Archived - Audit of Contracting Report

September 2012

Table of Contents

• 1.0 Executive Summary
• 2.0 Introduction
  • 2.1 Background
  • 2.2 Objective
  • 2.3 Scope
  • 2.4 Methodology and Approach
  • 2.5 Statement of Assurance
• 3.0 Findings and Recommendations
  • 3.1 Contracting Control Framework
  • 3.2 Compliance with Contracting Regulations and Policies
  • 3.3 Efficiency of the Procurement and Contracting Process
    • 3.3.1 Contracting Process Time Frame
    • 3.3.2 Financial / Administrative Activities Performed by CPPD
• Appendix A: Audit Criteria
• Appendix B: Management Response and Action Plan

1.0 Executive Summary

Introduction

Contracting in the Government of Canada is governed by the Treasury Board (TB) Contracting Policy, which applies to departments and agencies. Government contracting must also comply with the requirements of the Government Contracts Regulation, TB Delegation of Power Orders, TB Contracts Directives, North American Free Trade Agreement, World Trade Organization – Agreement on Government Procurement, and Agreement on Internal Trade. Authority to contract has been delegated to Ministers who then delegate contracting authority to various levels within their department or agency.

At the Canadian Food Inspection Agency (CFIA or the Agency), roles and responsibilities for the management of contracting are defined in the CFIA Procurement and Contracting Policy. Overall accountability for the management of the function lies with the Corporate Management Branch (CMB). The Contracting and Procurement Policy Division (CPPD), within CMB, is responsible for processing and awarding all contracts over $10,000 that are within the Agency's contracting authority, and contracts under $10,000 which fall under the Mandatory Standing Offers of Public Works and Government Services Canada (PWGSC). Remaining contracts under $10,000 are processed and awarded by responsibility centre (RC) managers with delegated authority.

Contracting activities are essential to support the Agency in achieving its objectives and are also subject to a high level of public scrutiny across the federal government. The CFIA processed and awarded 1,684 contracts over $10,000 from April 1, 2010 to March 31, 2012, totalling $130,886,669. The CFIA solely processed and awarded the majority of these contracts (1,447), totalling $89,220,842. The remainder was initiated by CFIA and processed by PWGSC.

Audit Objective and Scope

The objectives of this audit were to provide assurance that the CFIA contracting control framework is adequate to ensure that contracts are issued in compliance with Government of Canada regulations, policies and procedures, and assess the extent to which activities undertaken support an efficient contracting process. The scope of the audit covered contracting activities within the CFIA, and included a review of contracts over $10,000 processed by the CPPD, as well as contracts under $10,000 processed by RC managers. Contracts issued by the CFIA from April 1, 2010 to March 31, 2012, were included in the scope.

Key Findings and Conclusion

In general, documented roles and responsibilities, policies and procedures, training and guidance, advisory services, monitoring and review for procurement and contracting are in place. Audit examination covering the past two fiscal years indicated that contract files were generally in compliance with contracting regulations, policies and procedures, and were appropriately authorized, documented and reviewed by supervisors.

While contract processing is functioning well in many respects, there are opportunities for improvement in certain areas. The audit noted that CPPD is developing a planning process, including obtaining input from branches regarding their upcoming procurement needs, in order to better anticipate and plan workload requirements. Improved planning would be beneficial to CPPD in being able to provide more consistent timely service to its clients throughout the year.

Outreach regarding guidance on procurement and contracting by CPPD is available in various forms including training courses, presentations, e-mails, and consultations and advice. However, there is limited guidance available on the CFIA intranet. Enhanced guidance would be beneficial to CPPD and its clients to improve the efficiency and effectiveness of the preparation of statements of work, sole source justifications, bid evaluation criteria, etc.

While samples of contract files reviewed were generally compliant with contracting policies and regulations, certain areas require improvement. In particular, justifications for awarding contracts on a sole source basis need to be better documented. Also, functional direction and monitoring should be enhanced to ensure compliance with the TB Contracting Policy.

The overall time frame for CPPD to award and issue contracts once requests are received is published. While this essentially provides an overall service standard for awarding and issuing contracts, there are various contracting process steps and milestones for which there are no segregated time frames. Meanwhile, the roles and responsibilities for those process steps are shared between CPPD and its clients such that CPPD is not solely responsible for the time involved, e.g. finalization of statements of work, and technical evaluation of proposals. Without more precise identification of time frames by process step and responsibility, it is difficult to monitor and analyse process efficiency or service performance.

CPPD is performing financial administrative duties that may be useful for its clients but which may be more appropriately performed elsewhere in the Agency. For example, at fiscal year end CPPD determines amounts payable on contracts for services rendered or goods received, but not yet invoiced. While it is useful and necessary to set up payables at year end, it is not clear why CPPD does this when client branches are responsible for their own budget management. Meanwhile this involves a significant burden of effort and time on the part of CPPD that could otherwise be available for core contracting activities.

In conclusion, a CFIA contracting control framework is in place and is adequate to ensure that contracts are issued in compliance with Government of Canada regulations, policies and procedures with some exceptions. Opportunities to strengthen the control framework were identified during the audit. The audit also identified opportunities to enhance the efficiency of the contracting process.

The report includes five recommendations to address areas where improvements are required. Management agrees with the recommendations and its response indicates its commitment to take action.

2.0 Introduction

2.1 Background

The Government of Canada is one of the largest public buyers of goods and services in Canada, purchasing over $15 billion worth every year on behalf of federal departments and agencies. As the government's main buyer of goods and services, including construction, Public Works and Government Services Canada (PWGSC) plays a key role by helping federal departments and agencies define their requirements or scope of work, and obtain what they need at the best value.

Contracting in the Government of Canada is governed by the Treasury Board (TB) Contracting Policy, which applies to departments and agencies. Government contracting must also comply with the requirements of the Government Contracts Regulation, TB Delegation of Power Orders, TB Contracts Directives, North American Free Trade Agreement, World Trade Organization – Agreement on Government Procurement, and Agreement on Internal Trade. Authority to contract has been delegated to Ministers who then delegate contracting authority to various levels within their department or agency

Provisions relating to contracting for the procurement of goods and services, and construction services are contained in the Government Contracts Regulation and TB Contracting Policy. Policy sections provide guidance on aspects of contracting such as procedural requirements, the concept of best value, bidding and selection, contract award and administration, and specific issues relating to commodities.

At the Canadian Food Inspection Agency (CFIA or the Agency), roles and responsibilities for the management of contracting are defined in the CFIA Procurement and Contracting Policy. Overall accountability for the management of the function lies with the Corporate Management Branch (CMB). The Contracting and Procurement Policy Division (CPPD), within CMB, is responsible for processing and awarding contracts over $10,000 that are within the Agency's contracting authority, and contracts under $10,000 which fall under the Mandatory Standing Offers of Public Works and Government Services Canada (PWGSC). Remaining contracts under $10,000 are processed and awarded by responsibility centre (RC) managers with delegated authority. In addition, a Contract Review Committee has been established to review high risk contracting requirements.

Contracting activities are essential to support the Agency in achieving its objectives and are also subject to a high level of public scrutiny across the federal government. The CFIA processed and awarded 1,684 contracts over $10,000 from April 1, 2010 to March 31, 2012, totalling $130,886,669. The CFIA solely processed and awarded the majority of these contracts (1,447), totalling $89,220,842. The remainder was initiated by CFIA and processed by PWGSC. The table below provides a summary of this information.

The audit of contracting was identified and approved in the Agency's 2011-2012 to 2013-2014 Risk Based Audit Plan (RBAP) for completion in 2012-2013.

The Office of the Comptroller General (OCG) has planned a horizontal audit of procurement for 2013-2014 that will assess whether departmental procurement is being managed in an efficient manner. This audit provided an opportunity to review the Agency's contracting process for efficiencies.

2.2 Objective

The objectives of this audit were to provide assurance that the CFIA contracting control framework is adequate to ensure that contracts are issued in compliance with Government of Canada regulations, policies and procedures, and assess the extent to which activities undertaken support an efficient contracting process.

2.3 Scope

The scope of this audit covered contracting activities within the CFIA, and included a review of contracts over $10,000 processed by the CPPD, as well as contracts under $10,000 processed by RC managers. Contracts issued by the CFIA from April 1, 2010 to March 31, 2012, were included in the scope. The review of contracts covered contract requirement definition, solicitation activities, contract issuance and award, and contract amendments.

This audit did not include a review of purchases made using acquisition cards or contracts processed and awarded by PWGSC. The audit was conducted between November 2011 and May 2012.

2.4 Methodology and Approach

Lines of Enquiry and detailed audit criteria (see Appendix A) were developed to serve as standards against which our assessment could be made, and form a basis for the conduct of the audit. The audit criteria were derived from a risk and control assessment of contracting processes against Treasury Board Secretariat's "Audit Criteria related to Management Accountability Framework: A Tool for Internal Auditors" and TB Contracting Policy. These audit criteria support the audit objective and scope. The audit criteria are grouped under three Lines of Enquiry as follows:

• Line of Enquiry 1: To assess the adequacy of the control framework for the contracting function in place.
• Line of Enquiry 2: To assess whether CFIA's contracting transactions are compliant with the GoC and CFIA contracting regulations, policies and directives.
• Line of Enquiry 3: To assess the extent to which the framework and practices in place, consider and support an efficient contracting process.

The audit approach and methodology comprised interviews, document review, detailed review of a sample of contract files, data analysis, and benchmarking of contracting practices of other departments and agencies.

The detailed review included a total of 90 contract files covering four contract types as follows:

• 20 Professional Services competitive contracts over $25,000;
• 20 Professional Services sole sourced contracts between $10,000 and $25,000;
• 25 Call-ups against PWGSC / Agency Individual Standing Offers; and,
• 25 Purchase Orders (POs) under $10,000.

The sample was selected randomly within each contract type. The examination was targeted to identified risks associated with each.

The above contracts were processed and awarded by the CPPD, with the exception of the 25 POs that were processed and awarded by RC managers.

2.5 Statement of Assurance

The audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada as required under the TB's Policy on Internal Audit and has examined sufficient, relevant evidence and obtained sufficient information and explanation to provide a high level of assurance in support of the audit conclusion.

3.0 Findings and Recommendations

3.1 Contracting Control Framework

We expected that a contracting control framework would be in place for the Agency that would encompass audit criteria that are identified in Appendix A.

We found that a contracting control framework is in place in the Agency that includes the following practices:

• The identification of accountability and responsibilities for procurement and contracting in the CFIA Procurement and Contracting Policy, Procurement to Payment and Asset Management Procedures, and Policy on Expenditure Initiation and Commitment Control;
• The provision of procurement and contracting guidance including: delivery of the procurement and contracting component of the Management for Success course to RC managers; delivery of the Smart Procurement course to RC manager support staff; delivery of a number of presentations to branches, which covered how contracting works, and contracting risks that managers should be aware of; distribution of a number of emails that highlights specific contracting issues; and, consultations and advice as requested by branches;
• The preparation of files by procurement officers and their review by supervisors;
• The establishment of a Contract Review Committee, comprising the Director and two senior managers of CPPD, to review high risk and high dollar value contracting requirements; and
• Informal monitoring of incoming contract requests by the Director, CPPD.

We also found that the CPPD does not have a planning process in place to anticipate Agency requirements for procurement and contracting. While responsibility for identifying procurement needs rests with RC managers, there is an opportunity for CPPD, as functional authority, to work proactively with its clients to ensure Agency procurement and contracting priorities and requirements are anticipated.

We noted that the CPPD has commenced informal requests to branches for their upcoming procurement needs. In addition, CPPD is developing a procurement planning process with tools and templates; however, this remains to be fully implemented.

The lack of a procurement and contracting plan inhibits the ability of CPPD to anticipate Agency procurement and contracting requirements and to ensure that it has sufficient resources available at all times to process and award contracts on a timely basis. This in turn increases the risk that the Agency's projects could be delayed and priorities not met.

We also found that there are opportunities to strengthen guidance for procurement and contracting. Such guidance should also reinforce RC managers' accountability and responsibility for knowing the rules. There is limited guidance on the CFIA intranet. For example, the intranet provides no guidance on risk areas such as preparation of Statements of Work, preparation of sole source justifications, the verification of supplier prices, and the preparation of proposal evaluation criteria

Insufficient guidance on procurement and contracting increases the risk of non-compliance with regulations and policies. The results from our review of a sample of contracting files support the need to strengthen guidance. This is discussed further under Finding 3.2.

Recommendation (1): The Vice President, Corporate Management Branch should develop and implement a planning process that anticipates Agency procurement and contracting requirements.

Recommendation (2): The Vice President, Corporate Management Branch should strengthen guidance for procurement and contracting.

3.2 Compliance with Contracting Regulations and Policies

In the CFIA, both CPPD and RC managers have a role to play in ensuring that contracts are compliant with regulations and policies.

For contracts over $10,000, CPPD has the contracting authority. CPPD is responsible for the contracting process, including the awarding of contracts. For these contracts, RC managers are responsible for preparing Statements of Work, providing sole source justifications and conducting technical evaluations of competitive proposals. We noted that CPPD has identified and took action to resolve a number of compliance issues arising from RC manager documents.

For contracts under $10,000, RC managers have the contracting authority. RC managers are solely responsible for the contracting process, including the awarding of contracts, unless they otherwise request assistance from CPPD.

Contracts over $10,000 Processed and Awarded by CPPD

In the review of contracting files for a sample of 40 Professional Service contracts, we found compliance with regulations and policies with the following exceptions involving sole source contracts:

• One contract did not sufficiently specify deliverables in the statement of work;
• One contract was entered into after the work had commenced;
• One contract was appropriately entered into, however this was preceded by a period of time when services were provided and invoices were paid without a contract; and,
• One contract where the completion date was extended but a contract amendment was not prepared and signed.

In the above review, we also found that eight out of 20 sole source contract files under $25,000 did not contain a sufficiently documented sole-source justification, as well as sufficiently documented price support. We note that the TB Contracting Policy states that one of the conditions to allow for sole source contracting is having the contract value under $25,000. However, a well documented sole source justification and price support would help ensure fairness as well as value for money for the Agency.

In the review of contracting files for a sample of 25 Call Ups against Standing Offers, we found that the description of goods or services and related prices identified in Call Up documents matched those identified in the Standing Offer documents in all cases.

Contracts under $10,000 Processed and Awarded by RC Managers

In the review of contracting files for a sample of 25POs under $10,000, we found five POs where commitments were not entered in the Agency's financial system until after the services were rendered or the goods were received. Of these five POs, two were certified pursuant to Section 32 of the Financial Administration Act after the goods were delivered or after work had commenced. This increases the risk, particularly towards fiscal year end, that purchases could be made with no available funds. While the risk is low due to low dollar values relative to overall Branch budgets, this is a risk that can be eliminated through improved practices.

Recommendation (3): The Vice President, Corporate Management Branch should review, and where appropriate strengthen, its functional direction and monitoring of sole-source justifications, supplier price support, and statements of work prepared by delegated RC managers, to enhance compliance with the TB Contracting Policy.

3.3 Efficiency of the Procurement and Contracting Process

3.3.1 Contracting Process Time Frames

CFIA has established and published on its intranet the estimated time frames required to award and issue contracts once CPPD receives procurement / contracting requests from RC managers. Time frames are published for the procurement of goods and services, construction, etc.

We found that estimated time frames have not been established for key steps in the procurement / contracting process such as:

• Finalization of statement of work, evaluation criteria and other solicitation requirements;
• Issuance of a request for proposal;
• Receipt of proposals;
• Technical and financial evaluation of proposals;
• Security clearance; and,
• Award and issuance of contracts.

Roles and responsibilities for each of the above steps are shared to varying extents between CPPD and RC managers. CPPD's time frames do not reflect this shared responsibility.

From our benchmarking of practices of other federal government departments/agencies, we found that they have established time frames for individual steps including the assignment of responsibility (contracting unit or RC managers), in the procurement and contracting processes.

The establishment of time frames of key steps in the procurement and contracting process would permit the monitoring and reporting of the efficiency of the process and would assist in explaining and addressing delays. Our review of a sample of 40 Professional Services contracts identified 24 where the time to deliver the contract exceeded the CFIA published time frames. However, the reasons for the time delays cannot be analyzed and explained without the establishment and monitoring of time frames for key steps in the procurement / contracting process.

Recommendation (4): The Vice President, Corporate Management Branch should establish time frames for completion of key steps in the procurement / contracting process and monitor and report against.

3.3.2 Financial / Administrative Activities Performed by CPPD

As part of its roles and responsibilities, CPPD is performing financial / administrative activities subsequent to contract award including:

• Recording of commitments and subsequent changes in the corporate Financial Management System, Saturn;
• Recording of a "Goods Receipt" (GR) accounting entry in Saturn after RC managers have certified on invoices that services have been rendered, or that goods have been received, which enables payments to be made; and,
• Determination of any amounts payable on contracts for services rendered or goods received, but not yet invoiced at year end.

We benchmarked practices of other government departments / agencies and found that the above financial / administrative activities are generally performed by Finance units, and not by Procurement and Contracting units of these organizations.

We understand that performance of these activities may be time intensive. In particular, the volume of work related to contract administration peaks at year end, with requirements related to accounting and budgetary information.

While it is useful and necessary to set up payables at year end, it is not clear why CPPD does this when client branches are responsible for their own budget management. Meanwhile this involves a significant burden of effort and time on the part of CPPD that could otherwise be available for core contracting activities.

The performance of financial / administrative activities by CPPD increases the risk that core activities such as the processing of contracts are not completed on a timely basis in accordance with published time frames, and that value added activities such as the provision of guidance, and monitoring of contracts are not performed. In addition, the performance of financial / administrative activities may be able to be performed more efficiently elsewhere in the Agency.

Recommendation (5): The Vice President, Corporate Management Branch should reviewCPPD's roles and responsibilities related to procurement and contracting, and should seek opportunities to have financial / administrative activities performed more efficiently elsewhere in the Agency.

Appendix A: Audit Criteria

Line of Enquiry 1: To assess the adequacy of the control framework for the contracting function in place.

• An operational plan for CFIA contracting is in place and communicated.
• Authority, responsibilities and accountability for contracting are clear, documented and communicated.
• Control framework identifies key controls (e.g. controls identified during TB Policy on Internal Control (PIC) process map and sampling exercise) and these controls are working as intended.
• Adequate guidance and training is provided to CFIA employees involved in procurement and contracting.
• The importance of integrity and ethical values in procurement and contracting activities are communicated to employees involved in contracting.
• High risk areas are identified and management is taking action to mitigate these risks.
• An information system is in place that provides management with adequate and timely information for decision making and performance management.
• Monitoring and oversight are performed on contracting activities.

Line of Enquiry 2: To assess whether CFIA's contracting transactions are compliant with the GoC and CFIA contracting regulations, policies and directives.

• CFIA's contracting transactions are compliant with the GoC and CFIA contracting regulations, policies and directives.

Line of Enquiry 3: To assess the extent to which the framework and practices in place, consider and support an efficient contracting process.

• Contracting framework and practices consider the risks associated with the different types of contracts and related activities and support an efficient contracting process.
• Service standards for key aspects of the process are established, and performance against the standards is monitored and reported.
• Client satisfaction is measured and results are used to improve business processes.