Audit of Procurement Practices

Office of the Chief Audit Executive
June 2022

On this page

• Executive summary
  • Audit opinion and conclusion
  • Statement of conformance
• 1.0 Background
  • Procurement responsibilities at Canadian Heritage
  • Procurement activity at Canadian Heritage
• 2.0 About the audit
  • 2.1 Project authority
  • 2.2 Objective and scope
  • 2.3 Approach and methodology
• 3.0 Findings and recommendations
  • 3.1 Governance
  • 3.2 Management Control Framework
  • 3.3 Monitoring and Reporting
• 4.0 Conclusion
• Appendix A — Assessment scale, results summary and recommendations
• Appendix B — Management Action Plan

List of figures

• Figure 1: Contracting Dollar Value and Volume (5 Year Trend)
• Figure 2: Acquisition Card Dollar Value and Volume (5 Year Trend)

Alternate format

Audit of Procurement Practices [PDF version - 956 KB]

List of acronyms and abbreviation

CFOB

Chief Financial Officer Branch

CMMD

Contracting and Material Management Directorate

EXCOM

Executive Committee

FITHR

Finance, IT, and Human Resources

IBP

Integrated Business Plan

PA

Project Authority

PCH

Department of Canadian Heritage

PSPC

Public Services and Procurement Canada

QAR

Quality Assurance Review

RCM

Responsibility Centre Manager

RMD

Resource Management Directorate

TBS

Treasury Board Secretariat

ToR

Terms of Reference

Executive summary

Procurement is considered an internal service that is critical in supporting the department in achieving its objectives. For the Department of Canadian Heritage (PCH or the Department) this can involve a range of activities including obtaining key services for recurring and one-off events, securing training for departmental staff, or acquiring goods in support of day-to-day operations (e.g. laptops, furniture, etc.). The range of requirements and restrictions in place for procurement in the federal public sector makes it complex and challenging.

The mandate of the Department and its core responsibilities (i.e. promoting Canadian identity and values, cultural development, and heritage through arts and culture, sport, heritage and celebration, diversity and inclusion, and official and indigenous languages), requires that it engages in a relatively higher number of procurements that do not involve traditional competitive processes. The Contracting and Material Management Directorate (CMMD), within the Chief financial Officer Branch (CFOB), is home for the Department’s procurement experts.

Government procurement is an area that receives ongoing scrutiny by the public, the media, and Parliament. Any real or perceived favoritism towards certain suppliers or hint of misspent funds, could have a significant impact on management and the Department. As a result, assurance must be provided to interested stakeholders that public money is being well spent, and that prudence and probity are being applied in the management and spending of public funds.

The objective of this audit engagement was to assess the effectiveness of the procurement governance, risk management, and control processes, and to determine whether PCH practices related to contracting for goods and professional services are effective and in compliance with the government and departmental contracting policies, directives, and procedures. The scope of this audit covered the period from April 1, 2017 to the substantial completion of the audit work.

The fieldwork for this audit was completed and findings shared with the client during the COVID-19 pandemic. With PCH staff working remotely, the audit program was developed and completed to reflect this operating environment. In addition, the pandemic had a significant impact on the client as CMMD was required to support the Department’s pandemic response as well as ongoing needs.

Audit opinion and conclusion

Based on the audit findings, the Department of Canadian Heritage has overall established a framework of governance, processes, activities and supports intended to promote both the effective management of procurement across the Department and compliance with relevant policies, directives, and procedures. Key opportunities for improvement were identified and detailed by the audit to support the procurement function with regards to:

• active and effective guidance, oversight, and leadership over procurement activities;
• effective planning and a strategic deployment of resources; and
• a quality assurance program to ensure that procurement activities are undertaken in a compliant manner.

It should also be noted that the audit was unable to assess the efficiency of the process, as there was a lack of available information or data to demonstrate the timeliness of procurement activities.

Statement of conformance

In my professional judgment as Chief Audit Executive, this audit was conducted in conformance with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and with the Policy and Directive on Internal Audit of the Government of Canada, as supported by the results of the quality assurance and improvement program. Sufficient and appropriate audit procedures were conducted, and evidence gathered, to support the accuracy of the findings and conclusion in this report. The findings and conclusion are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed with management and are only applicable to the entity examined and for the scope and time period covered by the audit.

Original signed by

Bimal Sandhu
Chief Audit Executive
Department of Canadian Heritage

Audit team members

Dylan Edgar
Director of Internal Audit

Kossi Agbogbé
Audit Manager

Carolann David
Team Lead

Houssein Ndiaye
Senior Auditor

Trisha Laul
Auditor

Erick Martel
Junior Auditor

With the support of external resource

1.0 Background

The objective of Treasury Board Secretariat (TBS) Directive on the Management of Procurement is that the procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. Procurement in the federal public sector is governed via a suite of legislation, policies, regulations, and directives established by central agencies. In addition, there are numerous mechanisms used to procure goods and services, each with varying restrictions on how and when they should be used based on the good/service to be procured, the estimated value, and whether for competitive or non-competitive requirements. There are variety of procurement instruments ranging from pre-competed ones such as, but not limited to, call-ups against standing offers, task authorizations against supply arrangements, and acquisition cards and purchase orders. Federal departments also face limitations on the types of goods and services they can directly acquire and the total value for individual procurements, in certain instances, the process must involve central agencies. Further, PCH is guided by strategic objectives related to Green Procurement and Aboriginal Procurement and is governed by specific Government-wide requirements on these matters including the TB Policy on Green Procurement.

More recently, Budget 2021 provided funding to Public Services and Procurement Canada (PSPC) to modernize federal procurement and create opportunities for specific communities by diversifying the federal supplier base.

Procurement is considered an internal service that is critical in supporting the department in achieving its objectives. For the Department of Canadian Heritage (PCH or the Department) this can involve a range of activities including obtaining key services for recurring and one-off events, securing training for departmental staff, or acquiring goods in support of day-to-day operations (e.g. laptops, furniture, etc.). The range of requirements and restrictions in place for procurement in the federal public sector makes it complex and challenging. This can potentially lead to procurement activities that are not undertaken in a timely and effective manner, particularly if capacity is limited and/or processes are not adequate, potentially impacting the Department’s ability to meet its objectives.

In addition, government procurement is an area that receives ongoing scrutiny by the public, the media, and Parliament. Any real or perceived favoritism towards certain suppliers or hint of misspent funds could have a significant impact on management and the Department. As a result, assurance must be provided to interested stakeholders that public money is being well spent, and that prudence and probity are being applied in the management and spending of public funds.

By its nature, procurement is also inherently exposed to certain fraud-related risks that could have a financial impact on PCH. This could include a number of scenarios including staff members taking advantage of a conflict of interest, bid rigging schemes, targeting specific suppliers, and bribes or kickbacks. As such, assurance is required that the Department has adequate internal controls to mitigate against these risks and that it is able to sufficiently demonstrate that value for money is being achieved through its procurement activities.

Procurement responsibilities at Canadian Heritage

Contracting and Material Management Directorate (CMMD), within the Chief Financial Officer Branch (CFOB), are the Department’s procurement experts. It is responsible for establishing the overall procurement framework and processes for PCH and for providing functional direction and support to the Department with respect to procurement and material management services. CMMD provides guidance and advice to PCH staff on all contracting activities, including processes for larger dollar value contracts (i.e. providing transaction authority for contracts greater than $10k) through a variety of mechanisms, such as (but not limited to) standing offers, supply arrangements, or contracts with former public servants. CMMD also conducts quality assurance through policy compliance activities for both pre- and post-contract awards.

The Resource Management Directorates (RMDs) provide integrated support in administrative, procurement, financial, and human resources services to PCH’s sectors and direct reports. The RMDs are tasked with directing and overseeing operational resource planning and practices for procurement activities and act on corporate business matters related to contracting and resourcing issues. The Department has decentralized some contracting activities where the RMDs have been delegated transaction authority for contracts under $10k, with the exception of those that involve a good or service where an existing standing offer or supply arrangement is in place. For all other contracting needs, the RMDs work directly with CMMD. The decentralization of low dollar value contracts offers efficiencies but can also introduce risk as the RMDs may have varying experience with, and understanding of, departmental contracting processes.

PCH Corporate Security, prior to awarding a service contract, must validate the security clearances for the company and each of the company’s identified resources. Only once confirmation of clearance has been received will a contract be issued. The validation is performed using the Security Requirements Check List (SRCL) that is a mandatory document to be completed for all services and construction contracts, as well as any goods contract that has a services component (e.g., furniture that requires installation).

Responsibility Centre Managers (RCMs) are PCH staff members who have been authorized to manage a budget on behalf of the Department. As such, RCMs are responsible for ensuring effective financial management for procurement activities, including ensuring funds are available prior to initiating a procurement process and certifying that goods/services have been received as expected prior to issuing payment.

Project Authorities (PAs) are the Department’s subject matter experts responsible for the project and are typically the individuals who will identify the original need for procurement and define project requirements. PAs typically work within a program or service area within the Department. In some instances, the PA and RCM may be the same individual. PAs are also responsible for managing the work under the contract and raising any supplier performance concerns if (and when) they arise. The RCMs and PAs are supported throughout the procurement process by CMMD and their respective RMDs.

Procurement activity at Canadian Heritage

The level of procurement undertaken by the Department somewhat varies from year-to year. These variations appear to depend upon the occurrence and nature of some special, non-recurring events (i.e. Royal visits, Commonwealth Games, Olympics and Paralympics, etc.). As demonstrated in the chart below, the Department has seen a decrease in procurement spending over the past five years with a high of $109 million in fiscal year 2016-2017 to $20.5 million in fiscal year 2020-2021. The high level of procurement activity in 2016-2017 was related to “Canada 150” events held across the country. The chart below also provides a breakdown of procurement between those undertaken through a contract and those through an acquisition card. While contracts represent any formal arrangement between a supplier and the Department, acquisition cards are a method of payment for procurement and are to be used for certain goods or services below $10k. The use of acquisition cards is governed by the TBS Directive on Payments and its Appendix B: Standard on Acquisition Card Payments. While acquisition cards provide an efficient means to purchase low-dollar value items, the use of them can introduce some unique risks as the processes involving their use differs from contracting processes, most notably the lack of requirement for a formal transaction authority.

Figure 1: Contracting dollar value and volume (5 year trend) – text version

Fiscal year	2016-2017	2017-2018	2018-2019	2019-2020	2020-2021
Number of contracts	5,038	1,803	1,522	1,300	767
Total Value ($)	107,004,658	37,490,989	31,103,676	20,566,092	19,008,269

Figure 2: Acquisition card dollar value and volume (5 year trend) – text version

Fiscal Year	2016-2017	2017-2018	2018-2019	2019-2020	2020-2021
Acquisition cards value($)	2,590,627	3,344,717	2,922,147	3,094,346	1,566,749
Acquisition cards volume	6,950	9,470	8,239	8,363	3,311

Finally, the mandate of the Department and its core responsibilities (i.e. promoting Canadian identity and values, cultural development, and heritage through arts and culture, sport, heritage and celebration, diversity and inclusion, and official and indigenous languages), requires that it engages in a relatively higher number of procurements that do not involve traditional competitive processes. In recent years, as per data analytics, these contracts tend to be smaller dollar value (e.g. engagement with artists/performers, amateur athletics, etc.). Nonetheless, the Department is frequently required to seek exceptions for non-competitive procurements prior to entering these contracts. Exceptions may be required when only one supplier can provide the good/service or when a competitive process would not align with industry expectations (e.g. booking a high-profile performer for Canada Day). While this does not necessarily suggest non-compliance with government contracting requirements, it can introduce risks related to the Department’s ability to demonstrate value for money.

2.0 About the audit

2.1 Project authority

The authority for this audit is derived from the Department of Canadian Heritage’s approved 2020-2021 to 2022-2023 Risk-Based Audit Plan, which was recommended by the Departmental Audit Committee and approved by the Deputy Minister in October 2020.

2.2 Objective and scope

The objective of this audit engagement was to assess the effectiveness of the procurement governance, risk management, and control processes, and to determine whether PCH practices related to contracting for goods and professional services are effective and in compliance with the government and departmental contracting policies, directives, and procedures. The scope of this audit covered the period from April 1, 2017 to the substantial completion of audit work.

The fieldwork for this audit was completed and findings shared with the client during the COVID-19 pandemic. With PCH staff working remotely, the audit program was developed and completed to reflect this operating environment. In addition, the pandemic had a significant impact on the client as CMMD was required to support the Department’s pandemic response as well as ongoing needs.

