Audit Committee. Audit Staff

Transcription

1

2 The Auditor of the City and County of Denver is independently elected by the citizens of Denver. He is responsible for examining and evaluating the operations of City agencies for the purpose of ensuring the proper and efficient use of City resources and providing other audit services and information to City Council, the Mayor and the public to improve all aspects of Denver s government. He also chairs the City s Audit Committee. The Audit Committee is chaired by the Auditor and consists of seven members. The Audit Committee assists the Auditor in his oversight responsibilities of the integrity of the City s finances and operations, including the integrity of the City s financial statements. The Audit Committee is structured in a manner that ensures the independent oversight of City operations, thereby enhancing citizen confidence and avoiding any appearance of a conflict of interest. Audit Committee Dennis Gallagher, Chair Maurice Goodgaine Leslie Mitchell Rudolfo Payan Robert Bishop Jeffrey Hart Timothy O Brien, Vice-Chair Audit Staff John Carlson, Deputy Director, JD, MBA, CIA, CRMA Chris Wedor, Internal Audit Supervisor, MBA, CICA Nancy Howe, Lead Internal Auditor, MPA, CICA Manijeh Taherynia, Senior Internal Auditor, CPA, CFE, CICA Katja Freeman, Senior Internal Auditor, MA, MELP You can obtain copies of this report by contacting us at: Office of the Auditor 201 West Colfax Avenue, Department 705 Denver CO, (720) Fax (720) Or download and view an electronic copy by visiting our website at:

3 City and County of Denver 201 West Colfax Avenue, Department 705 Denver, Colorado FAX Dennis J. Gallagher Auditor May 16, 2013 Mr. Jim McIntyre, Director Purchasing Division, Department of General Services City and County of Denver Dear Mr. McIntyre: Attached is our audit of the City s Procure to Pay (P2P) process. The purpose of the audit was to assess the efficiency and effectiveness of the City's P2P process, including processes for purchasing goods and services, but not those related to contracts. While my team has acknowledged that implementation of the P2P system has improved purchasing controls and transparency, there are still areas for improvement and efficiencies to be gained for the City. These range from process improvements, reviewing provisions in the Denver Revised Municipal Code and technological upgrades. An effective procurement system is crucial for any organization. Agencies must obtain goods and services based on "best value" to the taxpayer. As the City is resource-constrained, it is important to create processes that conserve these resources. In short, taxpayer dollars should be spent carefully, the services purchased can impact people's lives, and the City should know who it conducts business with in order to mitigate unnecessary risk. I would like to thank you and your team for your cooperation during the course of this audit. If you have any questions, please call Kip Memmott, Director of Audit Services, at Sincerely, Dennis J. Gallagher Auditor DJG/cw cc: Honorable Michael Hancock, Mayor Honorable Members of City Council Members of Audit Committee Ms. Adrienne Benavidez, Manager of General Services Ms. Cary Kennedy, Deputy Mayor, Chief Financial Officer To promote open, accountable, efficient and effective government by performing impartial reviews and other audit services that provide objective and useful information to improve decision making by management and the people. We will monitor and report on recommendations and progress towards their implementation.

4 Ms. Janice Sinden, Chief of Staff Ms. Stephanie O Malley, Deputy Chief of Staff Ms. Beth Machann, Controller Mr. Doug Friednash, City Attorney Ms. Janna Bergquist, City Council Executive Staff Director Mr. L. Michael Henry, Staff Director, Board of Ethics To promote open, accountable, efficient and effective government by performing impartial reviews and other audit services that provide objective and useful information to improve decision making by management and the people. We will monitor and report on recommendations and progress towards their implementation.

5 City and County of Denver Dennis J. Gallagher Auditor 201 West Colfax Avenue, Department 705 Denver, Colorado FAX AUDITOR S REPORT We have completed an audit of the City's Procure to Pay (P2P) process. This audit assessed the efficiency and effectiveness of the City's P2P process, including processes for purchasing goods and services, but not those related to contracts. This performance audit is authorized pursuant to the City and County of Denver Charter, Article V, Part 2, Section 1, General Powers and Duties of Auditor, and was conducted in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. The audit found that the Purchasing Division has made significant improvements to purchasing processes with the implementation of the P2P system in the City. Additionally, Purchasing has embraced the do more with less mentality and strives to provide high customer service. However, the audit identified areas that still require attention to increase efficiencies in purchasing processes, including reviewing dollar threshold limits, and investigating a possible key upgrade to the City s purchasing system. We extend our appreciation to Purchasing Division personnel who assisted and cooperated with us during the audit. Audit Services Division Kip Memmott, MA, CGAP, CRMA Director of Audit Services To promote open, accountable, efficient and effective government by performing impartial reviews and other audit services that provide objective and useful information to improve decision making by management and the people. We will monitor and report on recommendations and progress towards their implementation.

6 The City s Procure to Pay (P2P) Processes Can Be Improved 1 The City s Procure to Pay (P2P) Processes Can Be Improved Unauthorized Purchase Orders by Agency 36 Requisition to Purchase Order Process 37 Glossary 38

7 The City s Procure to Pay (P2P) Processes Can Be Improved The Purchasing Division (Purchasing), housed within the City s Department of General Services, is responsible for acquiring goods and services for most agencies of the City and County of Denver, except for construction and professional services. In 2010, the City implemented a Procure to Pay (P2P) system to standardize the City s procure to pay function. There are three basic elements of a P2P process procurement, receipt of goods and services purchased, and payment to vendors. Procurement and receiving processes in the City are managed by the Purchasing Division. The payment process is handled by the Accounts Payable section of the Controller's Office. Before P2P was implemented, City agencies handled their payment needs internally with limited involvement by Purchasing. This resulted in several control weaknesses. Audit review determined that the P2P system has significantly improved City purchasing practices, by providing more robust controls over the processes and practices for purchasing goods and services, and increased visibility to purchasing information. While these improvements are notable, we identified several areas where strengthening existing practices and controls could enhance the efficiency and effectiveness of the system. Unauthorized Purchases Are Not Consistently Tracked or Justified Audit work revealed that City personnel make unauthorized purchases, and that Purchasing does not consistently track or obtain justification for such purchases. Purchasing requirements are outlined in the City s municipal code and Fiscal Accountability Rules; however, for a variety of reasons, city personnel occasionally fail to adhere to these requirements. These unauthorized purchases (UNAs) do not comply with the City s terms and conditions. We utilized three different methods in an attempt to quantify the number of unauthorized purchases. Each produced different results. Further, we found that Purchasing has only an informal policy, verbally communicated to agencies, requesting justification for UNAs. However, Purchasing does not uniformly enforce this policy, so agencies do not consistently submit the required justification to Purchasing or they submit a pre-written letter with a new date. There are several risks associated with UNAs. Audit research also identified policies implemented by other jurisdictions intended to reduce the number of UNA purchases. For example, the individual responsible for the UNA can be held personally responsible for the amount of the purchase. The Purchasing Division should code unauthorized purchases consistently, and analyze the data in an effort to reduce their occurrence. In addition, Purchasing should determine if it wants justification for UNAs, and if so, formalize and enforce the policy. Emergency Purchases Should be Tracked and Justified Audit work revealed that Buyers in the Purchasing Division maintain a database with information about emergency purchases. However, agency personnel do not consistently send a confirming requisition P a g e 1 Office of the Auditor

8 to Buyers within the required seventy-two hours timeframe. 1 As a result, the database does not include data from the confirming requisition. Additionally, Purchasing does not collect some information that could enhance analysis of emergency purchases, and does not consistently obtain the required justification for emergency purchases. Like unauthorized purchases, emergency purchases increase the risk of the City paying a higher price than necessary. Emergency purchases can also reflect poor planning on agencies part. The Purchasing Division should enforce the requirement that agencies submit a confirming requisition within seventy-two hours of the emergency purchase and ensure that information about emergency purchases is updated timely into the database. It should also enforce the requirement that agencies provide written justification for each emergency purchase, and include the notification date and detailed justification reasons so that analysis can be used to determine if the number of emergency purchases can be reduced. Tracking Additional Information Could Enhance Purchasing Processes and Aid Strategic Planning The Purchasing Division does not consistently track and analyze data that could help it improve the system and enhance strategic planning. Specifically, Purchasing does not measure certain procurement cycle times, including the time it takes to complete certain portions of the procurement process. Cycle times provide useful performance information and therefore should be analyzed to look for bottlenecks in the process, patterns of agency purchasing, and other data trends. Additionally, Purchasing does not consistently conduct buyer spend analyses, which analyze expenditure data to reduce procurement costs, improve efficiency and monitor compliance, and does not track vendor performance information. We recommend that Purchasing conduct comprehensive spend analyses, including considering the purchase of spend analysis software, and enhance its tracking of vendor performance. Dollar Thresholds Need Re-Evaluation The City has established dollar thresholds, or the limits at which a purchase is estimated to cost, which dictate the method by which a purchase must be made. Auditors found that one of the City s dollar thresholds, the threshold at which formal bidding is required, is significantly lower than the threshold of benchmarking jurisdictions and in best practices. This artificially low threshold impedes the procurement process by creating a bottleneck within the P2P process, thereby decreasing efficiency. One reason this limit is lower is that the dollar thresholds have been in place for seventeen years and therefore could be evaluated and possibly increased. Generally, lower dollar thresholds represent an increased level of control. However, controls also require resources to implement and maintain them. Ideally, controls should reflect a balance between the risks of low or no controls and those resource needs. 1 For all emergency purchases, the agency must send a requisition confirming the purchase so the Buyer can create a purchase order. The City will not pay a vendor without a purchase order. City and County of Denver P a g e 2

9 Audit analysis indicated that if the City's formal bidding dollar threshold was $50,000 instead of $25,000, 16 percent of purchases in October 2012 could have been made without going through the formal bidding process. This may have shortened the cycle time for these purchases, and may have reduced the costs and time associated with the additional processes required to conduct formal bidding. To help ensure dollar thresholds are at levels providing the most benefit to the City, we recommend the Purchasing Division evaluate the dollar thresholds in place, and consider proposing adjustments to City Council. Because this evaluation should occur on a regular basis, Purchasing should also determine how often it should occur. P2P Process and Polices Do Not Meet Certain Agencies Needs P2P was implemented to standardize the City s procurement processes, but it can impede the efficiency of some City operations with unique purchasing needs. In our survey of some P2P users, several agencies with operations that require quick turnaround times for purchases rated the P2P process as poor or fair. Our analysis supported relatively long cycle times for receiving such purchases. Specifically, Fleet purchases made during the sample period averaged between eleven and forty-four calendar days from the time an item was requested and when it was received in PeopleSoft. We were not able to identify best practices regarding how long purchases should take. However, it appears nonsensical that agencies must wait a minimum of eleven days for a part that could potentially be purchased at a local retail store. Therefore, we recommend that Purchasing work with agencies with specific purchasing needs to identify possible workarounds in the P2P process. P2P Users Need Additional Training and Enhanced Resources Audit work revealed that P2P users might benefit from additional training, and that informational resources already available could be enhanced. In an audit survey, agency personnel who use P2P indicated they could benefit from additional training. For example, 82 percent of respondents stated that they had experienced difficulties when purchasing through the P2P system, 54 percent found the system cumbersome to use, and 19 percent claimed they had not received sufficient training on the P2P system. Survey respondents also said the P2P system is not user friendly. Additionally, we identified POs in which Buyers did not include some details needed to help move purchases through the process. When this information is not on the PO, additional time is needed to obtain it, slowing the procurement process. In addition to training needs, audit work identified a P2P user guide that needs updating, and additional resources that agency staff may not be aware is available on the City s intranet portal. To enhance P2P users knowledge, the Purchasing Division should identify users needs and conduct additional training on the P2P system, and provide Purchasing Buyers with P a g e 3 Office of the Auditor

10 guidance in providing all necessary information on each PO. Additionally, Purchasing should update P2P user guides and enhance users awareness of available online resources. PeopleSoft System Limitations Affect P2P Process Efficiency Audit work identified several issues related to the City s PeopleSoft system that impact the efficiency of the P2P process: The P2P Dashboard, a one-page graphical presentation of the status of a requisition in the P2P cycle, is not updated with the most recent status of purchases. PeopleSoft overwrites the requisition approval date stamp, making accurate cycle time measurement impossible. In a focus group of Purchasing Buyers conducted as part of audit work, Buyers stated that PeopleSoft was customized to meet the City business process, when processes should have been adapted to the system, resulting in the potential loss of some PeopleSoft functionalities. Upon issuance of a PO in PeopleSoft, designated agency personnel should receive an automated notification. Audit inquiries showed such s are not consistently sent to agency personnel. The PeopleSoft Purchasing module currently used by the City cannot confirm whether a PO has been received by the vendor. These confirmations must be obtained via contact with the vendor. PeopleSoft offers another module that offers enhanced functionality for the entire procurement process, and several private firms offer e-procurement technology that can be implemented as an add-on to the current system. The City currently owns the e-procurement module, but has not implemented it. Purchasing staff, benchmarking jurisdictions, and best practices indicate that utilizing technology offers the greatest opportunity for enhancing procurement functions efficiency and effectiveness. We acknowledge that an e-procurement system would require up-front investment as well as resources to properly implement it. However, it might be the best way to overcome some of the current issues associated with using only PeopleSoft s Purchasing and Accounts Payable modules. City and County of Denver P a g e 4

11 Purchasing Division The Purchasing Division (Purchasing) is responsible for acquiring goods and services, excluding construction and professional services, for agencies of the City and County of Denver. The City Charter grants control over City procurements to the Purchasing Division which is housed within the City s Department of General Services. 2 City agencies are required to go through the Purchasing Division to procure goods and services, with the exception of the Denver Public Library, the Denver Zoo, the Denver Art Museum, the District Attorney s Office and several other City agencies. 3 Procure To Pay (P2P) On September 20, 2010, the City implemented a Procure to Pay or P2P system, a collaborative effort by the Controller's Office, Accounts Payable within the Controller s Office, and the Purchasing Division. P2P was a part of the City's consolidation and shared services initiatives. Prior to standardization of the City s procurement function, City agencies handled their purchasing needs internally with limited involvement by Accounts Payable. This resulted in several control weaknesses. First, there was no centralized data and consequently very limited visibility regarding City purchases, including numbers of purchases and dollar amounts. Second, agency staff did not consistently issue purchase requests (requisitions) and purchase orders (POs). Table 1 shows the dramatic increase in the number of POs issued after P2P was implemented in late Table 1 Number of Purchase Orders Prior to and After P2P Number of Purchase Orders (PO) * Number of POs processed 2,500 3,220 2,787 1,662 10,402 13,410 Source: Auditors extracted data from the Purchasing Division s Report Cards that contain internal performance metrics. *P2P was implemented on September 20, Finally, there was no documentation, in PeopleSoft, of the goods and services received before paying a vendor. Accounts Payable made vendor payments when agencies 2 City Charter, Article II, Part 9. 3 Other agencies that are not required to make their purchases through the Purchasing Division include City Council, the Auditor's Office, the Elections Division, the Civil Service Commission, the Office of Telecommunications, the Board of Adjustment, the Office of the Clerk and Recorder, and Human Resources. However, all these agencies, divisions, and offices have chosen to utilize the City s P2P for their purchasing needs. P a g e 5 Office of the Auditor

12 submitted a request for payment on a voucher, but had no way to ensure the vendor was paid the right amount for the right quantity at the negotiated price. The P2P system and processes were designed to achieve four major goals: To consolidate, standardize, and improve the City's procurement and vendor payment processes To create cost savings across the City by providing customer focused shared services for procurement and accounts payable To reduce procurement costs through more effective price negotiations To leverage PeopleSoft to drive efficiency, establish better metrics to measure success, and improve the overall P2P process through visibility and reporting The City s P2P system mainly consists of PeopleSoft Purchasing and Accounts Payable modules, with the primary focus on the following areas: 4 P2P Workflow The Item Master or Item File, which is a catalog of goods and services on annual bid maintained in PeopleSoft. Agency purchasing personnel select items for purchase from the Item File, and a PO is automatically generated. Automated workflow approval routing, meaning the process is automated by routing purchases through the system for approval. A receiving function. Three-way match, which is when the system matches the purchase order, receipt of the purchase, and the invoice prior to vendor payment. There are three elements within a P2P process procurement, receipt of goods and services purchased, and payment to vendors. Procurement and receiving processes are managed by the Purchasing Division. The City s payment process is handled by the Accounts Payable section of the Controller's Office. The P2P workflow consists of a series of steps in PeopleSoft performed by designated agency staff, and Purchasing and Accounts Payable personnel. Each individual participating in the P2P process has a role in the process. Figure 1 is a simplified schematic of the P2P workflow roles and associated responsibilities. 4 The City currently uses certain modules of PeopleSoft by Oracle. These modules include Purchasing (called Purchase Order) and Accounts Payable, which are used for P2P processes, as well as Asset Management and Project utilized for other City needs. Oracle offers other P2P solutions such as PeopleSoft e Procurement, which is not used by the City. City and County of Denver P a g e 6

13 Figure 1 P2P Workflow Roles Agency "Requisition Enterer" enters requisition Agency "Requisition Reviewer" reviews requisition Agency "Expending Authority" reviews and approves requisition Agency "Receiver" records receipt of requested item in PeopleSoft Purchasing "Buyer Supervisor" approves PO, if applicable Purchasing "Buyer" receives requisition, processes, and creates PO "Accounts Payable" receives and enters vendor invoice in PeopleSoft Auditor's Office "Prevailing Wage" reviews compliance with prevailing wage ordinance, if applicable "Accounts Payable" pays vendor after 3 way matching of PO, receipt, and invoice Source: Prepared by auditors based on their knowledge of P2P processes obtained during the course of the audit. Procurement Dollar Thresholds In accordance with provisions of the Denver Revised Municipal Code (D.R.M.C), the City has adopted three dollar thresholds to guide how purchases should be made Open Market o Supplies and services which amount to $5,000 or less are not subject to bidding requirements. Agencies are authorized to suggest a vendor and a Purchasing Buyer creates a PO for the purchase. 2. Informal Competitive Bidding o Goods or services which are estimated to amount to less than $25,000 may be made by informal bid procedures. In other words, informal bidding procedures apply to purchases with an estimated price greater than the open market threshold of $5,000 and less than $25,000. The Purchasing Division is staffed with Buyers who work with agencies to make these purchases. Buyers are required to obtain at least three bids for the good or service the agency wishes to purchase. These bids may or may not be in writing. 5 D.R.M.C, and P a g e 7 Office of the Auditor

14 3. Formal Bidding o Purchases estimated to amount to $25,000 or more are solicited to the general public through a formal bidding process. Methods of Procurement There are four methods for making purchases in the City: Requisition to Purchase Order (PO) The requisition to PO process is the primary method used to procure goods and services, including open market and informal competitive bidding purchases. The requesting City agency initiates the process by placing a requisition in PeopleSoft. The requisition goes through an automated workflow review and approval by the agency. Depending on whether or not the items requested are from the PeopleSoft Item File, the requisition takes one of the two routes below. Requisitions from the Item File: The Item File is an electronic catalog in PeopleSoft containing most goods and a limited number of services for which the City has a master purchase order (MPO). 6 The pricing, vendor and terms and conditions of that MPO are associated with the Item File. If all requested items on a requisition are from the Item File the system creates a PO containing the MPO's terms and conditions. If the requested items from the Item File pertain to more than one vendor, multiple POs are created, each with the pricing and other terms and conditions of the relevant MPO. The requesting agency is responsible for dispatching a PO to the vendor. Requisitions of Non-Item File Items: If one or more of the items on a requisition are not from the Item File, the requisition is routed to the designated Buyer at Purchasing through the automated workflow. If a requisition s value is less than or equal to $5,000, the requesting agency may attach a quote from the vendor of choice to the requisition. After the Buyer verifies the quote with the vendor, he/she dispatches a PO to the vendor. Requisitions over $5,000 for which no MPO exists, are subject to the City s dollar thresholds described earlier. Specifically, purchases with a value greater than $5,000 but less than $25,000 are subject to an informal bid process, and purchases of $25,000 or more to a formal, competitive bid. Non-PO Voucher A Non-PO voucher, also known as a request for special payment, is used for certain City purchases where the Director of Purchasing has determined procurement card or Requisition to PO are not the proper purchasing method. Some examples of requests for special payment are employee reimbursements, subscription payments, payments for utility and phone charges, and inter-governmental payments. 6 An MPO is an agreement between the City and a vendor to provide goods and services to the City under mutually agreed upon terms and conditions. City and County of Denver P a g e 8

15 Procurement Card A procurement card (PCard) is a credit card issued to City agency personnel who, as a part of their job responsibilities, are required to purchase goods or services. PCards can be used to make purchases of goods and a limited number of services totaling $2,000 or less per transaction. Daily and monthly thresholds on PCard purchases are set based on the nature of the agency's business and its purchasing needs and history. The Purchasing Division, in conjunction with the Controller s Office, is responsible for administering the PCard program. These responsibilities include approving applications for new PCards and training new cardholders. PCard purchases do not require review by Purchasing. Instead, the PCard rules require agencies to conduct periodic reconciliation procedures. A PCard Procedure Manual is available to guide PCard holders. 7 Contracts In accordance with the City Charter, written contracts for the purchase of supplies, equipment, personal property and services shall be used by Purchasing, when the complexities of specifications and conditions warrant; in instances of extensive services, repairs and maintenance; and whenever a written purchase order is deemed insufficient for the City protection. 8 The City s Executive Order No. 8 stipulates the requirements and provides guidance for execution of City contracts. 9 Although contracts are sometimes used to purchase goods such as equipment for the City, they are mainly mandated for the purchase of services over $5,000. Purchases of services under this threshold can be made using a PO. In addition, a contract is required for purchases estimated to cost $25,000 or more. The contract procurement process comprises several steps involving multiple agencies including but not limited to the requesting agency, the City Attorney's Office, Purchasing, the Budget and Management Office, the Auditor's Office, and the Mayor. Emergency Purchases In emergency situations, agencies can purchase what they need to mitigate the situation and process the purchase in P2P afterwards. The D.R.M.C. authorizes the Manager of General Services (Manager) to exempt a purchase from bidding procedures if the purchase is of an emergency nature. The D.R.M.C. defines emergency as a situation which, if it continues to exist, would endanger the health or safety of the public or employees and requires a remedy sooner than the supplies, materials, equipment, personal property or services would be delivered if the normal purchasing procedures were followed; or, a situation which would place an excessive financial burden on the City unless addressed in a shorter time than the bidding procedures require The Auditor s Office has conducted two audits of the City s PCard programs. For more information, see Procurement Card Program, Department of Aviation Performance Audit issued May 2009 and Procurement Card City Agencies Performance Audit issued September City Charter, Article II, Part 9, Section Executive Order No. 8, "Contracts and Other Written Instruments of and for the City and County of Denver." See 10 D.R.M.C (b) 1. P a g e 9 Office of the Auditor

16 Agencies are required to follow certain procedures when they make an emergency purchase: Purchases made Monday through Friday from 8:00 a.m. through 5:00 p.m. shall obtain approval of the Manager or his or her designee prior to purchasing. Emergency purchases made at other times shall not be made without first attempting to obtain the prior approval of the Manager or his or her designee. The agency head making such a purchase shall, in either case, send a confirming requisition and a letter of justification explaining the reasons for the emergency purchase to the Deputy Manager of General Services within seventy-two hours after such a purchase. 11 After the emergency purchase is made, the agency s confirming requisition generates a PO in the system that enables the vendor who provided the emergency good or service to be paid. P2P will not allow the vendor to be paid without a PO. 11 D.R.M.C (b) 2. The Deputy Manager of General Services in now referred to as the Director of Purchasing. City and County of Denver P a g e 10

17 This audit assessed the effectiveness and efficiency of the City's Procure to Pay (P2P) process, including processes for purchasing goods and services, but not those related to contracts. Additionally, we have excluded processes related to payment for purchases, which is handled by the Accounts Payable function within the City Controller's Office. The objectives of this audit were to: Evaluate P2P and the efficiency and effectiveness of the procurement process Determine if the Purchasing Division has a strategic focus Determine if agency staff are purchasing outside the established procurement process Evaluate the dollar thresholds in place against best practices or benchmarking jurisdictions Evaluate the customer satisfaction of agency staff that utilize P2P Audit methodologies included, but were not limited to: Interviewing staff in the Purchasing Division to obtain an understanding of the City's procurement processes and controls Reviewing purchasing data in PeopleSoft Reviewing the City Charter related to Purchasing guidelines Developing a flow chart of the City's procurement process Conducting research regarding procurement best practices Conducting a Focus Group of Buyers in the Purchasing Division Conducting a survey of all City staff with "Requisition Enterer" status in PeopleSoft to obtain feedback from City staff who use P2P to make purchases Analyzing purchasing data for cycle times Evaluating data on unauthorized purchases to determine the reasons for making such purchases Conducting benchmarking research in order to compare and evaluate the City's policies and practices P a g e 11 Office of the Auditor

18 The City s Procure to Pay (P2P) Processes Can Be Improved Audit review determined that the Procure to Pay (P2P) system has significantly improved City procurement practices, by providing more robust controls over the processes and practices for purchasing goods and services, and increasing visibility to purchasing information. While these improvements are notable, auditors identified areas where strengthening existing practices and controls could enhance the efficiency and effectiveness of the system. Unauthorized Purchases Are Not Consistently Tracked or Justified Purchasing processes are outlined in the Denver Revised Municipal Code (D.R.M.C.) and the City s Fiscal Accountability Rules; however, for a variety of reasons, agency personnel occasionally bypass these requirements to purchase goods or services. 12 These purchases are not considered to be required for an emergency, and do not comply with City process. This agency conduct is commonly referred to as maverick purchasing behavior, and is described as ranging from unintentional, honest mistakes to ill-intentioned behavior such as when a purchaser actively circumvents the existing procurement process. 13 Bypassing the City s procurement process constitutes an after-the-fact purchase. Afterthe-fact purchases can be emergency purchases, which are legitimate purchases. However, an after-the-fact purchase can also be an unauthorized purchase (UNA), which is an after-the-fact purchase that does not meet the City s criteria as being necessary for responding to an emergency, meaning it does not comply with procurement requirements. Since the P2P system requires the issuance of a purchase order (PO) for subsequent payment to the vendor, an agency has to place a requisition in the system for an after-the-fact purchase to trigger issuance of a PO. This means that even if the agency circumvents the procurement process to purchase a good, payment is only triggered if the requisition information is entered into PeopleSoft. Purchasing personnel reported that before P2P was implemented, they had identified unauthorized purchases to be 2 percent of the total dollar amount of purchases. Immediately after P2P was implemented, Purchasing sampled between seventy-five to one hundred vouchers, and found about 4 percent were unauthorized. Based on this data, Purchasing decided that the cost of driving unauthorized purchases down was higher than the benefits resulting from reducing the number of unauthorized purchases. Since then, Purchasing has not consistently tracked unauthorized purchases. Buyers in the Purchasing Division (Buyers) can flag an unauthorized purchase in PeopleSoft. For unauthorized purchases that are flagged, Purchasing has an informal 12 D.R.M.C to 20 64; Fiscal Accountability Rule 8.1, Procurement. 13 For more on the term maverick, see Karjalainen, Kemppainen, van Raaij, Non Compliant Work Behavior in Purchasing: An Exploration of Reasons Behind Maverick Buying, Journal of Business Ethics, Vol. 85 (2009): City and County of Denver P a g e 12

19 policy that has only been verbally communicated to agencies, which asks the agency to send a justification memorandum to the Director or the Deputy Director of the Purchasing Division. Purchasing is especially interested in receiving a justification memorandum for instances of unauthorized purchases over $5,000 since this is the dollar threshold above which Buyers are involved in the bidding process. This justification memorandum should be signed by the expending authority and explain why authorization has not taken place in the appropriate way. Purchasing staff reported that agencies often use a pre-written letter and modify the date rather than sending a new justification memorandum for every unauthorized purchase. Further, this informal policy is not universally enforced and non-compliance does not result in specific repercussions for agencies. We found that there is little consequence when an agency circumvents the existing purchasing process and procures goods without authorization. Some agencies consider long cycle times or their perception of long cycle times as justification for circumventing the established process and engage in this behavior more frequently than others. At times, Purchasing staff may acknowledge the business needs of the agency. This may send the message that unauthorized purchases are not a material compliance concern. Without proper coding, however, it is impossible to review systematically UNAs or conduct trend analyses to determine the causes. For example, UNAs may result from poor planning on the agency s part, but this cannot be determined without analysis. Currently, reducing the number of UNA purchases depends on the interpretation and business needs of the agency heads, and whether they take the process seriously and try to reduce the number of UNAs. Since Buyers do not consistently code and track unauthorized purchases, we attempted to determine the extent of these purchases. First, we queried purchases that were coded in the system as unauthorized, and found that Buyers coded 372 purchase orders as unauthorized in 2012, which represents approximately 4 percent of the REG POs for However, we do not know how reliable this data is since audit inquiries revealed that not all Purchasing Buyers consistently code unauthorized purchases as such in PeopleSoft. Table 2 shows that 336 of the 372 unauthorized purchase orders in 2012 were made by nine agencies. 15 At a minimum, the table presents purchases clearly coded as unauthorized and can serve as a baseline for conclusions. 14 The query was provided by the Purchasing Division. Consult the Glossary in Appendix C for a definition of REG. 15 Table 2 contains a list of the top nine agencies UNAs, accounting for 336 UNAs out of the total of 372 UNAs. P a g e 13 Office of the Auditor

20 Table 2 Unauthorized Purchases by Agency for 2012 Category Number of UNA Purchase Orders Parks and Recreation 235 Police Department 31 General Services Facilities Planning & Management Fire Department 14 Department of Safety 11 Public Works Transportation 10 Sheriff s Department 10 Career Service Authority 5 Theaters and Arenas 5 15 TOTAL 336 Source: PeopleSoft query of unauthorized purchases for 2012 run by the audit team. We then ran a second query to quantify UNAs. Because a requisition is required to make a purchase, the requisition date should be earlier than the date the purchase was received. When the requisition date is later than the receipt date, an after-the-fact purchase took place. 16 We queried purchases in which the requisition date was later than the receipt date, and identified 172 after-the-fact purchase orders in the sample period of October There were a total of 598 purchase orders for this month, so these 172 after-the-fact purchases comprise 29 percent of all POs for the month, or 5 percent of the total dollar amount going through the Purchasing Division in October of Further, if the number of after-the-fact purchases identified in this query were considered an average and extrapolated to get an approximate number for the entire year, the number of after-the-fact purchase orders would have been over 2,000 in Due to the vastly different results from the two queries, we asked all the Buyers to begin consistently coding unauthorized purchases for the month of February The intent was to obtain a more realistic view of the number of unauthorized purchases. Assuming that Buyers correctly tracked all unauthorized purchases for that month, there were fortyfour unauthorized purchase orders entered into the system in February This would amount to 528 UNAs per year if used as an average. While this is far fewer than the 2,000 purchases estimated using requisition and receipt dates, 528 annual UNAs still represents an increase of 42 percent over the 372 UNAs recorded in the system for These purchases were coded as REG like the other REG requisitions. The only indication of them being an unauthorized purchase was that the receipt date predated the requisition date. We received verbal confirmation from the Purchasing Division that in these cases, the agency had first purchased and then placed the requisition in the system. Presumably, Buyers had the option to add the unauthorized purchase to the standard comment box but we could not see that comment in our query. City and County of Denver P a g e 14

21 Results from auditors queries are summarized in Table 3. These results demonstrate that the lack of consistent tracking makes it difficult to accurately estimate to what extent agencies circumvent the existing procurement process. Table 3 Query Results - Unauthorized Purchases Query 1 Query 2 Query 3 Monthly number Monthly dollar amount $62,975 $308,521 $102,360 Annual number 372 2, Annual dollar amount $755,702 $3,702,252 $1,228, The first query was based on UNA data from Purchasing for 2012, which resulted in 372 UNAs per year (see Appendix A; Table 2 only shows 336 UNAs for the same time period of the agencies with the highest occurrence of UNAs during 2012). This is equivalent to an average of thirty-one UNAs per month, with a value of almost $62, The second query was based on purchases with a receipt date preceding the requisition date (After-the-Fact Purchase) for the month October This query resulted in 172 UNAs with a value of $308,521. If these UNAs are extrapolated for the year, it would result in more than 2000 UNAs for The third query was based on data for February 2013 after auditors asked Buyers to consistently code all UNAs in PeopleSoft. In this month, there were forty-four UNAs worth $102,360. If extrapolated for the entire year, the amount of UNAs would be 528 for It is difficult to measure the precise impact maverick behavior has on the City s procurement function. Buyers in the Purchasing Division are trained in negotiating the best price for goods and the risk exists that agencies fail to negotiate the best price possible when conducting an unauthorized purchase. Moreover, it can take much longer for the vendor to receive payment while the paperwork is approved. This can result in late fees and damage future business relationships with the vendor. However, the risks stemming from this behavior are not only financial; for example, circumventing the purchasing process carries the risk of vendors not complying with the need to go through the contracting process or prevailing wage requirements. 17 Potentially dangerous items or services could require increased liability for the City and an agency might not be aware of these increased requirements; or a bond might be in place that 17 The D.R.M.C. outlines requirements related to the payment of prevailing wages to workers retained by any contractor or subcontractor at any tier, performing construction, alteration, improvement, repair, maintenance, demolition, or janitorial work on any City public building or public work costing $2,000 or more. The Auditor Office s Prevailing Wage Section monitors and enforces compliance with these requirements within the City s procurement process. P a g e 15 Office of the Auditor

22 would cover the purchase, which means that payments come from a different source. UNAs are made without including Buyers, who ensure that purchases are compliant with the terms and conditions, laws and insurance requirements applicable to the City s purchases. In addition, we attempted to find out if these unauthorized purchases could have been avoided by using a procurement card (PCard). Specifically, when we reviewed purchasing data for the sample period of October 2012, we noted that 16 percent of City purchases that were processed using a requisition and PO could have been made with a PCard. This might have decreased the number of UNA purchases in that month. However, because UNA s are not tracked and monitored consistently, this extrapolated number was based on the data currently captured by Purchasing. During our research of purchasing best practices across the country, the University of Colorado was identified as having a model procurement department. Auditors interviewed officials at the University and learned that any after-the-fact purchase over $5,000 which is repeated is subject to approval by the department s controller. If the after-the-fact purchase is not approved, the individual(s) is responsible for ordering the goods or services, and must either: Pay for the purchase personally, without reimbursement from the University; or, Return the purchased goods to the vendor, explaining that the University is under no obligation to pay for them. Our benchmarking revealed that Maricopa County, Arizona has a provision which holds staff members making unauthorized purchases personally accountable for the amount of the purchase, plus 20 percent. However, this control has not been imposed. In addition, a claim process is in place where Purchasing can deny payment for a maverick purchase. The vendor can then file a claim that must go to the City Attorney s Office for a recommendation and then goes before a Board of Supervisors. The vendor and the agency must explain the reason for the purchase and request approval for payment. The intent is to put the agency and the vendor on notice and to make unauthorized purchases a difficult and transparent matter. On the federal level, the Federal Acquisition Regulations (FAR) specifically mention unauthorized purchases and place responsibility on the employee conducting the unauthorized purchase. According to FAR, an unauthorized commitment means an agreement that is not binding solely because the government representative who made it lacked the authority to enter into that agreement on behalf of the government; for example, an invoice is received from a contractor but no PO or contract exists for the items or work described in the invoice. 18 According to FAR, an unauthorized purchase is a violation of federal law. It requires a written explanation of actions and may be subject to disciplinary action, especially if it constitutes repetitive behavior. Although unauthorized purchases are not defined in the D.R.M.C. or the policies and procedures (P&P) of the Purchasing Division, the P&P nevertheless point out that urgent 18 Federal Acquisition Regulations, (a). City and County of Denver P a g e 16

23 circumstances created by the negligence of an employee, and improper or poor inventory controls or management are typically not valid emergency justifications. This provides a definition by exclusion of permitted exceptions for after-the-fact purchases. As of late, the Purchasing Division has looked into the issue of unauthorized purchases on an agency-by-agency basis and tried to take some preventive measures. Purchasing staff told auditors that, for example, the introduction of new policies and increased training for Parks & Recreation have led to a reduction in unauthorized purchases by that agency. However, data is not available to validate this assertion. Purchasing should enhance controls to reduce the number of UNAs and hold repeat offenders accountable. We recommend that the Purchasing Division better define unauthorized purchases, code them correctly and perform a trend analysis to understand the extent of non-compliance among agencies. Further, it should determine if it wants justification for UNAs, and if so, formalize and enforce the policy. That way, agencies with high levels of non-compliance can be identified and receive customized treatment. Moreover, it will allow the Purchasing Division to understand the reasons for non-compliance, which are necessary to eliminate or at least reduce the number of unauthorized purchases. Purchasing would be able to address the perception of long cycle times and point out instances when poor planning causes UNAs. It would be worthwhile for Purchasing to work closely with agencies that have urgent inventory needs to find a solution to reduce the number of unauthorized purchases. Emergency Purchases Should be Tracked and Analyzed Audit work found that, unlike with unauthorized purchases, the Purchasing Division maintains a database of emergency purchases. However, we determined that agency personnel do not consistently send a confirming requisition to Buyers within the required seventy-two hours timeframe. As a result, the database does not include data from the confirming requisitions. Additionally, Purchasing does not collect some information that could enhance analysis of emergency purchases, and does not consistently obtain the required justification for emergency purchases. Agencies may declare an emergency that allows them to bypass the established purchasing process. The Purchasing Division reviews these requests for their merit based on exceptions noted in the D.R.M.C. 19 If the emergency purchase is approved, the agency must send a confirming requisition, and the Buyer creates a purchase order (PO). 19 D.R.M.C (b)(1) defines an emergency situation in the following manner: [t]he manager of general services may forego the bidding procedures in sections and when a purchase is necessary to address an emergency. For purposes of this section, an emergency is defined as a situation which, if it continues to exist, would endanger the health or safety of the public or employees and requires a remedy sooner than the supplies, materials, equipment, personal property or services would be delivered if the normal purchasing procedures were followed; or, a situation which would place an excessive financial burden on the city unless addressed in a shorter time than the bidding procedures require. P a g e 17 Office of the Auditor