Internal Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company
Internal Audit & Accountability Branch
Immigration, Refugees, and Citizenship Canada
March 2023
Table of Contents
Conformance with professional standards
This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Saarangi Balasingam CPA, CIA
a/Chief Audit Executive
Internal Audit and Accountability
Immigration, Refugees and Citizenship Canada
Background
Procurement in the Government of Canada (GC) is subject to the Directive on the Management of Procurement (and the now rescinded Contracting Policy prior to May 13, 2022)Footnote 1, which has as its objective to ensure that procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. As a result, among others, procurements are expected to enable operational outcomes, to be subject to effective governance and oversight mechanisms, to be fair, open, and transparent, and to meet public expectations in matters of prudence and probity.
The Prime Minister tasked Minister Fortier, as President of the Treasury Board (TB), along with Minister Jaczek, Minister of Public Services and Procurement, to undertake a review of contracts awarded to McKinsey & Company (McKinsey). On February 8, 2023, the Office of the Comptroller General (OCG) requested from government organizations, by February 15, 2023, a list of all contracts with McKinsey dating back to January 1, 2011, as well as related information on these. For those organizations that have been the technical authority and/or entered into any such contracts as the contracting authority, the OCG has directed the Chief Audit Executives (CAEs) of these organizations to conduct a formal independent internal audit of the related procurement processes, with results to be reported to the OCG by March 22, 2023.
Audit objectives and scope
The objectives of the audit were to determine the following for all scoped-in contracts with McKinsey:
- The integrity of the procurement process was maintained consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest;
- The procurements were conducted in a fair, open and transparent manner consistent with the Treasury Board (TB) Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement); and
- The procurements were conducted in a manner consistent with the organization’s internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls).
The scope of the audit focused on the examination of the procurement practices for all competitive and non-competitive contractsFootnote 2 with McKinsey that were awarded (i.e., signed) by the organization between January 1, 2011, and February 7, 2023Footnote 3. More specifically, the audit included an assessment of the following contracts:
| Contract #1 | Contract #2 | |
|---|---|---|
| Title | Service Transformation Strategy and Roadmap |
Transformation Office Support Services |
| Objective(s) | To develop a service transformation strategy; future-oriented operating model; service transformation roadmap; and recommendations regarding how IRCC should organize to deliver the transformation. |
To provide expertise in designing and executing a Service Transformation Management Office for IRCC. The Office of Service Transformation Management required expert advice and services to enable the Department to manage and execute its Service Transformation Strategy, maximize the potential benefits of the transformational initiatives and provide ongoing guidance towards the evolution of the transformation roadmap, implementation approach and plan. |
| Contracting Authority | Immigration, Refugees, and Citizenship Canada (IRCC) |
Public Services and Procurement Canada (PSPC) |
| Total Dollar Value | $2,890,822 (original dollar value: $1,593,300) |
$24,848,700 (original dollar value: $16,373,700) |
| Procurement Type | Competitive |
Competitive |
| Contract Period | August 8, 2018 – August 7, 2019 |
June 26, 2019 – December 31, 2021 |
| Amendments | Amendment #1 (December 5, 2018): Increased contract dollar value by $339,000 to accommodate additional stakeholder engagements, briefings and further analysis on transformation strategy and roadmap. Amendment #2 (February 12, 2018): Increased contract dollar value by $958,522.50 to provide additional briefings, refined prioritization of road map initiatives, consultation and liaison with internal and external stakeholders, develop clear and pointed measurable objectives, priorities and targets for the transformation strategy and roadmap, develop a detailed transformation execution model for the transformation strategy and roadmap. |
Amendment #1 (May 8, 2020): No additional funds allocated. Re-profiled basis of payment and updated security requirement checklist and changed contract end date to March 31, 2021. Amendment #2 (November 10, 2020): No additional funds allocated. Included ability to update security clauses to access resource located in the US. Amendment #3 (March 5, 2021): Increased contract dollar value by $8,475,000 and extended contract to December 31, 2021. Due to Covid19, IRCC required the continuation of the contractor’s expert advice and services to expedite the build of departmental capabilities to sustain, scale and accelerate IRCC’s digital transformation. |
The audit did not assess:
- Contracts with any entity other than McKinsey.
- Contracts awarded (and signed) outside of the audit period.
- Compliance with any other policy instrument, laws and/or regulations not specifically mentioned in this audit report.
- Purchase Order that was created for an ADM to attend a summit hosted by McKinsey. Since the value of the purchase order was $950 and followed a different process, it is considered to be low-risk.
Approach
The OCG provided all departments with an audit plan and audit work program to ensure consistency of coverage across the GC. While the OCG developed the objectives, scope, audit criteria, and audit work program for use by implicated departments, audit findings and recommendations were developed independently by IRCC’s internal audit function. The approach followed by IRCC was in alignment with the approach described in the OCG audit plan and audit work program. To ensure the integrity and objectivity of the audit work, this audit was conducted only by public servant internal auditors subject to the Global Internal Auditing Code of Ethics of the Institute of Internal Auditors.
Findings and recommendations
Findings for objective 1: integrity of the procurement process
Conclusion
For both contracts, the audit team found no evidence of compromise or inconsistency with:
- the integrity of the procurement process by public servants and public office holders,
- the Values and Ethics Code for the Public Sector, and
- the Directive of Conflict of Interest.
Further, the audit team found no former public servants were involved with either contract.
Findings for objective 2: fairness, openness, and transparency, in line with applicable policy
Conclusion
Caveat: For Contract #2, PSPC was the Contracting Authority and was responsible for auditing the activities that fall under the responsibility of PSPC as the contracting authority.
For both contracts, services by McKinsey were only performed once the original contracts and amendments were approved by the delegated authority. Contract amendments were justified and approved before contract expiry date. As the contract terms and conditions allowed McKinsey to provide written or verbal updates, management demonstrated that progress meetings were held with McKinsey and updates were provided to management’s satisfaction. Once the agreed upon services were provided by McKinsey, payment was approved by the delegated authority. Both contracts, including amendments, met minimum proactive disclosure requirements. For both contracts, the solicitations followed a competitive process and were published on PSPCs CanadaBuys website. Also, there was a Q&A document which included the questions from pre-qualified suppliers.
Based on the information provided by PSPC, security requirements in the solicitation complied with the provisions of the Policy on Government Security. The consultants bid under each contract had valid security clearances in place at the time of each contract award, as required.
Findings for objective 3: adherence to departmental processes and control frameworks
Conclusion
The Financial Operations and Procurement Branch (FOPB) at IRCC is currently working on a formal Policy Procurement framework. A draft of the framework was reviewed by the audit team to identify any internal controls that are relevant to this audit that are not covered by the audit criteria in the first two audit objectives of this report. Only two of the key controls identified in the framework have not been covered in the other sections of this report and they are:
- The Procurement and Contracting Oversight Committee approves high risk procurements. Since both contracts were deemed as low risk, there was no requirement for the Committee to review the contracts.
- The Procurement and Contracting Services branch conducts random file reviews for quality assurance. Contract #1 was selected for this process. No areas of concern were noted.
Approval by Deputy Head
The results of this audit were presented to management of IRCC. The audit report was reviewed and recommended for Deputy Head approval by IRCC’s Departmental Audit Committee.
If issues or recommendations are found following the results of the external reviews by the Office of the Procurement Ombudsman and/or the Auditor General, IRCC will develop a management action plan accordingly to address these.
The Deputy Head of IRCC approves this report.
DM e-approved March 21st, 2023
Christiane Fox
Deputy Minister
Appendix A: Audit criteria
| Audit Objectives | Criteria | Criteria Sources |
|---|---|---|
1. The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest |
1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. |
Conflict of Interest Act- Part I Directive on Conflict of Interest - 4.2.16, 4.17.3 Values and Ethics Code for the Public Sector – Integrity section (3) Contracting Policy (before May 13, 2022) – 4.2.12, 10.8, 11.1.1, 12.4 Directive on the Management of Procurement 4.2.2, 4.3.2 |
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. |
Conflict of Interest Act – Part I, Part III (35, 36) Directive on Conflict of Interest - 4.2.16 Values and Ethics Code for the Public Sector – Integrity section Contracting Policy (before May 13, 2022) – 4.1.9, 4.2.20, Appendix C, schedule 5 Directive on the Management of Procurement (after May 13, 2022) 4.5.5, 4.6.4, 4.10.1.7 |
|
2. The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement) |
1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. |
Contracting Policy (before May 13, 2022) – Sections 10.2.1, 10.2.6, 10.5, 10.7.30, and Appendix C Directive on the Management of Procurement (after May 13, 2022) – 4.3.1, 4.3.2, 4.3.5 (4.1.1 procurement framework should include detailed requirements) Contracting Policy Notice 2007-4 - Non-Competitive Contracting Government Contract Regulations (PDF, 173 KB) [Current to January 25, 2023] – Section 6 |
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. |
Contracting Policy (before May 13, 2022) Sections 4.1.2; 4.1.4, 4.1.9; 16.1.2; 10.5; 10.7; 10.8; 11.1 and 11.3, Appendix J Directive on the Management of Procurement (after May 13, 2022) – 4.1.1, 4.3.1, 4.3.5 (4.1.1 procurement framework (PDF, 492 KB) should include detailed requirements) |
|
3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. |
Contracting Policy (before May 13, 2022) – Sections 4.2.10; 11.2; 11.3; 12.3; 12.4.1; 12.9, Appendix H 2.6 Directive on the Management of Procurement (after May 13, 2022) – 4.3.1, 4.3.5 (procurement framework (PDF, 492 KB) should include detailed requirements on contract management), 4.10.6 Policy on Government Security Appendix A A.6 |
|
4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). |
Directive on Delegation of Spending and Financial Authorities [2017-04-01] – Sections 4.1.11, A.2.2.1.1 to A.2.2.1.3, A.2.2.1.7 to A.2.2.1.9. Financial Administration Act [2018-03-18 current to] – Section 34 |
|
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. |
Contracting Policy (before May 13, 2022) – Section 5.1.6 Directive on the Management of Procurement (after May 13, 2022) – Appendix C Guidelines on the Proactive Disclosure of Contracts- Canada.ca Section 4.1 (amended April 1, 2022). Proactive Disclosure on Contracts, Guidelines on [previous version] – Section 4.1 |
|
3. The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls) |
1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. |
Contracting Policy (before May 13, 2022) Directive on the Management of Procurement (after May 13, 2022) |
Note: On April 11, 2019, the contracting limits for organizations and PSPC were updated to reflect a 25% increase to account for inflation (see Appendix C of the Contracting Policy).
Appendix B: Breakdown of findings
| Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
|---|---|---|
Audit objective 1: The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest |
||
1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. |
Contract 1: Compliant |
Contract 1:
|
Contract 2: Compliant |
Contract 2:
|
|
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. |
Contract 1: Compliant |
Contract 1:
|
Contract 2: Compliant |
Contract 2:
|
|
Audit objective 2: The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement) |
||
1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. |
Contract 1: Not applicable |
Contract 1: This contract was a competitive contract. |
Contract 2: Not applicable |
Contract 2: This contract was a competitive contract. |
|
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. |
Contract 1: Compliant |
Contract 1:
|
Contract 2: Compliant |
Contract 2:
|
|
3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. |
Contract 1: Compliant |
Contract 1
|
Contract 2: Compliant |
Contract 2
| |
4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). |
Contract 1: Compliant |
Contract 1
|
Contract 2: Compliant |
Contract 2
|
|
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. |
Contract 1: Compliant |
Contract 1
|
Contract 2: Compliant |
Contract 2
|
|
Audit objective 3: The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls) |
||
1. Procurements are conducted in a manner consistent with departmental internal processes and control frameworks. |
Contract 1: Compliant |
Contract 1 & 2 Financial Operations and Procurement Branch at IRCC is currently working on a formal Policy Procurement Framework. For the purposes of this audit, the audit team assessed both contracts against two key internal controls related to procurement:
|
Contract 2: Compliant |
||
Page details
- Date modified: