Internal Audit of Federal Government consulting contracts awarded to McKinsey & Company
March 19, 2023
Conformance with professional standards
This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Claudette Blair
Chief Audit and Evaluation Executive
Privy Council Office
Background
Procurement in the Government of Canada (GC) is subject to the Directive on the Management of Procurement (and the now rescinded Contracting Policy prior to May 13, 2022)1, which has as its objective to ensure that procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. As a result, among others, procurements are expected to enable operational outcomes, to be subject to effective governance and oversight mechanisms, to be fair, open, and transparent, and to meet public expectations in matters of prudence and probity.
The Prime Minister tasked Minister Fortier, as President of the Treasury Board (TB), along with Minister Jaczek, Minister of Public Services and Procurement, to undertake a review of contracts awarded to McKinsey & Company (McKinsey). On February 8, 2023, the Office of the Comptroller General (OCG) requested from government organizations, by February 15, 2023, a list of all contracts with McKinsey dating back to January 1, 2011, as well as related information on these. For those organizations that have been the technical authority and/or entered into any such contracts as the contracting authority, the OCG has directed the Chief Audit Executives (CAEs) of these organizations to conduct a formal independent internal audit of the related procurement processes, with results to be reported to the OCG by March 22, 2023.
Audit objectives and scope
The objectives of the OCG-directed audit were to determine the following for all scoped-in contracts with McKinsey:
- The integrity of the procurement process was maintained consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest;
- The procurements were conducted in a fair, open and transparent manner consistent with the Treasury Board (TB) Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement); and
- The procurements were conducted in a manner consistent with the organization’s internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls). Under this objective, the PCO Internal Audit team examined controls related to guidance on the retention of contract documentation, as well as whether quality assurance/monitoring of contracting activities was in place.
The scope of the audit focused on the examination of the procurement practices for all competitive and non-competitive contracts2 with McKinsey that were awarded (i.e., signed) by the organization between January 1, 2011, and February 7, 20233.
The Privy Council Office (PCO) had issued one contract with McKinsey during the audit scope period:
Contract | Contract start date & end date | Contract amount | Procurement strategy | Purpose of contract |
---|---|---|---|---|
1 | Nov 9, 2017 – Mar 31, 2018 | $21,900, plus HST ($24,747 total) | Non-competitive | The purpose of the contract was to “leverage the expertise of a global industry leader to facilitate a common understanding of a series of disruptive technologies and their implications for the Government of Canada amongst Deputy Ministers”. The scope of work included developing and delivering a series of presentations to the Deputy Ministers' Committee on Policy Innovation to reach a common understanding about a number of disruptive technologies/trends and their implication on the Government of Canada's operations. The vendor was to develop presentations and supporting material for four Deputy Minister meetings. Presentations were to include addressing the following technologies: Artificial Intelligence, Blockchain, Virtual Reality, Biometrics, Internet of things and Autonomous vehicles. |
The audit did not assess:
- contracts with any entity other than McKinsey.
- contracts awarded (and signed) outside of the audit period.
- compliance with any other policy instrument, laws and/or regulations not specifically mentioned in this audit report.
Approach
The OCG provided all departments with an audit plan and audit work program to ensure consistency of coverage across the GC. While the OCG developed the objectives, scope, audit criteria, and audit work program for use by implicated departments, audit findings and recommendations were developed independently by PCO’s internal audit function. The approach followed by PCO aligned with the approach described in the OCG audit plan and audit work program.
In terms of Audit Objective 3 (procurement was conducted in a manner consistent with the organization’s internal processes and control frameworks), the audit focused on controls around documentation, as well as the existence of quality assurance/monitoring of contract activity. Due to time constraints, other key controls were not tested (e.g., verifying whether supervisory review of procurement files took place).
To ensure the integrity and objectivity of the audit work, this audit was conducted only by public servant internal auditors subject to the Global Internal Auditing Code of Ethics of the Institute of Internal Auditors.
Findings and recommendations
It is important to note that most of the audit findings pertain to one sole-source contract under $25,000, therefore, the results cannot be extrapolated to contracting practices more generally at PCO.
Three audit objectives were assessed and concluded on as follows:
- Objective 1 - integrity of the procurement process - met
- Objective 2 - fairness, openness, and transparency, in line with applicable policy - partially met
- Objective 3 - adherence to departmental processes and control frameworks - not met.
The audit found no evidence that public servants or Public Office Holders failed to maintain the integrity of the procurement process, nor that their actions breached the Values and Ethics Code for the Public Sector or the Directive on Conflict of Interest. The department took steps to minimize the risks associated with conflict of interest and conflict of duties situations. The expenditure initiation and section 32 of the Financial Administration Act (FAA) was performed by an individual having the appropriate delegated authority, and the contract was signed by the department’s representative having the appropriate delegated authority. The audit also confirmed that the security requirements were addressed to ensure compliance with the Policy on Government Security.
The audit identified compliance gaps around retaining key documentation on the project and contracting file, as well as in monitoring to ensure that deliverables were delivered according to the contract’s Statement of Work, which led to improper certification s.34 of the FAA, and delayed proactive disclosure. Gaps were also identified regarding guidance for the retention of procurement documents, as well as quality assurance/monitoring of contracting files to track contracting activities, controls effectiveness and compliance.
The audit made the following three recommendations to the Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs:
- conduct a review to determine if all PCO contracts valued at over $10,000 have been appropriately disclosed.
- strengthen controls to ensure documentation requirements are respected for both contracting and project authorities.
- design and implement a risk-based quality assurance/monitoring framework to periodically assess and report on whether PCO procurement adheres to all relevant policies and procedures.
Although the audit identified other areas for improvement, no additional recommendations were made, given that only one contract was examined, and the results cannot be extrapolated or generalized to other contracting activities.
Findings for Objective 1: Integrity of the procurement process
Conclusion
This objective was met.
The audit found no evidence that public servants and Public Office Holders failed to maintain the integrity of the procurement process, or that their actions breached the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. The department took steps to minimize the risks associated with conflict of interest and conflict of duties situations. A Former Public Servant Certification document was completed to confirm that the vendor was not a former public servant in receipt of a pension and was signed by the vendor Partner “on behalf of the Contractor”.
Findings for Objective 2: Fairness, openness, and transparency
Conclusion
This objective was partially met.
Four criteria were examined under this objective4: 1) Documentation to support the justification for the non-competitive contract; 2) Contract management; 3) Certification Authority/section 34; and 4) Proactive Disclosure.
Criterion 2.1 – Expenditure initiation and section 32 were performed by the individual with the right delegated authorities and documented. A statement of work has also been defined prior to vendor selection and contract award. Justification for non-competitive contracts is documented, valid, and substantiated, in accordance with section 6 of the Government Contract Regulations. There is no evidence of contract splitting.
This criterion was partially met. In terms of areas of compliance, the audit found that expenditure initiation and section 32 was performed by an official with the right delegated authorities and this process was documented. The value of the contract was under $25K; therefore, one of the four exceptions to competition under the Government Contract Regulations was met. The Statement of Work (included as Annex A of the Contract) defines the intended outcome of the procurement, the deliverables (developing and delivering four presentations), the time frames for delivering each presentation, cost, and official languages requirements. The duration of the proposed contract was assessed by the auditors as reasonable. That being said, there were issues with the accuracy of the Statement of Work, which are discussed under Criterion 2.4. Finally, contract splitting did not occur, since no other contracts were awarded to the vendor by the department.
In terms of areas of non-compliance, there was no evidence found on file that the price had been validated as fair and reasonable. Although the PCO 2016 Contracting Guide for Managers requires a certification to be submitted by the Project Authority that the contractor's rate is not in excess of the lowest rate charged by anyone else, this certification was not on file.
