Audit of NATO Operational Support Authorities
January 2025
1259-3-0099 (ADM(RS))
Reviewed by ADM(RS) in accordance with the Access to Information Act (AIA). Information withheld in accordance with the AIA under section 15(1).
Table of Contents
Alternate Formats
Assistant Deputy Minister (Review Services)
Key Findings and Risks | Recommendations |
---|---|
Finding 1: NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance. |
Recommendation 1: The CAF should continue to define and finalize standard operating procedures (SOP) and update its Canadian Joint Operations Command (CJOC) J4 Contracts SharePoint to support a complete audit trail, allowing effective verification, tracking and reporting in compliance with legislation, TB policy and directives, and departmental guidance. |
Finding 2: Ninety-four percent of the transactions were recorded accurately in the departmental system of record. |
|
Finding 3: The Department of National Defence (DND) and the Canadian Armed Forces (CAF) have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete. |
Table 1 Summary
Background
The MND’s contracting authority stems from laws, regulations and policies. Key acts include the National Defence Act and the Financial Administration Act (FAA), which outline responsibilities for financial management.
TB sets delegation policies, ensuring consistency with government standards. PSPC manages the procurement and provision of goods, services and construction for federal departments, including defence projects.
Currently, the MND can authorize contracts (FAA Section 41) not exceeding $375,000 for goods or services for non-competitive procurement. TB has provided an exceptional authority to DND to acquire logistic support, supplies and services from NATO agencies to a total of | | | | | | | | | | | | per mission, including amendments.
The intention of this exceptional authority is to enable the CAF to leverage NATO agency-contracted solutions for logistics support, supplies and services during combined exercises, training, deployment, operations and other cooperative efforts. These may complement CAF support structures or DND/PSPC-contracted solutions. These transactions are all considered sole source per Government of Canada contract regulations.
The Defence Resource Management Information System (DRMIS) and other related systems are being modernized to support procurement transactions and departmental governance. As a result, the CAF must implement manual controls, track transactions outside systems of record and send information to headquarters for input.
The exceptional contracting authority for NATO agencies was first used in FY 2023/24 for the purchase of services, following sub-delegation of authority by the MND in June 2022.Footnote 1 At the time of the audit, sub-delegation for goods was outstanding.Footnote 2
Key Findings
Finding 1: NATO agency-related transactions were executed in compliance with legislation, Treasury Board policy and directives, and departmental guidance.
Contracting files need to be accurately recorded and complete to provide transparency over compliance with requirements and to support internal and external reporting. Reliable and complete records ensure that DND and the CAF can meet mandatory contract reporting requirements.
NATO agency-related transactions were generally executed in compliance with departmental policies and guidelines. Controls were in place, and documentation supported compliance with legislation (79 percent), TB policy and directives (88 percent) and departmental guidance (86 percent) on all files, with noted improvement as use increased. Further details on NATO contracts and transaction compliance can be found in Annex C.
Legislative Compliance: Certification authority (Section 34) accounted for most legislative non-compliance as invoices could not be located on SharePoint. All NATO agency-related contracting files on SharePoint were reviewed as part of this audit. Payment authority (Section 33) is completed outside of CJOC J4 and is not included in testing results.
TB Policy and Directive Compliance: TB policy and directives are designed with regular operations in mind. Some requirements may not fit the context of the exceptional contracting authorities.
Departmental Compliance: The Department has added rules on contracting in general, as well as for the purposes of exceptional contractual arrangements. Adherence to these requirements should be considered in context and justified accordingly. For example, concept of operations is an internal procedure that could be combined with requirement identification.
The operations have not exceeded the approved limit of | | | | | | | | | | | | per mission. Current forecasts per mission also do not exceed this limit, as presented in Annex D.
The exceptional contracting limit was used for the pre-determined types of services.Footnote 3 As shown in Finding 2, the internal order for tracking transactions under the exceptional contractual arrangements was incorrectly used twice for unrelated purchases.
A review of all NATO agency-related contracts and transactions in FY 2023/24 determined that other formal contracting solutions had been exhausted prior to exercising this authority for the purchase of services by submitting a sole source justification or by completing an options analysis.
Vendor conflict of interest was not assessed during the compliance file review as conflicts of interest are managed by NATO based on privacy and commercial competition rules. NATO financial regulations, rules and procedures outline the controls to manage conflicts of interest in its procurement processes.
Finding 2: Ninety-four percent of the transactions were recorded accurately in the departmental system of record.
In FY 2023/24, 32 transactions totaling | | | | | | | | | | | | | were recorded in DRMIS under NATO internal orders. Accurate tracking is vital for transparency and reporting (Annex D). Of these, 30 transactions totaling | | | | | | | | | | | | | were related to NATO agencies, and two totaling | | | | | | | | | were miscoded but remain uncorrected due to fiscal year-end constraints.
DRMIS currently lacks automated controls to prevent incorrect use of internal orders. The planned implementation of DEFENCEx could prevent inappropriate internal order use.
Finding 3: The Department of National Defence and the Canadian Armed Forces have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete.
The audit found that while DRMIS entries were accurate, SharePoint data did not align, complicating reconciliation. Access to financial details was challenging, highlighting the need for manual data verification.
Manual controls are essential for data accuracy and completeness, especially with limited access to financial systems during operations. Digitalization could improve error prevention and access.
NATO and DND/CAF accountabilities for transactions are outlined in the procurement process map, a tool for tracking use of the exceptional contractual authority.
There are no set SOPs for file management, leading to a reliance on technical authorities for documentation and on headquarters to follow up on missing files. A checklist exists but is unused. Implementing clear procedures for file storage would reduce missing documents and improve operational continuity.
ADM(RS) Recommendation
Management Response:
CJOC and ADM(Mat) management agree with the recommendation.
Conclusion
NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance. Internal controls over financial management and contracting requirements were established and generally followed. NATO agency-related transactions within the financial system of record, DRMIS, were recorded accurately. PSPC and TBS reporting requirements will be fulfilled later this year.
To improve the accuracy and completeness of contracting data and financial information, key stakeholders should continue to define and finalize SOPs and update SharePoint to ensure a complete audit trail in compliance with legislation, TB policy and directives, and departmental guidance.
Oversight and monitoring will need to continue improving compliance related to legislation, while SOPs could enable context to determine the requirement to follow departmental guidance.
Annex A: Management Action Plan
ADM(RS) Recommendation
Management Action
CJOC strives to adopt best practices, and it values the benefits of standardizing procedures to increase organizational effectiveness and efficiency.
Deliverable
CJOC will issue a well-defined SOP, publish it on the CJOC J4 Contracts SharePoint site and promulgate the published link to appropriate stakeholders through appropriate means.
Timeline
The final version will be published on SharePoint by the end of October 2024.
Annex B: About the Engagement
This engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program.
Objective
The objective was to assess whether transactions with NATO agencies, entered into by use of the exceptional contracting limit, were executed in compliance with applicable departmental policies and guidance and reported annually to TBS.
Scope and Approach
The scope reviewed all 32 NATO agency-related transactions under six contracts totaling nearly | | | | | | | | | | | | over FY 2023/24. The audit engagement methodology included interviews, file testing, data analysis, documentation review and process mapping. This audit reviewed files on three missions (Operations (Op) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |).
Annex C: Summary of NATO Agency-related Contracts Assessment
Op | | | | | | (NCIA)Footnote 4 January 2023 |
Op | | | | | | | | | | | (MLSP)Footnote 5 March 2023 |
Op | | | | | | (OLSP)Footnote 6 April 2023 |
Op | | | | | | (OLSP) August 2023 |
Op | | | | | | | | | | | (OLSP) | | | | | | | | | November 2024 |
Op | | | | | | | | | | | (OLSP) | | | | | | | | | | | | | | | | | | | November 2024 |
|
---|---|---|---|---|---|---|
Legal Requirements |
||||||
Expenditure Initiation Authority (FAA s.32) |
☑ |
☑ |
Missing Responsibility Centre signature |
1 DoA not in DRMIS |
☑ |
☑ |
Contracting Authority (FAA s.41) |
☑ |
☑ |
☑ |
1 DoA not in DRMIS |
N/A |
N/A |
Certification Authority (FAA s.34) |
☑ |
☒ |
☒ |
☒ |
N/A |
N/A |
Legal Compliance |
100% (3/3) |
67% (2/3) |
67% (2/3) |
67% (2/3) |
100% (1/1) |
100% (1/1) |
TB Policy and Directives Requirements |
||||||
Type of Services (NSPA Policy) |
☑ |
☑ |
☑ |
☑ |
☑ |
☑ |
Tasking Letter (NSPA Policy) |
☒ |
Not required |
☑ |
☑ |
N/A |
N/A |
Statement of Requirements Directive on the Management of Procurement |
☒ |
Not required |
Not signed |
☑ |
☑ |
☑ |
Options Analysis Directive on the Management of Procurement |
☑ |
☑ |
☒ |
☒ |
☑ |
☑ |
Risk Assessment Directive on the Management of Procurement and Procurement Administration Manual |
☑ |
☑ |
☑ |
☑ |
N/A |
N/A |
Statement of Work Directive on the Management of Procurement |
After signed contract |
Not required |
☑ |
☑ |
N/A |
N/A |
Contract (Price Acceptance Request or Sales Agreement) |
☑ |
☑ |
☑ |
☑ |
N/A |
N/A |
Sole Source Justification Directive on the Management of Procurement and Government of Canada Contracting Policy Notice |
Not signed |
Not required |
☑ |
☑ |
N/A |
N/A |
Invoices Directive on the Management of Procurement |
☑ |
Not complete |
Not complete |
☒ |
N/A |
N/A |
Correspondence Directive on the Management of Procurement |
☑ |
Not complete |
Not complete |
Not complete |
N/A |
N/A |
TB Policy and Directives Compliance |
80% (8/10) |
100% (6/6) |
90% (9/10) |
8/10 (80%) |
100% (3/3) |
100% (3/3) |
Departmental Requirements |
||||||
Requirement Identification Procurement Administration Manual |
☑ |
☑ |
☑ |
☑ |
☑ |
☑ |
Concept of Operations CJOC Internal Procedures |
☒ |
Not required |
☒ |
☒ |
☑ |
☑ |
Procurement Plan Procurement Administration Manual |
Not shared with ADM(Mat) |
☑ |
Not shared with ADM(Mat) |
☑ |
☑ |
☑ |
Financials - DRMIS Data vs. Contracting Files Contracts Reconciliation |
☑ |
Not complete |
Not complete |
Not complete |
N/A |
N/A |
Departmental Requirements Compliance |
75% (3/4) |
100% (3/3) |
75% (3/4) |
75% (3/4) |
100% (3/3) |
100% (3/3) |
Overall Compliance |
82% (14/17)
|
92% (11/12)
|
82% (14/17)
|
76% (13/17)
|
100% (7/7)
|
100% (7/7)
|
Note: DoA refers to “delegation of authority” and NSPA to “NATO Support and Procurement Agency.” Legend
|
Table C-1 Summary
Annex D: Financial Information by Internal Order
Operation |
Type of Service |
Internal Order |
Commitments ($) |
Actuals ($) |
---|---|---|---|---|
Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | |
| | | | | | | |
| |
| | | | | | | | | | | | |
Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | |
| | | | | | | |
| |
| | | | | | | | |
Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | |
| | | | | | | |
| |
| |
Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | |
|
| |
| |
Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | |
|
| |
| |
Op | | | | | | | | | | | | | |
| | | | | | | |
| | | | | | | |
| |
| | | | | | |
Op | | | | | | | | | | | | | |
| | | | | | | | |
| | | | | | | |
| |
| | | | | | | | |
Op | | | | | | | | | | | | | |
| | | | | | | | | |
| | | | | | | |
| | | | | | | | | | | | |
*| | | | | | | | |
| | | | | |
|
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
*Op | | | | | | actuals were coded against the wrong internal order. DND has developed a method to capture NATO agency-related expenditures and produce mandated reports through internal orders based on DRMIS data. Internal orders are used to monitor costs and revenues associated with specific tasks. They provide capabilities for planning, monitoring and allocating costs to ensure that the expenditures on NATO agency-related contracts are properly tracked and reported. All the transactions reviewed as part of this audit scope were reconciled through DRMIS. |