Response:

Agreed. Our Material Management documentation needs to be updated and maintained in a central repository. Our Material Management Policy Manual currently exists in hard copy, not in electronic format. In order to implement these recommendations, we will assign resources as required in order to:

  • Prepare policy documents;
  • Update the Material Management policy manual;
  • Implement a quality assurance process;
  • Monitor contracting activities;
  • Coordinate and respond to all audit enquiries and reports; and
  • Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report.

Consistent with generally accepted management control framework best practices, we expected to see quality assurance review activities of individual contract files as well as data analytics techniques being employed to monitor NRC's overall compliance with Government of Canada and NRC contracting policies and directives. These techniques can be used to detect irregularities, among others, with respect to contract splitting, identification of non-purchase order contracts and potentially inappropriate contract amendments.

Our interviews and survey questionnaires indicate that ASMP Branch officials monitor and review contracting activities and processes, consult NRC Legal Services as required and review the report of contracts over $10,000 to ensure appropriate disclosure. Briefing notes, meetings and memos are used to communicate findings to Procurement Officers.

We also confirmed that Finance Branch uses a risk-based approach in its review of invoices sent by ASPM Branch Invoice Clerks as part of the payment process. Features are integrated into Sigma to identify high-risk transactions including sensitive accounts and high-dollar payments which are automatically blocked for further prescribed review procedures before being released for payment. For all transactions, the general ledger codes are reviewed for reasonableness and FAA Section 34 approvals including signatures are verified. Discrepancies are followed up by Accounts Payable clerk with ASPM and IBPs as required. In 2007-2008, Finance Branch began planning the implementation of a Monitoring Unit that once fully operational will increase its regular sampling of expenditures.

Despite these strengths, we noted two areas where on-going monitoring could be strengthened. Other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper contracting practices.

ASPM Branch Monitoring Division work is limited at this time to ensuring sole source justifications are on file for contracts over $25,000 for which the competitive process was set aside. Our findings reveal that monitoring activities should be extended to include more rigorous verification of sole source awards, security screening requirements, contract award and commencement dates, amendments and sufficient documentation supporting that services and goods have been received. Also of use would be to undertake data analytics for monitoring contract patterns and trends to aid in identifying high risk contracts and / or improper contracting practices such as potential contract splitting, inappropriate amendments or other irregularities. For example, during the course of our review of all contracts less than $25,000 for 2006-2007, we undertook audit data mining techniques of non-purchase order transactions to identify contracts. We found significant problems with respect to temporary help services contracts which revealed they can quickly increase well over $25,000. However, due to the fact they did not use purchase requisitions or purchase orders as required by NRC directives, they were not identified for disclosure under the Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 and nor were funds committed as required by FAA Section 32.

Recommendation 3:

Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual contracts on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as temporary help services contracts.

NRC Management Response:

Agreed. We will respond to these recommendations with an appropriate level of monitoring based on a determination of the best approach, and with consideration to the risk and available resources.The objective is to download the following activities to facilitate the implementation of audit recommendations:

  • Determine the approach needed;
  • Prepare policy documents;
  • Update the Material Management policy manual;
  • Implement a quality assurance process;
  • Monitor contracting activities;
  • Coordinate and respond to all audit enquiries and reports; and
  • Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report

Conclusions

Within the limitations of the samples drawn and the audit procedures performed, we found that overall the application of Government of Canada and NRC contracting policies and directives is adequate in that most areas of the practices / processes in relation to contracts over $25,000 are in compliance but there are some opportunities for improvement Footnote 10. For example, we found several instances where work was performed prior to contract award and where sufficient documentation was not available to support that goods or services were provided in accordance with the contracts' terms. There were two instances where the competitive process was set aside for the reason "only one person is capable of performing the contract" but sufficient documentation was not available to support this conclusion. Problems noted in last year's audit of contracts less than $25 000 regarding FAA Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities are being addressed.

Within the limitations of the procedures performed, we found that the procurement management control framework over contracting transactions greater than $25,000 was adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and performing data analytics of contract patterns and trends as part of monitoring activities.

In support of its contracting activities, NRC has established a procurement management control framework, including procurement processes and policies to mitigate procurement risks and to help ensure compliance with Government directives and policies. Five key components of the procurement management control framework that were examined included the control environment, control activities, risk assessment, information and communication and on-going monitoring. Some areas for improvements were observed. There is no single repository of guidance that consolidates all of the procurement policies and procedures to assist management and Procurement Officers in contracting. Various manuals on the procurement process are available in either hard or electronic copy formats. Some IBPs informed us that they were not aware of the existence of some manuals. Clarification on the procurement process provided by Administrative Services and Property Management Branch is currently done through emails and training. Finally, other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper contracting practices.

Recommendations

  1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN).
  2. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards and receipt of goods and services, timing of contract commitments and commencement of contract work, security requirements and contract amendments.
  3. Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual contracts on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as temporary help services contracts.

The detailed management action plans that address these recommendations can be found in Appendix C: Management Action Plan.

Appendix A: Audit Criteria and Detailed Findings

NO. AUDIT CRITERION FINDINGS / COMPLIANCE RATE
1. Requirements are defined prior to the bidding process on the MERX electronic bidding system or a limited tendering process. 100% (8 / 8) Footnote 11
2. Justifications of non competitive contract awards are appropriately documented and substantiated. 91% (20/22)
3. The ACAN defines the requirements or expected results of the contract; identifies the proposed contractor; provides the reason the contract should be issued; and includes an estimate of the cost of the proposed contract (if possible). 100% (15 / 15)
4. PWGSC is responsible for the procurement of goods contracts above $25,000 100% (23 / 23)
5. PWGSC Mandatory Standing Offers are made use of when required or the required exemption is on file. 100% (3 / 3)
Data mining techniques revealed no potential cases of contracts that should have use mandatory PWGSC Standing Offers in the 5 IBPs examined.
6. Call-ups against standing offers are within specified limits. 100% (5 / 5)
7. There is no evidence of contract splitting, i.e., contracts are awarded under the thresholds with amendments to increase the contracts over $25,000 or AIT, NAFTA and WTA thresholds. 100% (18/18)
Data mining techniques revealed no potential cases of contract splitting in the 5 IBPs examined.
8. Documented evidence is on file that NRC Security verified the security clearance of contractors. 0% (0 / 4)
9. An employer-employee relationship will not result from contracting for services. 100% (22 / 22)
10. The contract is signed in accordance with NRCFinancial Signing Authorities for Contracting. 100% (29/29)
11. Work commences or goods are received only after the contract or the purchase order has been signed. 90% (45/50)
12. FAA Section 32 certification is made by the responsibility centre manager with budget responsibilities. 96% (48/50)
13. FAA Section 32 certification is in accordance with NRC's Financial Signing Authorities for Expenditure Initiation at the time of the audit. 96% (48/50)
14. Amendments are justified and in the best interest of the government and are for actual changes in the scope of the work. 83% (15/18)
15. Contract amendments are within the levels identified in Appendix C of the TBS Contracting Policy. 100% (18/18)
16. The contract amendment is ratified by the contractor. 100% (13/13)
17. There is evidence of appropriate monitoring of contract performance. 100% (50/50)
18. Documentation is on file (e.g., packing slip, reports, and timesheets if required by the contract) to support that goods are provided in accordance with contract terms. 90% (44/49)
19. FAA Section 34 certification is made by the responsibility centre manager with budget responsibilities. 88% (43/49)
20. FAA Section 34 certification is in accordance with NRC Financial Signing Authorities for Performance Certification at the time of the audit. 96% (47/49)

Appendix B: Overall Potential Ratings

Management Attention Required – significant issues exist that require management's attention.

Needs Improvement – some areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to contracts but many deficiencies exist.

Adequate – most of the areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to contracts but there are opportunities for improvement.

Strong – all areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to contracts. No areas for improvement were identified.

Appendix C: Management Action Plans

Audit Recommendations Corrective Management Action Plan Expected Implementation Responsible NRC Contact
1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). Agreed. If a sole source cannot be clearly documented or where there is doubt that there is only one supplier, a Procurement Officer will post an ACAN. Where there is no doubt that only one supplier exists, the rationale will be fully documented and include supporting documentation. If it cannot be fully documented, an ACAN will be posted. December 2008 Head, Services and Construction Contracting, Administrative Services and Property Management
2. ASPM Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards and receipt of goods and services, timing of contract commitments and commencement of contract work, security requirements and contract amendments. Agreed. Our Material Management documentation needs to be updated and maintained in a central repository. Our Material Management Policy Manual currently exists in hard copy, not in electronic format. In order to implement these recommendations, we will assign resources as required in order to:
  • Prepare policy documents.
  • Update MM policy manual.
  • Implement a quality assurance process.
  • Monitor contracting activities.
  • Coordinate and respond to all audit enquiries and reports
  • Coordinate all MM reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report.
Contingent on SEC approval of our staffing request per our Business Plan, commence staffing process in April 2009, have resource on-board by September 2009.

