Audit of NPP Procurement and Contracting
- Assistant Deputy Minister (Review Services)
- Compliance and Assurance
- Contract Authority
- Canadian Armed Forces
- Chief of the Defence Staff
- Capital Expenditure Request
- Canadian Forces Legal Advisor
- Canadian Forces Morale and Welfare Services
- Chief Financial Officer
- Commanding Officer
- Conflict of Interest
- Delegation of Authority
- Fiscal Year
- Managing Director
- Morale and Welfare
- National Defence Act
- Non-Public Property
- Non-Public Property Accounting Manager
- Office of Primary Interest
- Procurement and Contracting
- Procurement and Contracting Accountability Framework
- Values & Ethics
- Vice President
The National Defence Act (Sections 2 and 38 – 41) vests NPP with the Chief of the Defence Staff (CDS), Base/Wing Commanders and Unit Commanding Officers to be used for the benefit of serving and former Canadian Armed Forces (CAF) personnel and their families. The CFMWS is responsible for administering NPP on behalf of the CDS and for delivering selected public morale and welfare (MW) programs, services and activities to eligible members and their families on behalf of the Commander Military Personnel Command. The CDS has delegated to the Managing Director of NPP (MD NPP) the responsibility for the daily administration of NPP.
There are over 1,000 NPP entities within the NPP Accountability Framework ranging from small unit funds to large complex operating entities. These entities deliver MW programs, services and activities to serving and retired CAF member and their families with the help of over 4,000 staff of the Non-Public Funds. Procurement and Contracting (PC) is an essential activity in support of the delivery of NPP mandated programs and services.
It is, therefore, important to emphasize that NPP PC activities involve a diverse profile of purchases that span a vast geographic area and occur in a variety of CAF environments. For example, the PC files examined during the audit included goods and services ranging from hall rentals, to hardware and software acquisitions, to services for Family Day activities and were acquired at CFMWS HQ as well as various Bases/Wings. These items had a combined median dollar value of approximately $45,000 with individual values ranging from as little as $750 to as high as $4.5 million.
This overall diversity in purchases necessitates ensuring that a risk-based approach is taken to manage PC activities. This approach must be clearly outlined in order to support consistent implementation.
As such, it is essential to have a system of governance mechanisms, training and on-the-job tools, risk management processes, monitoring tools as well as a Values and Ethics (V&E) framework to support the NPP PC activities. Together, all of these comprise the NPP Procurement and Contracting Accountability Framework, depicted in Figure 1.
Figure 1 Details - NPP Procurement & Contracting Accountability Framework
Figure 1 Summary: The procurement and contracting cycle (depicted by an arrow) commences with the determination of goods and services required (Box 1) followed by procurement planning to budget for expenditure and secure the needed funding (Box 2). Bid solicitation is carried out to shortlist suppliers that can provide the best value to the organization in terms of quality, price or other identified criteria (Box 3). Contractor selection and the contract award process are carried out by the contract authority and a signed contract reflects the formal purchase/service delivery agreement between the two parties (Box 4). Administration of the contract helps ensure that goods or services are received in accordance with terms and conditions outlined in the contract (Box 5). Contract close-out activities involve evaluating the contractor’s performance and ensuring all deliverables are satisfactorily completed before issuing final payment (Box 6).
As shown in Figure 1, these steps in the procurement and contracting process are supported by a system (content shown in boxes surrounding the numbered boxes) of governance mechanisms, training and on-the-job tools, risk management processes, monitoring tools as well as a Values and Ethics framework.
Together, the steps in the procurement and contracting cycle (as well as the supporting elements) comprise the NPP Procurement and Contracting Accountability Framework.
The objective of the audit was to provide assurance on the effectiveness of the governance framework, risk management practices and internal control processes that support the procurement and contracting activities of NPP.
Specifically the audit considered whether:
- the procurement and contracting accountability framework is appropriate, complete and effective;
- NPP organizations manage procurement and contracting risks appropriately throughout the lifecycle; and
- NPP contracts are compliant with the NPP procurement and contracting accountability framework.
The scope of the audit covered the full life cycle of the procurement and contracting activities which involve:
- Requirement definition;
- Procurement planning;
- Solicitation activities;
- Contract award;
- Contract administration; and
- Contract close-out.
The audit examined NPP contracts that resulted in expenditures during FYs 2015/16 and 2016/17, until the end of December 2016.
The scope of the audit did not include CANEX and NATEX procurement of goods for resale in addition to non-binding agreements (e.g., Memorandum of Understanding, Service Level Agreement).
The audit team conducted site visits to CFB Halifax, Valcartier, Borden, Trenton, CFSU Ottawa and CFMWS HQ where document reviews were carried out and supplemented by interviews with management and process owners. Key processes and controls were identified and documented, and those responsible for performing the key controls and managing the risks related to those activities were interviewed.
The design of the controls and the compliance of contracts with the PCAF was assessed by testing a sample of contracts selected from financial transactions within the accounting system. A total of 78 PC files were selected using a judgmental sampling methodology.
The audit criteria can be found at Annex B.
The audit findings and conclusions contained in this report are based on sufficient and appropriate audit evidence gathered in accordance with procedures that meet the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing. The audit thus conforms to the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing as supported by the results of the quality assurance and improvement program. The opinions expressed in this report are based on conditions as they existed at the time of the audit and apply only to the entity examined.
Although an accountability framework exists, there are opportunities for improvement which would significantly strengthen the effectiveness of procurement and contracting within NPP. Opportunities include:
- Ensuring alignment and consistency in guiding documents, processes and procedures (including training);
- More guidance and communication to PC stakeholders on when a written contract is required; and
- Defining and communicating expectations with respect to contract files.
The PCAF was developed to reflect the requirements and principles of prudence and probity upon which the Government of Canada's public accountability framework is based. At the same time, the PCAF recognizes the unique and diverse nature of NPP as well as the importance of having PC practices in place that are flexible enough to meet business needs while ensuring openness, fairness and transparency.
2.1.1 Procurement and contracting accountability framework design
The main governing elements of the PCAF are the NPP Contracting Policy, the NPP Contracting Guidelines and the CDS-issued Delegation of Authorities (DoA) for Financial Administration of NPP. Contract administration practices are also supported by the manual A-FN-105-001/ AG‑001, Policy and Procedures for Non-Public Property (NPP) Accounting (hereafter referred to as AFN-105) which is a key control mechanism for effective contract administration.
One of the core NPP PC principles is that competitive tendering is the norm unless there are compelling reasons not to do so. There are policy requirements for openness, fairness and transparency in the PC process and requirements to properly annotate the PC file to demonstrate compliance. Results from the files reviewed by the audit team indicate the need for better demonstration of compliance with these principles, particularly with respect to documenting bid evaluation results, sole source rationales and contract award decisions.
The contracting policy outlines several sound principles in the PC process, and the accompanying contracting guidelines elaborate on requirements to properly manage the contracting process.
A formal and documented Delegation of Financial and Contracting Authority has been established and is updated as required. The DoA instrument within the audit scope was issued on January 4, 2016. The 2016 update included the introduction of clearer language on cursory, pre-payment and post-payment verification requirements.
While the contracting guidelines are generally quite comprehensive, they are not always consistent with other key documents. For example, the contracting guidelines note that all contracts should be submitted to the NPP Accounting Manager (NPPAM) for supporting payment requests, the DoA instrument and Contracting Policy state that only contracts over $50,000 need to be submitted to the NPPAM, and the AFN-105 also specifies that all supporting documents must accompany the invoices.
In addition to the inconsistencies between documents, the AFN-105 content has not been updated to reflect the changes resulting from the adoption of a new accounting system in FY 2015/16. Outdated AFN-105 content may impact contract administration practices and thus affect the application of NPP contracting principles.
The contracting guidelines broadly describe areas of consideration to determine the need for written contracts but leave much room for interpretation. While it is recognized that this approach allows for flexibility in contracting practices in such a diverse environment, it poses a risk in regard to non-compliance with NPP contracting principles. As such, it would be beneficial for the guidelines to include more guidance on a range of circumstances where it would be appropriate to use written contracts and the use of any specific clauses as a risk-management tool.
2.1.2 Training, tools, resources and information to support the discharge of PC responsibilities
In order to enter into contracts under the NPP Accountability Framework, individuals must receive delegated authority for financial administration of NPP. This is accomplished by successfully completing one of the two mandatory prerequisite certification courses and recertifying every three years in order to continue to exercise NPP financial signing authority. In addition, Contracting Awareness training exists for new managers/supervisors who will be involved in the PC process but do not need to approve any part of the process. These training courses are available online.
While training materials and on-the-job tools exist, alignment of training with the most recent policies and encompassing adequate information to enhancef PC personnel’s understanding of requirements/expectations are key. Opportunities to review existing training content would ensure it is sufficiently robust as well as consistent. By including additional information, such as details/examples regarding the contract file verification process, the training would contribute to ensuring that new contracts are complete and have undergone required due diligence for the complexity of the file.
Improved monitoring of delegation of authority training at the base level is also required as the file review revealed situations of missing, outdated or improper delegation of authority for contracting and/or invoice approval. Evidence of proper delegation of authority is essential to provide assurance that due diligence on various aspects of the PC file was done at key stages of the PC process.
