Audit of Construction Contracts

Transcription

1 National Research Council Canada Audit of Construction Contracts Internal Audit, NRC January 2009

2

3 TABLE OF CONTENTS 1.0 Executive Summary Introduction Background and context About the audit Audit Findings Audit Objective One: to provide assurance that NRC complies with the Government of Canada and NRC construction contracting policies and directives Objective Two: To assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented Conclusion Appendix A: Audit Criteria and Detailed Findings Appendix B: 2002 Audit Recommendations and 2008 Follow-up Audit Findings Appendix C: Overall Potential Ratings Appendix D: Management Action Plan Appendix E: Glossary January 2009 i

4

5 1.0 Executive Summary Background This audit report presents the findings of the National Research Council (NRC) of Canada s Audit of Construction Contracts which includes a follow-up to the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting. The decision to conduct this audit was approved by the President following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007, as part of the NRC to Risk-Based Internal Audit Plan. Under the plan, contracts greater than $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. However, due to their unique nature and relatively lower overall expenditures, construction contracts are excluded from the annual compliance work and continue to be audited over a fiveyear audit cycle. Expenditures for construction contracts were $17.8 million in and $20.5 million in Audit objective, scope and methodology There were two audit objectives. The first objective was to provide assurance that NRC complies with Government of Canada and NRC construction contracting policies and directives. As such, detailed audit procedures were performed on construction contracts undertaken in and in order to make this determination. This audit objective also allowed us to make observations with respect to the extent to which NRC contracting directives and policies correspond to the Treasury Board requirements as well as the adequacy of the procurement management control framework established by NRC for construction contracts. The second audit objective was to assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented. An NRC-wide approach was used for sampling which allowed for an examination of construction contracts that are managed by NRC s Administrative Services and Property Management (ASPM) Branch as well as by the Regional Material Management Offices (RMMOs). It was determined that a sample of 20 construction contracts for each fiscal year for a total of 40 contracts selected on the basis of risk would be sufficiently robust to determine whether there are any systemic issues with respect to construction contracting. This involved examining practices in seven of NRC s 32 institutes, branches and programs (IBPs). January

6 The audit was conducted using a series of detailed audit criterion that addressed the audit objectives, against which we drew our observations, assessments and conclusions. These audit criteria, presented in Appendix A, are primarily derived from the Treasury Board Policy Contracting Policy, Policy on Delegation of Authorities, Policy on Investment Planning and Policy on the Management of Projects as well as the Financial Administration Act (FAA). The recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting that we followed-up on their implementation can be found in Appendix B. Audit opinion and statement of assurance Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process are in compliance for construction contracts but there are some opportunities for improvement. These areas for improvement include: sufficient documentation supporting non-competitive contract awards, timing of budget commitments and work commencement, management of contract amendments and security screenings of contractors who have access to protected information and assets. Within the limitations of the audit procedures performed, we found that the procurement management control framework for construction contracting is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and performing data analytics of contract patterns and trends as part of more rigorous monitoring activities. Finally, we found that NRC management has fully implemented seven of the eight recommendations made in of the 2002 Internal Audit report Audit of Construction Contracting. The recommendation pertaining to the expansion of verification of delegated authorities (FAA Section 33) is in progress and management reports it is on track to be fully operational by March In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on a comparison of the situations as they existed at the time against the audit criteria. The evidence was gathered in accordance with the Treasury Board Policy, directives and standards on Internal Audit, and the procedures used to meet the professional standards of the Institute of Internal Auditors. January

7 Conclusions and recommendations Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process for construction contracts are in compliance but there are some opportunities for improvement 1. These areas for improvement include: sufficient documentation supporting non-competitive contract awards, timing of budget commitments and work commencement, management of contract amendments and security screenings of contractors who have access to protected information and assets. While we observed full compliance in many important areas, we found: several instances of construction work was performed prior to contract award; several instances where distinct services were repeatedly amended to existing contracts rather than issuing new contracts; one instance where Treasury Board approval was not obtained for a contract with cumulative amendments above the required Treasury Board threshold; a complete absence of security screenings for construction workers who would have had access to protected assets and information prior to NRC s new security directive put in place January 24, 2008 and several instances thereafter. Problems noted in last year s audit of contracts less than $25,000 regarding FAA Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities and in the earlier 2002 Audit of Construction Contracting are being addressed. Within the limitations of the audit procedures performed, we found that the procurement management control framework for construction contracts is adequate but some areas could be strengthened. NRC has established a procurement management control framework, including procurement processes and policies to mitigate procurement risks and to help ensure compliance with Government directives and policies. Construction contracts are essentially subject to the same management control framework as non-construction contracts; however, there are specific directives and policies that are related only to construction. Five key components of the procurement management control framework that were examined included the control environment, control activities, risk assessment, information and communication and on-going monitoring. Some areas for improvements were observed. There is no single repository of guidance that consolidates all of the procurement policies and procedures to assist management and Procurement Officers in contracting. Various manuals on the procurement process are available either in hard or electronic formats. Some IBPs informed us that they were not aware of the existence of some manuals. Clarification of the procurement process provided by Administrative Services and Property Management Branch is currently done 1 See Appendix C for the list of potential overall ratings. January

8 through s and training. Other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper construction contracting practices. Finally, we found that NRC management has fully implemented seven of the eight recommendations made in of the 2002 Internal Audit report Audit of Construction Contracting. The recommendation pertaining to the expansion of verification of delegated authorities (FAA Section 33) is in progress and management reports it is on track to be fully operational by March Recommendations 1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). 2. Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. 3. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements and contract amendments. 4. Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual construction procurement files on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract January

9 amendments, contract splitting and non-purchase order transactions as well as leasehold improvements. The detailed management action plans that address these recommendations can be found in Appendix D. Jayne Hinchliff-Milne, CMA, Chief Audit Executive NRC Audit Team Members 2 : Jean Paradis, CA, CIA, Audit Manager 2 The NRC audit team was supplemented by a team of experienced auditors that were contracted to conduct the audit work. January

10 2.0 Introduction 2.1 Background and context Following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007, NRC s President approved this audit of Construction Contracts as part of the NRC to Risk-Based Internal Audit Plan. Under the plan, contracts greater than $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. However, due to their unique nature and relatively lower overall expenditures, construction contracts are excluded from the annual compliance work and continue to be audited over a five-year audit cycle. Several Government of Canada regulations and policies govern how NRC must contract construction contracts. Government procurement is highly regulated and is based on a strong policy framework, including but not limited to the Treasury Board Contracting Policy, the Financial Administration Act (FAA), the North American Free Trade Agreement (NAFTA), the Agreement on Internal Trade (AIT) and the World Trade Organization Agreement on Government Procurement (WTA). The Treasury Board Policy on Investment Planning and the Policy on the Management of Projects provide directives that impact the planning, management and contracting of large construction projects. There are no special contracting provisions resulting from NRC s status as a departmental corporation. Like other government departments, NRC has in place construction procurement and contracting policies that NRC employees must follow. It is within the authority of each department to establish its own policies and guidelines as long as they continue to comply with the government established policies and guidelines. In other words, departments can define policies that are more restrictive than government policies but not the reverse. NRC s Management Control Framework for Construction Contracts Being the leading resource for science and technology development and commercialization, capital projects play an important role in NRC s strategic plan. NRC s Long term Capital Plan to includes a Recapitalization Program with planned expenditures for existing buildings to address building reinvestment requirements. NRC has 188 buildings of which two-thirds were built more than 30 years ago. The Plan also includes capital initiatives such as additions January

11 and alterations to existing buildings and facilities to address new program requirements and acquisitions and / or construction of new facilities to support NRC s current or future research activities. Expenditures for construction contracts were $17.8 million in and $20.5 million in totaling $38.3 million for both years as shown below in Exhibit 1. In accordance with government policy and directives, NRC has full contracting authority for construction projects up to $6 million. ASPM Branch is responsible to provide functional direction and guidance on contracting architectural and engineering services, construction, repairs, renovations and restorations for all of NRC. IBPs that require these services must contact the Construction Contracting Office to discuss their requirements and best approach to take for achieving them. Exhibit 1 Categories, Value and Number of Construction Contracts April 1, 2006 to March 31, Categories of Construction Contracts Contract Value ($) Percentage ($) Number of Contracts Percentage (#) Average Value ($) Less than $25,000 $2,738,239 7% % $7,302 Between $25,000 and $60,000 $2,944,883 8% 71 12% $41,477 Between $60,000 and $100,000 $4,821,908 13% 62 10% $77,773 Over $100,000 $27,837,508 72% 96 16% $289,974 Total $38,342, % % $63,481 As shown in Exhibit 2 below, contracting authority has been delegated to procurement staff in ASPM Branch and in the RMMOs within specific thresholds. The RMMOs have contracting authority that is limited to $60,000 for construction contracts but they as well as ASPM have a requirement to issue a Public Bid Notice when it s above $60,000. Both ASPM and RMMO Procurement Officers can contract directly with some suppliers through call-ups against standing offers. Standing offers are 3 There were no major fluctuations or differences between the two fiscal years. January

12 agreements that have been pre-negotiated by PWGSC or by NRC Procurement Services for specialized services. The call-up limit varies for each standing offers in accordance with their terms. The Treasury Board Contracting Policy threshold allows the competitive process to be set aside for estimated contracting expenditures under $25,000. Construction Contracts valued at $100,000 or greater must use the Standard Federal Government Construction Contract template as per the Treasury Board Contracting Policy as well as electronic bidding for construction contracts as required by the Agreement on Internal Trade. Exhibit 2 NRC Construction Contracting Authorities ASPM RMMO PWGSC Construction Contracts Less than $25,000 Call-ups against NRC or PWGSC Standing Offers ($ limits vary by standing offer) Construction Contracts less than $60,000 (NCR) (NCR) (NCR) Construction Contracts between $60,000 and $100,000 (Requirement to issue a Public Bid Notice) Construction Contracts between $100,000 and $6 million (Requirement to use Standard Federal Government Construction Contract Template and Public Bid Notice) Construction Contracts greater than $6 million (Requirement to issue a Public Bid Notice) (NCR) January

13 2.2 About the audit Objectives There were two audit objectives. The first objective was to perform detailed audit procedures on construction contracts undertaken in and in order to conclude whether NRC construction contracts comply with Government of Canada and NRC contracting policies and directives. This audit objective also allowed us to make observations with respect to the extent to which NRC contracting directives and policies correspond to the Treasury Board requirements as well as the adequacy of the procurement management control framework established by NRC for construction contracts. The second audit objective was to assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented. A risk-based approach was used to determine the audit objectives as well as the audit criteria. Key issues and risks relating to construction procurement were considered to prioritize specific audit activities and to focus on areas of greatest importance. Scope The scope of the first audit objective consisted of NRC construction transactions that were undertaken in fiscal years and Construction contracts, as defined by the Treasury Board Contracting Policy are contracts entered into for the construction, repair, renovation or restoration of any work except a vessel and includes: 1) a contract for the supply and creation of a prefabricated structure; 2) a contract for dredging; 3) a contract for demolition; or 4) a contract for the hire of equipment to be used in or incidentally to the execution of any contract referred to in this definition. Accordingly, architectural and engineering service contracts which pertain to the provision of services in respect of the planning, design, preparation or supervision of the construction, repair, renovation or restoration of a work, are not considered construction contracts. Rather, they are service contracts which have an opportunity for audit as part of the annual compliance audits on contracts less than $25,000 and contracts greater than $25,000 which are audited in alternate years. An NRC-wide approach was used for sampling which allowed for an examination of construction contracts that are managed by NRC s Administrative Services and Property Management (ASPM) Branch as well as by the Regional Material Management Offices (RMMOs). It was determined that a sample of 20 construction contracts for each fiscal year for a total of 40 contracts selected on the basis of risk would be sufficiently robust to determine whether there are any systemic issues with January

14 respect to construction contracting. This involved examining practices in seven of NRC s 32 institutes, branches and programs (IBPs). Those contracts selected for audit are shown below in Exhibit 3 by category of construction contract and region. The audit field work was conducted in two stages. The first stage covering the transactions for fiscal year took place from February 25 to March 31, The second phase covering fiscal year took place from June 2 to July 31, The scope of the second audit objective consisted of determining the current implementation status with respect to eight recommendations identified in the 2002 Internal Audit report Audit of Construction Contracting and related action plan proposed by management as presented in Appendix B. Exhibit and Transactions Sampled by Category of Construction Contract and Region Categories of Construction Contracts Number of Contracts Reviewed NCR Outside NCR Less than $25, Between $25,000 and $60, Between $60,000 and $100, Over $100, Over $6 million 0 0 Total Approach and Methodology With respect to confirming construction contracts comply with Government of Canada and NRC policies and directives, a risk-based approach was used whereby 75 percent of the contracts selected were higher dollar value contracts valued over $60,000 and 25 percent from construction contracts administered by the regional IBPs January

15 valued at less than $60,000. Within each category (over and below $60,000), the individual contracts selected for audit were identified using a risk-based approach whereby 60 percent of the sample was selected from construction contracts with a higher probability of risk (e.g., higher dollar value, more frequent amendments and / or non competitively awarded) and 40 percent of the sample was selected from contracts that were considered to have a lower probability of risk. This resulted in seven IBPs being selected for audit ranging from 24 contracts administered by Administrative Services and Property Management Branch and 26 contracts from six IBPs ranging from two to four contracts each. Interviews were conducted with key personnel in order to examine program processes, procedures and practices. These included managers and staff in Administrative Services and Property Management Branch, Finance Branch and the five IBPs selected for audit. We reviewed relevant program documentation which included, but was not limited to, Treasury Board and NRC policies and guidelines visà-vis the detailed transactions recorded in the paper files and electronically in SIGMA NRC s integrated management information system (based on SAP) that is used to collect financial, human resources, payroll, asset and real property information. Data mining techniques were also employed to detect, among other things, risks for NRC as a whole as well as evidence of potential contract splitting. In order to determine the adequacy of the procurement management control framework, we compared NRC s framework against defined criteria for five key components that can be found in the control models developed by the Canadian Institute of Chartered Accountants (CoCo Criteria of Control) and by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (Internal Control Integrated Framework, Enterprise Risk Management Integrated Framework). These components included the control environment, control activities, risk assessment, information and communication, and on-going monitoring. Information used to assess the adequacy of the procurement management control framework was obtained from, among other things, survey questionnaires completed by ASPM Branch representatives, RMMO Procurement Officers and IBP Budget Managers as well a review of available relevant documents. The audit was conducted using a series of detailed audit criteria that addressed the audit objective, against which we drew our observations, assessments and conclusions. Prior to finalizing the audit criteria, process control flowcharts were prepared and walkthroughs of several transactions for construction contracts were conducted to assess the areas of greatest risk. These audit criteria, presented in Appendix A, are primarily derived from the Treasury Board Contracting Policy, Policy on Delegation of Authorities, Policy on Investment Planning and Policy on the Management of Projects as well as the Financial Administration Act (FAA). January

16 With respect to the follow-up to the 2002 audit recommendations, a questionnaire was sent to ASPM and the Finance Branch to obtain their comments on the status of the action plans in respect to the recommendations noted in the 2002 Internal Audit report Audit of Construction Contracting. Documents were examined in support of the implementation of the recommendations and interviews were conducted with managers as needed. The recommendations made in the earlier audit are detailed in Appendix B. 3.0 Audit Findings 3.1 Audit Objective One: to provide assurance that NRC complies with the Government of Canada and NRC construction contracting policies and directives Overall Conclusion Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of the Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process for construction contracts are in compliance but there are some opportunities for improvement 4. These areas for improvement include: Sufficient documentation supporting non-competitive contract awards; Timing of budget commitments and work commencement; Management of contract amendments; Security screenings of contractors; and Centralized procurement guidelines and monitoring. We also found that the procurement management control framework for construction contracting is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and 4 See Appendix C for the list of potential overall ratings. January

17 performing data analytics of contract patterns and trends as part of more rigorous monitoring activities. Detailed findings for the entire sample of transactions by audit criterion can be found in Appendix A. Findings The audit team noted a number of significant strengths with respect to compliance with government and NRC policies and directives for construction contracts. These included very high compliance rates for the following: Financial Administration Act Section 32 and 34 approvals were correctly obtained (39 of 40 contracts (98 percent ) for FAA 32; and 38 of 40 contracts (95 percent) for FAA 34); For competitive contracts, requirements were defined prior to the bidding process and sufficient documentation on the competitive process was present (26 of 26 competitive contracts; 100 percent); There was no evidence of contract splitting (24 of 24; 100 percent) contract amendments and 1 potential case found through data mining of all transactions for the seven IBPs examined); The Standard Federal Government Construction Contract template was used for construction contracts greater than $100,000 (14 of 14 contracts; 100 percent) and public bid notices were issued for construction contracts over $60,000 (24 of 24 contracts; 100 percent); Project Completion Certificates and Contract Payment Certificates were completed prior to releasing holdbacks (16 of 16 contracts; 100 percent); There is evidence contracts received appropriate monitoring and evaluation of performance (39 of 39 5 contracts; 100 percent); and There is evidence construction services were provided in accordance with the contract (39 of 40 contracts; 98 percent). 5 At the time of the audit, one construction contract had not yet been completed; hence a completion certificate would not have been applicable. January

18 Appropriate FAA Section 32 and 34 approvals Key government controls for procuring, verifying and paying for purchases rest with FAA Section 32, 34, and 33 approvals. These three sections require the following: That funds be available and committed for the purchase (Section 32); That verification of the purchase of goods or services had been performed, supplied, or rendered, and the price was as stated in the contract and that the person with delegated financial authority certifies (via signature) that the verification has been completed (Section 34); and That no payment for a purchase be made unless it has been properly requisitioned and certified (Section 33). In accordance with the Treasury Board Policy on Delegation of Authorities, we expected to find that NRC has delegated spending authority to responsibility centre managers in relation to their budgetary responsibilities in order to ensure they have adequate authority and full responsibility for their decisions. The policy also makes provisions for the use of central staff to record commitments and confirm price and performance in conformance with Sections 32 and 34 of the FAA when this is more effective and economical or in support of the manager who has budgetary responsibility. NRC s delegation document, Financial Signing Authorities, makes use of these provisions by delegating this authority, among others, to Invoice Clerks. However, in our opinion this does not negate the necessity to have an adequate audit trail that can be traced back to the responsibility centre manager with budgetary responsibilities for these expenditures. We limited our expectations to verifying that in the absence of responsibility centre managers exercising their authority electronically in Sigma to some form of written communications from them such as an or a signed purchase requisition or invoice. Last year s Internal Audit report Limited Annual Assurance Compliance Audit - Contracts under $25,000 and Acquisition Card Purchases for transactions provided recommendations in regards to FAA Sections 32 and 34 certifications indicating that there needs to be a verifiable link to the actual Budget Holder with budgetary responsibilities. At the time of the current audit, we found evidence that these issues are being addressed. Internal memos have been provided to personnel by ASPM Branch and Finance Branch stating the importance of FAA controls and detailing specific procedures; as well, financial delegation training was provided to all staff who have budget responsibilities. We also observed that responsibility centre managers as of June 2008 are required to provide their approval electronically for FAA Section 34 certifications that goods or services have been received and that January

19 invoices can be approved for payment. Invoices greater than $25,000 have always required that responsibility centre managers certify FAA Section 34 by their signature. With respect to FAA Section 32, we observed that purchase requisitions were approved by delegated responsibility centre managers in accordance with NRC directives. Only one purchase requisition was not verified by the delegated responsibility centre manager. With respect to FAA Section 34, we observed that only two of 40 invoices (5 percent) in two of seven IBPs examined were not certified by the delegated responsibility centre managers both of which were approved solely by centralized invoice clerks in accordance with NRC directives. Finance Branch in consultation with ASPM and Treasury Board will continue its ongoing review of processes for verifying internal practices pertaining to FAA Section 32 and 34 with due regard for associated risks. Sufficient Documentation Supporting Non-Competitive Contract Awards During the course of the audit, 40 construction contracts were reviewed of which 33 were competitively awarded either through the MERX electronic bidding system or a limited tendering process (26), by advertising the proposed award through Advance Contract Award Notices (2) or by using existing PWGSC or NRC Standing Offer Arrangements (5). The remaining 7 contracts were sole sourced, i.e., not subjected to a competitive process. 6 The Treasury Board Contracting Policy allows for four exceptions to set aside the competitive process. They are: 1. The need is one of pressing emergency in which delay would be injurious to the public interest; 2. the estimated expenditure does not exceed $25,000, $40,000 7, where the contract is for the acquisition of architectural, engineering and other services required in respect of the planning, 6 In order to address areas of greatest risk, the sample selected was deliberately skewed to ensure a higher representation of sole sourced construction contracts than normally incurred. The actual distribution of sole sourced construction contracts for NRC in and was only eight percent. 7 The Treasury Board Contracting Policy Section b. second paragraph normally identifies this as $100,000; however, for NRC this amount is $40,000. January

20 design, preparation or supervision of the construction, repair, renovation or restoration of a work, or $100,000 where the contract is to be entered into by the member of the Queen s Privy Council of Canada responsible for the Canadian International Development Agency and is for the acquisition of architectural, engineering or other services required in respect of the planning, design, preparation or supervision of an international development assistance program or project; 3. the nature of the work is such that it would not be in the public interest to solicit bids; or 4. only one person is capable of performing the contract. Justification for any use of the four exceptions to the bidding requirement must be fully documented. Of the seven contracts sampled that did not use a competitive process, the documentation on file sited that only one person was capable of performing the contract. The policy and guidelines are clear that setting aside the competitive bidding process for this reason should not be used because a proposed contractor is the only one known to management. This exception is quite definitive and should only be used where patent or copyright requirements or technical compatibility factors and technological expertise suggest only one contractor exists. In these instances, the contract authority is encouraged whenever possible to advertise the proposed award through an Advance Contract Award Notification (ACAN). If no statement of capabilities meeting the requirements set out in the ACAN are received within 15 calendar days, the proposed contract is deemed to be competitive and may be awarded. Of those construction contracts that were sole sourced, we found that one of seven (14 percent) contracts in one IBP provided a justification on file that was not supported by sufficient documentation that only one person is capable of performing the contract. It was approved by Treasury Board and therefore one can make a logical conclusion that appropriate justification was provided; however, there was no documentation on file to support that assumption. These sole sourced contracts had original values that were under $25,000 (five), Treasury Board approval (one) or had technology compatibility issues that were only available at the contracted firm (one). January

21 Recommendation 1: Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). NRC Management Response: Agreed. Construction contracts are rarely sole source as a result of patent or copyright requirements. Regardless, if a sole source cannot be clearly documented or where there is doubt that there is only one supplier, a Procurement Officer will post an ACAN. Where there is no doubt, that only one supplier exists, the rationale will be fully documented and include supporting documentation. If it cannot be fully documented, an ACAN will be posted. Timing of Budget Commitments and Contract Commencement We observed in three regional of seven IBPs examined where work for three of 40 contracts (seven percent) was performed prior to the contract being signed. We were informed by ASPM Branch and observed that certain purchase requisitions for construction contracts were created at the time or a few days prior to the contract being issued; therefore, contracting activities took place prior to the commitments being recorded. Section 32 of the Financial Administration Act indicates that no contract should be entered into unless there is a sufficient unencumbered balance available. Furthermore, records of commitments should be maintained. If several commitments are unrecorded, management will not have complete information to be able to confirm funds will be available when invoices for payment are received and that NRC will be legally obligated to pay. Management informed us this practice has rarely, if ever, resulted in the cancellation of a requirement due to insufficient funds. While we were not able to confirm this assertion, we did not find any instances where this occurred. Problems with respect to the timing of budget commitments and work commencing before contracts are signed can be addressed by more comprehensive communications of guidelines as well as more rigorous monitoring regime with investigative capacity. Recommendations are made later in this report that pertain to both. January

22 Management of Contract Amendments The Treasury Board Contracting Policy indicates contracts should be properly administered to avoid unanticipated amendments except to change the scope of the initial work. Every effort should be made to avoid inadequate initial funding and that pre-planning and work definitions should be carefully developed. Amending a contract for unforeseen circumstances or an amendment that is very small relative to the original work are acceptable reasons. A good rule of thumb is that when amendments are above 50 percent of the original contract value, a new contract should be considered and its justification carefully documented; this does not mean that no contract may be amended above 50 percent of its original value if there is a good reason. However, when the other deliverables are distinct from the first one, then a new contract should be issued rather than an amendment. While overall, the compliance rates with Treasury Board and NRC policies and directives for amendments are high (ranging between 90 and 100 percent), there are two exceptions 2 of 24 amended contracts (eight percent) that were administered by ASPM. Each was awarded using a standing offer arrangement that was awarded by NRC to a single company using a competitive process that was approved by Treasury Board for the maintenance, renovation and minor construction work performed in the National Capital Region up to a value of $5.0 million annually. The standing offer agreement itself was treated as a contract which is contrary to PWGSC guidelines which state a separate contract is formed each time a call up for the provision of goods and services is made against a Standing Offer. At the time the purchase orders had been put in place for each, contracts for distinct services were established. One contract, issued on August 18, 2006 with an initial value of $38,076, was amended four times on the same day for a final value of $151,201. The second contract, issued on March 31, 2008 with an initial value of $5,628, was modified nine times over 8 days for a final value of $977,748 as of April 8, While this was done to streamline and reduce the costs of a high-volume, low-value payment process, in our opinion, this process gives the appearance of contract amendments that are not consistent with the Treasury Board Contracting Policy that indicates that contracts should be properly administered to avoid unanticipated amendments. The other six IBPs included in our sample used amendments appropriately for the remaining 22 construction contract amendments selected for detailed examination. In addition to the 40 contracts examined in the seven IBPs, we employed data mining techniques used to examine amendments, on a limited basis, for the whole of NRC for both and For construction contracts only, we found a total of 11 contracts in 2 of NRC s 32 IBPs that had an original value less than $25,000 which were amended on the same day or within 378 days. Most were increased significantly more than a 100 percent of their original value. Eight contracts were January

23 amended in less than 35 days of the original contract; four of these were amended either the same day or the next day. The risk occurs that these contracts may appear to be deliberately under valued in order to circumvent the $25,000 competitive threshold for competitive bidding; however, we found that only one of these contracts has not been competitively awarded. Other concerns pertain to the authority NRC has to amend contracts that exceed $200,000 in total. In accordance with Appendix C of the Treasury Board Contracting Policy, NRC may enter into a competitive construction contract awarded through the electronic bidding process if the amount does not exceed $6,000,000 and amend such contracts that are over $2,000,000 by up to 10 percent of the contract award. Construction contracts less than $2 million must follow Schedule I of Appendix C of the policy which requires Treasury Board approval for amendments exceeding $200,000. However, Schedule 1 of Appendix C of the policy does not provide contract value or amendment limits for construction contracts using electronic bidding. Many departments have therefore interpreted this as meaning that Treasury Board approval should be requested when the cumulative value of amendments exceed $200,000 for contracts that are less than $2 million. This would have required 3 of 11 construction contracts (27 percent) to have received Treasury Board s approval prior to making the amendments that cumulated over $200,000. However, it s recognized that the Treasury Board Contracting Policy is not entirely clear in this matter. Finally we have concerns for public reporting requirements of contracts greater than $10,000 under the Treasury Board Policy on Proactive Disclosure on Contracts over $10,000. Our analysis as noted above shows that amendments can within a very short timeframe increase over $10,000 but they have not been publicly reported. Seven of the 11 construction contracts that were amended had an original value less than $10,000 with final values ranging from $38,654 to $977,747. At the time of the audit, the policy only required contracts with an initial value of $10,000 or more to be reported and not those amended above that amount. The Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 is a recent government measure to ensure greater transparency of government contracts an area of public controversy from time to time in regard to the manner in which they are awarded among other things. The non-disclosure of non-competitive contractual arrangements which accumulate significantly above $10,000 may also have adverse reputational risks for NRC as it may give the appearance that IBPs are using amendments to avoid disclosing contracts. Revisions to the Treasury Board Policy are imminent which require as of September 1, 2008, the disclosure of all contracts including amendments above $10,000. January

24 Recommendation 2: Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. NRC Management Response: Agreed. We will obtain clarification from the Treasury Board Secretariat by January Ensuring Security Requirements Are Met The Treasury Board Contracting Policy requires that the provisions of the Government s Security Policy be applied to procurement contracts which require individuals undergo personnel screening processes if their duties or tasks necessitate access to classified or protected information and assets. None of the 31 contracts (0 percent) reviewed in which security screenings of contractors should have been undertaken met these requirements. For the purposes of this audit, security screenings were considered necessary where construction workers would information and assets. On January 24, 2008, a memorandum was sent to all NRC Directors General and IBP Finance Branch Officers providing guidance in regard to security requirements to those responsible for requisitioning contracts, Project Authorities and Procurement Officers. Specific instructions were provided to ensure that security requirements are addressed and risk mitigation procedures are established. As well, the purchase requisition form was modified to include a security block which must be completed and signed in all instances as evidence that the security requirements have been explicitly considered. Where a security requirement is identified, the Security Requirement Check List (SRCL) must be completed and sent with the purchase requisition to the Contracting Authority. Procurement Officers are required to include the appropriate security clauses in bid solicitation and contract documentation. All contracts that contain a security provision must be reviewed by the Procurement Officer and the Security Office. Once the contract is awarded, an SRCL with the names of the individuals are forwarded to the Security Office for security screening. However, we noted that 4 of the 33 purchase requisitions requiring security screenings were dated after January 24, Despite the fact that construction work January

25 for these four contracts took place inside NRC premises that have protected information and assets, the security requirements were not completed in accordance with the new guidelines. Problems with respect to security screenings can be addressed by more comprehensive communications of guidelines as well as a more rigorous monitoring regime with investigative capacity. Recommendations are made later in this report that pertain to both. The Need for Centralized Procurement Guidelines and Monitoring We found certain directives in the Guide to NRC Procurement Process Guide that were not applied in a consistent manner. As noted earlier in this report, these included sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements not applied, contracts with initial values less than $10,000 but later amended significantly with a day or two well above $10,000 that were not reported under Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 and other contract amendment irregularities. Assignment of contracting responsibility and procedural guidelines for contracting are detailed in the procurement guide which is available in electronic form on the ASPM Branch Material Management web-site. This document provides a procurement process map and includes information on the procurement process, roles and responsibilities from the creation of a purchase requisition to the payment of invoices. Additional information is available in four other manuals: (1) Financial Management Manual; (2) Procurement Reporting-User Guide for Data Entry; (3) Public Tenders Procedures; and (4) Invited Tenders Procedures. Electronic copies of the first two manuals are available although some sections of the Financial Management Manual are still in progress. The other two manuals are available in hard copy format only. Additional procurement information is also available to Procurement Officers on NRC s common drive (e.g., checklists, templates, and security documentation) and on the ASPM Material Management web-site (e.g., information on contracting, employeremployee relationships, contracting limits, security requirements). Clarification provided by ASPM Branch on the procurement process is currently done through s and training. There is no single, centralized procedures document for the procurement process. Our survey questionnaire and interviews indicated that some RMNOs and managers are not aware of the existence of some manuals which could help to explain non-compliance. January

26 Recommendation 3: Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements and contract amendments. NRC Management Response: Agreed. Our Material Management documentation needs to be updated and maintained in a central repository. Our Material Management Policy Manual currently exists in hard copy, not in electronic format. In order to implement these recommendations, we will assign resources as required in order to: Prepare policy documents; Update the Material Management Policy Manual; Implement a quality assurance process; Monitor contracting activities; Coordinate and respond to all audit enquiries and reports; and Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report. Consistent with generally accepted management control frameworks that reflect best practices, we expected to see quality assurance review activities of individual construction contract files as well as data analytics techniques being employed to monitor NRC s overall compliance with Government of Canada and NRC contracting policies and directives. These techniques can be used to detect irregularities, among others, with respect to contract splitting, identification of non-purchase order contracts and potentially inappropriate contract amendments. Our interviews and survey questionnaires indicate that ASMP Branch officials monitor and review contracting activities and processes, consult NRC Legal Services as required and review the report of contracts over $10,000 to ensure appropriate disclosure. Briefing notes, meetings and memos are used to communicate findings to Procurement Officers. January

27 We also confirmed that Finance Branch uses a risk-based approach in its review of invoices sent by ASPM Branch Invoice Clerks as part of the payment process. Features are integrated into Sigma to identify high-risk transactions including sensitive accounts and high-dollar payments which are automatically blocked for further prescribed review procedures before being released for payment. For all transactions, the general ledger codes are reviewed for reasonableness and FAA Section 34 approvals including signatures are verified. Discrepancies are followed up by Accounts Payable clerk with ASPM and IBPs as required. In , Finance Branch began planning the implementation of a Monitoring Unit that once fully operational will increase its regular sampling of expenditures. Despite these strengths, we noted two areas where on-going monitoring could be strengthened. Other than compliance audits currently undertaken by NRC Internal Audit, there is no formal, independent quality assurance program of contracting activities or data analytics to identify high risk contracts and / or improper construction contracting practices. ASPM Branch Monitoring Division work is limited at this time to ensuring sole source justifications are on file for contracts greater than $25,000 for which the competitive process was set aside. Our findings reveal that monitoring activities should be extended to include more rigorous verification of sole source awards, security screening requirements, contract award and construction commencement dates and amendments. Also of use would be to undertake data analytics for monitoring contract patterns and trends to aid in identifying high risk contracts and / or improper contracting practices such as potential contract splitting, inappropriate amendments or other irregularities. For example, during the course of our review, we undertook audit data mining techniques of non-purchase order transactions to identify potential construction contracts. We found that despite NRC directives that all contracts must be initiated with a purchase order, we noted that a significant number of leasehold improvements were being undertaken that did not have the benefit of ASPM Branch s input or controls - two leases valued at $968,000 in and Due to the fact they did not use purchase order requisitions as required by NRC directives, they have not be disclosed under the Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000. Recommendation 4: Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual construction procurement files on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that January

28 may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as leasehold improvements. NRC Management Response: Agreed. We will respond to these recommendations with an appropriate level of monitoring based on a determination of the best approach, and with consideration to the risk and available resources. The objective is to download the following activities to facilitate the implementation of audit recommendations: Determine the approach needed; Prepare policy documents; Update the Material Management Policy Manual; Implement a quality assurance process; Monitor contracting activities; Coordinate and respond to all audit enquiries and reports; and Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report. 3.2 Objective Two: To assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented. Overall Conclusion We found that of the eight recommendations made in the 2002 Internal Audit report Audit of Construction Contracting, seven recommendations have been fully addressed; the remaining recommendation is in the process of being implemented. Findings In 2002 an audit was undertaken to examine selected financial and managerial elements of construction contracts undertaken between 1999 and The audit January

29 included the examination of 32 construction contracts over $5,000 to determine the extent to which NRC construction projects complied with government contracting policies and key requirements. Overall, the audit observed that construction contracting processes at NRC were well managed, controlled and documented. However eight recommendations were noted including those to strengthen financial management controls. Given the amount of time that has elapsed since the last audit 8 ; we expected to find that all eight recommendations would have been implemented. Due to the amount of time that has passed, management assertion in part, had to be relied upon to confirm implementation. Further details of actions and measures undertaken are presented in Appendix B. Based on our discussions with management and examination of supporting documents, we noted that recommendations pertaining to the five recommendations listed below were immediately addressed and implemented in 2003: Exceeded Treasury Board contract authorities [recommendations and ]; Problems regarding internal delegated authorities and amendments including their ratification [recommendation 2.3.3]; Account verification procedures and controls [recommendation ]; NRC seek confirmation from the Treasury Board Secretariat where Finance Branch s interpretation of FAA Section 34 requirements differs from accepted federal government practices in order to ensure its interpretation complies with government policy and requirements [recommendation 2.5.8] and ASPM Branch and Finance Branch requirements assessments [recommendation 2.6.8]. The audit s recommendation that Finance Branch document its interpretation of FAA Section 34 responsibilities [recommendation 2.5.7] was addressed in 2007 and the first half of With regard to the recommendation that Finance Branch expand its verification procedures performed under its delegated payment authority (FAA Section 33) such as to provide greater assurance of the effectiveness of Section 34 account verification 8 Beginning with the NRC to Risk-Based Internal Audit Plan, NRC has made a commitment to follow-up formally on all audit reports approximately two years following their completion depending upon the level of risk presented. January

30 controls and procedures [recommendation ], much effort has been undertaken recently to install a Monitoring Unit within the Branch. Once the unit is fully staffed and operational (expected by March 2009), current sampling procedures vis-à-vis associated risks will be revisited. 4.0 Conclusion Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of the practices / processes in relation to construction contracting are in compliance but there are some opportunities for improvement 9. These areas for improvement include: sufficient documentation supporting non-competitive contract awards, timing of budget commitments and work commencement, management of contract amendments and security screenings of contractors who have access to protected information and assets. While we observed full compliance in many important areas, we found: several instances of construction work was performed prior to contract award; several instances where distinct services were repeatedly amended to existing contracts rather than issuing new contracts; one instance where Treasury Board approval was not obtained for a contract with cumulative amendments above the required Treasury Board threshold; a complete absence of security screenings for construction workers who would have had access to protected assets and information prior to NRC s new security directive put in place January 24, 2008 and several instances thereafter. Problems noted in last year s audit of contracts less than $25,000 regarding FAA Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities and in the earlier 2002 Audit of Construction Contracting are being addressed. Within the limitations of the audit procedures performed, we found that the procurement management control framework for construction contracts is adequate but some areas could be strengthened. NRC has established a procurement management control framework, including procurement processes and policies to mitigate procurement risks and to help ensure compliance with Government directives and policies. Construction contracts are essentially subject to the same management control framework as non-construction contracts; however, there are specific 9 See Appendix C for the list of potential overall ratings. January

31 directives and policies that are related only to construction. Five key components of the procurement management control framework that were examined included the control environment, control activities, risk assessment, information and communication and on-going monitoring. Some areas for improvements were observed. There is no single repository of guidance that consolidates all of the procurement policies and procedures to assist management and Procurement Officers in contracting. Various manuals on the procurement process are available either in hard or electronic formats. Some IBPs informed us that they were not aware of the existence of some manuals. Clarification of the procurement process provided by Administrative Services and Property Management Branch is currently done through s and training. Other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper construction contracting practices. Finally, we found that NRC management has fully implemented seven of the eight recommendations made in of the 2002 Audit of Construction Contracting. The recommendation pertaining to the expansion of verification of delegated authorities (FAA Section 33) is in progress and management reports it is on track to be fully operational by March Recommendations 1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). 2. Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. 3. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards, timing of contract commitments and January

32 commencement of contract work, security requirements and contract amendments. 4. Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual construction procurement files on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as leasehold improvements. The detailed management action plans that address these recommendations can be found in Appendix D. January

33 Appendix A: Audit Criteria and Detailed Findings No. Audit Criterion Findings /Compliance Rate Audit Objective 1: To provide assurance that NRC complies with the Government of Canada and NRC construction contracting policies and directives. 1. Requirements are defined prior to the bidding process on the MERX electronic bidding system or a limited tendering process. 100% (26/26) 1 2. Justifications of non competitive contract awards are appropriately documented and substantiated. 86% (6/7) 3. The ACAN defines the requirements or expected results of the contract; identifies the proposed contractor; provides the reason the contract should be issued; and includes an estimate of the cost of the proposed contract (if possible). 100% (2/2) 4. Call-ups against standing offers are within specified limits. 100% (5/5) 5. Standard Federal Government Construction Contracts are used for all construction contracts greater than $100, % (14/14) 1 During the course of the audit 40 construction contracts were reviewed of which: 26 were awarded following the MERX electronic bidding system or a limited tendering process; two were awarded following an Advanced Contract Award Notification (ACAN) by NRC; five were awarded using existing NRC or PWGSC Standing Offer Arrangements; and seven were sole sourced. January

34 No. Audit Criterion Findings /Compliance Rate 6. Public bid notices were issued for construction contracts bids over $60, % (24/24) 7. There is no evidence of contract splitting, i.e., contracts are awarded under the thresholds with amendments to increase the contracts over $25,000 or AIT, NAFTA and WTA thresholds. 100% (24/24) Data mining Techniques revealed 1 potential case of contract splitting in the 7 IBPs examined. 8. Documented evidence is on file that NRC Security verified the security clearance of contractor(s). 0% (0/31) 9. The contract is signed in accordance with NRC Financial Signing Authorities for Contracting. 100% (40/40) 10. Construction work commences only after the contract or the purchase order has been signed. 93% (37/40) 11. FAA Section 32 certification is made by the responsibility centre manager with budget responsibilities. 98% (39/40) January

35 No. Audit Criterion Findings /Compliance Rate 12. FAA Section 32 certification in accordance with NRC s Financial Signing Authorities for Expenditure Initiation at the time of the audit. 100% (40/40) 13. Amendments are justified and in the best interest of the government and are for an actual change in the scope of work. 92% (22/24) 14. Contract amendments are within the levels identified in Appendix C of the Treasury Board Contracting Policy. 100% (24/24) 15. The contract amendment is ratified by the contractor. 90% (18/20) 2 16 There is evidence of appropriate monitoring and evaluation of contract performance. 100% (39/39) Documentation is in the file (e.g., progress report update and statutory declaration) to support that construction services were provided in accordance with the contract terms. 98% (39/40) 2 Only 20 contracts of 24 required rectification by the contractor because amendments to standing offer call-ups do not require that contractors provide their signature. 3 At the time of the audit, no invoices had yet been received for one contract. January

36 No. Audit Criterion Findings /Compliance Rate 18. FAA Section 34 certification by the responsibility centre manager with budget responsibilities. 95% (38/40) 19. FAA Section 34 certification is in accordance with NRC s Financial Signing Authorities for Performance Certification at the time of the audit. 100% (40/40) 20. The Project Completion Certificate and Contract Payment Certificate are signed by ASPM Branch prior to releasing the holdbacks. 100% (16/16) January

37 Appendix B: 2002 Audit Recommendations and 2008 Follow-up Audit Findings 2002 Audit Recommendations Status of Recommendations 2008 Follow-up Audit Findings Audit Objective 2: To assess the degree to which the recommendations and management action plans identified in the 2002 Audit of Construction Contracting have been implemented We recommend that the NRC contracting authority the Administrative Services and Property Management Branch (ASPM) seek ratification from Treasury Board of the above noted contracts and contract amendments. (Note: This recommendation was made with respect to four contracts that were found to have exceeded NRC s delegated authority) We recommend also that the ASPM Branch review its contracting processes and controls in order to minimize possible oversights with respect to awarding contracts without the required TBS approvals We recommend that ASPM reviews its current contracting procedures and practices with respect to the issues noted. (Note: This recommendation was made with respect to contractors ratifying amendments, internal delegated authorities being exceeded and appropriate documentation to support amendments). Yes Implemented 2003 Yes Implemented 2003 Yes Implemented 2003 Following verification with Treasury Board, only one of the four contracts identified required NRC complete a formal submission. Treasury Board approval was confirmed as having been received on May 15, Management informed us that meetings were held with senior Procurement Officers; the authorities were explained and discussed. Exact dates were not provided as to when the meetings occurred. According to management, the following actions were undertaken: Training sessions / meetings were held with senior Procurement Officers to review the contracting process; Senior Contracting Authorities began reviewing invoices to ensure appropriate approvals prior to payments and continue to do so; and An Invoice Payment Checklist was developed and continues to be used. January

38 2002 Audit Recommendations Status of Recommendations 2008 Follow-up Audit Findings Exact dates were not provided as to when these actions were put in place We recommend that the Finance Branch, in collaboration with ASPM Branch, performs a detailed assessment of the current system of account verification procedures and controls. The goal of this assessment would be to help determine where and how existing procedures and controls should be strengthened We recommend that the Finance Branch expand its verification procedures performed under its delegated payment authority (FAA section 33), such as to provide greater assurance of the effectiveness of section 34 account verification controls and procedures. Yes Implemented 2003 In-Progress Full Implementation expected by March 2009 ASPM Based upon their assessment, ASPM reorganized its Procurement Group to ensure a better segregation of duties; it now reports to Invoice Payment Supervisors that were hired as evidenced by the ASPM organizational chart. As per the NRC Guide to Procurement Process, prior to payments, invoice clerks perform account verification procedures including: matching and verifying the invoice to the purchase order or contract; ensuring costs conform to prices, quantities and specifications in the contract; verifying all terms and conditions of the contract have been met; applying applicable discounts and holdbacks; confirming the invoice was not previously paid; and ensuring the invoice was approved by the appropriate FAA Section 34 delegated authority. Using a risk-based approach, Finance Branch reviews invoices sent by the ASPM Branch Invoice Clerks as part of the payment process. High-risk transactions are identified for further review as outlined in written procedures. There are also system blocks in Sigma which flag requests for payment over $50,000 for further review. According to management, statistical sampling was implemented in following the 2002 audit of construction contracts in order to verify FAA Section 32 and 34 at nine institutes; however, the practice was discontinued in Efforts to implement a Monitoring Division began in earnest in , which will be responsible, among other things, for January

39 2002 Audit Recommendations Status of Recommendations 2008 Follow-up Audit Findings reviewing transactions on a statistical sampling basis. A full time Monitoring Officer was also assigned to the team in the summer 2007 as well as a Statistical Sampling Officer who was hired in fall A competitive process to employ a Monitoring Division Director is currently in process. Sampling software has been purchased for these purposes, and associated training completed. Sampling has begun using an NRC-wide random sampling approach. However, NRC management has indicated that once the Unit is fully staffed and operational, regular sampling of expenditures will be reviewed and the associated risk assessment process will be revisited We recommend that Finance Branch document its interpretation of section 34 responsibilities and requirements. Approved policy and procedures pertaining to the exercise of delegated financial authorities should be communicated. Yes Implemented 2007 A memorandum dated October 31, 2007 was sent to all employees from NRC s President informing them of the importance of compliance with the FAA. Beginning June 2007, Budget Managers are required to certify by their signature that funds are available and to commit funds under FAA Section 32. Starting in June 2008, for invoices less than $25,000, Budget Managers can electronically provide their FAA Section 34 certifications that goods or services have been received and that invoices can be approved for payment. Invoices greater than $25,000 still require that Budget Managers certify FAA Section 34 by their signature. Mandatory financial delegation authorities training has been implemented for all Budget Managers and Budget Holders. All IBP s have been visited by Finance Branch and offered training. New employees with financial signing authority are trained on an ongoing basis. January

40 2002 Audit Recommendations Status of Recommendations 2008 Follow-up Audit Findings Where Finance Branch s interpretation of section 34 requirements differs from accepted federal government practices; it should seek confirmation from the Treasury Board Secretariat (TBS) that its interpretation complies with government policy and requirements We recommend that ASPM and Finance branches perform a thorough assessment of policy and procedures requirements within their respective areas of responsibility. Yes December 2008 Continuous beginning 2002 NRC Finance Branch obtained confirmation from the Financial Authorities and Regulations sector of the Office of the Comptroller General Treasury Board Secretariat through discussions conducted in December Work commenced in 2002 to update policies and procedures, e.g., documents How to Request Goods and Services (addressing requisitioning, contracting, receipt and payment of goods and services along with a flow chart of the process) and Terms and Conditions for Invited Tenders were both updated in early Both ASPM Branch and Finance Branch have stated commitments to continue their efforts in updating other reference documents as well as ensuring their respective policies are consistent and comprehensive. For example, Desktop procedures for all aspects of the finance function have been established and are available through the On-Demand tool. Finance Branch, as part of its business plan, has committed to review all of its policies and procedures over the next three years (33% per year) - targeting the most contentious in the first year. It has also committed to document and communicate best practices related to financial management and processes across all IBPs. January

41 Appendix C: Overall Potential Ratings Management Attention Required significant issues exist that require management s attention. Needs Improvement some areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to construction contracts but many deficiencies exist. Adequate most of the areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to construction contracts but there are opportunities for improvement. Strong all areas of practices / processes are in compliance with Government of Canada and NRC policies and directives pertaining to construction contracts. No areas for improvement were identified. January

42 Appendix D: Management Action Plan Audit Recommendations Corrective Management Action Plan Expected Implementation Responsible NRC Contact 1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). Agreed. Construction contracts are rarely sole source as a result of patent or copyright requirements. Regardless, if a sole source cannot be clearly documented or where there is doubt that there is only one supplier, a Procurement Officer will post an ACAN. Where there is no doubt, that only one supplier exists, the rationale will be fully documented and include supporting documentation. If it cannot be fully documented, an ACAN will be posted. December 2008 Head, Services and Construction Contracting, Administrative Services and Property Management 2. Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. Agreed. We will obtain clarification from the Treasury Board Secretariat. January 2009 Head, Services and Construction Contracting, Administrative Services and Property Management 3. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are Agreed. Our Material Management documentation needs to be updated and maintained in a central repository. The Material Management Policy Manual currently exists in hard copy, not in electronic format. In order to implement these recommendations, we will assign resources as required in order Contingent on SEC approval of our staffing request per our Business Plan, commence staffing process in April 2009, have resource on-board by September Manager, Material Management, Administrative Services and Property Management January

43 Audit Recommendations Corrective Management Action Plan Expected Implementation Responsible NRC Contact currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where noncompliance was found to be an issue, specifically with respect to sufficient documentation supporting noncompetitive contract awards, timing of contract commitments and commencement of contract work, security requirements and contract amendments. to: Prepare policy documents. Update the Material Management Policy Manual; Implement a quality assurance process. Monitor contracting activities; Coordinate and respond to all audit enquiries and reports; and Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report. Commence with implementation of Recommendations 3 and 4 in September Complete Material Management Policy Manual update and centralization of documents by September Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual construction procurement files on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract amendments, contract splitting and non-purchase order transactions as well as leasehold improvements. Agreed. We will respond to these recommendations with an appropriate level of monitoring based on a determination of the best approach, and with consideration to the risk and available resources. The objective is to download the following activities to facilitate the implementation of audit recommendations: Determine the approach needed; Prepare policy documents; Update MM policy manual; Implement a quality assurance process; Monitor contracting activities; Coordinate and respond to all audit enquiries and reports; and Coordinate all Material Management Contingent on SEC approval of Commence with implementation of Recommendations 3 & 4 in September Complete Material Management Policy Manual update and centralization of documents by September Manager, Material Management, Administrative Services and Property Management January

44 Audit Recommendations Corrective Management Action Plan Expected Implementation Responsible NRC Contact reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report. January

45 Appendix E: Glossary List of Abbreviations ACAN Advance Contract Award Notice AIT Agreement on Internal trade ASPM Administrative Services and Property Management (Branch) CA Chartered Accountant CIA Certified Internal Auditor CMA Certified Management Accountant IBP Institute, Branch or Program FAA Financial Administration Act MERX MERX is an Internet-based electronic tendering system that advertises government contracting opportunities to potential bidders across Canada. NCR National Capital Region NRC National Research Council Canada NAFTA North American Free Trade Agreement PWGSC Public Works and Government Services Canada RMMO Regional Material Management Offices SRCL Security Requirement Check List WTA World Trade Agreemen January

46