Audit of Materiel Management Directorate (2007-727)

2009-04-22

Table of Contents

• Main Points
• Introduction
• Focus of the Audit
• Observations
  • Stewardship
    • Lack of Monitoring of Procurement Transactions
    • Inaccurate Transaction Coding and Processing
    • Proactive Use of System's Reporting Functionality
  • Contracting Compliance
    • Appropriate Financial Authority Exercised in the Majority of Files
    • Authorized Contracting Authority in the Majority of Contract Files
    • Contracts Split to Avoid the Appropriate Level of Approval
    • Administration of Temporary Help Services Limits Decisions
    • Inadequate File Documentation
  • Accountabilities
    • Departmental Procurement Policy Underway
    • Role of MMD Poorly Understood
  • Governance
    • Lack of Clarity Surrounding Governance of SIGMA
    • Separation from Greater PG Community Considered Low Risk
• Conclusions
• Management response
• Recommendations and Management Action Plan
• About the Audit

Main Points

i. This Main Points is not a stand-alone document and must be read in conjunction with the body of this report.

What was examined

ii. The Materiel Management Directorate (MMD) is a departmental corporate group that provides, as one of its services, the procurement of low-dollar-value and non-complex goods and services to Public Works and Government Services Canada (PWGSC) employees. MMD is responsible for maintaining a departmental materiel management system, monitoring and reporting on all departmental procurement activities and providing contracting advice, guidance, and assistance to PWGSC employees who procure goods or services to meet their business line requirements within their delegated level of authority. Finally, MMD acts as contracting authority for certain types of commodities (i.e. Temporary Help Services) and provides a higher delegated contracting authority for specified departmental procurement activities.

Why it is important

iii. In 2005, PWGSC took actions to ensure effective and compliant contracting and to demonstrate responsible stewardship when acquiring goods and services for its own requirements. As a result, PWGSC employees were required to use MMD's materiel management information system when recording or procuring goods and services, except for those requirements that could be acquired through petty cash or an acquisition card. Since MMD is a key group in the reporting and disclosure of departmental procurement activities, it was important to establish and implement management controls over the contracting process. These controls would also include regular monitoring of compliance with government legislation, policies and directives, validation of transaction coding accuracy and effective use of automated reporting tools. During the period covered by this audit (April 1, 2006 to December 31, 2007), MMD was involved in approximately 5,450 contractual transactions valued at $59,071,710.

What was found

iv. For several years, MMD has operated in a constantly changing environment with new initiatives being developed and implemented. For example, on April 1, 2008, SIGMA, a new integrated materiel management and financial information system, replaced MMD's existing Automated Materiel Management Information System. As well, several new management control initiatives are currently underway, including a contract management control framework, a contract management guide and a Departmental Procurement Policy. These initiatives come with challenges in governance and overlapping roles, responsibilities and accountabilities, however, they should address several areas of management control weaknesses and contracting non-compliance that we found.

v. Many of the contract files we examined showed high levels of compliance with contracting legislation, policies and directives. Others revealed weaknesses, including non-compliance with financial and contracting authorities, the issuance of contracts to avoid the appropriate approval levels, and insufficient file documentation.

vi. The Department's ability to detect and correct procurement irregularities and non-compliance with the government's procurement legislation, policies and directives was impacted by a lack of contract monitoring.

vii. The roles and responsibilities of MMD were not well understood by employees of PWGSC. There were inefficiencies and delays during the procurement process as some procurement requests were made to MMD procurement officers that were ultimately processed by Acquisitions Branch procurement officers and vice-versa.

viii. MMD's employees are procurement officers who support the need for non-complex and low-dollar-value goods and services for internal use by PWGSC. Although they are separate from the core procurement group within Acquisitions Branch, a number of controls have been implemented to ensure that this does not pose a significant risk to the department.

ix. It is not yet clear who should monitor the compliance of transactions entered into SIGMA. Although the Finance Branch and the Office of the Chief Risk Officer each have specialized roles that require sampling of contract files, MMD also has a responsibility to monitor contract files as a preventive control. Clear governance and a coordinated approach are required to ensure that contract monitoring is conducted in a manner that is effective and avoids duplication of effort.

x. In addition, a Chief Financial Officer normally owns a departmental financial system and is responsible for end-user training and support. In this new integrated system, there is a lack of clarity as to who is responsible for SIGMA. For example, the draft procurement policy states that training and advice will be the responsibility of MMD but to date, this role has been handled by both the Finance Branch's SIGMA help desk and MMD.

xi. SIGMA, through the integration of contracting and financial information systems, has improved the integrity of some controls that impact the accuracy of transaction coding and processing. However, in the first three months of data entry, we identified data integrity errors for which there was no strategy in place to address them.

xii. MMD is leading a number of the above mentioned management control initiatives and we are encouraged by the fact that the implementation of these initiatives has the buy-in of senior management and was completed by February 2009.

Management Response

Management accepts the findings of the Report as being fair and accurate representation of the Materiel Management Directorate during the audit period.

Recommendations and Management Action Plan

Recommendation 1: The Assistant Deputy Minister of Corporate Services, Policy and Communications Branch should ensure that the new departmental management control initiatives, consisting of a contract management control framework that includes a contract management guide and a departmental procurement policy, mitigate the identified non-compliance and risks and ensure that they are implemented in a manner which is clearly communicated and understood by PWGSC employees.

CSPCB response: CSPCB accepts the recommendation and will be taking the following actions.

• Management action plan 1.1: The Contract Management Guide was issued as of February 05, 2009.
• Management action plan 1.2: The Procurement Policy will be issued by April 2009.
• Management action plan 1.3: Communication products will be developed and distributed starting in April 2009 and then ongoing. The communication products will include checklists, aide-memoires, and In the Know messages.
• Management action plan 1.4: Information sessions will be developed and distributed starting in April 2009 and then ongoing.

Recommendation 2: The Assistant Deputy Minister of Corporate Services, Policy and Communications Branch should work with Finance Branch to establish a governance structure for the management of the materiel management component of SIGMA, which clearly identifies roles, responsibilities and accountabilities.

CSPCB response: CSPCB accepts the recommendation and will be taking the following actions.

• Management action plan 2.1: In consultation with the Finance Branch will lead the development of a governance structure for the materiel management component of SIGMA by June 2009.
• Management action plan 2.2: Will staff a Procurement Manager position (PG6) to oversee the governance of the materiel management component of SIGMA by January 2010 or sooner.

Introduction

1. The Corporate Services, Policy and Communications Branch's Materiel Management Directorate (MMD) procures low-dollar value and non-complex goods and services for PWGSC within the National Capital Area. The MMD issues call-ups up to the thresholds stated in existing standing offers, including all call-ups against the Temporary Help Services standing offer. In 2006/07, MMD entered into 3,554 contracts valued at approximately $34 million on behalf of the department.

2. In 2005, actions were taken to mandate the use of its Automated Materiel Management Information System. As a result, MMD's procurement role was enhanced. The system was to record all procurement activities except for those requirements that could be acquired through petty cash or an acquisition card. This action was taken to improve the efficiency of procuring low-dollar valued goods and services, to be supportive of the government's new procurement transformation initiative and to ensure effective and compliant contracting by PWGSC when purchasing goods and services for its internal requirements.

3. Even though the Automated Materiel Management Information System was to be the primary departmental procurement system, there were other systems that recorded procurement activity, such as the Acquisitions Information System and the Project and Business Management System. As well, PWGSC employees with delegated contracting authority could use form-based requests for goods or services, such as a local purchase order. However, effective April 1, 2008, the department converted from the Automated Materiel Management Information System to SIGMA, a system of record that integrated financial payments and materiel management.

4. MMD is responsible for maintaining a departmental materiel management information system and monitoring and reporting on all departmental procurement activities. Its procurement experts, who include officers within the PG classification, provide contracting advice, guidance and assistance to PWGSC employees within the National Capital Area who procure goods and services. Finally, MMD acts as contracting authority for certain types of commodities (i.e. Temporary Help Services) and provides a higher delegated contracting authority for specified departmental procurement activities.

5. Typically, PWGSC responsibility centre managers within the National Capital Area purchase goods and services valued at less than $10,000 directly from a supplier through the use of a call-up against a standing offer, local purchase order or professional service contract (which are recorded in SIGMA). For purchases greater than $10,000 but less than $25,000, managers usually verify the best method of procurement with MMD personnel. Purchases that exceed the delegated contracting authority of both managers and MMD procurement officers are referred to Acquisitions Branch for action. A similar process is followed in the regional offices.

6. In the National Capital Area, the role of MMD procurement officers includes providing advice related to procurement activities prior to contract award. As contracting authority they are responsible for the appropriate contractual terms and conditions and for contract amendments. It is, however, PWGSC responsibility centre managers who are accountable for the procurement process from initiation to completion. They define the business requirement, estimate and commit funds, manage the scope of work, accept the goods or services, and approve payments.

7. Currently, MMD is leading several new contracting initiatives, including a contract management control framework, a contract management guide and a departmental contracting policy. Although these initiatives come with challenges in governance and overlapping roles and responsibilities, they provide opportunities to address areas of departmental management control weaknesses and contracting non-compliance.

Focus of the Audit

8. The focus of the audit was to provide assurance on the extent to which an adequate management control framework was in place to ensure effective and efficient delivery of procurement services, and to assess compliance with contracting legislation, policies and directives.

9. We examined a judgmental sample of 50 contracts selected from the Automated Materiel Management Information System for the period of April 1, 2006 to December 31, 2007. As the audit reviewed the entire procurement process, we note that there are areas of contracting non-compliance for which MMD is not accountable since the responsibility for procurement belongs to departmental responsibility centre managers.

10. More information on the objectives, scope, approach and criteria can be found in the "About the Audit" section.

Observations

Stewardship

11. In a governmental organization, stewardship refers to management's responsibility to properly utilize and develop its financial, human and physical capital. Effective stewardship is vital to achieving MMD's objectives of providing expert advice, guidance and assistance to PWGSC employees in the area of contracting and procurement. Strong stewardship is also pivotal in delivering these services in a manner that is efficient and that saves taxpayer dollars.

12. We expected to find processes and procedures that were reflective of responsible and effective stewardship. For example, we expected to find regular monitoring of compliance with contracting legislation, policies and directives, controls surrounding the accuracy of transaction coding and the effective use of automated reporting tools. Monitoring is a detective control that alerts management of unwanted events, such as the quality and data integrity of procurement information. As well, it is a preventive control aimed at preventing and correcting future procurement irregularities.

13. We observed a lack of monitoring of procurement activities, which at least partially explained several findings of non-compliance with contracting legislation, policies and directives. This lack of monitoring is due in part to corporate reorganization, as well as changes in procurement responsibility and reporting, over the last few years. We also observed that, in general, the Department's new materiel management information system, SIGMA, has introduced control improvements over its predecessor application, the Automated Materiel Management Information System.

Lack of Monitoring of Procurement Transactions

14. Monitoring involves the review of information and the reporting of deviations from expected results. The purpose of monitoring contract information is to identify irregularities, correct errors and take corrective measures to prevent error reoccurrence. Contract monitoring is important to MMD since it is a key control in ensuring compliance with government legislation, policies and directives. We expected to find that MMD monitors the contractual information entered into the Department's materiel management information system.

15. Since April 1, 2008, we found that MMD was not monitoring contractual information entered into SIGMA. A strategy to periodically assess the quality and data integrity of procurement information and to sample procurement files to detect procurement irregularities and prevent future occurrences was not in place.

16. We note that two other groups are sampling and monitoring transactions in SIGMA. The Finance Branch reviews all high-risk financial transactions and samples medium and low-risk transactions in order to fulfill its mandate pursuant to section 33 of the Financial Administration Act. As well, the Office of the Chief Risk Officer has been tasked with reviewing departmental transactions as part of its mandate to test and report on the adequacy and effectiveness of controls in place at PWGSC. By considering these ongoing activities in the preparation of a strategy, MMD can benefit from the experiences of others when planning monitoring activities of its own.

17. The Department's ability to detect and correct procurement irregularities and non-compliance with the government's procurement legislation, policies and directives was impacted by a lack of contract monitoring. Examples of such contracting irregularities are discussed in the report section below titled, "Non-Compliance with Contracting Policies, Guidelines and Procedures".

Inaccurate Transaction Coding and Processing

18. One of the greatest benefits of automated information systems is the quality and accuracy of transaction coding and processing. The integrity of system data is important since this information feeds into reports that the Department must issue on a periodic basis.

19. We expected that MMD would administer an information system sufficiently robust to effectively manage PWGSC's procurement requirements.

20. For the period examined up to December 2007, we found that there was no incentive for responsibility centre managers to update contract information in the Automated Materiel Management Information System after the initial inputting of contract information. As a result, the quality of information, such as the accuracy and completeness of data within the system, was inadequate.

21. With the introduction of SIGMA, an improvement has been made to the integrity of some contract data as a result of the integration of contracting and financial information systems. However, some weaknesses remain. For example, contract information from SIGMA was recently extracted as part of a contract review being undertaken in another area of the Department. During that review, the auditors reported data integrity issues with contract information entered into SIGMA. Specifically, it was noted that PWGSC users requisitioning goods and services were not always selecting the correct document type. For example, a user selected document type "PS1 – Professional Services < $25K", when he or she should have selected document type "942 – Call-up".

22. Although MMD personnel and the SIGMA administration team were aware of the above issue, there is no strategy in place to address it.

23. Having inaccurate data in SIGMA hinders the Department's ability to properly conduct reporting and monitoring activities.

Proactive Use of System's Reporting Functionality

24. Reporting is the presentation or summarization of information into an understandable format for a known audience. One of the benefits offered by SIGMA is its versatile reporting functionality. The System has hundreds of options that can be tailored to produce reports to meet the various needs of end users.

25. Commencing in April 2009, MMD will be responsible for generating a report that discloses information about contracts for areas covered under Comprehensive Land Claim Agreements. These agreements contain specific government contracting requirements that the Department is legally obligated to comply with.

26. We expected MMD would fully utilize SIGMA to assist with the generation of this new Comprehensive Land Claim Agreements report.

27. We observed that MMD initiated contact with the SIGMA administration team responsible for making system changes. MMD received assurances that the matter was being looked into and that there was sufficient time to find a reporting solution that would assist with this upcoming reporting requirement.

28. By alerting the SIGMA administrators of an upcoming change to its reporting requirements, MMD has been proactive in making use of a system-generated reporting tool to meet departmental obligations.

Contracting Compliance

29. Compliance is defined as the adherence to legislation, policies and directives. These and similar authorities are established to ensure that contracting activities follow procurement best practices. This is important since it is instrumental in ensuring that the procurement services provided by MMD are transparent, fair and fiscally responsible.

30. We selected a risk-based judgmental sample of 50 contract files to assess compliance with contracting legislation, policies and directives. Although many of the risk areas reviewed had high levels of compliance, there were others that fell short, as explained in the paragraphs below. It should be noted that some of the observations were not the direct responsibility of MMD, but instead, of PWGSC responsibility centre managers. Nevertheless, MMD is accountable for implementing processes and controls which ultimately impact compliance, albeit indirectly.

Appropriate Financial Authority Exercised in the Majority of Files

31. We expected to find a sound procurement initiation process that ensures that, prior to entering into contracts, sufficient funds are available and are committed as required by section 32 of the Financial Administration Act. We also expected to see proper certification of section 34 of the Financial Administration Act, verifying that goods have been delivered and services rendered and that the price was as stated in the contract.

32. We reviewed 50 contract files selected for compliance with sections 32 and 34 of the Financial Administration Act, and observed that in 47 of 50 of the samples reviewed, commitments were properly authorized pursuant to section 32. We similarly found that 46 of 50 of the samples reviewed were properly certified pursuant to section 34.

33. Most of the deviations found were as a result of employees exercising financial authority that had not been delegated to them on the dates on which they performed the relevant certification. They had valid acting authority on various dates, but not on the specific ones reviewed. In one instance, a section 32 certification was missing altogether.

34. In addition to the above observations, we noted that many departmental responsibility centre managers did not properly certify section 32 on Request for Temporary Help Services forms submitted to MMD. These forms required that an estimation of the hours of effort and maximum hourly rate for temporary help resources be identified and that this be committed. We found that requisitioners often left the "Total Hours" and "Maximum Regular Hourly Rate" fields blank, only to have them completed by hand by the MMD buyer. In these cases, the section 32 certifications were invalid because the signatories did not quantify the amount of funds being committed — the MMD buyer did. This is being addressed with the new Temporary Help Standing Offer and the new management control initiatives regarding contracting.

35. When validating signatures required for the certification of delegated authorities, we observed some that were not dated, making it impossible to determine if authority was in place at the time the document was signed and in other instances, it was difficult to identify the signature.

36. Increased administrative oversight by responsibility centre managers prior to exercising their financial authority will help improve the departmental management of expenditure activities.

Authorized Contracting Authority in the Majority of Contract Files

37. The right to purchase goods or services directly from a supplier is known as contracting authority. Compliance with contracting authorities is important to ensure that authorized individuals complete purchases made on behalf of the Department. These authorities can be found in columns 11 to 26 of the department's Delegation of Authorities Matrix. These columns provide the authority to purchase directly from suppliers using different procurement vehicles, such as call-ups against the various types of standing offers.

38. We expected that employees who entered into contracts would have the appropriate delegated authority to purchase.

39. We observed that in 38 of 50 of the samples tested, employees who had the appropriate delegated authority made purchases. In 12 cases, where they did not have authority, the deviations were as a result of administrative errors. For example, MMD employees in acting roles entered into contracts using procurement vehicles for which they were not authorized to use or they exceeded their financial limitations. In some cases, buyers did not have delegation of acting authority forms completed for the time periods reviewed. In other cases, buyers had blanket delegation forms which provided the correct authority while in acting roles, however, the forms were not activated by alerting the Finance Branch by e-mail as is required.

40. The Department's controls over procurement activities are intended to segregate duties and ensure that knowledgeable and trained PWGSC employees procure certain goods and services at minimal cost to the Crown. Purchases made by unauthorized employees compromise the integrity of these controls.

Contracts Split to Avoid the Appropriate Level of Approval

41. Contract splitting is the practice of separating a purchase into two or more smaller purchases to avoid obtaining the appropriate level of contracting authority. The Treasury Board Secretariat's Contracting Policy explicitly prohibits contract splitting as it allows circumvention of management controls over the procurement process.

42. We expected that the procurements undertaken by MMD procurement specialists, as contracting authority, would be compliant with contracting legislation, policies and directives.

43. We observed two instances of contract splitting, each involving two contracts, whereby goods were purchased from the same vendor, on the same day, for the same client and by the same MMD buyer. Given the total value of the requirement, a single contract would have required approval by a procurement specialist in Acquisitions Branch. The MMD buyer felt that issuing two contracts would be the most expedient method to meet operational demands and that since it could not be competed, as there was only one firm capable of performing the contract, this would not contravene the policy.

44. The Department's Schedule 1 Delegation of Financial Authorities Matrix sets a financial limit for purchasing directly from suppliers and is a key control within the procurement process. The splitting of contracts results in this control being bypassed as it avoids obtaining the approval of higher delegated contracting authorities and, depending on the contract value, the involvement of procurement specialists in Acquisitions Branch.

Administration of Temporary Help Services Limits Decisions

45. Temporary Help Services are services that are provided by employees of temporary help firms. PWGSC managers can use this standing offer to hire temporary help to replace a public servant that is absent for a period of time, or to provide additional help when there is a requirement for additional staff during a workload increase. Within the National Capital Area, all Temporary Help Services call-ups are to be processed by MMD.

46. We expected to find the spirit of the Temporary Help Services standing offer complied with consistently by vendors, responsibility centre managers and MMD. When a requirement for Temporary Help Services is identified, a responsibility centre manager must complete a Request for Temporary Help Services form and submit it to MMD. Staffing agencies on the Temporary Help Services Standing Offer are then invited to submit resumes to the responsibility centre manager for evaluation. According to the Department's Temporary Help Services — Regional Master Standing Offer Instructions, responsibility centre managers should contract suppliers based on cost-effectiveness considerations. Normally, this entails selecting the lowest-priced service. A supplier other than the one quoting the lowest rate can be contacted, however, support should be on the manager's file as to why the lowest was bypassed.

47. We observed that in most cases, responsibility centre managers were not aware of the hourly rates associated with the resumes submitted. There appears to be a lack of understanding among all parties (managers, MMD and suppliers), that for the Temporary Help Services process to work as intended, the hourly rates associated with specific resources must be provided to managers along with their respective resumes. This will enable managers to make prudent resourcing decisions as they consider the cost-effectiveness of the various options available to them. If managers do not obtain hourly rate information of proposed resources, they will be unable to diligently measure their relative cost effectiveness, nor will they be able to document in their files why lower priced options were bypassed.

48. The Department is at risk of not complying with the spirit of the Temporary Help Services standing offer so long as the managers are selecting candidates without knowledge of their hourly rates. As a result, the Department may find itself unable to explain and justify why a given resource was rejected.

Inadequate File Documentation

49. A fair and competitive procurement process requires that proposals be evaluated and selected in a reasonable and transparent manner. Further to this, the Treasury Board Secretariat's Contracting Policy requires that procurement files be structured to facilitate management oversight with a "complete audit trail that contains details related to relevant communications and decisions including the identification of involved officials and contracting approval authorities."

50. We expected proposals would have been evaluated in accordance with the specified criteria set out in solicitation documentation and we would find adequate records supporting the selection of the successful bidder. We also expected procurement files would have contained sufficient documentation to allow for efficient contract reviews.

51. We observed that, in general, files reviewed lacked adequate documentation describing how proposals were evaluated and how successful bidders were selected. This was especially prevalent in the Temporary Help Services contract files. In these cases, responsibility centre managers did not sufficiently document the evaluation process or justify the selection of the chosen candidates. These are requirements under the Department's Temporary Help Services Step-by-Step Guide for Federal Departments and the Temporary Help Services Bulletin for Clients and Suppliers. This is being addressed with the new management control initiatives regarding contracting.

52. As a result of inadequate documentation of the evaluation and selection process, the Department may find itself unable to justify why a given resource or vendor was rejected. Insufficiently documented contract files also limit management's ability to monitor procurement practices and to take corrective measures where weaknesses are observed.

Accountabilities

53. Accountability is the obligation to demonstrate and take responsibility for performance in light of agreed upon expectations. Sound management requires that an organization have clearly defined and understood responsibilities and accountabilities to allow for the effective management and operation of the organization.

Departmental Procurement Policy Underway

54. The purpose of a Departmental Procurement Policy is to provide direction to management and employees when acquiring goods and services in accordance with the Department's delegation of authorities. It is an important part of governance as it formalizes managerial objectives and intentions and identifies roles, responsibilities and accountabilities concerning the Department's procurement activities.

55. We expected to find a Departmental Procurement Policy in effect and being adhered to by PWGSC employees.

56. We found that MMD did not have a procurement policy, although a draft policy had been prepared and had been sent to various stakeholders for comment. At the completion of the audit, it is expected that the Policy will be finalized in February 2009.

57. Once in place, this policy should provide direction and clarity to employees who are responsible for procuring goods and services on behalf of the Department.

Role of MMD Poorly Understood

58. PWGSC as a common service provider for other federal government bodies has a unique advantage of having the contracting knowledge and expertise of the Acquisitions Branch within its organization. Given this Branch's expertise, a lack of understanding as to why a separate corporate contracting authority of MMD is required exists.

59. We expected the roles and responsibilities of MMD to be clearly communicated and understood by responsibility centre managers. We anticipated that the Department's employees would be aware of MMD's role of providing advice, guidance and assistance in the area of contracting and procurement under Schedule 1 of the Department's delegation of authorities. This included understanding what procurement types and spending thresholds are within the responsibility of MMD and which are the responsibilities of Acquisitions Branch.

60. We noted that a significant amount of confusion exists within the Department as to the specific role of MMD. We learned that some requests are made to Acquisitions Branch that are ultimately processed by MMD and vice-versa. The various types of procurement available to the Department, coupled with the different delegated authority thresholds afforded to MMD buyers and their Acquisitions Branch counterparts has resulted in some confusion among departmental responsibility centre managers when making contracting decisions.

61. We understand that there are several new management control initiatives underway which should assist in clarifying MMD's role in the Department. These include: a contract management control framework; a contract management guide; and, the above-mentioned Departmental Procurement Policy. A plan to complete these initiatives is in place and it is expected that they will assist PWGSC employees in understanding MMD's specific roles and responsibilities.

Governance

62. Governance is the way in which senior management guides and monitors the achievement of the organization's objectives. A sound governance framework allows an entity to make decisions about operations and its future by balancing relationships, accountabilities and authority. It is important that this be done in an efficient and effective manner that is clearly understood by all stakeholders.

63. We expected to find MMD operating in an environment reflective of good governance practices. These operating practices include change management for the challenge with respect to the governance of a new departmental system, and risk management regarding procurement officers working outside of Acquisitions Branch.

Lack of Clarity Surrounding Governance of SIGMA

64. Until recently, the Department's procurement, acquisition and related reporting functions were managed by the Automated Materiel Management Information System. MMD was the owner of that system and was responsible for providing end user support.

65. We expected to see a clear delineation of duties and responsibilities with respect to the administration of SIGMA, including end user training and system monitoring. If SIGMA had simply replaced the Automated Materiel Management Information System, it would be logical that those who had been responsible for its predecessor would administer the new system. However, SIGMA is an enterprise resource planning system that integrates several functions that had previously been managed independently by different applications. We expected, nonetheless, to see an organizational plan which specified who was responsible for administering SIGMA and in what specific capacities.

66. It was not clear who was responsible for providing end user training support related to the materiel management component, a critical function for the smooth operation of any information system. We observed that, although the Department's draft Procurement Policy states that this would be the responsibility of MMD, it appears that in practice, this function was being done by both MMD and the SIGMA help desk, albeit in different capacities.

67. In addition, a decision has yet to be made as to who should monitor transactions entered into SIGMA for compliance with contracting legislation, policies and directives. As previously stated, the Finance Branch and the Office of the Chief Risk Officer each have different roles that require sampling of contract files entered into SIGMA. Clear governance and a coordinated approach are required to help ensure that contract monitoring is governed in a manner that is effective and avoids the duplication of effort.

68. The lack of clarity and accountability surrounding these aspects of SIGMA governance is limiting the system's effectiveness.

Separation from Greater PG Community Considered Low Risk

69. MMD is a directorate situated within the Corporate Services, Policy and Communications Branch. MMD's procurement activities are conducted by a group of about a dozen employees, most of who are members of the PG classification. The contracting and procurement advice provided by MMD relates to the need for non-complex procurements and low-dollar-value goods and services for internal use by PWGSC. Acquisitions Branch is comprised of a much larger group of PG employees who provide contracting and procurement services for complex or large dollar-value purchases for both internal use as well to other government departments.

70. We expected that the risk of procurement experts operating outside the governance of the greater PG community would be alleviated by MMD through appropriate mitigating controls. This could be demonstrated by the existence of controls that include, among other things, the provision of adequate training to employees, the effective use of tools and the sharing of knowledge by those with valuable corporate memory.

71. The department has two independent sources of procurement. Acquisitions Branch, as a provider of procurement common services supports the government in the purchase of complex or large dollar-value goods or services. MMD's employees (located within the Corporate Services, Policy and Communications Branch) are procurement officers who support the need for non-complex and low-dollar-value goods and services for internal use by PWGSC. There is a potential risk of contract irregularities and in the past, PWGSC has had to reorganize procurement officers from other branches and special operating agencies into Acquisitions Branch to correct practices that had resulted in contracting non-compliance.

72. We were told that the annual training plans for MMD employees were adequate and appropriate to do their jobs effectively. Although regular team meetings were not held, ad-hoc gatherings were organized whenever necessary to communicate issues of relevance to the group. As well, although MMD is a purchasing group, their work differs greatly from that done by the Acquisitions Branch. Hence, MMD felt that knowledge transfer, training and the sharing of experiences with the greater PG community would be of nominal benefit.

73. We considered the controls in place through the training afforded to MMD's employees and the adequacy of meetings held. We also noted the different type of work performed by the greater PG community as well as the views of the employees interviewed. As a result, the retention of procurement officers in MMD does not appear to pose a significant risk to the Department.

Conclusions

74. Based on our first audit objective of assessing the adequacy of the management controls over the procurement process, we concluded that:

• The risk of non-compliance with contracting legislation, policies and directives was heightened due to a failure to detect and correct procurement irregularities through regular monitoring activities by MMD;
• SIGMA made some improvements to the accuracy of transaction coding and processing but new data integrity issues have been identified for which no action plan is yet in place;
• The role of MMD was poorly understood within the Department although several management control initiatives underway, including a contract management control framework, a contract management guide and a Departmental Procurement Policy, should help with clarification; and
• MMD's separation from the greater PG community found in Acquisitions Branch did not pose a significant risk to the Department, given the mitigating controls that we found to be in place.

75. Overall, many strengths with regards to management controls were observed, however, there were several areas of weakness that require management attention.

76. Based on our second audit objective of assessing the extent to which contracts awarded by MMD comply with contracting legislation, policies and directives, we concluded that:

• Although many of the sampled contracts revealed high levels of compliance, there were others that: were non-compliant with financial and contracting authorities; issued separate contracts to avoid appropriate contracting authorities; and had insufficient file documentation.

77. Overall, it is anticipated that the implementation of the above-noted management control initiatives, which should address the risks identified, has the buy-in of senior management and by the completion of the audit, it was expected to be completed by February 2009.

Management response

Management accepts the findings of the Report as being fair and accurate representation of the Materiel Management Directorate during the audit period.

Recommendations and Management Action Plan

Recommendation 1: The Assistant Deputy Minister of Corporate Services, Policy and Communications Branch should ensure that the new departmental management control initiatives, consisting of a contract management control framework that includes a contract management guide and a departmental procurement policy, mitigate the identified non-compliance and risks and ensure that they are implemented in a manner which is clearly communicated and understood by PWGSC employees.

CSPCB response: CSPCB accepts the recommendation and will be taking the following actions.

• Management action plan 1.1: The Contract Management Guide was issued as of February 05, 2009.
• Management action plan 1.2: The Procurement Policy will be issued by April 2009.
• Management action plan 1.3: Communication products will be developed and distributed starting in April 2009 and then ongoing. The communication products will include checklists, aide-memoires, and In the Know messages.
• Management action plan 1.4: Information sessions will be developed and distributed starting in April 2009 and then ongoing.

Recommendation 2: The Assistant Deputy Minister of Corporate Services, Policy and Communications Branch should work with Finance Branch to establish a governance structure for the management of the materiel management component of SIGMA, which clearly identifies roles, responsibilities and accountabilities.

CSPCB response: CSPCB accepts the recommendation and will be taking the following actions.

• Management action plan 2.1: In consultation with the Finance Branch will lead the development of a governance structure for the materiel management component of SIGMA by June 2009.
• Management action plan 2.2: Will staff a Procurement Manager position (PG6) to oversee the governance of the materiel management component of SIGMA by January 2010 or sooner.

About the Audit

Authority

This audit was approved by the department's Audit and Evaluation Committee as part of the 2007-2010 Risk-Based Multi-Year Audit and Evaluation Plan.

Objectives

The objectives of this audit were:

• To assess the adequacy of the management controls for the procurement of goods and services undertaken by MMD on behalf of the Department; and
• To examine the extent to which contracts awarded by MMD complied with legislation and Treasury Board Secretariat/PWGSC contracting policies and directives.

Scope and Approach

The audit was conducted in accordance with the Treasury Board Secretariat's Policy on Internal Audit and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing.

We focused on the Procurement Services offered by MMD in the area of contracting and procurement under Schedule 1 of the Department's delegation of Authorities. We examined procurement activities of MMD as it applied in the National Capital Area and all contractual data was sampled from the Automated Materiel Management Information System for the time period of April 1, 2006 to December 31, 2007. MMD was involved in approximately 5,450 contractual transactions valued at $59,071,710.

The audit scope included an examination of a variety of procurement instruments including:

• Service and goods contracts for requirements below the threshold of $25K for which MMD conducted the procurement process;
• Professional Services Contracts for requirements below the North American Free Trade Agreement threshold of $84K for which MMD conducted the procurement process using the PS Online (Professional Services) method;
• Call-ups against standing offers for goods and/or services requirements up to the appropriate standing offer limit for which MMD was the delegated authority to call-up against standing offers and enter into contracts; and
• Temporary Help Services call-ups for which it was mandatory that MMD conduct the procurement process.

Acquisition cards managed by MMD for the procurement of low-dollar-value goods were excluded from the scope of this audit as they were being examined in a separate audit of acquisitions cards. As well, this audit did not examine the PWGSC regional procurement activities, which are similar to those of MMD, as they were being examined in a review of PWGSC low-dollar-value and non-complex procurements.

We adopted a judgmental sampling approach based on risks and the cumulative knowledge and experience of the audit team. Our risk criteria included contracts which: appeared to have been split; were amended at least 6 times; had an order date in the last month of the fiscal year; were call-ups against standing offers; or were greater than $25,000 (excluding Temporary Help Services call-ups and Professional Services On-Line contracts).

The Preliminary Survey was concluded in December 2007. Given the operational and system changes that were to occur by April 2008, we recommended that the audit be deferred until MMD had sufficient time to operate within the new information system. Initially, we recommended that the Detailed Examination Phase recommence in November 2008. However, in discussion with the Chief Audit Executive and to support the Office of Chief Risk Officer in its sample of controls and procurement instruments, it was decided to separate the audit into two phases. The first phase would start in March 2008 and would examine the compliance of contracting files and the second phase would start in July 2008 to review the management control framework.

Interviews were conducted with approximately 12 key personnel. A total of 50 contract files were reviewed for compliance. Relevant processes and documentation were reviewed. As the audit reviewed the entire procurement process, we note that there are areas of contracting non-compliance for which MMD is not accountable as the responsibility for compliance is within the responsibility and authority of the departmental responsibility centre managers.

Based on our analysis of the information and evidence collected, we prepared findings and conclusions that were validated with the appropriate PWGSC employees. The draft Final Report is tabled to the PWGSC Audit and Evaluation Committee for their recommendation for approval by the Deputy Minister.

Criteria

The following audit criteria were reviewed and accepted by the Corporate Services, Policy and Communications Branch:

• Compliance: All legislation, policies and directives regarding contracting are complied with;
• Accountabilities: Roles, responsibilities and accountabilities for procurement on behalf of the department are clear and communicated; a clear and effective organizational structure is established and documented;
• People: The organization provides employees with the necessary training tools, resources and information to support the discharge of their responsibilities; and
• Stewardship: Compliance with contracting legislation, policies and directives should be monitored regularly; controls are in place to ensure accuracy of transaction coding and processing; and records and information are maintained in accordance with laws and regulations.

Audit Work Completed

Audit fieldwork for Phase I was substantially completed in May 2008 and Phase II in October 2008.

Audit Team

The audit was conducted by a contracted resource under the supervision of the Director, Procurement Audit and under the overall direction of the Chief Audit Executive, Office of Audit and Evaluation.

The audit was reviewed by the Quality Assessment function of the Office of Audit and Evaluation.