It is important to note that management has recognized some of the challenges associated with PC and is being proactive in initiating improvements to the PCAF, including:
- Hiring a full-time NPP Procurement and Contracts Officer in November 2017;
- Creating a Contracting Committee in August 2016 with representation of Divisional Contracting Representatives from each of the CFMWS divisions;
- Making use of the Approval Authority for Directed Contracts form mandatory as of December 2016;
- Updating the mandatory certification courses in May 2017; and
- Updating the Contracting Policy and Guidelines in August 2017.
While these improvements to the PCAF could not be assessed for their effectiveness due to their recent implementation, they are recognized as positive developments in the realm of NPP PC.
2.1.3 Communication of corporate values and ethics, code of conduct or equivalent policy and compliance with policy requirements
The Contracting Policy is principle based, and is consistent with the V&E Code for the Public Sector and the NPP V&E policy.
V&E and Conflict of Interest (COI) training is mandatory and available via an online learning portal. The majority of employees interviewed indicated their participation in courses, sessions and presentations that inform them about conflict of interest, ethics and fraud.
Statistics on V&E related incidents, training, and enquiries are captured on a quarterly basis and reported to the NPP Audit Committee and the NPP Executive Management Board. A year-end report on V&E and COI activities is also issued by the CFMWS Conflict Management office.
2.1.4 Defining contents of a contract file
The results of the file review highlight the need for detailed guidance and/or a checklist to inform and direct PC personnel on contract file content requirements. This would ensure the ability to demonstrate adherence to NPP contracting principles. Results of the sample file review include instances of Capital Expenditure Requests (CER)Footnote 1 and witness signatures not included in contract files, invoices to support contract expenses not on file, missing financial coding on the invoices and missing proof of insurance.
The development of guidance and/or a checklist would contribute significantly to improved gathering and storing of PC information, in a consistent manner, as well as contributing to corporate memory.
- MD NPP should ensure that key procurement and contracting guiding documents, including the AFN-105, the DoA instrument, policies and training material, are aligned and consistent, including more detailed guidance on situations where formal written contracts are required and that training provides sufficient detail regarding situations where the risks associated with PC activity merit legal consultation.
- MD NPP should clearly define expectations for a complete contract file, including highlighting individual accountabilities throughout the process. This definition and any associated tools should be included in guiding documents and incorporated into monitoring activities.
OPI: MD NPP
Elements of risk-management practices exist within the PC process, however there are opportunities to improve the identification and management of risks in the PC context. These opportunities include:
- Strengthening the existing process for utilizing legal services through enhanced communication with PC stakeholders on availability of such services, including:
- Providing additional detail regarding circumstances that warrant the use of legal services;
- Ensuring consistent use of existing legal service request forms; and
- Developing a practical and formal service delivery arrangement with CFLA;
- Ensuring that existing monitoring tools are aligned to the most current PCAF and are consistently implemented; and
- Improving the effectiveness of follow-up mechanisms to prevent recurring issues noted during monitoring activities.
- MD NPP should review the framework for utilizing legal services with a special focus on increased user awareness of legal services available, establishment of more detailed criteria for requesting legal advice in the PC process and collaboration with CFLA in developing a practical and formal service delivery framework with clear performance metrics.
- MD NPP should ensure awareness and occurrence of existing monitoring mechanisms with a special focus on monitoring compliance with DoA requirements. Moreover, MD NPP should ensure that a formal feedback loop be established as part of monitoring activities in order to reduce recurring issues in PC files.
OPI: MD NPP
A judgmental approach was used to select a sample of 78 PC files. Attributes such as dollar value, nature of item procured (goods or service, capital or operating expenditure item) procuring organization and geographic area served were used to pick a diversified sample.
It is important to note that when examining the selected PC files, compliance with PC principles could only be assessed based on documentation contained in the PC file and documentation provided as part of follow-up with the client. During examination of the contract files, it became apparent that recordkeeping and information-management practices relating to NPP PC activities are in need of improvement. The most common areas where documentation was not available included the following:
- Capital Expenditure Requests (CER)
- Contract amendments
- Proof of insurance
- Expenditure support
- Evidence of monitoring of contractor’s performance
There were also several instances where the contract files contained scanned electronic supporting documents that were illegible. Approved scanned documents are considered by CFLA to be akin to original documents and as such ensuring legibility is essential.
In addition, the audit team observed contract files where the same individual submitted and approved cheque requests. In the absence of mitigating controls such as a documented supervisory review and documented cursory review of the contract file, this presents a potential segregation of duty concern. An opportunity exists to review current processes, in a risk-based manner, to determine whether or not more segregation of duties can be embedded.
Despite these observations, it is important to note that in the sample reviewed, all procurement and contracts (including contract renewals) were for the provision of MW services.
While an NPP PCAF is in place, there are opportunities to significantly improve its effectiveness. Without improvements, NPP may be exposed to potential risks.
NPP has several initiatives underway which, coupled with addressing the findings of this audit, will contribute substantially to the strengthening of the PCAF.
