Audit of Construction Contracts

Transcription

1 National Research Council Canada Audit of Construction Contracts Internal Audit, NRC January 2009

2

3 TABLE OF CONTENTS 1.0 Executive Summary Introduction Background and context About the audit Audit Findings Audit Objective One: to provide assurance that NRC complies with the Government of Canada and NRC construction contracting policies and directives Objective Two: To assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented Conclusion Appendix A: Audit Criteria and Detailed Findings Appendix B: 2002 Audit Recommendations and 2008 Follow-up Audit Findings Appendix C: Overall Potential Ratings Appendix D: Management Action Plan Appendix E: Glossary January 2009 i

4

5 1.0 Executive Summary Background This audit report presents the findings of the National Research Council (NRC) of Canada s Audit of Construction Contracts which includes a follow-up to the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting. The decision to conduct this audit was approved by the President following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007, as part of the NRC to Risk-Based Internal Audit Plan. Under the plan, contracts greater than $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. However, due to their unique nature and relatively lower overall expenditures, construction contracts are excluded from the annual compliance work and continue to be audited over a fiveyear audit cycle. Expenditures for construction contracts were $17.8 million in and $20.5 million in Audit objective, scope and methodology There were two audit objectives. The first objective was to provide assurance that NRC complies with Government of Canada and NRC construction contracting policies and directives. As such, detailed audit procedures were performed on construction contracts undertaken in and in order to make this determination. This audit objective also allowed us to make observations with respect to the extent to which NRC contracting directives and policies correspond to the Treasury Board requirements as well as the adequacy of the procurement management control framework established by NRC for construction contracts. The second audit objective was to assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented. An NRC-wide approach was used for sampling which allowed for an examination of construction contracts that are managed by NRC s Administrative Services and Property Management (ASPM) Branch as well as by the Regional Material Management Offices (RMMOs). It was determined that a sample of 20 construction contracts for each fiscal year for a total of 40 contracts selected on the basis of risk would be sufficiently robust to determine whether there are any systemic issues with respect to construction contracting. This involved examining practices in seven of NRC s 32 institutes, branches and programs (IBPs). January

6 The audit was conducted using a series of detailed audit criterion that addressed the audit objectives, against which we drew our observations, assessments and conclusions. These audit criteria, presented in Appendix A, are primarily derived from the Treasury Board Policy Contracting Policy, Policy on Delegation of Authorities, Policy on Investment Planning and Policy on the Management of Projects as well as the Financial Administration Act (FAA). The recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting that we followed-up on their implementation can be found in Appendix B. Audit opinion and statement of assurance Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process are in compliance for construction contracts but there are some opportunities for improvement. These areas for improvement include: sufficient documentation supporting non-competitive contract awards, timing of budget commitments and work commencement, management of contract amendments and security screenings of contractors who have access to protected information and assets. Within the limitations of the audit procedures performed, we found that the procurement management control framework for construction contracting is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and performing data analytics of contract patterns and trends as part of more rigorous monitoring activities. Finally, we found that NRC management has fully implemented seven of the eight recommendations made in of the 2002 Internal Audit report Audit of Construction Contracting. The recommendation pertaining to the expansion of verification of delegated authorities (FAA Section 33) is in progress and management reports it is on track to be fully operational by March In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on a comparison of the situations as they existed at the time against the audit criteria. The evidence was gathered in accordance with the Treasury Board Policy, directives and standards on Internal Audit, and the procedures used to meet the professional standards of the Institute of Internal Auditors. January

7 Conclusions and recommendations Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process for construction contracts are in compliance but there are some opportunities for improvement 1. These areas for improvement include: sufficient documentation supporting non-competitive contract awards, timing of budget commitments and work commencement, management of contract amendments and security screenings of contractors who have access to protected information and assets. While we observed full compliance in many important areas, we found: several instances of construction work was performed prior to contract award; several instances where distinct services were repeatedly amended to existing contracts rather than issuing new contracts; one instance where Treasury Board approval was not obtained for a contract with cumulative amendments above the required Treasury Board threshold; a complete absence of security screenings for construction workers who would have had access to protected assets and information prior to NRC s new security directive put in place January 24, 2008 and several instances thereafter. Problems noted in last year s audit of contracts less than $25,000 regarding FAA Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities and in the earlier 2002 Audit of Construction Contracting are being addressed. Within the limitations of the audit procedures performed, we found that the procurement management control framework for construction contracts is adequate but some areas could be strengthened. NRC has established a procurement management control framework, including procurement processes and policies to mitigate procurement risks and to help ensure compliance with Government directives and policies. Construction contracts are essentially subject to the same management control framework as non-construction contracts; however, there are specific directives and policies that are related only to construction. Five key components of the procurement management control framework that were examined included the control environment, control activities, risk assessment, information and communication and on-going monitoring. Some areas for improvements were observed. There is no single repository of guidance that consolidates all of the procurement policies and procedures to assist management and Procurement Officers in contracting. Various manuals on the procurement process are available either in hard or electronic formats. Some IBPs informed us that they were not aware of the existence of some manuals. Clarification of the procurement process provided by Administrative Services and Property Management Branch is currently done 1 See Appendix C for the list of potential overall ratings. January

8 through s and training. Other than NRC Internal Audit compliance audits currently undertaken, there is no formal Quality Assurance Program performed by an independent unit of contracting activities or data analytics to identify high risk contracts and / or improper construction contracting practices. Finally, we found that NRC management has fully implemented seven of the eight recommendations made in of the 2002 Internal Audit report Audit of Construction Contracting. The recommendation pertaining to the expansion of verification of delegated authorities (FAA Section 33) is in progress and management reports it is on track to be fully operational by March Recommendations 1. Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). 2. Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. 3. Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements and contract amendments. 4. Administrative Services and Property Management Branch should undertake more rigorous monitoring activities to include a comprehensive quality assurance review of individual construction procurement files on a sampling basis and adopt data analytics to monitor contracting patterns and trends that indicate procurement activities that may not be in accordance with the Government of Canada and NRC policies and directives. Data analytics should include, but not limited to, contract January

9 amendments, contract splitting and non-purchase order transactions as well as leasehold improvements. The detailed management action plans that address these recommendations can be found in Appendix D. Jayne Hinchliff-Milne, CMA, Chief Audit Executive NRC Audit Team Members 2 : Jean Paradis, CA, CIA, Audit Manager 2 The NRC audit team was supplemented by a team of experienced auditors that were contracted to conduct the audit work. January

10 2.0 Introduction 2.1 Background and context Following the recommendation of the Audit, Evaluation and Risk Management Committee on June 27, 2007, NRC s President approved this audit of Construction Contracts as part of the NRC to Risk-Based Internal Audit Plan. Under the plan, contracts greater than $25,000 and contracts less than $25,000 are audited in alternate years given that the procedures are substantially different for these two broad categories. However, due to their unique nature and relatively lower overall expenditures, construction contracts are excluded from the annual compliance work and continue to be audited over a five-year audit cycle. Several Government of Canada regulations and policies govern how NRC must contract construction contracts. Government procurement is highly regulated and is based on a strong policy framework, including but not limited to the Treasury Board Contracting Policy, the Financial Administration Act (FAA), the North American Free Trade Agreement (NAFTA), the Agreement on Internal Trade (AIT) and the World Trade Organization Agreement on Government Procurement (WTA). The Treasury Board Policy on Investment Planning and the Policy on the Management of Projects provide directives that impact the planning, management and contracting of large construction projects. There are no special contracting provisions resulting from NRC s status as a departmental corporation. Like other government departments, NRC has in place construction procurement and contracting policies that NRC employees must follow. It is within the authority of each department to establish its own policies and guidelines as long as they continue to comply with the government established policies and guidelines. In other words, departments can define policies that are more restrictive than government policies but not the reverse. NRC s Management Control Framework for Construction Contracts Being the leading resource for science and technology development and commercialization, capital projects play an important role in NRC s strategic plan. NRC s Long term Capital Plan to includes a Recapitalization Program with planned expenditures for existing buildings to address building reinvestment requirements. NRC has 188 buildings of which two-thirds were built more than 30 years ago. The Plan also includes capital initiatives such as additions January

11 and alterations to existing buildings and facilities to address new program requirements and acquisitions and / or construction of new facilities to support NRC s current or future research activities. Expenditures for construction contracts were $17.8 million in and $20.5 million in totaling $38.3 million for both years as shown below in Exhibit 1. In accordance with government policy and directives, NRC has full contracting authority for construction projects up to $6 million. ASPM Branch is responsible to provide functional direction and guidance on contracting architectural and engineering services, construction, repairs, renovations and restorations for all of NRC. IBPs that require these services must contact the Construction Contracting Office to discuss their requirements and best approach to take for achieving them. Exhibit 1 Categories, Value and Number of Construction Contracts April 1, 2006 to March 31, Categories of Construction Contracts Contract Value ($) Percentage ($) Number of Contracts Percentage (#) Average Value ($) Less than $25,000 $2,738,239 7% % $7,302 Between $25,000 and $60,000 $2,944,883 8% 71 12% $41,477 Between $60,000 and $100,000 $4,821,908 13% 62 10% $77,773 Over $100,000 $27,837,508 72% 96 16% $289,974 Total $38,342, % % $63,481 As shown in Exhibit 2 below, contracting authority has been delegated to procurement staff in ASPM Branch and in the RMMOs within specific thresholds. The RMMOs have contracting authority that is limited to $60,000 for construction contracts but they as well as ASPM have a requirement to issue a Public Bid Notice when it s above $60,000. Both ASPM and RMMO Procurement Officers can contract directly with some suppliers through call-ups against standing offers. Standing offers are 3 There were no major fluctuations or differences between the two fiscal years. January

12 agreements that have been pre-negotiated by PWGSC or by NRC Procurement Services for specialized services. The call-up limit varies for each standing offers in accordance with their terms. The Treasury Board Contracting Policy threshold allows the competitive process to be set aside for estimated contracting expenditures under $25,000. Construction Contracts valued at $100,000 or greater must use the Standard Federal Government Construction Contract template as per the Treasury Board Contracting Policy as well as electronic bidding for construction contracts as required by the Agreement on Internal Trade. Exhibit 2 NRC Construction Contracting Authorities ASPM RMMO PWGSC Construction Contracts Less than $25,000 Call-ups against NRC or PWGSC Standing Offers ($ limits vary by standing offer) Construction Contracts less than $60,000 (NCR) (NCR) (NCR) Construction Contracts between $60,000 and $100,000 (Requirement to issue a Public Bid Notice) Construction Contracts between $100,000 and $6 million (Requirement to use Standard Federal Government Construction Contract Template and Public Bid Notice) Construction Contracts greater than $6 million (Requirement to issue a Public Bid Notice) (NCR) January

13 2.2 About the audit Objectives There were two audit objectives. The first objective was to perform detailed audit procedures on construction contracts undertaken in and in order to conclude whether NRC construction contracts comply with Government of Canada and NRC contracting policies and directives. This audit objective also allowed us to make observations with respect to the extent to which NRC contracting directives and policies correspond to the Treasury Board requirements as well as the adequacy of the procurement management control framework established by NRC for construction contracts. The second audit objective was to assess the degree to which the recommendations and management action plans identified in the 2002 Internal Audit report Audit of Construction Contracting have been implemented. A risk-based approach was used to determine the audit objectives as well as the audit criteria. Key issues and risks relating to construction procurement were considered to prioritize specific audit activities and to focus on areas of greatest importance. Scope The scope of the first audit objective consisted of NRC construction transactions that were undertaken in fiscal years and Construction contracts, as defined by the Treasury Board Contracting Policy are contracts entered into for the construction, repair, renovation or restoration of any work except a vessel and includes: 1) a contract for the supply and creation of a prefabricated structure; 2) a contract for dredging; 3) a contract for demolition; or 4) a contract for the hire of equipment to be used in or incidentally to the execution of any contract referred to in this definition. Accordingly, architectural and engineering service contracts which pertain to the provision of services in respect of the planning, design, preparation or supervision of the construction, repair, renovation or restoration of a work, are not considered construction contracts. Rather, they are service contracts which have an opportunity for audit as part of the annual compliance audits on contracts less than $25,000 and contracts greater than $25,000 which are audited in alternate years. An NRC-wide approach was used for sampling which allowed for an examination of construction contracts that are managed by NRC s Administrative Services and Property Management (ASPM) Branch as well as by the Regional Material Management Offices (RMMOs). It was determined that a sample of 20 construction contracts for each fiscal year for a total of 40 contracts selected on the basis of risk would be sufficiently robust to determine whether there are any systemic issues with January

14 respect to construction contracting. This involved examining practices in seven of NRC s 32 institutes, branches and programs (IBPs). Those contracts selected for audit are shown below in Exhibit 3 by category of construction contract and region. The audit field work was conducted in two stages. The first stage covering the transactions for fiscal year took place from February 25 to March 31, The second phase covering fiscal year took place from June 2 to July 31, The scope of the second audit objective consisted of determining the current implementation status with respect to eight recommendations identified in the 2002 Internal Audit report Audit of Construction Contracting and related action plan proposed by management as presented in Appendix B. Exhibit and Transactions Sampled by Category of Construction Contract and Region Categories of Construction Contracts Number of Contracts Reviewed NCR Outside NCR Less than $25, Between $25,000 and $60, Between $60,000 and $100, Over $100, Over $6 million 0 0 Total Approach and Methodology With respect to confirming construction contracts comply with Government of Canada and NRC policies and directives, a risk-based approach was used whereby 75 percent of the contracts selected were higher dollar value contracts valued over $60,000 and 25 percent from construction contracts administered by the regional IBPs January

15 valued at less than $60,000. Within each category (over and below $60,000), the individual contracts selected for audit were identified using a risk-based approach whereby 60 percent of the sample was selected from construction contracts with a higher probability of risk (e.g., higher dollar value, more frequent amendments and / or non competitively awarded) and 40 percent of the sample was selected from contracts that were considered to have a lower probability of risk. This resulted in seven IBPs being selected for audit ranging from 24 contracts administered by Administrative Services and Property Management Branch and 26 contracts from six IBPs ranging from two to four contracts each. Interviews were conducted with key personnel in order to examine program processes, procedures and practices. These included managers and staff in Administrative Services and Property Management Branch, Finance Branch and the five IBPs selected for audit. We reviewed relevant program documentation which included, but was not limited to, Treasury Board and NRC policies and guidelines visà-vis the detailed transactions recorded in the paper files and electronically in SIGMA NRC s integrated management information system (based on SAP) that is used to collect financial, human resources, payroll, asset and real property information. Data mining techniques were also employed to detect, among other things, risks for NRC as a whole as well as evidence of potential contract splitting. In order to determine the adequacy of the procurement management control framework, we compared NRC s framework against defined criteria for five key components that can be found in the control models developed by the Canadian Institute of Chartered Accountants (CoCo Criteria of Control) and by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (Internal Control Integrated Framework, Enterprise Risk Management Integrated Framework). These components included the control environment, control activities, risk assessment, information and communication, and on-going monitoring. Information used to assess the adequacy of the procurement management control framework was obtained from, among other things, survey questionnaires completed by ASPM Branch representatives, RMMO Procurement Officers and IBP Budget Managers as well a review of available relevant documents. The audit was conducted using a series of detailed audit criteria that addressed the audit objective, against which we drew our observations, assessments and conclusions. Prior to finalizing the audit criteria, process control flowcharts were prepared and walkthroughs of several transactions for construction contracts were conducted to assess the areas of greatest risk. These audit criteria, presented in Appendix A, are primarily derived from the Treasury Board Contracting Policy, Policy on Delegation of Authorities, Policy on Investment Planning and Policy on the Management of Projects as well as the Financial Administration Act (FAA). January

16 With respect to the follow-up to the 2002 audit recommendations, a questionnaire was sent to ASPM and the Finance Branch to obtain their comments on the status of the action plans in respect to the recommendations noted in the 2002 Internal Audit report Audit of Construction Contracting. Documents were examined in support of the implementation of the recommendations and interviews were conducted with managers as needed. The recommendations made in the earlier audit are detailed in Appendix B. 3.0 Audit Findings 3.1 Audit Objective One: to provide assurance that NRC complies with the Government of Canada and NRC construction contracting policies and directives Overall Conclusion Within the limitations of the samples and the audit procedures performed, we conclude that overall the application of the Government of Canada and NRC construction contracting policies and directives is adequate in that most areas of practice / process for construction contracts are in compliance but there are some opportunities for improvement 4. These areas for improvement include: Sufficient documentation supporting non-competitive contract awards; Timing of budget commitments and work commencement; Management of contract amendments; Security screenings of contractors; and Centralized procurement guidelines and monitoring. We also found that the procurement management control framework for construction contracting is adequate but some areas could be strengthened. These areas include centralizing procurement procedural guidance into a single source document and 4 See Appendix C for the list of potential overall ratings. January

17 performing data analytics of contract patterns and trends as part of more rigorous monitoring activities. Detailed findings for the entire sample of transactions by audit criterion can be found in Appendix A. Findings The audit team noted a number of significant strengths with respect to compliance with government and NRC policies and directives for construction contracts. These included very high compliance rates for the following: Financial Administration Act Section 32 and 34 approvals were correctly obtained (39 of 40 contracts (98 percent ) for FAA 32; and 38 of 40 contracts (95 percent) for FAA 34); For competitive contracts, requirements were defined prior to the bidding process and sufficient documentation on the competitive process was present (26 of 26 competitive contracts; 100 percent); There was no evidence of contract splitting (24 of 24; 100 percent) contract amendments and 1 potential case found through data mining of all transactions for the seven IBPs examined); The Standard Federal Government Construction Contract template was used for construction contracts greater than $100,000 (14 of 14 contracts; 100 percent) and public bid notices were issued for construction contracts over $60,000 (24 of 24 contracts; 100 percent); Project Completion Certificates and Contract Payment Certificates were completed prior to releasing holdbacks (16 of 16 contracts; 100 percent); There is evidence contracts received appropriate monitoring and evaluation of performance (39 of 39 5 contracts; 100 percent); and There is evidence construction services were provided in accordance with the contract (39 of 40 contracts; 98 percent). 5 At the time of the audit, one construction contract had not yet been completed; hence a completion certificate would not have been applicable. January

18 Appropriate FAA Section 32 and 34 approvals Key government controls for procuring, verifying and paying for purchases rest with FAA Section 32, 34, and 33 approvals. These three sections require the following: That funds be available and committed for the purchase (Section 32); That verification of the purchase of goods or services had been performed, supplied, or rendered, and the price was as stated in the contract and that the person with delegated financial authority certifies (via signature) that the verification has been completed (Section 34); and That no payment for a purchase be made unless it has been properly requisitioned and certified (Section 33). In accordance with the Treasury Board Policy on Delegation of Authorities, we expected to find that NRC has delegated spending authority to responsibility centre managers in relation to their budgetary responsibilities in order to ensure they have adequate authority and full responsibility for their decisions. The policy also makes provisions for the use of central staff to record commitments and confirm price and performance in conformance with Sections 32 and 34 of the FAA when this is more effective and economical or in support of the manager who has budgetary responsibility. NRC s delegation document, Financial Signing Authorities, makes use of these provisions by delegating this authority, among others, to Invoice Clerks. However, in our opinion this does not negate the necessity to have an adequate audit trail that can be traced back to the responsibility centre manager with budgetary responsibilities for these expenditures. We limited our expectations to verifying that in the absence of responsibility centre managers exercising their authority electronically in Sigma to some form of written communications from them such as an or a signed purchase requisition or invoice. Last year s Internal Audit report Limited Annual Assurance Compliance Audit - Contracts under $25,000 and Acquisition Card Purchases for transactions provided recommendations in regards to FAA Sections 32 and 34 certifications indicating that there needs to be a verifiable link to the actual Budget Holder with budgetary responsibilities. At the time of the current audit, we found evidence that these issues are being addressed. Internal memos have been provided to personnel by ASPM Branch and Finance Branch stating the importance of FAA controls and detailing specific procedures; as well, financial delegation training was provided to all staff who have budget responsibilities. We also observed that responsibility centre managers as of June 2008 are required to provide their approval electronically for FAA Section 34 certifications that goods or services have been received and that January

19 invoices can be approved for payment. Invoices greater than $25,000 have always required that responsibility centre managers certify FAA Section 34 by their signature. With respect to FAA Section 32, we observed that purchase requisitions were approved by delegated responsibility centre managers in accordance with NRC directives. Only one purchase requisition was not verified by the delegated responsibility centre manager. With respect to FAA Section 34, we observed that only two of 40 invoices (5 percent) in two of seven IBPs examined were not certified by the delegated responsibility centre managers both of which were approved solely by centralized invoice clerks in accordance with NRC directives. Finance Branch in consultation with ASPM and Treasury Board will continue its ongoing review of processes for verifying internal practices pertaining to FAA Section 32 and 34 with due regard for associated risks. Sufficient Documentation Supporting Non-Competitive Contract Awards During the course of the audit, 40 construction contracts were reviewed of which 33 were competitively awarded either through the MERX electronic bidding system or a limited tendering process (26), by advertising the proposed award through Advance Contract Award Notices (2) or by using existing PWGSC or NRC Standing Offer Arrangements (5). The remaining 7 contracts were sole sourced, i.e., not subjected to a competitive process. 6 The Treasury Board Contracting Policy allows for four exceptions to set aside the competitive process. They are: 1. The need is one of pressing emergency in which delay would be injurious to the public interest; 2. the estimated expenditure does not exceed $25,000, $40,000 7, where the contract is for the acquisition of architectural, engineering and other services required in respect of the planning, 6 In order to address areas of greatest risk, the sample selected was deliberately skewed to ensure a higher representation of sole sourced construction contracts than normally incurred. The actual distribution of sole sourced construction contracts for NRC in and was only eight percent. 7 The Treasury Board Contracting Policy Section b. second paragraph normally identifies this as $100,000; however, for NRC this amount is $40,000. January

20 design, preparation or supervision of the construction, repair, renovation or restoration of a work, or $100,000 where the contract is to be entered into by the member of the Queen s Privy Council of Canada responsible for the Canadian International Development Agency and is for the acquisition of architectural, engineering or other services required in respect of the planning, design, preparation or supervision of an international development assistance program or project; 3. the nature of the work is such that it would not be in the public interest to solicit bids; or 4. only one person is capable of performing the contract. Justification for any use of the four exceptions to the bidding requirement must be fully documented. Of the seven contracts sampled that did not use a competitive process, the documentation on file sited that only one person was capable of performing the contract. The policy and guidelines are clear that setting aside the competitive bidding process for this reason should not be used because a proposed contractor is the only one known to management. This exception is quite definitive and should only be used where patent or copyright requirements or technical compatibility factors and technological expertise suggest only one contractor exists. In these instances, the contract authority is encouraged whenever possible to advertise the proposed award through an Advance Contract Award Notification (ACAN). If no statement of capabilities meeting the requirements set out in the ACAN are received within 15 calendar days, the proposed contract is deemed to be competitive and may be awarded. Of those construction contracts that were sole sourced, we found that one of seven (14 percent) contracts in one IBP provided a justification on file that was not supported by sufficient documentation that only one person is capable of performing the contract. It was approved by Treasury Board and therefore one can make a logical conclusion that appropriate justification was provided; however, there was no documentation on file to support that assumption. These sole sourced contracts had original values that were under $25,000 (five), Treasury Board approval (one) or had technology compatibility issues that were only available at the contracted firm (one). January

21 Recommendation 1: Except where patent or copyright requirements or where technical compatibility issues can be clearly documented and there is no doubt there is only one supplier, Procurement Officers should advertise proposed sole source contract awards greater than $25,000 through an Advanced Contract Award Notice (ACAN). NRC Management Response: Agreed. Construction contracts are rarely sole source as a result of patent or copyright requirements. Regardless, if a sole source cannot be clearly documented or where there is doubt that there is only one supplier, a Procurement Officer will post an ACAN. Where there is no doubt, that only one supplier exists, the rationale will be fully documented and include supporting documentation. If it cannot be fully documented, an ACAN will be posted. Timing of Budget Commitments and Contract Commencement We observed in three regional of seven IBPs examined where work for three of 40 contracts (seven percent) was performed prior to the contract being signed. We were informed by ASPM Branch and observed that certain purchase requisitions for construction contracts were created at the time or a few days prior to the contract being issued; therefore, contracting activities took place prior to the commitments being recorded. Section 32 of the Financial Administration Act indicates that no contract should be entered into unless there is a sufficient unencumbered balance available. Furthermore, records of commitments should be maintained. If several commitments are unrecorded, management will not have complete information to be able to confirm funds will be available when invoices for payment are received and that NRC will be legally obligated to pay. Management informed us this practice has rarely, if ever, resulted in the cancellation of a requirement due to insufficient funds. While we were not able to confirm this assertion, we did not find any instances where this occurred. Problems with respect to the timing of budget commitments and work commencing before contracts are signed can be addressed by more comprehensive communications of guidelines as well as more rigorous monitoring regime with investigative capacity. Recommendations are made later in this report that pertain to both. January

22 Management of Contract Amendments The Treasury Board Contracting Policy indicates contracts should be properly administered to avoid unanticipated amendments except to change the scope of the initial work. Every effort should be made to avoid inadequate initial funding and that pre-planning and work definitions should be carefully developed. Amending a contract for unforeseen circumstances or an amendment that is very small relative to the original work are acceptable reasons. A good rule of thumb is that when amendments are above 50 percent of the original contract value, a new contract should be considered and its justification carefully documented; this does not mean that no contract may be amended above 50 percent of its original value if there is a good reason. However, when the other deliverables are distinct from the first one, then a new contract should be issued rather than an amendment. While overall, the compliance rates with Treasury Board and NRC policies and directives for amendments are high (ranging between 90 and 100 percent), there are two exceptions 2 of 24 amended contracts (eight percent) that were administered by ASPM. Each was awarded using a standing offer arrangement that was awarded by NRC to a single company using a competitive process that was approved by Treasury Board for the maintenance, renovation and minor construction work performed in the National Capital Region up to a value of $5.0 million annually. The standing offer agreement itself was treated as a contract which is contrary to PWGSC guidelines which state a separate contract is formed each time a call up for the provision of goods and services is made against a Standing Offer. At the time the purchase orders had been put in place for each, contracts for distinct services were established. One contract, issued on August 18, 2006 with an initial value of $38,076, was amended four times on the same day for a final value of $151,201. The second contract, issued on March 31, 2008 with an initial value of $5,628, was modified nine times over 8 days for a final value of $977,748 as of April 8, While this was done to streamline and reduce the costs of a high-volume, low-value payment process, in our opinion, this process gives the appearance of contract amendments that are not consistent with the Treasury Board Contracting Policy that indicates that contracts should be properly administered to avoid unanticipated amendments. The other six IBPs included in our sample used amendments appropriately for the remaining 22 construction contract amendments selected for detailed examination. In addition to the 40 contracts examined in the seven IBPs, we employed data mining techniques used to examine amendments, on a limited basis, for the whole of NRC for both and For construction contracts only, we found a total of 11 contracts in 2 of NRC s 32 IBPs that had an original value less than $25,000 which were amended on the same day or within 378 days. Most were increased significantly more than a 100 percent of their original value. Eight contracts were January

23 amended in less than 35 days of the original contract; four of these were amended either the same day or the next day. The risk occurs that these contracts may appear to be deliberately under valued in order to circumvent the $25,000 competitive threshold for competitive bidding; however, we found that only one of these contracts has not been competitively awarded. Other concerns pertain to the authority NRC has to amend contracts that exceed $200,000 in total. In accordance with Appendix C of the Treasury Board Contracting Policy, NRC may enter into a competitive construction contract awarded through the electronic bidding process if the amount does not exceed $6,000,000 and amend such contracts that are over $2,000,000 by up to 10 percent of the contract award. Construction contracts less than $2 million must follow Schedule I of Appendix C of the policy which requires Treasury Board approval for amendments exceeding $200,000. However, Schedule 1 of Appendix C of the policy does not provide contract value or amendment limits for construction contracts using electronic bidding. Many departments have therefore interpreted this as meaning that Treasury Board approval should be requested when the cumulative value of amendments exceed $200,000 for contracts that are less than $2 million. This would have required 3 of 11 construction contracts (27 percent) to have received Treasury Board s approval prior to making the amendments that cumulated over $200,000. However, it s recognized that the Treasury Board Contracting Policy is not entirely clear in this matter. Finally we have concerns for public reporting requirements of contracts greater than $10,000 under the Treasury Board Policy on Proactive Disclosure on Contracts over $10,000. Our analysis as noted above shows that amendments can within a very short timeframe increase over $10,000 but they have not been publicly reported. Seven of the 11 construction contracts that were amended had an original value less than $10,000 with final values ranging from $38,654 to $977,747. At the time of the audit, the policy only required contracts with an initial value of $10,000 or more to be reported and not those amended above that amount. The Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 is a recent government measure to ensure greater transparency of government contracts an area of public controversy from time to time in regard to the manner in which they are awarded among other things. The non-disclosure of non-competitive contractual arrangements which accumulate significantly above $10,000 may also have adverse reputational risks for NRC as it may give the appearance that IBPs are using amendments to avoid disclosing contracts. Revisions to the Treasury Board Policy are imminent which require as of September 1, 2008, the disclosure of all contracts including amendments above $10,000. January

24 Recommendation 2: Administrative Services and Property Management Branch should seek clarification from Treasury Board regarding what approvals are required when the cumulative value of amendments exceed $200,000 for construction contracts using electronic bidding that have an original value less than $2 million. NRC Management Response: Agreed. We will obtain clarification from the Treasury Board Secretariat by January Ensuring Security Requirements Are Met The Treasury Board Contracting Policy requires that the provisions of the Government s Security Policy be applied to procurement contracts which require individuals undergo personnel screening processes if their duties or tasks necessitate access to classified or protected information and assets. None of the 31 contracts (0 percent) reviewed in which security screenings of contractors should have been undertaken met these requirements. For the purposes of this audit, security screenings were considered necessary where construction workers would information and assets. On January 24, 2008, a memorandum was sent to all NRC Directors General and IBP Finance Branch Officers providing guidance in regard to security requirements to those responsible for requisitioning contracts, Project Authorities and Procurement Officers. Specific instructions were provided to ensure that security requirements are addressed and risk mitigation procedures are established. As well, the purchase requisition form was modified to include a security block which must be completed and signed in all instances as evidence that the security requirements have been explicitly considered. Where a security requirement is identified, the Security Requirement Check List (SRCL) must be completed and sent with the purchase requisition to the Contracting Authority. Procurement Officers are required to include the appropriate security clauses in bid solicitation and contract documentation. All contracts that contain a security provision must be reviewed by the Procurement Officer and the Security Office. Once the contract is awarded, an SRCL with the names of the individuals are forwarded to the Security Office for security screening. However, we noted that 4 of the 33 purchase requisitions requiring security screenings were dated after January 24, Despite the fact that construction work January

25 for these four contracts took place inside NRC premises that have protected information and assets, the security requirements were not completed in accordance with the new guidelines. Problems with respect to security screenings can be addressed by more comprehensive communications of guidelines as well as a more rigorous monitoring regime with investigative capacity. Recommendations are made later in this report that pertain to both. The Need for Centralized Procurement Guidelines and Monitoring We found certain directives in the Guide to NRC Procurement Process Guide that were not applied in a consistent manner. As noted earlier in this report, these included sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements not applied, contracts with initial values less than $10,000 but later amended significantly with a day or two well above $10,000 that were not reported under Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 and other contract amendment irregularities. Assignment of contracting responsibility and procedural guidelines for contracting are detailed in the procurement guide which is available in electronic form on the ASPM Branch Material Management web-site. This document provides a procurement process map and includes information on the procurement process, roles and responsibilities from the creation of a purchase requisition to the payment of invoices. Additional information is available in four other manuals: (1) Financial Management Manual; (2) Procurement Reporting-User Guide for Data Entry; (3) Public Tenders Procedures; and (4) Invited Tenders Procedures. Electronic copies of the first two manuals are available although some sections of the Financial Management Manual are still in progress. The other two manuals are available in hard copy format only. Additional procurement information is also available to Procurement Officers on NRC s common drive (e.g., checklists, templates, and security documentation) and on the ASPM Material Management web-site (e.g., information on contracting, employeremployee relationships, contracting limits, security requirements). Clarification provided by ASPM Branch on the procurement process is currently done through s and training. There is no single, centralized procedures document for the procurement process. Our survey questionnaire and interviews indicated that some RMNOs and managers are not aware of the existence of some manuals which could help to explain non-compliance. January

26 Recommendation 3: Administrative Services and Property Management Branch should consolidate all procurement policies and procedures into a single source document which would be available on its Material Management web-site. In the interim, reference manuals that are currently available only in hard copies should be made available electronically and posted on the ASPM Material Management web-site. Consideration should be given to enhancing the guide where non-compliance was found to be an issue, specifically with respect to sufficient documentation supporting non-competitive contract awards, timing of contract commitments and commencement of contract work, security requirements and contract amendments. NRC Management Response: Agreed. Our Material Management documentation needs to be updated and maintained in a central repository. Our Material Management Policy Manual currently exists in hard copy, not in electronic format. In order to implement these recommendations, we will assign resources as required in order to: Prepare policy documents; Update the Material Management Policy Manual; Implement a quality assurance process; Monitor contracting activities; Coordinate and respond to all audit enquiries and reports; and Coordinate all Material Management reporting, such as the quarterly Contract Disclosure Reports, and the Annual Procurement Activity Report. Consistent with generally accepted management control frameworks that reflect best practices, we expected to see quality assurance review activities of individual construction contract files as well as data analytics techniques being employed to monitor NRC s overall compliance with Government of Canada and NRC contracting policies and directives. These techniques can be used to detect irregularities, among others, with respect to contract splitting, identification of non-purchase order contracts and potentially inappropriate contract amendments. Our interviews and survey questionnaires indicate that ASMP Branch officials monitor and review contracting activities and processes, consult NRC Legal Services as required and review the report of contracts over $10,000 to ensure appropriate disclosure. Briefing notes, meetings and memos are used to communicate findings to Procurement Officers. January