By maintaining appropriate records of contracting activities, the department would be better positioned to demonstrate compliance with relevant acts, policies and procedures. A discussion of document retention can be found under Objective 3, Criterion 1, which led to Recommendation 2.
Areas of improvement
Certification that a contractor's rate is fair and reasonable, and a brief explanation on what basis this determination is made, should be documented on file.
Recommendation
None, as only one contract was examined.
Criterion 2.3 – Contract Management: Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract. There is also oversight to monitor performance and ensure that the delivery of services meets the provisions of the contract in terms of quality, standards, service levels, etc.
This criterion was partially met. In terms of compliance, the audit found that security requirements were addressed to ensure compliance with the provisions of the Policy on Government Security. There was evidence that PCO’s Security Operations group was consulted, and appropriate security clauses were inserted into the contract on the advice of Security Operations. In addition, the contract was signed by the department’s representative with the appropriate delegated authority.
In terms of non-compliance, the signed contract by both parties (i.e., the department and the vendor) was not on the file and the contract may not have been in place before the vendor commenced work. While there was evidence of the contract having been sent to the vendor for signature, the contract with the vendor’s signature was not found in the file. In addition, given the contract date was less than 24 hours earlier than the deliverable date, with no vendor signature on the contract to establish the start date, there is a risk that work began before the contract was in place.
Monitoring to ensure that the delivery of services met the provisions of the contract in terms of quality, standards, and service levels, was not effective. The terms of the contract were not met, because only one of the four presentations stipulated in the contract was provided by the vendor, and yet the vendor was paid the full contract amount.
Areas of improvement
The contract, signed by both parties must be obtained and retained on file for the required timeframe.
The Project Authority needs to conduct effective monitoring to ensure that the delivery of services meets the provisions of the contract, including its Statement of Work, in terms of quality, standards and service levels.
Recommendation
None, as only one contract was examined.
Criterion 2.4 – Certification Authority (section 34): Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the Financial Administration Act).
This criterion was partially met. In terms of compliance, the certification authority was performed by the appropriate delegated authority. Section 34 of the FAA documentation was signed by the authorized signing authority. The signee had the delegated authority as per the delegation chart and specimen card and the transaction amount was within the signing authority’s approval limit.
In terms of non-compliance, the expense certification was not properly supported with proof of execution (according to contract), and cost. The vendor did not provide the deliverables in accordance with the contract’s Statement of Work.
The Project Authority approved the vendor’s invoice dated February 16, 2018 for the full amount of $21,900 plus HST. By certifying Section 34 of the FAA, the Project Authority confirmed that the services were rendered, and the price was charged according to the contract. File documentation shows that the vendor did deliver a 73-page deck for a Deputy Minister meeting on November 10, 2017. However, file documentation does not substantiate the Statement of Work having been fulfilled in the following respects. First, the deck did not address all the technologies outlined in the Statement of Work (i.e., it did not cover Virtual reality and Biometrics). Second, there was no evidence on file that the vendor submitted the presentation in French as well as English. Third, only one presentation was delivered, not four as outlined in the Statement of Work. There is no explanation on file as to how the vendor was paid the full contract amount without having delivered all four presentations, in both official languages, as per the specifications in the Statement of Work. In short, based on file documentation, the contract was not fulfilled by the vendor and, therefore, there was no support for Section 34 certification.
In response to the non-completion of deliverables, the senior manager of the Project Authority indicated that the intent was for the vendor to submit one presentation and deliver it to different departmental audiences, if there was further interest by departments. Since there was no further demand, only one presentation was delivered. This is corroborated by the vendor’s Proposal documented on file (undated, but last modified on October 3, 2017), which states “After the initial presentation, the Vendor will present… up to three meetings...”. The senior manager of the Project Authority also indicated that the vendor did provide a French version of the presentation, but it was not retained on file.
The intent of using the same deck to deliver subsequent optional presentations to different department audiences was not reflected in the Statement of Work, nor were there details on how the vendor would be paid if the subsequent presentations were not required. Once it was confirmed that no additional presentations would occur, such changes to the deliverables should have been documented by the Project Authority, as per “Section 6 - Project Management” of the contract, which states that "Any change to the scope of work must be approved by the Project Authority". A rationale to explain why the vendor was entitled to the full contract amount should have been also prepared and documented by the Project Authority, and a contract amendment should have been issued to reflect the revised deliverables.
Based on this information, it appears that the contract’s Statement of Work was not properly articulated by the Project Authority to accurately reflect the nature of work, the key deliverable(s) and the optional services. The contract should have reflected a price schedule for various scenarios for the vendor’s presentations. The improperly structured Statement of Work inevitably led to irregularities regarding Section 34 certification.
Areas of improvement
Statement of Work must be properly designed to accurately identify deliverable(s) and costs associated with each deliverable, if applicable.
Expense certification (s.34 of the FAA) must be sufficiently supported with proof of execution/ deliverables according to the contract’s statement of work and terms and conditions.
Project Authority must document changes to a contract’s deliverables and obtain a contract amendment.
Recommendation
None, as only one contract was examined.
Criterion 2.5 – Proactive Disclosure: Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements.
This criterion was not met. While the contract appears on the Open Canada portal, with the contract details being aligned with the Guidelines on the Proactive Disclosure of Contracts, it was not published within the required period of one month after the close of the quarter during which it was issued. The contract was published on the portal in Q3 2022-23, i.e., five years after issuance. According to the data that was submitted by PCO in the portal, this delay resulted from an administrative error. Management indicated that the error was discovered when the file was requested by the Standing Committee on Government Operations and Estimates in January 2023.
Management reported that the contract had not been entered in the SAP system in Q3 2017-18 as required, but in Q4 2017-18. As a result, the contract may have been removed from the list of contracts identified for proactive disclosure via the end-of-quarter standard data pull for Q4, based on an assumption that it had already been identified for proactive disclosure in the prior quarter (Q3). The audit did not examine the reasons for the proactive disclosure omission, nor the controls around proactive disclosure.
Proactive disclosure that is not timely impacts the government’s commitment to transparency of the procurement process, so that Canadians may hold government to account.5
Areas of improvement
The department must disclose all contracts valued at over $10,000 within the required period of one month after the close of the quarter.
The practice of manually removing contracts from the system-generated proactive disclosure list should be revisited, as it presents a risk of omission.
A quality assurance/monitoring framework is required, which includes verifying that a contract above $10K is properly disclosed.
Recommendation
1. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should conduct a review to determine if all PCO contracts valued at over $10,000 have been appropriately disclosed.
Findings for Objective 3: Adherence to departmental processes and control frameworks
Conclusion
This objective was not met.
During the audit, several documents that were required to be retained were not found on file. This could be an anomaly, since only one contract was examined as part of this audit. Therefore, the auditors examined controls related to guidance on the retention of contract documentation. The audit examined whether quality assurance/monitoring of contracting activities was in place, which is an important control to gauge compliance with departmental internal processes and control frameworks on an on-going basis, and to identify areas for improvement.
Criterion 3.1 - Guidance for retaining contract-related documentation is well-defined and consistently used by Project Authorities and Contracting Authorities to ensure the government record is preserved and an appropriate audit trail is established.
This criterion was not met. The 2016 PCO Policy on Procurement states that all procurement files must be appropriately documented and must include as a minimum, all decisions, approvals, and contract changes, including amendments, in keeping with the Access to Information Act, and to ensure that the government record is preserved, and an appropriate audit trail is established.
We expected that the department would explain “appropriately documented” and “appropriate audit trail” via guidance (such as checklists) to Project Authorities and Contracting Officers, and specify which documents are required to be retained on project and contracting files, and for how long.
For project files, the 2016 PCO Contracting Guide for Managers provides useful guidance on file documentation. Sections 4.11 (Maintaining Records) and 5.7 (Ensuring Your File Is Properly Documented) outline the importance of maintaining records and provide guidance on which documents to retain. However, guidance is not provided on the retention of the validation that the price is fair and reasonable, nor on how long the documentation should be retained on file by Project Authorities.
For contracting files, proper documentation of files should be ensured through two controls: first, a checklist, and, second, a supervisory review.
In terms of a checklist, a Contract/Procurement Check List is available to contracting officers, which lists possible documents to be retained on file. The Checklist, however, is deficient in two respects. First, it lacks precision as to which documents are required for which contracts/procurement process. It is generic to all types of contracts and states “not all documents are necessary”, so its effectiveness is limited given the different types of contracts/ procurement processes (and associated documentation requirements). Second, the Checklist does not indicate how long documentation should be retained. Furthermore, use of the checklist is not required by contracting employees. Management indicated that “the contract checklist… is used to guide contracting employees, however, is not required to be completed and saved for each file”.
In terms of the supervisory review, contracting management stated that “Quality controls are conducted prior to the approval of contracts by the Team lead or Manager to ensure that the procurement files are complete and accurate”. They also indicated that the supervisory review may not have been in place at the time of the contract. The audit did not test to what extent supervisory reviews occur or are documented. Given that several key documents were not on file, this control (i.e., the review by Team Lead or Manager) did not occur or was not effective for this particular contract. Having a documentation checklist on each procurement file signed off by the team lead/supervisor at the conclusion of the contract would be an effective control to ensure that key documents are retained on the contracting file.
In summary, the design of key controls to ensure required documentation is retained on project and contracting files is only partially effective, and the controls are not consistently applied, potentially leading to gaps in document retention. This is important, because failure to keep appropriate records of contracting activities may result in the department not being able to demonstrate compliance with relevant acts, policies and procedures.
Areas of improvement
Guidance for Contracting Officers and Project Authorities on contracting-related documentation to be retained on file, and for how long.
Recommendation
2. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should strengthen controls to ensure documentation requirements are respected by both contracting and project authorities.
Criterion 3.2 - Monitoring/Quality Assurance of contracting activities is in place to ensure procurements are conducted in accordance with the relevant policies and procedures, and improvement opportunities are identified.
This criterion was not met. The 2016 PCO Policy on Procurement requires the monitoring of management practices and controls associated with procurement in the department to detect and communicate unacceptable risks, vulnerabilities or control deficiencies or failures, as well as the taking of early and effective preventive and remedial action whenever significant potential or actual deficiencies are identified. In addition, building quality assurance procedures into procurement processes to monitor compliance and identify improvement opportunities is one of the suggested activities to promote continuous learning and innovation in the 2022 TBS Guide to Establishing a Procurement Management Framework. For these reasons, we expected to see a Quality Assurance (QA)/Monitoring Framework designed and implemented.
Contracting management indicated that a quality assurance/monitoring framework was not in place, but that quality control (i.e., supervisory review) is conducted on each file prior to a contract being signed off. The quality control/supervisory review was not validated by this audit.
Without performing an on-going monitoring/quality assurance of contracting compliance, the department does not have insight into the extent to which its controls are designed and operating effectively, and where improvements may be required.
Areas of improvement
Quality Assurance/Monitoring Framework is required.
Recommendation
3. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should design and implement a risk-based quality assurance/monitoring framework to periodically assess and report on whether PCO procurement adheres to all relevant policies and procedures.
Management response
The findings and recommendations of this audit were presented to management of the Privy Council Office. The audit report was reviewed and recommended for deputy head approval by PCO’s Departmental Audit Committee.
Management has accepted the audit findings and agree that the incomplete information retention for the contract file of question is an area of concern. Although the findings of this audit were based on a review of only one contract, management is taking the findings seriously and, in addition to the management action plan to be completed between June and December 2023 (Appendix B), will conduct a comprehensive review of all contract files issued in fiscal year 2022-23 in order to ensure that proper documentation is included in all files and that contracts have been proactively disclosed when required. This review will help determine if there are any systemic information management issues or areas where additional attention is required. A summary of the findings will be presented to the PCO’s Departmental Audit Committee in June 2023.
PCO’s Departmental Audit Committee will be engaged in the monitoring of the implementation of this action plan, in line with the department’s standard internal audit processes. If additional issues or recommendations are found following the results of the external reviews by the Office of the Procurement Ombudsman and/or the Auditor General, PCO will update the management action plan accordingly to incorporate these.
The Deputy Head of the Privy Council Office approves this report, including the management action plan.
Janice Charette
Clerk of the Privy Council
Appendix A: Audit criteria
Audit objectives | Criteria | Criteria sources |
---|---|---|
1. The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest | 1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. | Conflict of Interest Act - Part I Directive on Conflict of Interest - 4.2.16, 4.17.3 Values and Ethics Code for the Public Sector – Integrity section (3) Contracting Policy (before May 13, 2022) – 4.2.12,10.8,11.1.1,12.4 Directive on the Management of Procurement 4.2.2, 4.3.2 |
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. | Conflict of Interest Act – Part I, Part III (35, 36) Directive on Conflict of Interest - 4.2.16 Values and Ethics Code for the Public Sector – Integrity section Contracting Policy (before May 13, 2022) – 4.1.9, 4.2.20, Annex C, schedule 5 Directive on the Management of Procurement (after May 13, 2022) 4.5.5, 4.6.4, 4.10.1.7 |
|
2. The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement) | 1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. | Contracting Policy (before May 13, 2022) – Sections 10.2.1, 10.2.6, 10.5, 10.7.30, and Appendix C Directive on the Management of Procurement (after May 13, 2022) – 4.3.1,4.3.2, 4.3.5 (4.1.1 procurement framework should include detailed requirements) Contracting Policy Notice 2007-4 - Non-Competitive Contracting Government Contract Regulations [Current to January 25, 2023] – Section 6 |
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. | Contracting Policy (before May 13, 2022) Sections 4.1.2; 4.1.4, 4.1.9; 16.1.2; 10.5; 10.7; 10.8; 11.1 and 11.3, Appendix J Directive on the Management of Procurement (after May 13, 2022) – 4.1.1, 4.3.1, 4.3.5 (4.1.1 procurement framework should include detailed requirements) |
|
3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. | Contracting Policy (before May 13, 2022) – Sections 4.2.10; 11.2; 11.3; 12.3; 12.4.1; 12.9, Appendix H 2.6 Directive on the Management of Procurement (after May 13, 2022) – 4.3.1, 4.3.5 (procurement framework should include detailed requirements on contract management), 4.10.6 Policy on security Appendix A A.6 |
|
4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). | Directive on Delegation of Spending and Financial Authorities [2017-04-01] – Sections 4.1.11, A.2.2.1.1 to A.2.2.1.3, A.2.2.1.7 to A.2.2.1.9. Financial Administration Act [2018-03-18 current to] – Section 34 |
|
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. | Contracting Policy (before May 13, 2022) – Section 5.1.6 Directive on the Management of Procurement (after May 13, 2022) – Appendix C Guidelines on the Proactive Disclosure of Contracts Section 4.1 (amended April 1, 2022). Proactive Disclosure on Contracts, Guidelines on [previous version] – Section 4.1 Access to Information Act (86-1) |
|
3. The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls) | 1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. | Contracting Policy (before May 13, 2022) Directive on the Management of Procurement (after May 13, 2022) |
Note: On April 11, 2019, the contracting limits for organizations and PSPC were updated to reflect a 25% increase to account for inflation (see Appendix C of the Contracting Policy).
Appendix B: Management Action Plan
Recommendation | Management action | Area responsible | Expected deliverables per action | Expected completion date |
---|---|---|---|---|
1. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should conduct a review to determine if all PCO contracts valued at over $10,000 have been appropriately disclosed. | Management will conduct a review of all contracts issued by PCO valued over $10,000 over the past two fiscal years. Should any systemic issues be identified through this review, management will expand the scope of the review the two previous years. | Ministerial Services and Corporate Affairs, Logistics and Special Services Directorate | Validation and corrective action as required that all contracts over $10,000 issued by PCO over the past two fiscal years have been proactively disclosed. | June 30, 2023 (Q1 2023-24) |
2. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should strengthen controls to ensure documentation requirements are respected by both contracting and project authorities. | As noted in the audit, a checklist identifying document requirements can be a key control in the procurement process. Management is in the process of updating the Contracting Guide for Managers, which will emphasize documentation requirements and retention period for both contracting and project authorities. In addition, a contract review checklist will be updated and will be completed and saved to each procurement file. | Ministerial Services and Corporate Affairs, Logistics and Special Services Directorate | A mandatory checklist will be utilized by Procurement officers and saved to each procurement file. The updated Management Contracting Guide will be published and shared with project authorities. | September 30, 2023 (Q2 2023-24) |
3. The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs, should design and implement a risk-based quality assurance/monitoring framework to periodically assess and report on whether PCO procurement adheres to all relevant policies and procedures. | The Assistant Secretary to the Cabinet, Ministerial Services and Corporate Affairs will establish a Quality Assurance team within the Corporate Services branch, which would conduct risk-based monitoring and Quality Assurance on various activities within the branch’s purview, including procurement. | Ministerial Services and Corporate Affairs, Logistics and Special Services Directorate | Quality Assurance team within the Corporate Services Branch to be established. | December 31, 2023 (Q3 2023-24) |
Appendix C: Breakdown of findings
Audit objective 1: The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest
Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
---|---|---|
1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. | Compliant | The audit found no evidence that would indicate that public servants and Public Office Holders did not maintain the integrity of the procurement process, or that their actions were not consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. The department took steps to minimize the risks associated with conflict of interest and conflict of duties situations. |
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. | Not applicable | Not applicable. The contract did not involve a Former Public Servant or Former Public Office Holder. |
Audit objective 2: The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement)
Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
---|---|---|
1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. | Partially compliant | In terms of areas of compliance, the audit found that expenditure initiation and section 32 was performed by an individual with the right delegated authorities and documented. The value of the contract was under $25K; therefore, one of the four exceptions to competition under the Government Contract Regulations was met. There was also no contract splitting. In terms of areas of non-compliance, there was no evidence found on file that the contract price had been validated as fair and reasonable. |
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. | Not applicable | Not applicable. The contract was not competitive. |
3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. | Partially compliant | In terms of areas of compliance, the audit found that security requirements were addressed to ensure compliance with the provisions of the Policy on Government Security and that the contract was signed by someone with the appropriate delegated authority. In terms non-compliance, the signed contract by both parties (i.e., the department and the vendor) was not on the contracting file and the contract may not have been in place before the vendor commenced work. In addition, the monitoring to ensure that the delivery of services met the provisions of the contract in terms of quality, standards, and service levels, was not effective. |
4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). | Partially compliant | In terms of areas of compliance, the certification authority was performed by the appropriate delegated authority. In terms of non-compliance, expense certification was not properly supported with proof of execution (according to contract), and cost. |
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. | Not compliant | While the contract appears on the Open Canada portal, with the contract details being aligned with the Guidelines on the Proactive Disclosure of Contracts, it was not published within the required period of one month after the close of the quarter. The contract was published on the portal five years after issuance. |
Audit objective 3: The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls)
Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
---|---|---|
1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. | Not compliant | The design of key controls to ensure required documentation is retained on project and contracting files is only partially effective, and the controls are not consistently applied, potentially leading to gaps in document retention. Monitoring/Quality Assurance of contracting activities was not in place to ensure procurements are conducted in accordance with the relevant policies and procedures, and improvement opportunities are identified. |
Page details
- Date modified: