November 2024
Project number: 80590-140
Table of contents
Executive summary
Background
The procurement function plays a crucial role in the acquisition of essential goods, services and constructions to support the Government of Canada's program delivery and to achieve its objectives and outcomes. Federal government contracting is governed by a suite of instruments that consist of legislation, regulations, agreements and policies to ensure that procurements obtain the best value through fair, open and transparent processes. The Treasury Board of Canada Secretariat (TBS) Directive on the Management of Procurement mandates that departments and agencies establish, implement and maintain a procurement management framework (PMF), encompassing governance, processes, systems and controls. This ensures that actions related to the management of procurement are fair, open and transparent, and meet public expectations in matters of prudence and probity. Additionally, it ensures that procurements are managed in a manner that enables operational outcomes and demonstrates sound stewardship and best value, consistent with the Government of Canada's socioeconomic and environmental objectives. The directive expects that the PMF be commensurate with the value, risk and complexity of the procurement undertaken.
Why is this important?
Over the past few years, issues related to government procurement have been identified and concerns have been raised about whether sound procurement and management practices across government are consistently followed. At the request of both the House of Commons and the Prime Minister, audits have been conducted by the TBS, through the Office of the Comptroller General of Canada (OCG), the Office of the Procurement Ombud, and the Office of the Auditor General of Canada. These audits highlighted several gaps and weaknesses in procurement management practices, procurement files with insufficient or missing documentation, and challenges in demonstrating that the best value was obtained for taxpayer dollars.
In March 2024, the President of the Treasury Board announced that the OCG was undertaking a horizontal audit to assess governance, decision making and controls associated with professional services contracts. The audit involved several large and small line departments. The OCG also asked chief audit executives of federal departments and agencies to include a review of procurement internal controls and governance in their Risk-Based Audit Plans if a review had not been conducted in the previous 12 months.
Accordingly, the Audit and Evaluation Branch performed this audit of procurement practices, taking into consideration the objective and scope of OCG audits that have been recently completed or that are currently underway.
Overall conclusion
The agency's PMF generally aligns with the requirements of the Directive on the Management of Procurement and other procurement-related legislation, policies and directives. However, some aspects require strengthening and attention is needed to ensure that certain key processes function as intended. A review of a sample of the agency's procurements found that they were established and administered in a manner consistent with requirements, although administrative errors and gaps in documentation were noted in many files. The sample review also identified a need to ensure that selected supply methods align to agency requirements and that supplier performance is being managed and monitored.
Key findings
The PMF generally aligns with the expectations of the directive, although some areas require strengthening, and attention is needed to ensure that certain key processes are operating as intended.
Governance bodies are established and comply with the requirements of the directive, although there are opportunities for an expanded role.
The agency conducts monitoring for wrongdoing, compliance with the directive and supplier performance, but more complete information would better support decision making.
Competitive and non-competitive procurements were mostly awarded in a manner consistent with the agency's PMF and the legal and policy instruments in place, but administrative errors and missing documentation were noted, as well as instances where the method of supply did not align with agency requirements.
Contracts and amendments are established and administered consistently with TBS requirements, although there are opportunities for more proactive supplier performance management and monitoring. Procedures could be strengthened to monitor for potential conflicts of interest more proactively.
Contracting data associated with sampled contracts was not always disclosed accurately on Canada's Open Government Portal.
Conformance with professional standards
The audit was conducted in accordance with the Mandatory Procedures for Internal Auditing in the Government of Canada, which include the Institute of Internal Auditors' Global Internal Audit Standards.
Sufficient and appropriate audit procedures have been conducted, and evidence has been gathered to support the accuracy of the findings and conclusions in this report and to provide an audit level of assurance. The findings and conclusions are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The findings and conclusions are applicable to the entity examined and for the scope and period covered by the audit.
Steven McRoberts
Chief Audit and Evaluation Executive
Acronyms
ACS - Assistant Chief Statistician
CDFS - Common Departmental Financial System
CPSS - Centralized Professional Services System
CRB - Contract Review Board
DCMF - Departmental Contract Management Framework
DG - Director General
EMC - Executive Management Committee
FAA - Financial Administration Act
FPS - Former Public Servants
GCRs - Government Contracts Regulations
LPO - Local purchase order
MACS - Materiel and Contract Services
OCG - Office of the Comptroller General of Canada
OPS - Operations Committee
PMF - Procurement management framework
PSPC - Public Services and Procurement Canada
RFP - Request for proposal
RoD - Record of decisions
SA - Supply Arrangement
SDO - Senior designated official
SMC - Strategic Management Committee
SO - Standing Offer
SSC - Shared Services Canada
TB - Treasury Board of Canada
TBS - Treasury Board of Canada Secretariat
ToR - Terms of reference
Introduction
Background
The procurement function plays a crucial role in the acquisition of essential goods, services and constructions to support the Government of Canada's program delivery and to achieve its objectives and outcomes. Federal government contracting is governed by a suite of instruments that consists of legislation, regulations, agreements and policies to ensure that procurements obtain the best value through fair, open and transparent processes. In 2021, the Treasury Board of Canada Secretariat (TBS) initiated a policy suite reset to promote early integrated planning, governance and accountabilities, agile and performance-based approaches, adopting life-cycle principles, capacity building, and strengthening the strategic perspectives.
The TBS Directive on the Management of Procurement mandates that departments and agencies establish, implement and maintain a procurement management framework (PMF), encompassing governance, processes, systems and controls. This ensures that actions related to the management of procurement are fair, open and transparent, and meet public expectations in matters of prudence and probity. Additionally, it ensures that procurements are managed in a manner that enables operational outcomes and demonstrates sound stewardship and best value, consistent with the Government of Canada's socioeconomic and environmental objectives. The directive expects that the PMF be commensurate with the value, risk and complexity of the procurement undertaken.
Over the past few years, issues related to government procurement have been identified and concerns have been raised about whether sound procurement and management practices across government are consistently followed. At the request of both the House of Commons and the Prime Minister, audits have been conducted by the TBS, through the Office of the Comptroller General of Canada (OCG), the Office of the Procurement Ombud, and the Office of the Auditor General of Canada. These audits highlighted several gaps and weaknesses in procurement management practices, procurement files with insufficient or missing documentation, and challenges in demonstrating that the best value was obtained for taxpayer dollars.
These audits also reinforced the importance of departments and agencies maintaining and verifying the effectiveness of their PMFs, particularly as they relate to the procurement of professional services. In addition, they highlighted opportunities for the TBS and Public Services and Procurement Canada (PSPC), consistent with their respective mandates, to strengthen procurement across the federal government in the areas of policy, guidance, tools and training, implementation practices, and contracting approaches.
Procurement at the agency
The agency is subject to the Government Contracts Regulations (GCRs) and TBS requirements when contracting for goods and services. The Materiel and Contract Services (MACS) section, part of the Procurement, Financial Systems and Internal Controls Division within the Finance, Planning and Procurement Branch, Corporate Strategy and Management Field, facilitates the procurement process within the agency and is responsible for establishing and maintaining the agency's PMF.
Within the agency's delegated procurement authorities, MACS acts as contracting authority for the procurement process. They are responsible for conducting procurements on behalf of the agency based on sound procurement principles and in accordance with the contracting governing instruments. The contracting authority provides advice and recommends options to business owners on procurement strategies that meet operational requirements and have the intended results.
While MACS facilitates the procurement process, much of the accountability for acquisitions rests with the business owner. Business owners are responsible for collaborating with the contracting authority, ensuring that all information regarding their requirements is accurate and complete, and adhering to the required governance processes and procedures in accordance with the governing instruments.
Where contract values exceed the agency's delegated procurement authorities, PSPC acts as contracting authority and is responsible for providing advice and support to business owners and for issuing and administering contracts and amendments on the agency's behalf. For certain requirements related to information technology, Shared Services Canada (SSC) also often acts as the contracting authority. Additionally, PSPC and SSC have issued standing offers (SOs) and supply arrangements (SAs) for use by all departments and agencies in the acquisition of specific goods and services. The use of these procurement instruments is often mandatory and they are to be used by departments and agencies, whether they are acting as the contracting authority or PSPC is.
The chart below, Total value and contract count by fiscal year and method of supply (provided by MACS) describes the agency's total contracting activity from 2019/2020 to 2023/2024. It includes the value of contracts established (excluding amendments) and contract count by fiscal year. The data on the value of contracts are broken down into the amounts signed by other government departments (i.e., where PSPC or SSC acted as contracting authority) and the amounts signed by MACS. Where the agency acted as the contracting authority, the value of contracts is further broken down into the amounts established using an SO or SA from PSPC/SSC and amounts established using a local purchase order (LPO). Note that contacting values were abnormally high in 2019/2020 due to large software purchases and in 2023/2024 due to cloud services contracts for the agency and a printing contract for the Census of Population.
Description -Total value and contract count by fiscal year and method of supply.
Figure 1 depicts the total value and contract count by fiscal year and method of supply.
The value of agency contracts declined from a total of approximately $79 million in 2019/20 to a little over $30 million 2022/23, before rising sharply to over $112 million in 2023/24.
The count of contracts varied from a high of 487 in 2019/20 to a low of 298 in 2022/23, before rising to 441 in 2023/24.
In 2023/24, just over $7M in contracts were signed by MACS, while roughly $105M were signed by other government departments.
Overall, most of the value of the agency's contracts are signed by other government departments, such as PSPC and SSC.
While PSPC or SSC is the contracting authority for most of the contracting dollars established each year, the agency (i.e., MACS) was the contracting authority for roughly 70% of all contracts established during the past five years (representing an average of over 300 contracts annually). Contracts established by MACS are typically of lower dollar value and complexity than those that involve PSPC or SSC.
Audit objective
The objective of the audit was to provide reasonable assurance to the chief statistician and the Departmental Audit Committee that Statistics Canada has effective governance and controls in place to ensure that procurements are compliant with applicable regulations, agreements and policies.
Scope
The scope of the engagement included an examination of the agency's PMF and governance in place to support its implementation, including accountabilities, roles and responsibilities of key stakeholders; procurement-related decision-making authorities; and oversight, planning and reporting mechanisms.
The scope also included an assessment of compliance with key legal and policy requirements through a review of a sample of professional service contracts and related amendments signed by the agency in the last two fiscal years (from April 2022 to March 2024).
Because of independence requirements, contracting activities performed by the Audit and Evaluation Branch are excluded from the scope.
Approach and methodology
The audit work consisted of reviewing current policies and guidelines, conducting interviews and walkthroughs with key management and staff, testing a sample of procurement files, and examining and analyzing relevant documentation.
Authority
The audit was conducted under the authority of the approved Statistics Canada Integrated Risk-Based Audit and Evaluation Plan (2024/25 to 2028/29).
Findings, recommendations and management response
Procurement management framework
Senior designated officials (SDOs) are responsible for establishing, implementing and maintaining a PMF that consists of processes, systems and controls, and includes clearly defined roles, responsibilities and accountabilities, and best practices and procedures. The PMF ensures that the procurement function has the necessary support to manage procurements in a fair, open and transparent manner that meets public expectations in matters of prudence and probity.
While key elements of a PMF are common across the government, the way each organization operationalizes it will differ. This depends on variables such as size, maturity and the organization's risk profile, and the volume, value and complexity of procurement activities. As previously noted, the directive expects that the PMF be commensurate with the value, risk and complexity of the procurement undertaken. At the agency, management considers the agency's procurements to most often be of low value, low risk and low complexity.
The departmental PMF consists of a high-level Departmental Contract Management Framework (DCMF) that summarizes key roles and responsibilities, a draft guide to the DCMF that provides more detailed roles and responsibilities, and further guidance on implementing the DCMF. It also includes various templates to guide contracting officers in performing their work, and a collection of Internal Communications Network pages that outline key steps for clients to follow for various types of procurements.
The directive identifies 16 specific elements that must be included in a PMF, as well as numerous other requirements of the SDO for the management of procurement, contracting authorities, business owners and other stakeholders in the procurement process. The audit assessed the alignment of the agency's PMF with the key requirements.
Overall, the agency's PMF is aligned with the expectations of the directive. The PMF outlines the roles and responsibilities of those involved in the procurement process and includes mechanisms for complying with various requirements of the directive, such as contracting with Indigenous businesses, abiding by treaties and trade agreements, giving precedence to competition, and ensuring the integrity of the procurement process, among others.
In accordance with the directive, the agency's PMF has been developed to a level commensurate with the value, risk and complexity of its procurements. Processes that are not as thoroughly documented in the guide to the DCMF are most often supported by templates that prompt contract authorities to consider specific elements of the directive that might otherwise be overlooked, as well as peer and team leader reviews at key points in the procurement process.
That said, the agency may benefit from documenting the rationale for some areas of the PMF where the risk, complexity and value of the agency's procurements do not warrant more formalized controls. Documenting this rationale would facilitate periodic reviews of the PMF and help management identify where more formalized controls may be required as the agency's procurement landscape changes.
Notwithstanding the agency's balance of documentation relative to the value, risk and complexity of its procurements, several areas were identified by the audit which may benefit from clearer or more complete documentation. They are as follows:
- The security process at contract award and during contract administration – While the guide to the DCMF provides direction on establishing the security requirements for procurements, it does not provide direction on the security process at contract award and during contract administration (such as the process for validating contractor security clearances on task authorizations).
- The role and responsibilities of the SDO – Some inconsistencies were noted in the role and responsibilities of the SDO as defined in the PMF and in the directive. Management reported that they were developed in the PMF prior to the finalization of the directive.
- Procurements where PSPC acts as the contracting authority – Responsibilities for MACS in situations where PSPC acts as the contracting authority are not defined. In these situations, MACS acts as the administrative authority, a different role than that of the contracting authority.
- Consideration of using internal or external resources to meet the objective of the procurement and to manage subcontractor situations – Before deciding to contract for professional services, business owners should consider whether there are alternative approaches for achieving organizational goals, and how the potential approaches align with the agency's mandate and priorities. After the contract is awarded, its successful completion requires that business owners actively manage their relationship with the supplier, their employees and any subcontractors they might engage with. TBS has recently updated its Manager's Guide: Key Considerations When Procuring Professional Services. This guide includes questions to help managers decide whether to contract for professional services (or whether use of internal resources would be more appropriate) and guide them in successfully managing the contract. Where appropriate, this guidance should be integrated into the agency's PMF.
- Developing and documenting an approach to vendor management – While not required by the directive, one field has implemented an approach to managing a high volume of unsolicited requests for engagement with employees by potential vendors. This vendor management program helps ensure that interactions between potential vendors and employees do not jeopardize the openness or integrity of procurements, and align with the expectations of the Values and Ethics Code for the Public Service and the Directive on Conflict of Interest. While this program has not been formally documented, the field reported having engaged with MACS on several occasions to ensure that their approach was appropriate. The agency may benefit from documenting this approach, as well as considering the development of an agency-wide vendor management program that could be applied to all fields.
Through file testing and interviews, the audit also noted several instances where established PMF processes were not operating as intended and may require additional management attention to ensure their effectiveness. These instances are as follows:
- A risk assessment template was developed by MACS for contracting authorities to complete on certain procurements to provide risk information to be used throughout the life cycle of the procurement. The template includes a list of common risks, including, but not limited to repetitive contracting, procurements valued within 10% of thresholds, and potential non-compliance with legal and policy obligations. It also presents a section for the contracting authority to identify any other risks that are not captured in the predefined list but may apply to the procurement. However, file review found that the risk assessments are not being completed by contracting authorities when required.
- Quality review audits of procurement files are not being conducted as required in the guide. These reviews could provide valuable information on the effectiveness of controls and provide insight on the agency's compliance with the PMF and applicable laws, regulations and policies.
- For 2024/2025, the agency initiated a procurement plan to collate a list of the agency's planned procurements for the year, for professional services over $40,000. This would help the agency plan its procurement resources and identify opportunities for strategic procurement approaches where common needs across the agency are identified before engaging in a procurement. However, divisional response rates were very low, limiting the effectiveness of the plan. Notably, MACS captured lessons learned from the exercise and intends to institute them in the procurement planning process for the next fiscal year.
Recommendation
It is recommended that the Assistant Chief Statistician (ACS), Corporate Strategy and Management ensures the following:
- The agency's PMF is reviewed and strengthened, including
- Clarifying roles, accountabilities and responsibilities to better align with those outlined in the directive, including those of the SDO and MACS when PSPC acts as the contracting authority
- Providing direction on
- the security process at contract award and during contract administration
- how procurements are managed when PSPC acts as the contracting authority
- considering the use of internal or external resources to meet the objective of the procurement and manage subcontractor situations
- documenting the rationale where the risk, complexity and value of the agency's procurements do not warrant more formalized controls.
Management response
Management agrees with the recommendation.
A strategic review and analysis of internal documentation will be undertaken to
- update the roles of the SDO and stakeholder in the PMF to align with the current Directive on the Management of Procurement, including the consideration of using internal or external resources, and revise the SDO P-suite placemat
- revise PMF processes related to the contracting authority's responsibility for vendor and resource security validation during contract entry and management
- update the Roles and Responsibilities Matrix to clarify the role of MACS when PSPC or SSC is the contracting authority
- review gaps between the Guide to Establishing a Procurement Management Framework and Statistics Canada's PMF, and document decisions to exclude certain processes due to risk or complexity
- develop a standardized vendor management approach, including roles, responsibilities and terms of engagement.
Deliverables and timeline
The Director General (DG), Finance, Planning and Procurement Branch will
- update the PMF with current SDO and stakeholder roles, expanded security verification procedures, and vendor management best practices; the updated documents will be approved by the SDO by June 2025
- update the Matrix of Roles and Responsibilities document to include the role of MACS when PSPC or SSC is the contracting authority, by March 2025
- prepare a rationale accompanying the PMF that documents the business decisions regarding the degree of formalization of certain procurement processes relative to the risk, complexity and value of the agency's procurements; this document will be approved by the SDO by June 2025.
Recommendation
It is recommended that the ACS, Corporate Strategy and Management ensures the following:
- Procurement file audits are performed as planned, results are used to guide the coaching and training of procurement officers and business owners, and results are reported to oversight bodies on a periodic basis.
Management response
Management agrees with the recommendation.
MACS will resume the file audit program, which will include
- finalizing the internal file audit documentation to reflect updated guidance from TBS, and establishing the planned frequency of the audits and number of files to be audited
- performing file audit activities as planned to provide feedback to contracting authorities for continuous learning
- reporting audit results to the SDO regarding contracting authority performance, and presenting other identified trends, such as the assessment of value for money completion rate, to the Finance and Corporate Oversight Committee.
Deliverables and timeline
The DG, Finance, Planning and Procurement Branch will
- update the File Audit documents by April 2025
- present a quarterly report on the file audit results to the SDO by May 2025
- present a consolidated report on the file audit results to the Finance and Corporate Oversight Committee by June 2025.
Oversight bodies
The directive requires that the PMF include clearly defined roles, responsibilities and accountabilities for the various governance committees involved.
Two governance bodies, the Executive Management Committee (EMC), formerly Operations Committee (OPS), and the Contract Review Board (CRB), have oversight responsibilities for procurement within the agency.
The CRB is a standing committee established by authority of the ACS, Corporate Strategy and Management and is the recommending body to them for procurement and contracting-related decisions and activities. Its purpose is to
- identify, assess, mitigate and manage risks associated with procurement activities and ensure compliance with the Financial Administration Act (FAA), and the Treasury Board (TB) Contracting Policy, the directive and GCRs review and make recommendations regarding proposals for changes emanating from new contracting strategies, audit results, etc.
The CRB fulfills this mandate by reviewing and challenging contracts that meet certain specifications, acting as a formal dispute resolution panel and reviewing mandatory reporting prior to its publication. The CRB mandate and the guide to the DCMF provide direction on when and how gatekeeping approval of contracts is required. Together, these documents provide clear instruction on when contracts are to be sent to the CRB for review and challenge. Meeting minutes and other records indicate that the CRB is active in fulfilling its role and responsibilities, while file testing confirmed that, with few exceptions, the CRB reviewed procurements as directed in its mandate.
Although the CRB mandate includes reviewing and making recommendations regarding proposals for changes to procurement processes, it did not appear to have been active in this role during the scope period of the audit. This role appears to have been performed by the OPS (now EMC).
The Terms of reference (ToR) for the OPS (and the draft ToR for the EMC currently being finalized) does not explicitly reference procurement, but states that it is responsible for strategic operational oversight across the organization. The committee reviews and tracks progress on key operational objectives and targets for programs across the organization, provides a challenge function to ensure quality and value for money, and advises on operational efficiency. It is the forum for risk management of high-profile operational activities and it ensures the oversight of all operational activities. The draft ToR for the EMC specifies the same or similar elements in its mandate.
The guide states that MACS provides an update on procurement to the OPS (now EMC) on a biannual basis that identifies high-risk contracts, provides awareness about the procurement landscape, and updates the committee on initiatives and changes that will impact the agency. Notably, in April 2024, MACS presented to the EMC an update on the procurement landscape and changes to the agency's procurement processes resulting from new direction from TBS and PSPC. However, records indicate that MACS has not presented to the EMC (or OPS) on a biannual basis, as planned. They presented to the EMC (or OPS) once in 2021/2022, once in 2022/2023 and once in 2024/2025, but did not present to the EMC (or OPS) on the procurement landscape in 2023/2024. However, the MACS did provide frequent updates to senior management on contract spending through Strategic Management Committee (SMC) during 2023/2024.
Recent events in government procurement have resulted in increased scrutiny in certain areas, and recent audits and reviews have further highlighted government-wide control weaknesses in these areas. While not explicitly required by the directive, the agency may wish to consider establishing a defined role for governance bodies in overseeing the following areas of procurement:
- contracting with Indigenous businesses
- wrongdoing in procurement activities
- workforce supplementation through contracting
- monitoring the adequacy and effectiveness of the agency's processes and tools to support procurement decisions.
The value that oversight bodies can bring to these areas may be influenced by the value, complexity and risk of the agency's procurements, and management may determine that the involvement of a greater oversight body is not necessary in some or all the identified areas.
Monitoring and data on procurement
Recent government procurement-related events have raised public awareness and concern over wrongdoing and compliance with the directive. The audit examined the agency's collection and use of procurement data to monitor these areas.
The agency has implemented a robust Integrity and Respect program that includes a process for reporting and investigating possible wrongdoing. Other controls embedded within the procurement process help mitigate possible wrongdoing, including complying with PSPC's integrity regime, appropriate segregation of duties that ensure no single individual has unchecked authority over critical procurement decisions and financial payments, and requiring bid evaluators to declare any potential conflicts of interest before undertaking bid evaluations. In terms of monitoring procurement data for detection of wrongdoing, contracting authorities review procurement histories for evidence of possible contract splitting, and the procurement team regularly reviews details of purchases made on acquisition credit cards to look for signs of abuse.
The agency prepares several mandatory reports for TBS and other central agencies that support the monitoring of compliance with certain requirements of the directive, other policy requirements or specific government objectives. These reports address topics such as green procurement, contracting with former public servants, contracting with Indigenous businesses and proactive disclosure, among others.
To monitor broader compliance on individual procurement files, the agency has developed a comprehensive file audit program whereby MACS selects a sample of procurement files each year for a quality assurance review. This process helps to assess compliance with the requirements of the directive, identify areas of weakness in the procurement process and areas of development for contracting authorities. However, as previously noted, these file audits were not performed during the period of the audit scope.
Recommendation
Issues identified in this section are addressed by recommendation 2 in the previous section.
Professional service procurement solicitations
The audit team reviewed a sample of 10 competitive professional services procurements and 10 non-competitive ones, where the agency acted as the contracting authority to assess compliance with the agency's PMF, and key legal and policy requirements.
Expenditure initiation and section 32 were appropriately performed.
Expenditure initiation and section 32 of the FAA were performed by an individual with the right delegated authorities for all competitive and non-competitive files sampled.
Justification for sole sourcing in non-competitive procurements was, in most cases, documented and valid, although key documentation was missing in two files.
The GCRs require the solicitation of bids unless the contract meets one of the exceptions outlined in Section 6. The exceptions are as follows:
- The need is one of pressing emergency, for which delay would be injurious to the public interest.
- The estimated expenditure does not exceed
- $25,000, in the case of a goods contract
- $100,000, in the case of a contract to be entered into by the Minister of International Development for the acquisition of architectural, engineering or other services required for the planning, design, preparation or supervision of an international development assistance program or project
- $100,000, in the case of a contract for the acquisition of architectural, engineering or other services required for the planning, design, preparation or supervision of the construction, repair, renovation or restoration of a work
- $40,000 in the case of any other contract to which these regulations apply.
- The nature of the work to be contracted is not in the public interest to solicit bids for.
- Only one person is capable of performing the contract.
The use of one of these exceptions must be fully justified, with appropriate documentation included in the contract file. Where exception (d) has been invoked to allow a sole source goods or services contract, seven additional questions established by TB must be considered and answered by the contracting officer with assistance from the business owner.
Justification for sole sourcing was found to have been documented and valid in all but two instances, where supporting documentation was only partially complete. In one case, the Sole Source or Limited Tendering Certification was missing identifying information for the procurement, such as requisition number, description of the requirement, estimated expenditure and proposed supplier. In another case, the answers to the mandatory TB seven questions were not on file and could not be located by the contracting authority.
For competitive procurements, bid solicitation methods and evaluation criteria were clearly outlined in bid solicitation documents and were not deemed to be unnecessarily restrictive, unfair or biased.
The audit found that, for all 10 competitive files sampled, the bid selection method and evaluation criteria were clearly defined and included in request for proposal (RFP) documents. RFPs defined the mandatory and points-rated technical criteria (where applicable), and clearly defined the bid selection method (e.g., lowest compliant; 60% for technical merit and 40% for the price) to be employed in identifying the successful bidder. The RFP also provided clear direction on asking questions and included instructions on bid submission.
The audit did not identify any of the 10 competitive files sampled as having statements of work, work descriptions or evaluation criteria that were restrictive, unfair or biased. Statements of work outlined and defined the work to be carried out, the objectives to be attained and, most often, the time frame for the work. However, in two cases, the procurement vehicle or selected work stream did not align well with the statement of work (discussed below).
For two of the sampled competitive procurements and one of the sampled non-competitive procurements, the required services did not align with the selected ProServices category. Other administrative errors were also noted in the bid evaluation of the sampled procurements.
ProServices is the mandatory method of supply for professional services for requirements valued below the Canada–Korea Free Trade Agreement threshold. It is a supply arrangement, not a contract. Supply arrangements allow departments and agencies to solicit bids from a pool of pre-qualified suppliers for specific requirements. ProServices enables suppliers to be pre-qualified in 1 or more of 185 categories spanning 15 streams.
As part of the solicitation process, contracting authorities are required to compare the available ProServices categories with the department and agency requirements. When a suitable category is selected, the contracting authority searches the Centralized Professional Services System (CPSS) ePortal to identify qualified suppliers. A minimum of two pre-qualified suppliers are then contacted with an RFP, although it is recommended to select more than the minimum of two suppliers. Where no category can be identified as covering the requirement, the contracting authority is to request an exemption from PSPC by providing a rationale for the reason that the requirement does not fall under the categories considered.
Most of the ProServices categories are broken down into three levels of expertise (e.g., junior, intermediate and senior) and each level of expertise has a minimum mandatory qualification, which is defined in the flexible grid. Thus, before a pre-qualified supplier includes a resource in its proposal, the resource must meet the minimum mandatory qualification associated with the level of expertise of the category. The flexible grid should be kept on file to demonstrate that the selected supplier was capable of performing the work and fulfilling the requirements.
In one competitive procurement, pre-retirement training courses were solicited under ProServices category 8.5 'Compensation consultant'. This category did not align with the needs identified in the Statement of Work, which included, among other things, that training provides attendees with "knowledge of the effects of aging on the body, the effects of healthy nutrition, how to control stress and stay physically fit" and help them "prepare psychologically for retirement, how to manage time and consider alternative living arrangements." Only one supplier submitted a bid on this RFP.
In a second competitive procurement file, a tailored phishing awareness program was solicited under ProServices stream 9.2 'Business continuity consultants',Footnote1 rather than a more suitable information technology category within ProServices. Only one supplier submitted a bid on this RFP.
In the non-competitive procurement file, the contracting authority searched the CPSS ePortal for suppliers under the category 8.1 Human resources consultant to provide pre-retirement training courses. As with the competitive procurement of pre-retirement training courses, this category also did not align with the needs identified in the Statement of Work.
While there was limited documentation on either file indicating why the specific ProServices categories were selected, information gathered from MACS representatives suggested that the business owners likely identified a supplier they considered to be appropriate to provide the service, and that the selected streams were based on the categories under which those suppliers had qualified. Given that the categories selected were not aligned with the work to be performed, it would be expected that other pre-qualified firms in these categories would not have submitted bids.
Other significant errors were noted in the sample of competitive and non-competitive files. In three cases, assessments against the flexible grids were improperly (or not) conducted.
- For the competitive pre-retirement training procurement, information was submitted by the bidder for multiple "consultants" when only one was required by the RFP. Nonetheless, the bid evaluation team assessed three of the submitted resources. Evaluated resources were given passing scores, despite the resources not meeting the minimum requirements of the category and level.
- For another competitive procurement, no flexible grid was submitted by the bidder and no assessment was conducted.
- For the non-competitive pre-retirement training course, the contract did not specify the category and level of resources required and did not identify the specific resources that would provide the service. Thus, no evaluation of contracted resources against the flexible grids could be performed. Further, the contract was improperly established as a firm price for four, two-day webinars, rather than providing a breakdown of contracted resources and their per diem rates.
Price support documentation supported that the contract price was fair and reasonable for some, but not all, procurements.
Price support documentation to ensure that the contract price was fair and reasonable was on file for 8 of 10 non-competitive files reviewed. In all 6 of 10 competitive files where only one bid was received or deemed responsive in competitive files, there was no evidence of the contracting authority having validated the price submitted by the bidder as fair and reasonable. This is a necessary step when competitive processes are unsuccessful in generating multiple bids.
Recommendation
Issues identified in this section are addressed by recommendation 2.
Contracts and amendments
Contracts were on file and signed by individuals with appropriate delegated authority, although administrative errors were noted in one instance of contracting involving a former public servant (FPS).
For all files sampled (competitive and non-competitive), a copy of the signed, written contract was on file, signed by an individual with delegated authority.
As part of the review, the audit team sought to confirm that contracts with FPSs were justified, documented and approved as required. Only 1 of the 20 files sampled was identified as having been established with an FPS. In this case, the procurement file was missing a justification for contracting with a former public servant, including price substantiation, risk mitigation and cost control measures to adjust for pension or lump-sum payments, as required by the directive. The procurement file was also not reviewed and pre-approved by the CRB, as expected under the CRB's mandate.
Documentation was generally on file to justify and substantiate contract amendments, and amendments were signed by individuals with the appropriate delegated authority.
Of the 20 files sampled (competitive and non-competitive), 9 included a total of 22 contract amendments. Reasons for amendments included increasing contract dollar amounts to support the provision of additional services, extending expiry dates, exercising option years and amending general conditions.
All amendments were signed by an individual with the appropriate delegated authority, and documentation was on file to justify and substantiate most amendments. Contracting authorities completed Amendment Summary documents (i.e., the MACS-developed template) to document both the business owner's reason for requesting the amendment and to provide their own justification for the amendment. However, an Amendment Summary document was not on file in three instances, and the Amendment Summary was not signed as approved (i.e., for unplanned amendments) in two instances.
In all but one instance, the security status of the resources proposed by the successful bidder were verified and confirmed to meet requirements prior to contract award.
Security requirements were identified for six of the procurements sampled (competitive and non-competitive). For all but one of these files, there was documentation indicating that the security status of the resources proposed by the successful bidder was verified and confirmed to meet requirements at the time of contract award. For one file sampled, the supplier's bid submission included the security levels and certification numbers for each proposed resource, but there was no evidence that this information was verified with Security.
There was no evidence found on file of the monitoring of supplier performance by contracting authorities.
The audit looked for evidence within file documentation that, as per the expectations of the directive and the PMF, there was oversight to monitor performance and to ensure that the delivery of services met the provisions of the contract (e.g., in terms of quality, standards, service levels).
The directive states that
- business owners are responsible for informing contracting authorities of supplier performance, including both the challenges and achievement of key deliverables as they arise.
- contracting authorities, in consultation with business owners, are to monitor, document, investigate and discuss supplier performance issues as they arise.
- contracting authorities are responsible for ensuring that accurate and comprehensive procurement records applicable to the contract file are created and maintained to facilitate management oversight and audit.
Further, the roles and responsibilities of the agency's contracting authorities in monitoring and overseeing established contracts are defined across several documents and templates in the PMF:
- MACS has established a "bring forward" system to support contracting authorities in monitoring contract expiry dates and conducting follow up on other matters.
- MACS has established a Matrix of Responsibilities that defines the roles and responsibilities of contracting authorities in relation to, among other things, contract management. These responsibilities include resolving contractual problems, monitoring compliance with the terms and conditions of contracts, determining that goods and services received are in accordance with contracts, and sending renewal notices to business owner 3 to 6 months prior to contract expiry dates.
- MACS has established a process for conducting regular audits of a selection of procurement files for quality assurance purposes and career development. The audit template indicates that evidence of contracting authority activities in contract management could include providing observations or advice on expenditures and invoices, monitoring delivery schedules (i.e., ongoing communication, at milestones or end of the contract), identifying potential problems before corrective actions is required, and dealing with disputes.
The audit found little to no evidence of contracting authority involvement during contract administration in the files that were reviewed. No evidence was noted of business owners informing contracting authorities of supplier performance problems, or of contracting authorities monitoring, documenting, investigating or discussing supplier performance issues with business owners. The files reviewed also did not contain any documentation indicating whether value had been obtained from the contract. Without this information, it is difficult to know whether the contracts were successfully delivered as expected under the contract or whether the business owner chose to let the contact expire, to re-perform the work of the contractor, or to accept substandard deliverables without notifying the contracting authority. However, following new guidance from TBS and PSPC, in May 2024, the agency introduced a value for money assessment for professional services procurements to strengthen oversight. At contract close-out, budget holders are now required to submit a final document that assesses the value for money obtained from the contract. This evaluation will help to ensure that taxpayer dollars are being spent efficiently and effectively, and could provide insight into supplier performance.
Although a conflict of interest was noted on one file, public servants and public office holders otherwise maintained the integrity of the procurement process in our sample.
The audit found no evidence to indicate that public servants involved in the procurements engaged in behaviour that would breach the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest in 19 of the 20 files sampled.
There was one instance of an employee being involved in the bid evaluation process of a procurement that included a bidder with whom the employee had previously declared a conflict of interest. The employee had made the declaration 11 months prior to the bid evaluation through the agency's Values and Ethics process but did not disclose the information to the contracting authority at the time of the bid evaluation. In this case, the bidder involved in the conflict was not awarded the contract. The Values and Ethics team immediately undertook an investigation when notified of the conflict by the MACS team.
The audit team noted that no processes are currently in place to proactively check existing conflict of interest declarations for employees involved in a procurement process. However, employees are reminded of their obligation to disclose any possible conflicts at the outset of each bid evaluation process.
Certification authority – Section 34 was properly performed on all sampled files, although supporting documentation could be strengthened.
Section 34 – Certification Authority (Account Verification) of the FAA is key to procurement. It states that, before a payment is made, managers exercising their financial authorities must ensure that work specified in contracts has been performed, that goods have been received and that the amount(s) charged agree with the price stipulated in the contract.
The audit team sampled a selection of 23 payments for a subsample of the procurements under review. The audit found that certification authority was performed by someone with the delegated authority to do so and appropriately verified the accuracy of the payment requested in all sampled payments. The certification was performed in a timely manner for all but one payment. Of note, invoices for the sampled payments usually did not include sufficient granularity to adequately document the services performed (e.g., timesheets detailing specific times and work performed) in the sampled files. However, the agency's finance function recently implemented new procedures to ensure that this information is consistently on file for all future payments. For new contracts, suppliers will be required to complete a report to accompany their invoices, providing detailed information on the work performed. Budget holders will validate this information and submit the documentation along with payment requests.
Recommendation
It is recommended that the ACS, Corporate Strategy and Management ensures the following:
- Controls are implemented to proactively check existing agency records for possible conflicts of interest for any agency employees (or deemed employees) involved in a procurement process.
Note: Other issues identified in this section that are not covered by recommendation 3 are addressed by recommendation 2.
Management response
Management agrees with the recommendation.
MACS will collaborate with the Values and Ethics team to develop a conflict of interest verification process. In the interim, MACS is reviewing bidder names and evaluation team members for one "at-risk" division before proposals are transferred to the business owner as a risk mitigation measure.
Deliverables and timeline
The DG, Finance Planning and Procurement Branch and the DG, Workforce and Workplace Branch will
- develop, implement and document a procedure for the Procurement, Financial Systems and Internal Controls Division to verify conflicts of interest in the procurement cycle by March 2025.
Proactive disclosure
Contracting data associated with sampled contracts was not always disclosed accurately on Canada's Open Government Portal.
The Access to Information Act requires government entities to proactively publish information on contracts with a value of over $10,000, a contract amendment when it modifies the contract value to exceed $10,000, and amendments to contracts that increase or decrease the value of a contract by more than $10,000.
Consistent with these requirements, the audit found that all but one of the contracts sampled were posted to the Open Government Portal. However, the audit noted that, of the remaining contracts that were posted,
- two contracts were posted using an incorrect supplier name
- two amendments that exceeded $10,000 were not posted
- multiple minor discrepancies were identified with respect to the contract start and end dates posted.
MACS identified problems with proactive disclosure information prior to the start of the audit and has been working to make the necessary corrections and implement new controls to address the causes of the errors.
Recommendation
It is recommended that the ACS, Corporate Strategy and Management ensures the following
- Work underway to correct proactive disclosure errors is completed; that weaknesses in the process that led to disclosure errors are identified; and that new controls to ensure the accuracy, completeness and timeliness of proactive disclosure reporting are implemented.
Management response
Management agrees with the recommendation.
The Special Projects team will continue to
- review high-risk data elements on contracts and amendments over $10,000 to ensure alignment with the legally binding contract and republish the information on open.canada.gc.ca.
- Periodically update the Reporting Details Help Sheet based on identified trends to assist contracting authorities with accurate data entry.
- Review, analyze and correct the Supplier ID tables and financial mapping in the Common Departmental Financial System (CDFS) to improve data accuracy and quality.
- Create a CDFS user guide with explanations, scenarios and departmental standards to support contracting authorities in navigating the system.
Deliverables and timeline
The DG, Finance Planning and Procurement Branch will
- sample proactive disclosure reports that have been reviewed and republished, by June 2025.
- Update the Reporting Details Help Sheet document that will assist the contracting authority when entering procurement data by June 2025.
- Update the CDFS user guide that will assist the contracting authority when entering procurement data by June 2025.
Appendices
Appendix A: Audit criteria
| Audit criteria | Policy instruments and sources |
|---|---|
|
|