2.3 Approach and methodology

All audit work was conducted in accordance with the Treasury Board Policy and Directive on Internal Audit.

The audit methodology included the following key activities:

• review of documentation, guidelines, procedures, and relevant policy instruments and legislation;
• collection of data through interviews, survey questionnaires, and systems;
• walkthroughs and flowchart mapping of key controls and processes;
• review and testing of a sample of procurement files and acquisition cards transactions
• conduct of data analytics using established scripts for applicable criteria and fraud risks, and to support the sample of files to be tested.

As the audit was completed during the COVID-19 pandemic, the majority of the audit activities had to be completed remotely. The only exception was that some file testing was completed on site as some of these files were only available in hard copy.

3.0 Findings and recommendations

This section is broken down by the three lines of enquiry. Appendix A provides a summary of all findings and conclusions for each of the assessment criteria. Findings of lesser materiality, risk or impact have been communicated with the auditee either verbally or in management letters.

3.1 Governance

Finding 1:

No governance committee currently has a mandate to actively provide guidance and oversight over procurement activities.

What we expected

A governance framework, supported by sufficient and timely information, is required to ensure that priorities related to procurement are established, and that procurement plans, and activities are both effective, and remain aligned with senior management expectations. In addition, the TBS Directive on the Management of Procurement indicates that procurement management frameworks at the departmental level should include oversight, planning and reporting mechanisms and clearly defined roles, responsibilities, and accountabilities for the various governance committees involved. As such, the audit team expected to see a governance body in place that has a mandate and responsibility to set procurement-related priorities and provide active guidance and oversight of procurement plans and activities; moreover, that this body is provided with appropriate and sufficient information to fulfil this responsibility.

What we found

The audit team identified a gap in terms of the Department’s governance framework as it relates to procurement. Specifically, while the team’s work identified two (2) governance bodies that have some visibility to procurement as part of function, neither body is providing active guidance and oversight regarding the Department’s procurement plans and activities.

The Executive Committee (EXCOM) supports the Deputy Minister by providing overall governance and strategic direction related to policy, management, and resources. As the Department's senior decision-making committee, it approves, reviews, endorses, or modifies decisions or recommendations provided by a number of lower-level committees. However, the audit work indicated that information specific to departmental procurement plans or activities is rarely presented or discussed at EXCOM meetings.

The Finance, IT, and Human Resources (FITHR) is a level-2 committee defined by a Terms of Reference (ToR) that prescribes its responsibility for reviewing, endorsing, approving, and providing leadership on issues related to procurement processes and policies. It is also reports to EXCOM on significant matters. However, the audit team found that, in practice, regular reporting to FITHR on procurement matters is not occurring, nor is the committee actively requesting or discussing procurement information/data. It should be noted that the ToR for the FITHR Committee has not been updated since absorbing the Integration and Results Management Committee (IRMC) in 2020/2021.

Why it matters

The lack of any governance bodies providing active and effective guidance and oversight over Departmental procurement increases the likelihood of risks that could jeopardize the delivery of core Departmental functions or important initiatives. Specifically, a lack of authoritative oversight and direction increases the risk that procurement-related priorities are not clearly or consistently defined in a manner that reflects senior management expectations and objectives. In addition, without proper oversight, senior management may lack sufficient visibility to those higher-risk, sensitive, or complex procurements that carry an inherent reputational risk for the Department.

Recommendation

1. The Corporate Secretariat, in consultation with the Chief Financial Officer, should review the mandate and agenda of FITHR to ensure that processes related to procurement are established and that there is active and effective guidance, oversight, and leadership over procurement activities.

Finding 2:

Planning processes, and the allocation of procurement resources, are not driven by Departmental strategic allocation of resources or risk.

What we expected

Procurement needs must be planned and defined, and unplanned activities must be addressed in a timely manner based on a strategic allocation of resources. This is particularly important as PCH, like most federal Departments, faces challenges in adequately maintaining its procurement resource levels, as the demand for procurement specialists exceeds supply. As such, ensuring that a strategic direction is in place is critically important so that available resources can be allocated effectively.

As such, the audit team expected to see strategic direction from senior management for procurement that is established, regularly updated, and reflects Departmental risks and priorities, to support CMMD in establishing its own plans and resource commitments so it can successfully contribute to meeting those priorities. In addition, the team expected to see processes in place that enables effective planning and a strategic deployment of resources to best support meeting Departmental priorities in a timely and accurate fashion.

What we found

The audit team found that there is no regular process by which senior management reviews and provides strategic direction for procurement. While the departmental investment planning process does provide some insight in anticipated procurement requests, it does not provide sufficient direction for strategic planning purposes. In addition, strategic planning for procurement is also not regularly occurring at a sectoral or branch level and shared with CMMD, where any procurement needs are embedded into broader operational plans and processes that are specific to each sector/branch’s needs and environment. As such, CMMD has limited direction, and information available, to adequately plan its activities to best support departmental priorities.

In response to this lack of direction, CMMD has taken steps to obtain planning information from alternative sources. CMMD has recently established a new “portfolio approach” service delivery model where it is engaging early in the year with Sectors/Branches that are historically known to have high levels of procurement needs. While RCMs who have been involved with this new approach praised the increased level of communication with CMMD, this approach does not sufficiently provide information on procurement needs at a departmental-level and focuses on clients rather than on risk, complexity, or priorities.

In addition, the Integrated Business Plan (IBP) is a three-year rolling plan that sets out anticipated commitments for each Sector and is intended to be comprehensively reviewed and updated at the beginning of each fiscal year, and continuously updated monthly throughout the year. Annex B in the IBP is intended to include all anticipated procurement needs by the sector with a value greater than $10,000. CMMD receives and monitors these Annexes from the IBP for planning purposes. However, concerns were raised as to the value of the IBP to support procurement planning, as interviewees stated that some Sectors were not regularly updating the IBP throughout the year. In addition, the audit team found that there is a significant number of urgent or unplanned procurement requests from RCMs, which most likely would not be included in the IBP.

Procurement processes, in particular timelines, are not well understood by clients across the Department, potentially leading to a lack of active planning and identification of needs. The team found that users were somewhat dissatisfied overall with the timeliness of procurement activities through CMMD, as 41.98% of survey respondents either somewhat or strongly disagreed that the procurement process was sufficiently timely to meet their needs, while only 39.51% either strongly or somewhat agreed. This view was also validated by interviews who also noted that the process was much timelier for smaller dollar value contracts processed by their respective RMD. Still, those involved with the new “portfolio approach” service delivery model adopted by CMMD noted an improvement in timeliness. In addition, an analysis of procurement data indicated that the Department has a large volume of small dollar value contracts, potentially contributing to workload demand burden of CMMD and leading to less timely processes. For example, in 2019/2020:

• The average contract value was $17k;
• 948 contracts were processed below $10k;
• 270 contracts were processed between $10k and $40k; and
• 87 contracts were processed above $40k.

Notwithstanding, the audit team expected that operational planning processes are established to prioritize procurement requests based on risk, complexity, and alignment with Departmental priorities. The TBS Directive on the Management of Procurement states that the departmental procurement management frameworks should be commensurate to the value, risk, and complexity of the procurement undertaken. However, the audit team was not provided with evidence that PCH has been exploring available flexibilities this approach might offer (e.g. employing a more risk-based approach to existing thresholds, approvals, quality assurance reviews, etc.).

Why it matters

The lack of a strategic direction for procurement and insufficient planning processes presents a practical risk insofar as CMMD may be focusing its efforts on activities that are not aligned with senior management’s expectations. In addition, the volume of unplanned/urgent requests and low dollar value contracts administered through CMMD creates a risk that the Department’s contracting experts may be investing time into lower risk or value activities more strategic procurement in line with senior management expectations.

Recommendation

2. The Chief Financial Officer should establish a planning process that regularly consults with senior management and departmental users, ensuring that planned activities are supported by efficient and effective allocation of resources.

3.2 Management Control Framework

Finding 3:

Procurement processes are largely documented and adhered to, with some exceptions including information management to support decisions made.

What we expected

The Government of Canada has a responsibility to maintain the confidence of the vendor community and the Canadian public in the procurement system, by conducting procurement in an accountable, ethical, and transparent manner. Public servants must perform their duties so that public confidence and trust in the integrity, objectivity, and impartiality of government are conserved and enhanced. In addition, with some procurement activities being decentralized across the Department, it increases the risk that users may not have a consistent interpretation of departmental procurement processes, potentially leading to non-compliance with government policy and regulations.

As such, the audit team expected to see that procurement processes, including authorities and responsibilities, are established that align with government policy and are understood by staff. In addition, procurement activities are undertaken in a manner that reflects compliance with relevant government policies, directives, regulations, and departmental guidelines, including those related to the maintenance of records in support of decision-making and auditability.

What we found

The audit team found that most departmental procurement processes, including roles and responsibilities, and authorities are documented. However, some of these require updating. The Manager’s Guide to Procurement and the Contract Request Form (CRF) are the two key documents provided to users to support them through a procurement process. It is not clear when either of these documents have been updated to reflect current departmental practices and available tools. In addition, Treasury Board has recently rolled out new policies and directives related to procurement that are not fully reflected in these Departmental documents.

As part of the audit, the team also explored existing and possible emerging policies or orientations on equity, diversity and inclusion pertaining to procurement and noted that there are currently no defined regulatory frameworks by central agencies that could guide the practice. The team was informed that PSPC is currently working to include inclusion, diversity, diversity, and accessibility in policies related to procurement.

In terms of understanding procurement processes by staff, including requirements and authorities, the audit team found contrasting views. RCMs and representatives from RMDs generally believed they have a clear understanding of procurement processes. However, concerns were raised among these users related to the effectiveness of available guidance materials, with some noting that materials were outdated and/or difficult to locate. In contrast, representatives from CMMD believed that there is a general lack of understanding in procurement processes across the Department, citing common planning and compliance issues they had encountered from clients, as well as the CMMD’s inability to provide regular training to clients in recent years due to capacity limitations.

In terms of compliance, the team found that the majority of procurement activities were compliant with Government of Canada and Departmental requirements, with the exception of a few areas. Specifically, file testing indicated that out of 145 tested, a number of exceptions where expenditure initiation and commitment approval was either not documented (six contracts), not dated (nine contracts), unreadable (one contract), or provided by an individual who did not have delegated authority (two contracts). In addition, another seven contracts with amendments (out of 51 tested) that increased the value of the contact were either missing a documented expenditure initiation and commitment approval for the amendment, and/or the approval date. However, it should be noted that the new Delegation Authority Application module within the Department’s financial system automatically applied the date and name of the individual who provided the approval. As such, some of the compliance issues related to missing dates and unreadable names have been corrected with this system enhancement.

These findings are consistent with common compliance errors noted through Chief Financial Officer Branch’s Account Verification Reviews, which involve a review of department-wide transactions, including those related to procurement and the results are provided to the FITHR Committee on a quarterly basis. The most recent reports from 2020-21 indicated that the most common compliance errors identified were involving expenditure initiation and commitment authority either after the fact, or by an individual without delegated authority. As such, additional guidance and training to clients related to the application of this authority may be beneficial.

In addition, the audit team noted that PCH has established processes and guidance materials to develop sufficient evidence that demonstrates procurement decisions, including demonstrating that the Department is receiving value for money through its activities. These include documented procedures and templates to support clients with developing evaluation criteria and summarizing evaluation results during a competitive process. However, file testing indicated that only 63% of files of a competitive nature had established evaluation criteria, with only 53% demonstrating that all bids were fully evaluated against the criteria, and only 47% maintaining a summary of evaluation results that demonstrates that the winning bidder provides the best value. This observation is not intended to suggest that this evidence did not exist at contract awarding, only that it is not being maintained in the formal procurement files.

Why it Matters

Outdated guidance materials and a lack of effective communication to clients of current procurement processes and practices introduces a risk of inconsistent and/or non-compliant activities which can expose the Department to risk, including reputational risk. This situation can also contribute to an “over-reliance” on CMMD due to a lack of understanding of procurement-related expectations across PCH. In addition, not maintaining sufficient documentation to support procurement decisions, and demonstrate value for money, could lead to challenges in the Department’s ability to respond to scrutiny regarding compliance or the integrity of its procurement practices.

Recommendations

3. The Chief Financial Officer should regularly update and communicate guidance, procedures, templates, and training materials to adequately support departmental staff with procurement activities.
4. The Chief Financial Officer should ensure that the quality of supporting documentation and justification for procurement activities decisions is improved by implementing formal recordkeeping guidelines including maintaining documentation that supports demonstrating value for money.

Finding 4:

Comprehensive guidance materials do not exist for the administration, maintenance, and use of acquisition cards.

What we expected

Acquisition cards are the Department’s preferred procurement method for low dollar value items (i.e. under $10,000) due to efficiencies associated with these cards. As such, the volume of acquisition card purchases can be quite high across PCH. The table below presents the total number and value of acquisition card transactions from years within the scope of this audit.

Total number and value of acquisition card transactions

Fiscal year	2016-17	2017-18	2018-19	2019-20
Number of transactions	6,950	9,470	8,239	8,363
Total Value	$2,590,627	$3,344,717	$2,922,147	$3,094,346

Furthermore, acquisition card holders are decentralized across the Department with most residing within the RMDs who will make purchases on behalf of clients, or in some cases, clients themselves will be the card holder to make purchases directly. RCMs will identify to CFOB who should become an acquisition card holder based on considerations of need.

Given the widespread and decentralized use of acquisition cards, the audit team expected to see department-wide processes established that sets out expectations related to the administration, maintenance, and use of acquisition cards. Additionally, the team expected to find that acquisition card purchases complied with government and departmental requirements.

What we found

The audit team found gaps in documented processes related to acquisition cards. Specifically, there are very limited guidance materials available to support acquisition card holders, with the only notable document being the Acquisition Cardholder Acknowledgement Form. While this form sets out general expectations and eligible expenses, card holders are only expected to read and sign the form when the card is issued to them notwithstanding how long the card is held or whether requirements have been updated. The team also found that there are no documented processes associated with tracking, monitoring, and cancellation of acquisition cards. As such, it is unclear who is responsible for these activities or if these activities are being effectively undertaken.

In terms of compliance, similar to file testing involving contract files, the audit team found exceptions and inconsistencies related to applying expenditure initiation and commitment authority and maintaining supporting documentation. Specifically, out of the 148 files tested, expenditure initiation and commitment authority was provided by an individual without delegated authority for seven (7) transactions, was not provided or unreadable for 17 transactions, and was provided after the purchase was made for nine (9) transactions. In addition, inconsistencies were noted regarding the management of information related to acquisition card transactions across the RMDs, resulting in four files (out of 148) that could not be obtained for review, as files had either been lost or destroyed.

Why it Matters

The lack of comprehensive processes and guidance materials related to acquisition cards increases the risk that cardholders may not comply with requirements and restrictions (i.e. exceeding threshold limits, purchasing ineligible items, etc.). This risk is increased given that the audit identified a gap in terms of monitoring acquisition card usage. In addition, there is a risk of negative operational implications in cases where staff do not understand key acquisition card administration practices (such as issuance, tracking, and cancellation) or where enquiries may be directed.

Recommendation

5. The Chief Financial Officer should reinforce practices related to the use of acquisition cards by:
   1. Implementing a clear and consistent approach to the application of delegated authorities;
   2. Regularly seeking cardholder’s adherence to the departmental restrictions and obligations;
   3. Enhancing the monitoring process to detect systemic issues and implement corrective measures;
   4. Implementing formal recordkeeping guidelines including maintaining documentation and justification for acquisition cards transactions; and,
   5. Including a process for the cancellation of inactive cards.

Finding 5:

Procurement-specific quality assurance activities are not clearly documented or risk-based in nature, and results are not shared with users.

What we expected

As discussed earlier, the decentralized nature of some procurement activities within the Department presents a risk that users may not have a consistent understanding of expectations, potentially leading to instances of non-compliance with Government of Canada and Departmental requirements. A quality assurance program is required to ensure that procurement activities are undertaken in a compliant manner, and so that instances of non-compliance are identified, and proper steps are taken to rectify the areas of concern.

As such, the audit team expected to see a documented quality assurance program in place that focuses on higher-risk procurement activities to detect and correct areas of non-compliance. In addition, it was expected that results of these quality assurance activities would be shared with users as a means to make them aware of, and correct, non-compliant behaviour.

What we found

The team found that there are several examples of quality assurance activities undertaken on procurement activities within the Department. However, weaknesses in these quality assurance activities were identified in terms of them either not being clearly documented, risk-based, or effective in terms of leading to the correction of compliance issues.

As noted, CFOB undertakes a quarterly Account Verification Review of a sample of transactions across the Department, including some involving contracts and acquisition cards. CFOB employs a risk-based methodology to select the samples within this review. However, the results of the review, as presented to the FITHR Committee, are aggregated across all transactions reviewed. As such, there are no procurement-specific results provided. In addition, these results are not provided to CMMD for review, nor with departmental users for follow-up or to correct compliance issues.

CMMD also undertakes procurement-specific quality assurance activities. Specifically, it has assembled a quality assurance review (QAR) team to undertake a review of compliance for complex or higher value contracts prior to solicitation or contract award. In addition, it has established criteria for procurements that must be reviewed by the QAR team based on the estimated dollar value of the contract, the procurement process to be used (i.e. sole source, competitive), the mechanism to be used (i.e. via supply arrangement, standing offer), and the nature of the procurement (i.e. goods, services, artist contracts). Contracts that meet these criteria must receive a formal approval from the QAR team prior going to solicitation (where a competitive process is being used) or being awarded (where a sole source contract is being awarded). This review is undertaken to ensure all necessary solicitation and contract documentation include the appropriate provisions and clauses, and that necessary processes and contracting mechanisms are being followed. CMMD has also established a list of areas each review should include as well as an approval template. However, it is not clear what is the basis for the criteria that has been established to determine which procurements are reviewed by the QAR team.

In addition, CMMD conducts a post-award quality assurance review of all issued contracts for compliance. Results from this review are shared with the respective RMD directors for information purposes. However, there is no follow-up by CMMD or expectation for the RMDs to respond to identified compliance issues (i.e. how these will be resolved moving forward). In addition, the post-award quality assurance processes used to undertake this review have not been formally documented, nor has any guidance materials been developed to support the review.

Why it Matters

While a number of quality assurance processes are in place, the lack of either sharing or following up on results from these processes with users presents a risk that non-compliance and process weaknesses are not being corrected or addressed. In addition, the absence of a fully risk-based approach to CMMD’s quality assurance activities (i.e. focused on complex files or known compliance exposures) can have a negative impact on workloads due to the sheer volume of procurement activities being reviewed. CMMD has limited resources and undertaking quality assurance reviews on lower-risk files may be pulling them away higher-value or time sensitive procurement activities.

Recommendation

6. The Chief Financial Officer should reinforce the monitoring and oversight over procurement activities by regularly updating the Quality Assurance Review processes for adequacy and implementing a formal risk-based post review quality assurance process to detect and correct areas of non-compliance related to procurement.

3.3 Monitoring and Reporting

Finding 6:

Existing service standards do not provide an accurate depiction of the effectiveness of the process and are not utilized for decision-making purposes.

What we expected

It is important that organizations have a performance measurement strategy and framework to set critical success factors and identify the key performance indicators and expected results used to evaluate the effectiveness and efficiency of their internal services, and support decision-making. In the case of procurement, performance indicators are needed to assess the timeliness and accuracy of activities, usually done by establishing and reporting against service standards.

As such, the audit team expected to see established service standards that provides sufficient performance information on the effectiveness of the procurement process. It would be expected that these service standards would have been established based on industry standards or best practices. In addition, that performance information is being collected, maintained, and used to assess effectiveness, identify areas of improvement, and support decision-making across the Department.

What we found

The team found that service standards have been established by CMMD and are presented in the Manager’s Guide to Procurement as well as posted on the CMMD Intranet page. However, it was also noted that there are limitations with these service standards, as they do not incorporate all aspects of the procurement process. Specifically, these service standards do not reflect the responsibilities of the RMDs and Security. In addition, the audit team was unable to obtain information on the methodology used to establish the service standards, and hence was not able to evaluate its adequacy or the effectiveness of the procurement process.

CMMD had previously developed Monthly Review Reports to track performance and contracts undertaken, and included flagged issues resulting from the post-award quality assurance review. These reports were used to populate “dashboards,” which presented information on activities carried out by CMMD, including performance against service standards. However, the practice of preparing these dashboards ceased in the third quarter of 2019-2020. CMMD has continued to develop informal Monthly Review Reports to track performance internally. However, results are not being shared with any other governance committees (i.e. EXCOM, FITHR) for decision-making purposes.

The audit team also observed that the wide distribution of procurement responsibilities across various stakeholder groups (i.e. CMMD, RMDs, RCMs, Security, etc.) poses some inherent challenges to establishing meaningful service standards and timely collection of relevant performance information. Specifically, service standards and performance reporting will need to consider that stakeholders have varying levels of understanding and familiarity with procurement processes and requirements.

Why it Matters

A lack of timely performance information related to departmental procurement activities significantly compromises PCH’s ability to both monitor and evaluate the effectiveness and efficiency of its procurement processes and to support decision-making. Further, it hinders the Department’s ability to identify, and correct, issues within the procurement process that are causing inefficiencies, which would support better planning and improved services. Additionally, performance information should be used to review and update service standards to ensure they are adequate for the Department and its operating environment.

Recommendation

7. The Chief Financial Officer should revise the service standards so they can be more comprehensive and include all aspects involved in completing the procurement process. Additionally, the process of collecting and measuring the procurement performance information should be formalized, which can be leveraged for enhancing performances and decision making.

4.0 Conclusion

The objective of this audit engagement was to assess the effectiveness of the procurement governance, risk management, and control processes, and to determine whether PCH practices related to contracting for goods and professional services are effective and in compliance with the government and departmental contracting policies, directives, and procedures.

The fieldwork for this audit was completed and findings shared with the client during the COVID-19 pandemic. With PCH staff working remotely, the audit program was developed and completed to reflect this operating environment. In addition, the pandemic had a significant impact on the client as CMMD was required to support the Department’s pandemic response as well as ongoing needs.

Based on the audit findings, the Department of Canadian Heritage has overall established a framework of governance, processes, activities and supports intended to promote both the effective management of procurement across the Department and compliance with relevant policies, directives, and procedures. While improvements to the framework were evident, several gaps and weaknesses remain. These gaps and weaknesses are contributing to persistent challenges in the Department’s ability to continuously support the level of effective, timely and efficient procurement necessary to ensure delivery of the Department’s operational and strategic objectives. Key opportunities for improvement were identified and detailed by the audit to support the procurement function with regards to:

• active and effective guidance, oversight, and leadership over procurement activities;
• effective planning and a strategic deployment of resources; and
• a quality assurance program to ensure that procurement activities are undertaken in a compliant manner.

It should also be noted that the audit was unable to assess the efficiency of the process, as there was a lack of available information or data to demonstrate the timeliness of procurement activities.

Appendix A — Assessment scale, results summary and recommendations

The conclusions reached for each of the criteria used in the assessment were developed according to the following definitions.

Assessment scale

Conclusion	Definition
Well controlled	Well managed, no material weaknesses noted; and effective.
Controlled	Well managed and effective. Minor improvements are needed.
Moderate issues	Requires management focus (at least one of the following criteria are met): Control weaknesses, but exposure is limited because likelihood of risk occurring is not high. Control weaknesses, but exposure is limited because impact of the risk is not high.
Significant improvements required	Requires immediate management focus: At least one of the following three criteria are met: Financial adjustments material to line item or area or to the Department. Control deficiencies represent serious exposure. Major deficiencies in overall control structure.

Results summary and recommendations

Audit criteria	Results summary	Recommendations
1.2 Oversight Governance bodies are in place in support of the oversight of departmental procurement plans and activities and are provided with sufficient data/ information on procurement activities	No governance committee within the Department has a mandate to actively provide guidance and oversight over procurement activities. While the FITHR committee does Have a role in overseeing procurement policies and procedures, it is rarely discussed. (Moderate issues)	1. The Corporate Secretariat, in consultation with the Chief Financial Officer, should review the mandate and agenda of FTHR to ensure that processes related to procurement are established and that there is active and effective guidance, oversight, and leadership over procurement activities.
1.1 Strategic direction A strategic direction for procurement across the Department is established, regularly updated, and reflects key departmental priorities (including) arts and culture, sport, heritage and celebration, diversity and inclusion, and official and indigenous languages).	A strategic direction for procurement across the department has not been established. While the departmental investment planning processes does provide some insight in anticipated procurement requests, it does not provide sufficient direction for strategic planning purposes. (Moderate issues)	2. The Chief Financial Officer should establish a planning process that regularly consults with senior management and departmental users, ensuring that planned activities are supported by efficient and effective allocation of resources.
1.4 Procurement needs Procurement needs are integrated into departmental plans in a manner that supports timely acquisitions and well-defined needs.	The lack of regular updating of the IBP and the number of urgent/unplanned requests limits CMMD's ability to leverage the IBP to support its own planning, and there is no other mechanisms available to support them with planning. (Moderate issues)
1.5 HR plan for procurement CCMD has a human resources plan, aligned with corporate priorities and business planning. It aims to identify, attract and retain sufficient qualified human resources, as well as a representative workforce.	While facing challenges associated with obtaining and retaining personnel, CMMD has an HR plan aimed to actively monitor, maintain and improve its capacity internally. The plan, however, does lack evidence supporting alignment with corporate needs identified in the business plan. (Controlled)
1.6 Resources deployment Procurement processes and roles and responsibilities are designed, and resources deployed, in a manner that enables agility, delivers client-centered services, and enables high productivity and performance.	There is a lack of timely and risk-based procurement processes to reinforce CMMD's ability to adequately support departmental operations and objectives. (Controlled)
1.3 Procurement processes and authorities Procurement processes and authorities are established and maintained in accordance with government policies and support consistent execution across the Department.	Procurement processes, including roles and responsibilities, and authorities are largely documented, and comply with relevant government policies. Although in some instances requires updating. (Controlled)	3. The Chief Financial Officer should Regularly update and communicate guidance, procedures, templates, and training materials to adequately support departmental staff with Procurement activities. 4. The Chief Financial Officer should ensure that the quality of supporting documentation and justification for procurement activities decisions is improved by implementing formal recordkeeping guidelines including maintaining documentation that supports demonstrating value for money. 5. The Chief Financial Officer should reinforce practices related to the use of acquisition cards by: Implementing a clear and consistent approach to the application of delegated authorities; Regularly seeking cardholder’s adherence to the departmental restrictions and obligations; Enhancing the monitoring process to detect systemic issues and implement corrective measures; Implementing formal recordkeeping guidelines including maintaining documentation and justification for acquisition cards transactions; and, Including a process for the cancellation of inactive cards.
2.1 Compliance with government policies and departmental guidelines Procurement activities are undertaken in a manner compliant with government policy and departmental guidelines.	Overall, majority of the procurement activities were noted to be in compliance with the requirements set, but the expenditure approval and management of the information are the areas that require attention, consistency, training, etc. (Controlled)
2.5 Documenting procurement decisions Processes are established and consistently followed to ensure sufficient evidence is maintained to demonstrate that the Department is receiving value for money through its procurement activities.	Processes are established to ensure sufficient evidence is maintained to demonstrate that the department is receiving value for money through its procurement activities but are not being consistently followed. (Moderate issues)
2.6 Contracts amendments Contract changes requiring amendments have sufficient justification for the change documented and have received appropriate approvals.	Sufficient justifications are generally provided for contracts changes requiring amendments. There is an opportunity to consistently record appropriate approval and other required document. (Controlled)
2.2 Quality assurance program A risk-based quality assurance program is in place to detect and correct areas of non-compliance related to procurement.	CMMD has established a number of review process on procurement activities. The post-award quality assurance processes have not been formally documented, nor has any guidance materials been developed to support the review undertaken by CMMD and there isn't any on-going monitoring of review results to correct non-compliance issues. (Controlled)	6. The Chief Financial Officer should reinforce the monitoring and oversight over procurement activities by regularly updating the Quality Assurance Review processes for adequacy and implementing a formal risk-based post review quality assurance process to detect and correct areas of non-compliance related to procurement.
2.3 Disclosure of potential Conflict of Interest Departmental staff with procurement responsibilities disclose potential conflicts of interest prior to their involvement in a bid evaluation, and on a regular ongoing basis.	Departmental staff with procurement responsibilities disclose potential conflict of interest at the beginning of their involvement in a bid evaluation. However, there is no formal process to identify and disclose potential conflicts of interests that may arise during the employment of a procurement agent or other staff members involved in a bid evaluation or any other step of the procurement process. (Controlled)	None
2.4 Former public servant disclosures Former public servant disclosures are completed and provided by suppliers prior to contract award and are justified and approved by departmental contracting personnel.	The requirement to disclose Former Public Servants (FPS) involved in a procurement process has been well communicated and is well understood within the Department. While this requirement is completed by suppliers with the support of RMDs, CMMD ensures contracts including FPS are processed after the Minister's approval. (Well controlled)
3.1 Performance of suppliers Processes and supports (i.e. guidelines, tools, templates, etc.) have been established to monitor and report on the ongoing performance of suppliers.	As per PCH's Managers Guide of Procurement, monitoring the supplier’s performance is solely a responsibility of the project authority (PA’s). However, there is no guidance or direction provided to PA's on how to perform and document those evaluations. (Controlled)	None
3.2 Dispute resolution and/or escalation processes Dispute resolution and/or escalation processes have been established to address any disagreements or issues regarding a supplier not fulfilling the requirements of a contract or underperforming.	While departmental guidance and training materials state that it is the Contracting Authority’s responsibility to initiate dispute resolution, and that CMMD should be informed as soon as any issues with performance have been noted, there is no formal process in place at PCH for the resolution of contract related disputes. (Controlled)
3.3 Performance information on procurement activities Performance information on procurement activities is collected, maintained, and used to assess effectiveness, identify improvements, and support decision-making across the department.	Service standards are established and communicated by CMMD. However, those standards are not updated and do not cover all aspect of the process (i.e. Security). The information is informally collected and is not utilized for any decision makings or fed into any other report(s) or presented to any PCH Governance committee. (Moderate issues)	7. The Chief Financial Officer should revise the service standards so they can be more comprehensive and include all aspects involved in completing the procurement process. Additionally, the process of collecting and measuring the procurement performance information should be formalized, which can be leveraged for enhancing performances and decision making.

Appendix B — Management Action Plan

Recommendations	Management assessment and actions	Responsibility	Target date
Governance
1. The Corporate Secretariat, in consultation with the Chief Financial Officer, should review the mandate and agenda of FITHR to ensure that processes related to procurement are established and that there is active and effective guidance, oversight, and leadership over procurement activities.	The CFO agrees with the recommendation. Director of CMMD to be invited to FITHR on a quarterly basis to discuss the Integrated Business Plan (IBP), status of files based on Ministerial priorities, and current Service Level Standards (SLS).	CFO	Q3 2022-2023
	Terms of Reference for FITHR will be modified to include oversight of procurement activities. Procurement update will be provided to FITHR on a quarterly basis.	Corporate Secretary	Q3 2022-2023
2. The Chief Financial Officer should establish a planning process that regularly consults with senior management and departmental users, ensuring that planned activities are supported by efficient and effective allocation of resources.	The CFO agrees with the recommendation. The procurement Integrated Business Plan (IBP) to be sent to stakeholders to populate on a bi-monthly basis (every two months).	Director Contracting and Materiel Management	Ongoing Completed
	IBPs to be hosted on the CMMD SharePoint site, where stakeholders will have ongoing access to make additions and modification in ‘real time’.		Ongoing completed
	Team Leads within CMMD to establish recurring meetings with RMDs and clients with the purpose increasing communication with regards to procurement project status, prioritization, upcoming requirements, expiring contracts, methods of supply, resourcing etc.		Ongoing
	Include IBP information in CFO monthly highlight report.		Q3 2022-2023
	Director of CMMD to be invited to ExCom on an ad-hoc basis (but at minimum twice a year) to present a current state assessment of procurement activities.		Q1 2023-2024
Management Control Framework
3. The Chief Financial Officer should regularly update and communicate guidance, procedures, templates and training materials to adequately support departmental staff with procurement activities.	The CFO agrees with the recommendation. Guides, procedures, templates are being updated on an ongoing basis. The Strategic Planning Group within CMMD will develop and implement the following: Procurement Training materiel for client groups, RMD employees and CMMD staff. Training to be provided on a quarterly and ad-hoc basis.	Director Contracting and Materiel Management	Q4 2021-2022 and Ongoing
	Review and update all existing procurement templates (including internal) on a yearly basis or on an ‘as and when required basis.		Completed and Ongoing -Evergreen
	Document internal CMMD procedures.		Completed and Ongoing - Evergreen
4. The Chief Financial Officer should ensure that the quality of supporting documentation and justification for procurement activities decisions is improved by implementing formal recordkeeping guidelines. including maintaining documentation that supports demonstrating value for money.	The CFO agrees with the recommendation. Documenting and implementing a two phased (contracting & systems) pre and post award QAR procedure within CMMD. Segregating these duties between the operations and strategic planning groups within CMMD, to ensure compliance with policies, procedures and that all required documentation is easily accessible (record keeping). * See Management action in number 6	Director Contracting and Materiel Management	Q2 2023-2024
	Competitive Solicitations and the methods of supply selected ensure that value for money proposition is considered and safeguards adherence to the policies in place. In instances where sole source agreements are issued, all files include the required sole source justification form, and supporting narrative and/or documentation.		Ongoing
5. The Chief Financial Officer should reinforce practices related to the use of acquisition cards by: a. Implementing a clear and consistent approach to the application of delegated authorities;	The CFO agrees with the recommendation a. Completed - Controls surrounding the application of delegated authorities were documented as part of the acquisition card business process and shared with RMDs/cardholders. In addition, Financial Signing Authorities instrument and notes were revised to include guidance on the application of delegated authorities.	Director, Accounting Operations and Financial Policies	a. Q2 2021-2022
b. Regularly seeking cardholder’s adherence to the departmental restrictions and obligations;	b. Cardholders’ mandatory adherence to departmental restrictions and obligations will be communicated on annual basis via a formal communication to each cardholder / RMD.		b. Q1 2023-2024
c. Enhancing the monitoring process to detect systemic issues and implement corrective measures;	c. Completed – Enhance the account verification strategy by using a data analytics-based approach rather than a statistical sampling approach in order to focus on higher risk transactions and recurring errors and implement corrective measures.		c. Q1 2020-2021
d. Implementing formal recordkeeping guidelines including maintaining documentation and justification for acquisition cards transactions; and,	d. Completed - Electronic record-keeping within SAP and requirements for maintaining documents for acquisition card transactions have been documented as part of the acquisition card business process and shared with RMDs/cardholders (Sept. 2021). Procedures and on-demand training are made available by the STAR help desk to all cardholders.		d. Q2 2021-2022
e. Including a process for the cancellation of inactive cards.	e. A formalized process will be developed by CFOB to review inactive cards on a bi-annual basis in order to determine if the card should be cancelled.		e. Q3 2022-2023
6. The Chief Financial Officer should reinforce the monitoring and oversight over procurement activities by regularly updating the Quality Assurance Review processes for adequacy and implementing a formal risk-based post review quality assurance process to detect and correct areas of non-compliance related to procurement.	The CFO agrees with the recommendation. Documenting and implementing a two phased (contracting & systems) pre and post award QAR procedure within CMMD. Segregating these duties between the operations and strategic planning groups within CMMD, to ensure compliance with policies, procedures and that all required documentation is easily accessible (record keeping).	Director Contracting and Materiel Management	Q2 2023-2024
	Conduct a review of the overarching Procurement Quality Assurance process within CFOB. With emphasis on post -award verification activities, ensuring they are well documented and tying non-compliance to mandatory training, adding value, and improving procurement practices and operations.	Director Contracting and Materiel Management & Director, Accounting Operations and Financial Policies	Q3 2023-2024
	In instances of non-compliance, a formal escalation process is documented in the Account Verification Strategy that defines the steps leading to the revocation of delegated financial authorities. The CFO has authority to remove delegation when recurring and significant instances of non-compliance are observed.		Implemented
Monitoring and Reporting
7. The Chief Financial Officer should revise the service standards so they can be more comprehensive and include all aspects involved in completing the procurement process. Additionally, the process of collecting and measuring the procurement performance information should be formalized, which can be leveraged for enhancing performances and decision making.	The CFO agrees with the recommendation. Development and implementation of a Procurement Dashboard with the purpose of providing stakeholders procurement project oversight, tracking cradle to grave procurement process (step by step) service level standards against all requirements and enhance reporting capabilities.	Director Contracting and Materiel Management	Q1 2023-2024
	Review of current and development of new CMMD Service Level Standards.		Q4 2023-2024

©His Majesty the King in Right of Canada, as represented by the Minister of Canadian Heritage, 2022
Catalogue Number: CH6-6/2022E-PDF
ISBN: 978-0-660-45831-1