Audit of NATO Operational Support Authorities

January 2025

1259-3-0099 (ADM(RS))

Reviewed by ADM(RS) in accordance with the Access to Information Act (AIA). Information withheld in accordance with the AIA under section 15(1).

At a Glance
Background
Key Findings
Conclusion
Annex A: Management Action Plan
Annex B: About the Engagement
Annex C: Summary of NATO Agency-related Contracts Assessment
Annex D: Financial Information by Internal Order

At a Glance

In 2021, the Minister of National Defence (MND) received Treasury Board (TB) approval to enter into exceptional contractual arrangements with NATO (North Atlantic Treaty Organization) agencies until March 31, 2026.
The Department committed to auditing NATO transactions for compliance with policies and guidance as part of the TB submission (Annex B).
The exceptional contractual arrangements were first used in fiscal year (FY) 2023/24 for the purchase of services, following sub-delegation of authority by the MND in June 2022. At the time of the audit, sub-delegation for goods was outstanding.
Purchases from NATO agencies are considered non-competitive procurements, and the procurement process is managed by NATO.
All 32 NATO agency-related transactions were reviewed as part of this audit.
Transactions generally complied with legislation, TB policy and directives, and departmental guidance.
Annual reporting to Public Services and Procurement Canada (PSPC) and the Treasury Board Secretariat (TBS) will be delivered later this year. All reporting requirements must be met before final submission to ensure appropriate oversight exists.

Alternate Formats

PDF Version
(659 KB, 12 pages)

Assistant Deputy Minister (Review Services)

Table 1. Key Findings and Recommendations.
Key Findings and Risks	Recommendations
Finding 1: NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance.	Recommendation 1: The CAF should continue to define and finalize standard operating procedures (SOP) and update its Canadian Joint Operations Command (CJOC) J4 Contracts SharePoint to support a complete audit trail, allowing effective verification, tracking and reporting in compliance with legislation, TB policy and directives, and departmental guidance.
Finding 2: Ninety-four percent of the transactions were recorded accurately in the departmental system of record.
Finding 3: The Department of National Defence (DND) and the Canadian Armed Forces (CAF) have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete.

Table 1 Summary

Back to Table of Contents

Background

The MND’s contracting authority stems from laws, regulations and policies. Key acts include the National Defence Act and the Financial Administration Act (FAA), which outline responsibilities for financial management.

TB sets delegation policies, ensuring consistency with government standards. PSPC manages the procurement and provision of goods, services and construction for federal departments, including defence projects.

Currently, the MND can authorize contracts (FAA Section 41) not exceeding $375,000 for goods or services for non-competitive procurement. TB has provided an exceptional authority to DND to acquire logistic support, supplies and services from NATO agencies to a total of | | | | | | | | | | | | per mission, including amendments.

The intention of this exceptional authority is to enable the CAF to leverage NATO agency-contracted solutions for logistics support, supplies and services during combined exercises, training, deployment, operations and other cooperative efforts. These may complement CAF support structures or DND/PSPC-contracted solutions. These transactions are all considered sole source per Government of Canada contract regulations.

The Defence Resource Management Information System (DRMIS) and other related systems are being modernized to support procurement transactions and departmental governance. As a result, the CAF must implement manual controls, track transactions outside systems of record and send information to headquarters for input.

The exceptional contracting authority for NATO agencies was first used in FY 2023/24 for the purchase of services, following sub-delegation of authority by the MND in June 2022.^{Footnote 1} At the time of the audit, sub-delegation for goods was outstanding.^{Footnote 2}

Back to Table of Contents

Key Findings

Finding 1: NATO agency-related transactions were executed in compliance with legislation, Treasury Board policy and directives, and departmental guidance.

Contracting files need to be accurately recorded and complete to provide transparency over compliance with requirements and to support internal and external reporting. Reliable and complete records ensure that DND and the CAF can meet mandatory contract reporting requirements.

NATO agency-related transactions were generally executed in compliance with departmental policies and guidelines. Controls were in place, and documentation supported compliance with legislation (79 percent), TB policy and directives (88 percent) and departmental guidance (86 percent) on all files, with noted improvement as use increased. Further details on NATO contracts and transaction compliance can be found in Annex C.

Legislative Compliance: Certification authority (Section 34) accounted for most legislative non-compliance as invoices could not be located on SharePoint. All NATO agency-related contracting files on SharePoint were reviewed as part of this audit. Payment authority (Section 33) is completed outside of CJOC J4 and is not included in testing results.

TB Policy and Directive Compliance: TB policy and directives are designed with regular operations in mind. Some requirements may not fit the context of the exceptional contracting authorities.

Departmental Compliance: The Department has added rules on contracting in general, as well as for the purposes of exceptional contractual arrangements. Adherence to these requirements should be considered in context and justified accordingly. For example, concept of operations is an internal procedure that could be combined with requirement identification.

The operations have not exceeded the approved limit of | | | | | | | | | | | | per mission. Current forecasts per mission also do not exceed this limit, as presented in Annex D.

The exceptional contracting limit was used for the pre-determined types of services.^{Footnote 3} As shown in Finding 2, the internal order for tracking transactions under the exceptional contractual arrangements was incorrectly used twice for unrelated purchases.

A review of all NATO agency-related contracts and transactions in FY 2023/24 determined that other formal contracting solutions had been exhausted prior to exercising this authority for the purchase of services by submitting a sole source justification or by completing an options analysis.

Vendor conflict of interest was not assessed during the compliance file review as conflicts of interest are managed by NATO based on privacy and commercial competition rules. NATO financial regulations, rules and procedures outline the controls to manage conflicts of interest in its procurement processes.

Finding 2: Ninety-four percent of the transactions were recorded accurately in the departmental system of record.

In FY 2023/24, 32 transactions totaling | | | | | | | | | | | | | were recorded in DRMIS under NATO internal orders. Accurate tracking is vital for transparency and reporting (Annex D). Of these, 30 transactions totaling | | | | | | | | | | | | | were related to NATO agencies, and two totaling | | | | | | | | | were miscoded but remain uncorrected due to fiscal year-end constraints.

DRMIS currently lacks automated controls to prevent incorrect use of internal orders. The planned implementation of DEFENCEx could prevent inappropriate internal order use.

Finding 3: The Department of National Defence and the Canadian Armed Forces have established a process map to outline roles and responsibilities. The accompanying SharePoint structure needs to be better aligned with the process map to ensure contracting files are complete.

The audit found that while DRMIS entries were accurate, SharePoint data did not align, complicating reconciliation. Access to financial details was challenging, highlighting the need for manual data verification.

Manual controls are essential for data accuracy and completeness, especially with limited access to financial systems during operations. Digitalization could improve error prevention and access.

NATO and DND/CAF accountabilities for transactions are outlined in the procurement process map, a tool for tracking use of the exceptional contractual authority.

There are no set SOPs for file management, leading to a reliance on technical authorities for documentation and on headquarters to follow up on missing files. A checklist exists but is unused. Implementing clear procedures for file storage would reduce missing documents and improve operational continuity.

ADM(RS) Recommendation

Management Response:

CJOC and ADM(Mat) management agree with the recommendation.

Back to Table of Contents

Conclusion

NATO agency-related transactions were executed in compliance with legislation, TB policy and directives, and departmental guidance. Internal controls over financial management and contracting requirements were established and generally followed. NATO agency-related transactions within the financial system of record, DRMIS, were recorded accurately. PSPC and TBS reporting requirements will be fulfilled later this year.

To improve the accuracy and completeness of contracting data and financial information, key stakeholders should continue to define and finalize SOPs and update SharePoint to ensure a complete audit trail in compliance with legislation, TB policy and directives, and departmental guidance.

Oversight and monitoring will need to continue improving compliance related to legislation, while SOPs could enable context to determine the requirement to follow departmental guidance.

Back to Table of Contents

Annex A: Management Action Plan

ADM(RS) Recommendation

Management Action

CJOC strives to adopt best practices, and it values the benefits of standardizing procedures to increase organizational effectiveness and efficiency.

Deliverable

CJOC will issue a well-defined SOP, publish it on the CJOC J4 Contracts SharePoint site and promulgate the published link to appropriate stakeholders through appropriate means.

Timeline

The final version will be published on SharePoint by the end of October 2024.

Back to Table of Contents

Annex B: About the Engagement

This engagement conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program.

Objective

The objective was to assess whether transactions with NATO agencies, entered into by use of the exceptional contracting limit, were executed in compliance with applicable departmental policies and guidance and reported annually to TBS.

Scope and Approach

The scope reviewed all 32 NATO agency-related transactions under six contracts totaling nearly | | | | | | | | | | | | over FY 2023/24. The audit engagement methodology included interviews, file testing, data analysis, documentation review and process mapping. This audit reviewed files on three missions (Operations (Op) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |).

Back to Table of Contents

Annex C: Summary of NATO Agency-related Contracts Assessment

Table C-1. Summary of the NATO Agency-related Contracts Assessment.
	Op \| \| \| \| \| \| (NCIA)^{Footnote 4} January 2023	Op \| \| \| \| \| \| \| \| \| \| \| (MLSP)^{Footnote 5} March 2023	Op \| \| \| \| \| \| (OLSP)^{Footnote 6} April 2023	Op \| \| \| \| \| \| (OLSP) August 2023	Op \| \| \| \| \| \| \| \| \| \| \| (OLSP) \| \| \| \| \| \| \| \| \| November 2024	Op \| \| \| \| \| \| \| \| \| \| \| (OLSP) \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| November 2024
Legal Requirements
Expenditure Initiation Authority (FAA s.32)	☑	☑	Missing Responsibility Centre signature	1 DoA not in DRMIS	☑	☑
Contracting Authority (FAA s.41)	☑	☑	☑	1 DoA not in DRMIS	N/A	N/A
Certification Authority (FAA s.34)	☑	☒	☒	☒	N/A	N/A
Legal Compliance	100% (3/3)	67% (2/3)	67% (2/3)	67% (2/3)	100% (1/1)	100% (1/1)
TB Policy and Directives Requirements
Type of Services (NSPA Policy)	☑	☑	☑	☑	☑	☑
Tasking Letter (NSPA Policy)	☒	Not required	☑	☑	N/A	N/A
Statement of Requirements Directive on the Management of Procurement	☒	Not required	Not signed	☑	☑	☑
Options Analysis Directive on the Management of Procurement	☑	☑	☒	☒	☑	☑
Risk Assessment Directive on the Management of Procurement and Procurement Administration Manual	☑	☑	☑	☑	N/A	N/A
Statement of Work Directive on the Management of Procurement	After signed contract	Not required	☑	☑	N/A	N/A
Contract (Price Acceptance Request or Sales Agreement) Directive on the Management of Procurement	☑	☑	☑	☑	N/A	N/A
Sole Source Justification Directive on the Management of Procurement and Government of Canada Contracting Policy Notice	Not signed	Not required	☑	☑	N/A	N/A
Invoices Directive on the Management of Procurement	☑	Not complete	Not complete	☒	N/A	N/A
Correspondence Directive on the Management of Procurement	☑	Not complete	Not complete	Not complete	N/A	N/A
TB Policy and Directives Compliance	80% (8/10)	100% (6/6)	90% (9/10)	8/10 (80%)	100% (3/3)	100% (3/3)
Departmental Requirements
Requirement Identification Procurement Administration Manual	☑	☑	☑	☑	☑	☑
Concept of Operations CJOC Internal Procedures	☒	Not required	☒	☒	☑	☑
Procurement Plan Procurement Administration Manual	Not shared with ADM(Mat)	☑	Not shared with ADM(Mat)	☑	☑	☑
Financials - DRMIS Data vs. Contracting Files Contracts Reconciliation	☑	Not complete	Not complete	Not complete	N/A	N/A
Departmental Requirements Compliance	75% (3/4)	100% (3/3)	75% (3/4)	75% (3/4)	100% (3/3)	100% (3/3)
Overall Compliance	82% (14/17)	92% (11/12)	82% (14/17)	76% (13/17)	100% (7/7)	100% (7/7)
Note: DoA refers to “delegation of authority” and NSPA to “NATO Support and Procurement Agency.” Legend ☑ Complete ☒ Missing/Not on file N/A = Not applicable. The contract starts in November 2024.

Table C-1 Summary

This table has six columns, each belonging to a NATO-related contract named by operation. Rows are divided into several sections, each assessing different aspects of NATO-related contracts. A detailed description of each section and its overall conclusion is as follows:

Operations and Dates: This section lists the various operations and their corresponding dates. The operations include NCIA in January 2023, MLSP in March 2023, OLSP in April 2023, OLSP in August 2023, and two instances of OLSP in November 2024.

Legal Requirements: This section evaluates compliance with legal requirements, specifically focusing on three authorities: Expenditure Initiation Authority (FAA s.32), Contracting Authority (FAA s.41), and Certification Authority (FAA s.34).

NCIA, MLSP and both November OLSPs met their Expenditure Initiation Authority requirement; April OLSP was missing the Responsibility Centre signature; and August OLSP was missing a Delegation of Authority (DoA) in DRIMIS.
NCIA, MLSP and April OLSP met their Contracting Authority requirements; August OLSP was missing a DoA in DRMIS; and this was not required for either November OLSP.
Only NCIA completed the Certification Authority requirement; MLSP, April OLSP and August OLSP did not meet this requirement; and this was not required for either November OLSP.

Legal Compliance: This section summarizes the overall legal compliance of each operation. NCIA and both November OLSPs achieved 100 percent compliance; MLSP, April OLSP, and August OLSP had compliance rates of 67 percent.

TB Policy and Directives Requirements: This section assesses compliance with various TB policies and directives. From NSPA Policy, it covers the type of services and tasking letters. From the Directive on the Management of Procurement, it covers statements of requirements; option analysis; risk assessments (also from the Procurement Administration Manual); statements of work; contracts, including the price acceptance request or the sales agreement; sole source justifications (also from the Government of Canada Contracting Policy Notice); invoices; and correspondence.

All operations fulfilled their type of services requirement.
Only April OLSP and August OLSP fulfilled their tasking letter authorities; NCIA did not meet this requirement; MLSP did not require a tasking letter; and the tasking letter was not applicable to either November OLSP.
August OLSP and both November OLSPs fulfilled the statement of requirements; NCIA did not meet this requirement; MLSP did not require this document; and April OLSP did not have it signed.
All operations except for April OLSP and August OLSP fulfilled their option analysis requirement.
All operations fulfilled their risk assessment requirement, except for both November OLSPs, for which it was not applicable.
April OLSP and August OLSP completed their statement of work requirement; this was not required for MLSP and not applicable for either November OLSP; NCIA only completed this after the contract was signed.
All operations completed their contract requirement, except for both November OLSPs, for which it was not applicable.
April OLSP and August OLSP fulfilled their sole source justification requirement; this was not required for MLSP and not applicable for both November OLSPs; NCIA did not have theirs signed.
Only NCIA fulfilled their invoice requirement; this was incomplete for MLSP and April OLSP; August OLSP did not fulfill this requirement; and this was not applicable for either November OLSP.
Only NCIA fulfilled their correspondence requirement; this was incomplete for MLSP, April OLSP and August OLSP; and this was not applicable for either November OLSP.

TB Policy and Directives Compliance: This section provides a summary of compliance with TB policies and directives for each operation. NCIA and August OLSP had an 80 percent compliance rate; April OLSP had 90 percent; and both November OLSPs achieved 100 percent.

Departmental Requirements: This section evaluates compliance with departmental requirements, including requirement identification, concept of operations, procurement plans, and financial reconciliation between DRMIS data and contracting files.

Requirement identification was fully compliant across all operations.
Only the November OLSPs fulfilled their concept of operations requirement; NCIA, April OLSP and August OLSP did not meet this requirement; and it was not required for MLSP.
All operations met their procurement plan requirements, except for NCIA and April OLSP, which did not share them with ADM(Mat).
Only NCIA fulfilled its financial reconciliation requirement; this was incomplete for MLSP, April OLSP and August OLSP; and this was not applicable for either November OLSP.

Departmental Requirements Compliance: This section summarizes the overall compliance with departmental requirements for each operation. NCIA, April OLSP and August OLSP had a 75 percent compliance rate; MLSP and both November OLSPs had 100 percent compliance.

Overall Compliance: This section provides a summary of the overall compliance rates for each operation, combining the results from the previous sections. Overall, August OLSP had a compliance rate of 76 percent; NCIA and April OLSP had 82 percent; MLSP achieved 92 percent; and both November OLSPs had 100 percent compliance.

Back to Table of Contents

Annex D: Financial Information by Internal Order

Table D-1. NATO Agency-related Contracts Financial Information by Internal Order in FY 2023/24.
Operation	Type of Service	Internal Order	Commitments ($)	Actuals ($)
Op \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \|	\| \| \| \| \| \| \|	\|	\| \| \| \| \| \| \| \| \| \| \| \|
Op \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \|	\| \| \| \| \| \| \|	\|	\| \| \| \| \| \| \| \|
Op \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \|	\| \| \| \| \| \| \|	\|	\|
Op \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \|		\|	\|
Op \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \|		\|	\|
Op \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \| \| \| \|	\| \| \| \| \| \| \|	\|	\| \| \| \| \| \|
Op \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \| \| \| \| \|	\| \| \| \| \| \| \|	\|	\| \| \| \| \| \| \| \|
Op \| \| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \| \| \| \| \| \|	\| \| \| \| \| \| \|	\| \| \| \| \| \| \| \| \| \| \| \|	*\| \| \| \| \| \| \| \|
\| \| \| \| \|			\| \| \| \| \| \| \| \| \| \| \| \|	\| \| \| \| \| \| \| \| \| \| \| \|
*Op \| \| \| \| \| \| actuals were coded against the wrong internal order. DND has developed a method to capture NATO agency-related expenditures and produce mandated reports through internal orders based on DRMIS data. Internal orders are used to monitor costs and revenues associated with specific tasks. They provide capabilities for planning, monitoring and allocating costs to ensure that the expenditures on NATO agency-related contracts are properly tracked and reported. All the transactions reviewed as part of this audit scope were reconciled through DRMIS.

Table D-1 Summary

Back to Table of Contents

Footnotes

Footnote 1

Return to footnote 1

All related transactions made prior to FY 2023/24 were paid under the Department’s contracting authority for the non-competitive procurement of goods and services.

Footnote 2

Return to footnote 2

The Request and Authorization letter—which provides delegation for the services authority from the Minister of PSPC to the MND following TB approval of the exceptional contracting limit—was signed in September 2023. The goods contracting authority was sent to the Deputy Minister’s office mid-October 2023 for signing. The MND signed a new departmental matrix in May 2024, allowing CJOC to obtain a revised exceptional authority for NATO agency-related contracts that included goods.

Footnote 3

Return to footnote 3

This included medical, port, camp, linguistics and software services.

Footnote 4

Return to footnote 4

NATO Communications and Information Agency (NCIA) is responsible for providing secure and efficient communications and information systems for NATO’s operations.

Footnote 5

Return to footnote 5

Maritime Logistics Support Partnership (MLSP) provides all aspects of ship maintenance and fuel supply services to navies who require support for their vessels, units and personnel in homeport and foreign ports. Before April 2024, MLSP was known as the Naval Logistics Support Partnership.

Footnote 6

Return to footnote 6

Operational Logistics Support Partnership (OLSP) encompasses a range of services aimed at enhancing logistical capabilities within NATO and partner nations.

Page details

2025-02-20

Language selection

Search

Audit of NATO Operational Support Authorities

Table of Contents

Alternate Formats

Assistant Deputy Minister (Review Services)

Background

Key Findings

ADM(RS) Recommendation

Conclusion

Annex A: Management Action Plan

ADM(RS) Recommendation

Annex B: About the Engagement

Annex C: Summary of NATO Agency-related Contracts Assessment

Annex D: Financial Information by Internal Order

Page details