ADM(RS) uses recommendation significance criteria as follows:
- Very High—Controls are not in place. Important issues have been identified and will have a significant negative impact on operations.
- High—Controls are inadequate. Important issues are identified that could negatively impact the achievement of program/operational objectives.
- Moderate—Controls are in place but are not being sufficiently complied with. Issues are identified that could negatively impact the efficiency and effectiveness of operations.
- Low—Controls are in place but the level of compliance varies.
- Very Low—Controls are in place with no level of variance.
The process of amending AFN 105 Policy and Procedures for Non Public Property (NPP) Accounting is a continuous endeavor, and a prioritized plan will be developed by December 31, 2018. Chapter 19 Accounts Payable and Disbursement will be amended on a priority basis by December 2018.
The CDS Delegation of Authorities for Financial Administration of NPP was last amended in January 2016. A revised document will be produced by June 2019, and amendment to training will follow.
The NPP Contracting Policy and Guidelines will be amended to reflect any changes to the AFN 105 and the CDS Delegation of Authorities for Financial Administration of NPP with a target date of December 2019 and will identify situations where formal written contracts are required.
OPI: CFMWS CFO and VP Corporate Services
Target Date: December 2019
- MD NPP should clearly define expectations for a complete contract file, including highlighting individual accountabilities throughout the process. This definition and any associated tools should be included in guiding documents and incorporated into monitoring activities..
A contracting checklist for goods and services acquired will be developed. The checklist will clearly outline completeness requirements and accountability. The checklist will be distributed to all CFMWS Division Heads and to Commanding Officers for distribution to Contracting Authorities, and compliance with instructions issued will be monitored.
OPI: CFMWS VP Corporate Services
Target Date: December 2019
- It is recommended that MD NPP review the framework for utilizing legal services with a special focus on increased user awareness of legal services available, establishment of more detailed criteria for requesting legal advice in the PC process and collaboration with CFLA in developing a practical and formal service delivery framework with clear performance metrics.
The CFMWS Procurement and Contracts Officer will initiate engagement with CFLA. CFLA will be invited to attend the NPP Contracting Committee meetings annually and to conduct Procurement and Contracting training for CFMWS employees. The CFMWS Procurement and Contracting Officer in consultation with the NPP Contracting Committee will develop guidance as to when legal services should be sought in order to mitigate risks. A formal delivery framework with clear performance metrics will be established between CFLA and CFMWS.
OPI: CFMWS VP Corporate Services
Target Date: June 2019
- It is recommended that MD NPP ensure awareness and occurrence of existing monitoring mechanisms with a special focus on monitoring compliance with DoA requirements. Moreover, MD NPP should ensure that a formal feedback loop be established as part of monitoring activities in order to reduce recurring issues in PC files.
Finance Division staff will be reminded of the requirement to enforce monitoring mechanisms identified in the CDS Delegation of Authorities for Financial Administration of NPP by formal correspondence (letter). In addition, a Compliance Review will be completed following the issuance of revised NPP Contracting Policies and Guidelines.
All contract ratifications will be staffed through the NPP Procurement and Contracting Officer for visibility and furtherance to Vice President Corporate Services for final approval. Communication will be forwarded to Division Heads and Commanding Officers for distribution on updates/changes to NPP Contracting Policy and guidelines by December 2019 and will identify recurring non-compliance with the PCAF.
The NPP Procurement and Contracting Officer will begin establishing a training framework to be delivered to all Bases/Wings as well as CFMWS HQ.
OPI: CFMWS VP Corporate Services
Target Date: June 2019
Governance / Accountability
The procurement and contracting accountability framework is appropriate, complete and effective.
- Management has designed a procurement and contracting accountability framework that is open, fair and transparent.
- NPP provides employees with the necessary training, tools, resources and information to support the discharge of their responsibilities.
- Corporate values and ethics, code of conduct or equivalent policy have been communicated clearly, and employees acknowledge compliance with the policy requirements.
NPP organizations manage procurement and contracting risks appropriately throughout the lifecycle.
- Processes to identify, assess and mitigate procurement and contracting risks are in place and operating effectively.
- Procurement and contracting practices are regularly monitored to provide management with reliable information in order to manage risks.
NPP contracts are compliant with the NPP procurement and contracting accountability framework.
- NPP contracts are awarded and administered in compliance with the NPP procurement and contracting framework throughout the lifecycle.
- Transactions are coded and recorded accurately and in a timely manner to support accurate and timely information processing.
- Records and information are maintained in accordance with the procurement and contracting accountability framework.
- There is appropriate segregation of duties.
- Management monitors control effectiveness on a periodic basis.
Sources of Criteria
Government of Canada Management Accountability Framework Core Controls.
Report a problem or mistake on this page
- Date modified: