Eileen Fitzgerald, Jeff Bryson, Michael Forster, and Paul Kealey. From: Frederick Udochi. cc: Jeanne (Reitz) Fekade-Sellassie, (Consultant)



Similar documents
Internal Audit Department NeighborWorks America. Audit Review of Accounts Payable/ACH Transactions

Ken Wade, Jeff Bryson, Eileen Fitzgerald and Michael Forster. From: Frederick Udochi cc: Zewdneh Shiferaw. Date: May 14, 2009

Internal Audit Department NeighborWorks America. Audit Review of the IT Security Planning/Network Security

Audit Review of the. Corporate Purchase Card Process

Internal Audit Department NeighborWorks America. Audit Review of Database Administration and Controls

Internal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

Major IT Projects: Continue Expanding Oversight and Strengthen Accountability

452 S. Saginaw, 2 nd Floor Flint, MI

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

System of Governance

SUPERVISORY AND REGULATORY GUIDELINES: PU GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

Managing Outsourcing Arrangements

CDO WORKFORCE INVESTMENT BOARD. REPLACES CDO Workforce Investment Board Procurement Policy, dated 9/30/05

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL. December 10, 2015

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Rolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

Project Management Procedures

Statement of Guidance: Outsourcing All Regulated Entities

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

Outsourcing Risk Guidance Note for Banks

Financial Services Guidance Note Outsourcing

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

EPIQ SYSTEMS, INC. NOMINATING AND CORPORATE GOVERNANCE COMMITTEE OF THE BOARD OF DIRECTORS CHARTER

14 December 2006 GUIDELINES ON OUTSOURCING

Risk and Audit Committee Terms of Reference. 16 June 2016

Sound Transit Internal Audit Report - No

Guidance note on Outsourcing/Delegation of Functions and inward outsourcing

Contract Management Guideline

REQUEST FOR PROPOSALS FOR Franchise Fees, Sales and Use Tax Audits

Australian National Audit Office. Report on Results of a Performance Audit of Contract Management Arrangements within the ANAO

MARITIME OPERATOR SAFETY SYSTEM: MARITIME RULE PARTS 19 AND 44

Construction Bond Audit Report. Office of Auditor General

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Corporate Governance Statement

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

Credit Granting and Underwriting Commercial Markets & Corporate and Asset Backed Lending Final Audit Report Report Nr.

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Internal Audit Quality Assessment Framework

Office of Compliance and Ethics Introductory Report. Lynette Fons, Chief Compliance Officer

QUOTE OPENING MEETING: Sealed Quotes will be opened at 9:00 a.m (eastern standard time) on Wednesday, May 1, 2013 at the County of Muskegon.

IASB. Request for Views. Effective Dates and Transition Methods. International Accounting Standards Board

Florida Division of Emergency Management ITB-DEM Disaster Recovery Services Questions and Answers (ANSWERS IN BOLD)

Mapping of outsourcing requirements

APPLYING BEST-PRACTICE PRINCIPLES IN PROCUREMENT A REFRESHER

UNIVERSITY HOSPITAL POLICY

OUTSOURCING POLICY

Contract Management Principles and Practices

Office of the Chief Internal Auditor. Audit Report. South Carolina Department of Transportation s Enhancement Program (A10-003)

West Highland College. Internal Audit 2014/15 Annual Report August 2015

REPORT 2014/078 INTERNAL AUDIT DIVISION

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

Final Draft Guidance on Audit Committees

OCC 98-3 OCC BULLETIN

Internal Audit Terms of Reference

RRC STAFF OPINION PERIODIC REVIEW AND EXPIRATION OF EXISTING RULES REPORT

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Significant Revisions to OMB Circular A-127. Section Revision to A-127 Purpose of Revision Section 1. Purpose

PARSONS CORPORATION CORPORATE GOVERNANCE GUIDELINES

4.06 Consulting Services

Central Fire Protection District Of Santa Cruz County th Avenue Santa Cruz, CA

T-MOBILE US, INC. CORPORATE GOVERNANCE GUIDELINES

PROCUREMENT STANDARD OPERATING PROCEDURES (SOP)

C I T Y A N D C O U N T Y O F H O N O L U L U

State and District Monitoring of School Improvement Grant Contractors in California FINAL AUDIT REPORT

AUDIT REPORT 2013/024


REGULATIONS ON PROVISION OF SERVICES BY STATUTORY AUDITOR OR STATUTORY AUDITING COMPANY

IDAHO DIVISION OF VOCATIONAL REHABILITATION

OFFICE OF THE CITY AUDITOR

VENDOR MANAGEMENT. General Overview

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

Student Assessment Administrative Review Phase 1

OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)

Corporate Governance Principles

Board Charter. May 2014

Audit of Procurement Practices

JAZZ PHARMACEUTICALS PLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Master Document Audit Program. Version 7.4, dated November 2006 B-1 Planning Considerations. Purpose and Scope

Corporate Governance Statement

AFFILIATE RELATIONSHIPS CODE FOR ELECTRICITY DISTRIBUTORS AND TRANSMITTERS

Board Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

THE COMBINED CODE PRINCIPLES OF GOOD GOVERNANCE AND CODE OF BEST PRACTICE

CORPORATE PROCUREMENT POLICY

EVALUATION OF THE INVESTMENT COMPENSATION SCHEME DIRECTIVE DG INTERNAL MARKET AND SERVICES EXECUTIVE REPORT AND RECOMMENDATIONS

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

Preliminary Draft JOB DESCRIPTIONS AND QUALIFICATIONS OF KEY PERSONNEL. XXXXX PPP Unit

OVERSIGHT OF CAPITAL PROJECT PLANNING & PROCUREMENT

INTERNAL AUDIT DIVISION AUDIT REPORT 2013/073

VA Office of Inspector General

Objective and key requirements of this Prudential Standard

PROCEDURES FOR ENVIRONMENTAL AND SOCIAL APPRAISAL AND MONITORING OF INVESTMENT PROJECTS

The University of Texas at Austin COMPLIANCE AND ETHICS PROGRAM CHARTER

AUDIT COMMITTEE MANDATE

Transcription:

To: Eileen Fitzgerald, Jeff Bryson, Michael Forster, and Paul Kealey From: Frederick Udochi cc: Jeanne (Reitz) Fekade-Sellassie, (Consultant) Date: April 20, 2011 Subject: Audit Review: Management of Vendor Outsourced Services As pa rt of our c ontinuous m onitoring w ithin t he c ontext of t he I nternal A udit P lan f or t he National F oreclosure M itigation C ounseling (NFMC) P rogram, pl ease f ind be low a n i nternal audit report pertinent to the Management of Vendor Outsourced Services. Please review and let me know if you have any comments or questions.

Executive Summary Audit Review of NFMC Management of Vendor Outsourced Services Business Function and Responsibility Report Date Period Covered: NFMC Project Team April 20, 2011 March 2008 - September 2010 Assessment of Internal Control Structure Effectiveness and efficiency of operations Generally effective 1 Recommendations in specific areas are noted below. Reliability of Reporting Generally effective Compliance with Applicable Laws and Regulations Generally effective This report was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. 1 Legend for Assessment of Internal control Structure: 1. Generally Effective: The level and quality of the process is satisfactory. Some areas still need improvement. 2. Inadequate: Level and quality of the process is insufficient for the processes or functions examined, and require improvement in several areas. 3. Significant Weakness: Level and quality of internal controls for the processes and functions reviewed are very low. Significant internal control improvements need to be made. 1

Summary of Observations and Recommendations 2 : Summarized Observation; Risk Rating We observed some ambiguity in the contracting language for RFQ s. Management Agreement with Observation (Yes/ No) Yes Internal Audit Recommendation We strongly recommend that the ambiguity in the language in respect of RFQ requirements for Professional Service Contracts be reviewed and amended in order to provide consistency in interpretation and compliance. Accept IA Recommendation (Yes/ No) Yes Management s Response to IA Recommendation Finance will make the necessary changes in the Administrative Manual Contract Policy Section to eliminate the ambiguity of the contract language in reference to RFQ and RFP procedures. As Finance explained to the Auditor at the exit interview session, in order to generate a Letter of Agreement the prospective consultant should have to complete the form. Since the RFP document has Estimated Date of Implementation The change will be implemented by July 31. Internal Audit Comments on Management Response Internal audit accepts management s response and has no further comments. 2 The observations and recommendations in this section are summarized at a high level for informational purposes. To obtain a full, detailed explanation of each, please refer to the Observations and Recommendations section. Management s response is directly related to the detailed observations and recommendations noted in the Observations and Recommendations section. 2

3 not been designed to capture most of the information which are included in RFQ format, we encourage all consultants to complete the form. Finance also explained to the Auditor if the prospective consultant chooses not to be included in our RFQ database, a consultant can avoid completing the form. Finance would like to emphasis that there was no inconsistency when it comes to RFQ and RFP.

Risk Rating Legend: Risk Rating: HIGH A serious weakness which significantly impacts the Corporation from achieving its corporate objectives, financial results, statutory obligations or that may otherwise impair the Corporation s reputation. Risk Rating: Moderate A control weakness which could potentially undermine the effectiveness of the existing system of internal controls and/or operational efficiency, integrity of reporting and should therefore be addressed. Risk Rating: Low A weakness identified which does not seriously detract from the system of internal control and or operational effectiveness/efficiency, integrity of reporting but which should nonetheless be addressed by management. Management Response to Audit Review Recommendations Management of Vendor Outsourced Services # Of Responses Response Recommendation # 1 Agreement with the recommendation(s) 1 0 Disagreement with the recommendation(s) N/A 4

Audit Review of Management of Vendor Outsourced Services BACKGROUND INFORMATION Due to the nationwide sub-prime foreclosure crisis, Congress approved legislation for the National Foreclosure Mitigation Counseling Program (NFMC) to address the nationwide foreclosure crisis. Since FY 2008, a total of $540 million has been appropriated to NFMC of which $440 million has been awarded to approximately 171 direct grantees in the form of grants nationwide that would increase the availability of housing counseling for families at risk of foreclosure. NeighborWorks America distributes funds to competitively selected grantee organizations, which in turn provide the counseling services, either directly or through Sub grantee organizations. Grants are also being made to fund legal assistance to homeowners, and to train foreclosure counselors. Upwards of 1,700 counseling agencies operate under this program. The NFMC program has outsourced a number of significant functions to third party consultants in the area of information technology, management consulting, training instruction and in the monitoring and oversight of programs to mention a few. According to NeighborWorks America s procurement policy, the organization uses a twotiered mechanism for managing the acquisition and use of professional services to ensure that these services are procured in the most efficient, cost-effective manner, without barriers to full and open competition, and free of any conflict of interest. The Request for Qualifications (RFQ) process is the primary mechanism for work that cost less than $20,000. A competitive Request for Proposal (RFP) process is required when the scope of a particular project or assignment is $20,000 and above. NeighborWorks America generally employs two types of consultants: (1) those who apply as individuals and (2) those who apply as an organizational entity. Individual applicants need to complete Part II of the Request for Qualifications (RFQ), attach an updated resume and provide a one paragraph biographical sketch. Organizational applicants need to complete the same documents plus have a Principal from their organization fill out Part I of the Request for Qualifications (RFQ). Based on their qualifications and experience, applicants are added to the corporate database pool of eligible consultants. To be considered for contractual work, the prospective consultant must fill out the RFQ application form and submit it to the RFQ Coordinator. The finance department will then prepare a Letter of Agreement (LOA) for signature by both parties. Once these steps are completed the prospective consultant will then be added to the RFQ database for future consideration. A Letter of Agreement with a former employee of NeighborWorks America or a relative of a former employee requires the approval of the Chief Executive Officer and the General Counsel. Letters of Agreement are good and effective for a period of three years. Specific services, dates and times of performance, fees and expenses will be requested through a Task Order signed by 5

the Division Director or other individual with a delegated level of authority who will also approve the invoices submitted by the contractor/consultant. OBJECTIVE The objective was to determine that the procurement of Outsourced Services was conducted in accordance w ith NeighborWorks A merica pol icies i n respect of t he pr ocurement pol icy. T his primarily included obtaining assurance that: o The outsourcing process complies with internal control policies and procedures, o Vendor selection and Contracts are properly processed and approved with due diligence occurring at each step of the process, SCOPE The audit covered a sample of selected vendors who were either individuals or corporate entities who had entered into contractual relationships with the corporation s NFMC program between the period of March 1 st 2008 and September 30 th 2010. The audit approach attempted to identify and e valuate ke y controls t hat w ould f acilitate c ompliance w ith corporate do cumented procedures in the tendering, selection and approval steps in the procurement process. The audit did not evaluate vendor performance, or the viability and competence of contractors. This aspect of the cont ractual p rocess we plan to undertake in future reviews under our External Business Relationship project 3. Based on m aterials r eceived from F inance we d etermined that $2.5 million w as e xpended on various cont racted outsourced services for the p eriod March 2008 to September 30 2010. O ur sample covered a total of $2 million which was the aggregate amount of selected transactions. The following areas were examined during the audit: o Financial/Accounting Entries o Status of Contracts/Vendors o Segregation of Duties o Authorization of Contracts o Request for Qualifications (RFQ s) o Request for Proposals (RFP s) o Task Orders (TO s) AUDIT APPROACH/METHODOLOGY 3 Internal audit is currently in FY 11, identifying and inventorying all external business relationships (EBR s) undertaken by the Corporation. EBR's are considered to be those vendor relationships entered into by the corporation for the purpose of leveraging their core competencies other than developing them in-house. The objective would be to effectively assess and monitor contractual expectations and expected levels of service appropriately for such critical operations. 6

NeighborWorks America s Internal Audit Department selected a sample of consultant/contract packages f or a test of controls in pl ace of t he procurement pr ocess. T he t hree m ajor N FMC program c ontract pa ckages i nvolved w ere in the ar ea of program m onitoring a nd ove rsight; providing management c onsulting s ervices and providing a range of information technology services. Internal audit obtained a copy of t he upd ated N eighborworks A merica P rocurement P olicy w hich s erved as t he m ain control document for the audit process. The team reviewed the Procurement Policy in order to obtain an unde rstanding of the v arious controls established to d irect the outsourcing process. W e engaged in several correspondences with the Director of the NFMC Program, the Finance t eam and other stakeholders in order to obtain de tails i nvolving t he s election pr ocess, a uthorization, e xecution a nd e valuation of contracts. In general we observed a high level of compliance with the procurement policy of NeighborWorks. The vendor selection process involving the invitation of tenders was coordinated with documentary evidence to support the basis of the final choice. Essential documents pertaining to individual consultants were adequately classified and readily available upon demand from both the NFMC and Finance teams respectively OBSERVATION and RECOMMENDATION: Observation: We observed that there was some inconsistency in the interpretation of the contracting language for RFQ s. The current language suggests on one hand that an RFQ is required only for contracts below $20,000 while in another it is required for all contracts irrespective of the amount. This ambiguity had led to inconsistencies in compliance by staff in a number of instances. The NeighborWorks America procurement policy states: o Professional Service Contracts Introduction NeighborWorks America uses a two-tiered mechanism for managing the acquisition and use of professional services to ensure that these services are obtained in the most efficient, cost-effective manner, without barriers to full and open competition, and free of any conflict of i nterest. T he R equest f or Q ualifications ( RFQ) pr ocess i s t he pr imary m echanism f or work t hat i s be lieved t o c ost unde r $20,000. A c ompetitive R equest f or P roposal ( RFP) process is required when the scope of a par ticular assignment is likely to be $20,000 and above.. The following section contradicts the requirement in the previous section as follows: o Request for Qualifications and RFQ Database 7

NeighborWorks America maintains a R FQ consultant database, which identifies a pool of consultants f or pr ofessional s ervice c ontracts. All ne w c onsultants wishing t o e ngage i n business w ith N eighborworks A merica m ust s ubmit an R FQ appl ication t o t he c ontract officer. The contract officer will enter the consultant into the RFQ database on www.nw.org and check references o Request for Proposal (RFP) The following steps will be taken for all professional service contracts more than $20,000: 5. The requesting manager determines which bid is the best value for NeighborWorks America (not limited to price), writes the related statement of work and t ask order; and depending on their level of delegated authority obtains the approval of his or her supervisor. I f the selected contractor is not currently in the RFQ database, the manager asks the consultant to complete an application. The foregoing statement implies that all professional service contracts above $20,000 will still undergo an RFQ process if that requirement had not been fulfilled earlier on. As earlier expressed, compliance with the NeighborWorks America s procurement policy potentially becomes inconsistent in some cases and gives room for variability in interpretation. Recommendation: We strongly recommend that the ambiguity in the language in respect of RFQ requirements for Professional S ervice C ontracts be r eviewed and a mended i n or der t o p rovide c onsistency i n interpretation and compliance. This amendment will enable all readers of the policy to have a common interpretation of the text in order to facilitate a more consistent compliance effort. CONCLUSION Based on the test work performed as part of this review, the procurement of Vendor Outsourced Services was conducted in substantial compliance with the relevant appropriating language and corporate policies. We would like to thank especially the Administration of the National Foreclosure Mitigation Counseling Program and the NeighborWorks Finance team for their cooperation during this review. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information