Commence with implementation of Recommendations 3 & 4 in September 2009.

Complete MM Policy manual update and centralization of documents by September 2011.
Manager, Material Management, Administrative Services and Property Management
3. ASPM Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual contracts on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as temporary help services contracts. Agreed. We will respond to these recommendations with an appropriate level of monitoring based on a determination of the best approach, and with consideration to the risk and available resources. The objective is to download the following activities to facilitate the implementation of audit recommendations:
  • Determine the approach needed;
  • Prepare policy documents.
  • Update the Material; Management Policy Manual.
  • Implement a quality assurance process;
  • Monitor contracting activities;
  • Coordinate and respond to all audit Enquiries and reports; and
  • Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity. Report.
Contingent on SEC approval of our staffing request per our Business Plan, commence staffing process in April 2009, have resource on-board by September 2009.

Commence with implementation of Recommendations 3 & 4 in September 2009.

Complete Material Management Policy Manual update and centralization of documents by September 2011.
Manager, Material Management, Administrative Services and Property Management

Appendix D: Glossary

List of Abbreviations

ACAN – Advance Contract Award Notice

AIT – Agreement on Internal trade

ASPM – Administrative Services and Property Management (Branch)

CA – Chartered Accountant

CIA – Certified Internal Auditor

CMA – Certified Management Accountant

IBP – Institute, Branch or Program

FAA – Financial Administration Act

MERX – MERX is an Internet-based electronic tendering system that advertises government contracting opportunities to potential bidders across Canada.

NCR – National Capital Region

NRC – National Research Council Canada

NAFTA – North American Free Trade Agreement

PWGSC – Public Works and Government Services Canada

RMMO – Regional Material Management Offices

WTA – World Trade Agreement

Footnotes

Footnote 1

See Appendix B: Overall Potential Ratings for the list of potential overall ratings.

Return to footnote 1 referrer

Footnote 2

The NRC audit team was supplemented by a team of experienced auditors that were contracted to conduct the audit work.

Return to footnote 2 referrer

Footnote 3

Due to the materiality of acquisition card purchases ($12.5 million for 2007-2008) and the different procedures used to administer them, they are audited separately. Acquisition card purchases for 2006-2007 were audited last year of which the results were included the report Limited Annual Assurance Compliance Audit - Contracts under $25,000 and Acquisition Card Purchases 2006-2007.

Return to footnote 3 referrer

Footnote 4

As per the Treasury Board Contracting Policy, authority for goods contracts under $25,000 are permitted; however, amendments can be made up to $40,000. All five goods contracts with final values over $25,000 had original values less than $25,000 and were therefore compliant.

Return to footnote 4 referrer

Footnote 5

See Appendix B: Overall Potential Ratings for the list of potential overall ratings.

Return to footnote 5 referrer

Footnote 6

For the remaining 21 contracts, PWGSC was the contracting authority and therefore signed these contracts.

Return to footnote 6 referrer

Footnote 7

In order to address areas of greatest risk, the sample selected was deliberately skewed to ensure a higher representation of sole sourced contracts than normally incurred. The actual distribution of sole sourced contracts over $25,000, excluding construction contracts, for NRC in 2007-2008 was only 13.6 percent.

Return to footnote 7 referrer

Footnote 8

The Treasury Board Contracting Policy Part I paragraph 6.b.11 normally identifies this as $100,000; however for NRC this amount is $40,000.

Return to footnote 8 referrer

Footnote 9

This finding is based on only 49 contracts and not 50 due to the fact that at the time of the audit, the goods or services had not been received for one contract.

Return to footnote 9 referrer

Footnote 10

See Appendix B: Overall Potential Ratings for the list of potential overall ratings.

Return to footnote 10 referrer

Footnote 11

During the course of the audit 50 contracts over $25,000 were reviewed of which: eight were awarded following the MERX electronic bidding system or a limited tendering process; 15 were awarded following an Advanced Contract Award Notification (ACAN) by NRC; five were awarded using existing NRC or PWGSC Standing Offer Arrangements; and 22 contracts were sole sourced.

Return to footnote 11 referrer

Date modified: