Audit of NATO Operational Support Authorities

January 2025

1259-3-0099 (ADM(RS))

Reviewed by ADM(RS) in accordance with the Access to Information Act (AIA). Information withheld in accordance with the AIA under section 15(1).

Table 1. Key Findings and Recommendations.
Key Findings and Risks Recommendations

Finding 1:

NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance.

Recommendation 1:

The CAF should continue to define and finalize standard operating procedures (SOP) and update its Canadian Joint Operations Command (CJOC) J4 Contracts SharePoint to support a complete audit trail, allowing effective verification, tracking and reporting in compliance with legislation, TB policy and directives, and departmental guidance.

Finding 2:

Ninety-four percent of the transactions were recorded accurately in the departmental system of record.

Finding 3:

The Department of National Defence (DND) and the Canadian Armed Forces (CAF) have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete.

Table 1 Summary


Back to Table of Contents

Background

The MND’s contracting authority stems from laws, regulations and policies. Key acts include the National Defence Act and the Financial Administration Act (FAA), which outline responsibilities for financial management.

TB sets delegation policies, ensuring consistency with government standards. PSPC manages the procurement and provision of goods, services and construction for federal departments, including defence projects.

Currently, the MND can authorize contracts (FAA Section 41) not exceeding $375,000 for goods or services for non-competitive procurement. TB has provided an exceptional authority to DND to acquire logistic support, supplies and services from NATO agencies to a total of | | | | | | | | | | | | per mission, including amendments.

The intention of this exceptional authority is to enable the CAF to leverage NATO agency-contracted solutions for logistics support, supplies and services during combined exercises, training, deployment, operations and other cooperative efforts. These may complement CAF support structures or DND/PSPC-contracted solutions. These transactions are all considered sole source per Government of Canada contract regulations.

The Defence Resource Management Information System (DRMIS) and other related systems are being modernized to support procurement transactions and departmental governance. As a result, the CAF must implement manual controls, track transactions outside systems of record and send information to headquarters for input.

The exceptional contracting authority for NATO agencies was first used in FY 2023/24 for the purchase of services, following sub-delegation of authority by the MND in June 2022.Footnote 1 At the time of the audit, sub-delegation for goods was outstanding.Footnote 2


Back to Table of Contents

Key Findings

Finding 1: NATO agency-related transactions were executed in compliance with legislation, Treasury Board policy and directives, and departmental guidance.

Contracting files need to be accurately recorded and complete to provide transparency over compliance with requirements and to support internal and external reporting. Reliable and complete records ensure that DND and the CAF can meet mandatory contract reporting requirements.

NATO agency-related transactions were generally executed in compliance with departmental policies and guidelines. Controls were in place, and documentation supported compliance with legislation (79 percent), TB policy and directives (88 percent) and departmental guidance (86 percent) on all files, with noted improvement as use increased. Further details on NATO contracts and transaction compliance can be found in Annex C.

Legislative Compliance: Certification authority (Section 34) accounted for most legislative non-compliance as invoices could not be located on SharePoint. All NATO agency-related contracting files on SharePoint were reviewed as part of this audit. Payment authority (Section 33) is completed outside of CJOC J4 and is not included in testing results.

TB Policy and Directive Compliance: TB policy and directives are designed with regular operations in mind. Some requirements may not fit the context of the exceptional contracting authorities.

Departmental Compliance: The Department has added rules on contracting in general, as well as for the purposes of exceptional contractual arrangements. Adherence to these requirements should be considered in context and justified accordingly. For example, concept of operations is an internal procedure that could be combined with requirement identification.

The operations have not exceeded the approved limit of | | | | | | | | | | | | per mission. Current forecasts per mission also do not exceed this limit, as presented in Annex D.

The exceptional contracting limit was used for the pre-determined types of services.Footnote 3 As shown in Finding 2, the internal order for tracking transactions under the exceptional contractual arrangements was incorrectly used twice for unrelated purchases.

A review of all NATO agency-related contracts and transactions in FY 2023/24 determined that other formal contracting solutions had been exhausted prior to exercising this authority for the purchase of services by submitting a sole source justification or by completing an options analysis.

Vendor conflict of interest was not assessed during the compliance file review as conflicts of interest are managed by NATO based on privacy and commercial competition rules. NATO financial regulations, rules and procedures outline the controls to manage conflicts of interest in its procurement processes.

Finding 2: Ninety-four percent of the transactions were recorded accurately in the departmental system of record.

In FY 2023/24, 32 transactions totaling | | | | | | | | | | | | | were recorded in DRMIS under NATO internal orders. Accurate tracking is vital for transparency and reporting (Annex D). Of these, 30 transactions totaling | | | | | | | | | | | | | were related to NATO agencies, and two totaling | | | | | | | | | were miscoded but remain uncorrected due to fiscal year-end constraints.

DRMIS currently lacks automated controls to prevent incorrect use of internal orders. The planned implementation of DEFENCEx could prevent inappropriate internal order use.

Finding 3: The Department of National Defence and the Canadian Armed Forces have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete.

The audit found that while DRMIS entries were accurate, SharePoint data did not align, complicating reconciliation. Access to financial details was challenging, highlighting the need for manual data verification.

Manual controls are essential for data accuracy and completeness, especially with limited access to financial systems during operations. Digitalization could improve error prevention and access.

NATO and DND/CAF accountabilities for transactions are outlined in the procurement process map, a tool for tracking use of the exceptional contractual authority.

There are no set SOPs for file management, leading to a reliance on technical authorities for documentation and on headquarters to follow up on missing files. A checklist exists but is unused. Implementing clear procedures for file storage would reduce missing documents and improve operational continuity.

ADM(RS) Recommendation

Management Response:

CJOC and ADM(Mat) management agree with the recommendation.


Back to Table of Contents

Conclusion

NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance. Internal controls over financial management and contracting requirements were established and generally followed. NATO agency-related transactions within the financial system of record, DRMIS, were recorded accurately. PSPC and TBS reporting requirements will be fulfilled later this year.

To improve the accuracy and completeness of contracting data and financial information, key stakeholders should continue to define and finalize SOPs and update SharePoint to ensure a complete audit trail in compliance with legislation, TB policy and directives, and departmental guidance.

Oversight and monitoring will need to continue improving compliance related to legislation, while SOPs could enable context to determine the requirement to follow departmental guidance.


Back to Table of Contents

Annex A: Management Action Plan

ADM(RS) Recommendation

Management Action

CJOC strives to adopt best practices, and it values the benefits of standardizing procedures to increase organizational effectiveness and efficiency.

Deliverable

CJOC will issue a well-defined SOP, publish it on the CJOC J4 Contracts SharePoint site and promulgate the published link to appropriate stakeholders through appropriate means.

Timeline

The final version will be published on SharePoint by the end of October 2024.


Back to Table of Contents

Annex B: About the Engagement

This engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program.

Objective

The objective was to assess whether transactions with NATO agencies, entered into by use of the exceptional contracting limit, were executed in compliance with applicable departmental policies and guidance and reported annually to TBS.

Scope and Approach

The scope reviewed all 32 NATO agency-related transactions under six contracts totaling nearly | | | | | | | | | | | | over FY 2023/24. The audit engagement methodology included interviews, file testing, data analysis, documentation review and process mapping. This audit reviewed files on three missions (Operations (Op) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |).


Back to Table of Contents

Annex C: Summary of NATO Agency-related Contracts Assessment

Table C-1. Summary of the NATO Agency-related Contracts Assessment.

 

Op | | | | | | (NCIA)Footnote 4

January 2023

Op | | | | | | | | | | | (MLSP)Footnote 5

March 2023

Op | | | | | | (OLSP)Footnote 6

April 2023

Op | | | | | | (OLSP)

August 2023

Op | | | | | | | | | | | (OLSP)

| | | | | | | | |

November 2024

Op | | | | | | | | | | | (OLSP)

| | | | | | | | | | | | |

| | | | | |

November 2024

Legal Requirements

Expenditure Initiation Authority (FAA s.32)

Missing Responsibility Centre signature

1 DoA not in DRMIS

Contracting Authority (FAA s.41)

1 DoA not in DRMIS

N/A

N/A

Certification Authority (FAA s.34)

N/A

N/A

Legal Compliance

100% (3/3)

67% (2/3)

67% (2/3)

67% (2/3)

100% (1/1)

100% (1/1)

TB Policy and Directives Requirements

Type of Services (NSPA Policy)

Tasking Letter (NSPA Policy)

Not required

N/A

N/A

Statement of Requirements

Directive on the Management of Procurement

Not required

Not signed

Options Analysis

Directive on the Management of Procurement

Risk Assessment

Directive on the Management of Procurement and Procurement Administration Manual

N/A

N/A

Statement of Work

Directive on the Management of Procurement

After signed contract

Not required

N/A

N/A

Contract

(Price Acceptance Request or Sales Agreement)
Directive on the Management of Procurement

N/A

N/A

Sole Source Justification

Directive on the Management of Procurement and Government of Canada Contracting Policy Notice

Not signed

Not required

N/A

N/A

Invoices

Directive on the Management of Procurement

Not complete

Not complete

N/A

N/A

Correspondence

Directive on the Management of Procurement

Not complete

Not complete

Not complete

N/A

N/A

TB Policy and Directives Compliance

80% (8/10)

100% (6/6)

90% (9/10)

8/10 (80%)

100% (3/3)

100% (3/3)

Departmental Requirements

Requirement Identification

Procurement Administration Manual

Concept of Operations

CJOC Internal Procedures

Not required

Procurement Plan

Procurement Administration Manual

Not shared with ADM(Mat)

Not shared with ADM(Mat)

Financials - DRMIS Data vs. Contracting Files

Contracts Reconciliation

Not complete

Not complete

Not complete

N/A

N/A

Departmental Requirements Compliance

75% (3/4)

100% (3/3)

75% (3/4)

75% (3/4)

100% (3/3)

100% (3/3)

Overall Compliance

82% (14/17)

 

92% (11/12)

 

82% (14/17)

 

76% (13/17)

 

100% (7/7)

 

100% (7/7)

 

Note: DoA refers to “delegation of authority” and NSPA to “NATO Support and Procurement Agency.”

Legend

  • ☑ Complete
  • Missing/Not on file
  • N/A = Not applicable. The contract starts in November 2024.
Table C-1 Summary


Back to Table of Contents

Annex D: Financial Information by Internal Order

Table D-1. NATO Agency-related Contracts Financial Information by Internal Order in FY 2023/24.

Operation

Type of Service

Internal Order

Commitments ($)

Actuals ($)

Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

| | | |

| | | | | | |

|

| | | | | | | | | | | |

Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

| | | |

| | | | | | |

|

| | | | | | | |

Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

| | | |

| | | | | | |

|

|

Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

| | | |

 

|

|

Op | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

| | | |

 

|

|

Op | | | | | | | | | | | | |

| | | | | | |

| | | | | | |

|

| | | | | |

Op | | | | | | | | | | | | |

| | | | | | | |

| | | | | | |

|

| | | | | | | |

Op | | | | | | | | | | | | |

| | | | | | | | |

| | | | | | |

| | | | | | | | | | | |

*| | | | | | | |

| | | | |

 

 

| | | | | | | | | | | |

| | | | | | | | | | | |

*Op | | | | | | actuals were coded against the wrong internal order.

DND has developed a method to capture NATO agency-related expenditures and produce mandated reports through internal orders based on DRMIS data. Internal orders are used to monitor costs and revenues associated with specific tasks. They provide capabilities for planning, monitoring and allocating costs to ensure that the expenditures on NATO agency-related contracts are properly tracked and reported. All the transactions reviewed as part of this audit scope were reconciled through DRMIS.

Table D-1 Summary


Back to Table of Contents

Page details

2025-02-20