Audit of Procurement

April 15, 2016
Project Number: 80590-93

Executive summary

Statistics Canada was established to ensure that Canadians have access to a trusted source of statistics on Canada to meet their highest-priority needs. The agency's mandate derives primarily from the Statistics Act. The act requires that Statistics Canada collect, compile, analyze and publish statistical information on the economic, social and general conditions of the country and its people. It also requires that Statistics Canada conduct a census of population and a census of agriculture every fifth year, and that the agency protect the confidentiality of the information with which it is entrusted.

The agency's organizational priorities include the delivery of a comprehensive set of statistical programs in conformity with Statistics Canada's Quality Assurance Framework. These programs provide Canadians with access to timely, relevant and quality statistical information on Canada's changing economy and society for the purposes of informed debate, research and decision making on social and economic issues. They include programs for economic statistics; social statistics; and census, demography and Aboriginal statistics.

Statistics Canada is subject to the Government Contracts Regulations (GCR) when contracting for goods and services. In addition, Treasury Board (TB) contract directives and other appendices and sections govern contracting in the public sector. These regulations and directives consist of both mandatory and optional requirements.

The objectives of the audit were to provide reasonable assurance to the Chief Statistician and the Departmental Audit Committee (DAC) that

  • the framework that supports procurement and contracting activities is appropriate, comprehensive and effective
  • procurement and contracting activities comply with applicable policies, procedures, trade agreements, laws and regulations.

The audit work focused on the examination of documents, interviews with key senior management and personnel, and a review for compliance with relevant policies and guidelines.

The field work included reviewing, assessing and testing the processes and procedures in place with respect to procurement activities. A sample of transactions was selected for testing, based on a combination of systematic and risk-based judgmental approaches, to ensure sufficient coverage of the various types of transactions. Acquisitions processed through acquisition cards held by Materiel and Contract Services (MACS) were deemed to be of low materiality and low risk, and were excluded from the scope of this audit.

The scope of the audit included the following elements as they relate to sections 32, 33, 34 and 41 of the Financial Administration Act (FAA): roles, responsibilities, accountabilities, authorities, policies, procedures and monitoring mechanisms. Coverage included the acquisition of both goods and services. The audit included contracts under Statistics Canada's own delegation of authority issued from April 1, 2014, to September 30, 2015.

The audit was conducted by the Internal Audit Division in accordance with the Government of Canada's Policy on Internal Audit.

Key findings

The framework supporting procurement and contracting activities is appropriate and effective. Authorities and accountabilities are well defined and ensure rigour is applied throughout the procurement process.

Key controls embedded in the procurement process are generally effective in ensuring that policies, directives and guidelines are respected. There is an opportunity to strengthen controls with regard to regional procurement activities.

The Contract Review Board (CRB) and the Finance Branch staff provide effective oversight of procurement activities. The CRB could further enhance its risk-management role by reviewing emerging contracting risks, results of monitoring activities, and available MACS activity reports.

Statistics Canada's procurement and contracting activities are generally compliant with relevant legislative requirements, TB and Public Services and Procurement Canada (PSPC) policies, and the GCR.

Most notably, testing results revealed that appropriate procurement vehicles are used; sole-source justifications are on file and well documented; security requirement clauses are aligned with Statistics Canada's Directive on the Security of Sensitive Statistical Information; contracts are approved by individuals with the appropriate delegated authority; and, in all cases, evidence to certify the receipt of goods or services was available.

In contrast, the current process to meet proactive disclosure requirements must be strengthened to ensure compliance.

Overall conclusion

Statistics Canada has established a strong framework to support its procurement and contracting activities. Furthermore, it is generally effective in respecting policies, directives and guidelines. The framework could be strengthened by clarifying the dispute resolution process and enhancing oversight activities.

Statistics Canada's procurement and contracting activities are generally compliant with relevant legislative requirements, including the FAA and the TB contracting policy. The proactive disclosure process must be strengthened to ensure compliance with policy requirements.

Conformance with professional standards

The audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada, which include the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing.

Sufficient and appropriate audit procedures were conducted, and evidence gathered, to support the accuracy of the findings and conclusions in this report, and to provide an audit level of assurance. The findings and conclusions are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The findings and conclusions are applicable to the entity examined and for the scope and time period covered by the audit.

Steven McRoberts
A/Chief Audit Executive

Introduction

Background

The Treasury Board Secretariat's contracting policy applies to all federal departments and agencies. The objective of this policy is to acquire goods and services in a manner that enhances access, competition and fairness, and results in best value or, if appropriate, the optimal balance of overall benefits to the Crown and the Canadian people.

The policy sets out that "government contracting shall be conducted in a manner that will

  • stand the test of public scrutiny in matters of prudence and probity, facilitate access, encourage competition, and reflect fairness in the spending of public funds
  • ensure the pre-eminence of operational requirements
  • support long-term industrial and regional development and other appropriate national objectives, including Aboriginal economic development
  • comply with the government's obligations under the North American Free Trade Agreement, the World Trade Organization Agreement on Government Procurement and the Agreement on Internal Trade."

There is a very broad range of procurement requirements at Statistics Canada for areas such as survey management, transportation services, professional services or consulting, and goods for the Census Program, as well as for information technology (IT) hardware and software.

Statistics Canada is subject to the GCR when contracting for goods and services. In addition, TB contract directives and other appendices and sections govern contracting in the public sector. These regulations and directives consist of both mandatory and optional requirements.

At Statistics Canada, the Materiel and Contracts Services (MACS) section facilitates the procurement process; however, much of the accountability for contract management rests with the cost-centre managers, who are considered the project authority. The mission of MACS is to assist the project authority in contracting for goods and services. Its role is to help the cost-centre managers ensure cost-effective acquisition, use and disposal of materiel assets by applying expert knowledge of related Government of Canada and Statistics Canada policies and procedures.

Table 1: Statistics Canada's recent procurement activities, by fiscal year
  2013/2014 2014/2015
Under $25,000 Number of contracts 2,742 2,393
Total amount ($) 6,857,055 6,087,534
$25,000 and over Number of contracts 251 128
Total amount ($) 58,338,729 42,168,496

Audit objectives

The objectives of the audit were to provide reasonable assurance to the Chief Statistician and the DAC that

  • the framework that supports procurement and contracting activities is appropriate, comprehensive and effective
  • procurement and contracting activities comply with applicable policies, procedures, trade agreements, laws and regulations.

Scope

The scope of the audit included the following elements as they relate to sections 32, 33, 34 and 41 of the FAA: roles, responsibilities, accountabilities, authorities, policies, procedures and monitoring mechanisms. Coverage included the acquisition of goods and services. The audit team reviewed contracts under Statistics Canada's delegation of authority that were issued from April 1, 2014, to September 30, 2015. Acquisitions processed through acquisition cards held by MACS were deemed to be of low materiality and low risk, and were excluded from the scope of this audit.

Approach and methodology

The audit work focused on the examination of documents, interviews with key senior management and personnel, and a review for compliance with relevant policies and guidelines.

The field work included reviewing, assessing and testing the processes and procedures in place with respect to procurement activities. A sample of transactions was selected for testing. The sampling strategy included both a systematic approach and a judgmental approach to ensure adequate coverage of the procurement environment. This environment includes the various procurement vehicles used, the dollar-value thresholds and the various types of professional services acquired.

Authority

The audit was conducted under the authority of the approved Statistics Canada integrated Risk-based Audit and Evaluation Plan, 2014/2015 to 2018/2019.

Findings, recommendations and management response

Framework supporting procurement and contracting activities

The framework supporting procurement and contracting activities is appropriate, comprehensive and effective. Authorities and accountabilities are well defined and ensure rigour is applied throughout the procurement process.

Key controls embedded in the procurement process are generally effective in ensuring that policies, directives and guidelines are respected. There is an opportunity to strengthen controls with regard to regional procurement activities.

The CRB and the Finance Branch staff provide effective oversight of procurement activities. The CRB could further enhance its risk-management role by reviewing emerging contracting risks, results of monitoring activities, and available MACS activity reports.

Procurement and contracting activities should be supported by a framework that includes clear authorities; guidelines; and a control environment that is appropriate, comprehensive and effective. Key elements of the control environment include the establishment of roles and responsibilities for key stakeholders; clear accountabilities for those with delegated authority; and systems, procedures, tools and management oversight to ensure that consistency and rigour are applied throughout the process.

Authorities and guidelines are clearly defined and ensure rigour is applied throughout the procurement process

Policies and directives for procurement are set by the Treasury Board, and guidelines and procedures for procurement are established at the departmental level. The Delegation of Financial Signing Authorities (DFSA) is the instrument of delegation of authority used across the federal government to manage risks associated with procurement and expenditure initiation. It is also used for formal communication of established authorities. At Statistics Canada, authorities for contract approvals are clearly defined and communicated through the DFSA.

A client guide developed by MACS summarizes the TB contracting policy requirements and covers the contracting process. It also includes a description of standard contracting and acquisition methods for the Government of Canada, as well as an overview of the principles, rules and regulations governing contracting. In addition, the Self-service Hub, which is an evergreen portal to access descriptions of all administrative procedures, provides step-by-step procedures on how to request a contract or engage temporary help services. Policies, directives, guidelines and standards are effectively communicated to all relevant stakeholders and reviewed on a continuous basis through the Hub.

Roles, responsibilities and accountabilities are well defined

The Client Guide developed by MACS clearly and comprehensively defines roles, responsibilities and accountabilities in the following key areas:

  • approving requests for contracts
  • approving payments
  • developing statements of work (SOWs) and evaluation criteria
  • obtaining bids
  • managing contracts
  • closing out files.

The roles, responsibilities and accountabilities of the contract authority and the project authority are clearly defined in the TB contracting policy and in the Statistics Canada Client Guide. These guiding principles are also part of the mandatory training for those with project authority or spending delegation, and for contract authorities and contracting advisors. The responsibilities and accountabilities of the contract authority and the project authority are established, documented and made available to stakeholders.

Project authority

The project authority is the client program that is seeking to procure goods and services for the delivery of its programs. The project authority is responsible for establishing the contract requirements. This includes identifying financial resources, the qualifications of required resources, and the timing of contract requirements; obtaining the authorities for committing funds; and certifying the goods and services received. The SOW (for services) or the requirements specification (for goods) is used to document these requirements and serves as the basis for the supplier evaluation and for managing the contract.

The project authority must follow the process established and referenced in the various links on the Hub. The project authority submits a request for procurement services to the Support Centre for Acquisitions (SCA). Upon receipt of the request, the SCA creates a case file, and the request is sent for expenditure-initiation signature (section 32 of the FAA), according to the DFSA. When the request for procurement is returned, the SCA forwards the complete folder to MACS for processing.

For certain contracts, technical expertise is required to ensure that the goods and services acquired have the precise properties, components and qualifications required to meet the intended operational objectives. Statistics Canada has five areas where technical authorities are used during the procurement process:

  • IT hardware and software purchases
  • IT professional services
  • translation and communications services
  • library purchases
  • printing and publishing services.

The technical authority has a facilitative role in providing the expertise required for certain types of goods and services. It provides technical assistance to project authorities in drafting SOWs and evaluation criteria for requests for proposals. The mandate of the Information Technology Professional Services Provisioning Unit is outlined in the procedures for procuring IT professional services, available on the Internal Communications Network (ICN) and via the Hub.

Contract authority

The contract authority, who is represented by a contracting advisor in MACS, has the delegated authority to sign contracts under section 41 of the FAA. The contract authority is responsible for ensuring an open, fair and transparent process in the awarding of contracts. Contract amendments must also be authorized by the contract authority.

Regional offices have individuals delegated as the contract authority. These employees report to the Collection and Regional Services Branch. They do not report to MACS. MACS provides procurement and contracting training to regional staff, although it does not assume a direct oversight function for regional procurement activities.

The contract authority's responsibilities include the following:

  • developing responsive, creative and flexible procurement strategies
  • understanding the requirements of its clients and working with them to achieve their operational objectives
  • ensuring that the proposed procurement is within the client's mandate
  • reviewing and ranking bidders in collaboration with the project authority
  • ensuring that competitive requirements are observed according to regulations and policy
  • ensuring that departmental signing authorities are observed
  • ensuring that all policies and regulations are adhered to.

Upon receipt of a service request, MACS reviews the requirements established by the project authority and determines the appropriate procurement strategy for each case. If the procurement falls within Statistics Canada's delegation of authority, MACS seeks the necessary approvals for the procurement strategy, including the approval of the CRB, depending on the nature of the contract. Procurement details are then entered into the Common Departmental Financial System (CDFS). MACS is responsible for managing both competitive and non-competitive processes. For procurement that exceeds the agency's delegation of authority, MACS sends the request for processing to PSPC through the CDFS. In such cases, PSPC exercises the role of contract authority, and MACS becomes the technical authority.

Interviews with technical authorities and contract authorities confirmed that there is a clear understanding that the contract authority is responsible for the openness, fairness and transparency of the contracting process. MACS contracting advisors confirmed that their role is to take on the primary challenge function in ensuring that rules are abided by. They also play an advisory role, by ensuring that clients seeking to procure goods and services are aware of their responsibilities as project authority. However, they stated that there is ambiguity in how they should formally address issues, concerns or disputes that may arise, and whether these should be escalated to oversight bodies to ensure that they are satisfactorily resolved. The director general of the Operations Branch, who is responsible for MACS, stated that when disputes arise, contracting advisors, along with their chief, work in collaboration with the clients to resolve matters. They follow all the rules and identify, document and communicate any risks to the agency.

Key controls embedded in the procurement process are appropriate and generally effective

A number of systems and key controls are in place to ensure that procurement transactions are processed within the control framework and in accordance with the TB contracting policy and regulations, PSPC and agency policies, and the FAA.

The Service Request Management (SRM) system serves to communicate with internal clients and to store documentation. The SRM system is used for various operations at Statistics Canada. It is mostly used for IT service requests, but it is also used to manage requests and activities related to procurement and to record all relevant actions. In this way, it leaves an audit trail of approvals and ensures compliance with relevant policies and directives.

Contract authorities at headquarters also use two control tools in carrying out their responsibilities throughout the process: the Procurement Planning and Advance Review (PPAR), and the transaction checklist. These were reviewed for relevance and completeness.

The PPAR is a mandatory planning tool used for all procurement over $25,000, excluding local purchase orders, call-ups and procurement to be processed by PSPC. The PPAR is part of the procurement planning process and is used to formally document approvals before the procurement strategy for acquisition contracts is executed. Testing revealed that 15 out of the 16 files with a PPAR had the required approval signatures.

The checklist is a tracking tool that includes a list of all the required steps of the procurement process. It is used to ensure compliance with policy requirements and to ensure that necessary approvals are obtained. Contracting advisors must sign off on each step once it is completed. MACS requires that a checklist be used for each procurement file, as it is considered a key control in its process.

The audit team reviewed the checklist for completeness and relevance. While the checklist does include a comprehensive and relevant list of steps to be completed, it does not include a step for reviewing the openness and fairness of the technical aspects of the SOW and evaluation criteria. The audit team reviewed the checklists in contract files and found that, in many cases, the files had incomplete checklists or no checklist. When key controls, such as the checklist, are not used in lockstep with the other parts of the process, there is a risk that contracting advisors may not be applying a consistent approach in managing procurement files. This could lead to non-compliance with policies and directives.

MACS has established a quality-assurance regime by reviewing a sample of post-contract files to identify, assess, mitigate and manage risks associated with procurement activities and ensure compliance with the FAA, the TB contracting policy and the GCR.

MACS selects approximately 90 files per year on a sample basis. Files from each contracting advisor are included for a detailed peer review. Necessary corrective measures are identified, and contracting advisors are informed, to improve future performance. It should be noted that the MACS quality-assurance process for post-contract file review does not include any contract files from regional procurement activities. Including regional contracting files in the quality-assurance sample would provide some level of assurance on their compliance with policies and directives.

The Contract Review Board plays a key oversight role; however, its scope could be enhanced to provide a greater level of assurance on procurement activities

The CRB is a recommending body to the assistant chief statistician of the Census, Operations and Communications Field for decisions and activities related to procurement and contracting. The CRB is a standing committee established by the authority of the assistant chief statistician of the Census, Operations and Communications Field.

The CRB has a clearly communicated mandate, terms of reference, roles and responsibilities that are available on the ICN. Its mandate includes elements of risk management, strategic direction and oversight for high-risk contracts. The terms of reference of the CRB describe its responsibilities as follows:

  • oversight: review, challenge and pre-approve contracts that are high-risk
  • risk management: identify, assess, mitigate and manage risks associated with procurement activities, and ensure compliance with the FAA, the TB contracting policy and the GCR
  • strategic direction: review and make recommendations on proposals for changes that emerge from new contracting strategies and audit results.

CRB members review information for each file presented to them and provide their approval or denial via email to MACS. The CRB reviews, challenges and pre-approves the following types of contracts, call-ups (against standing offers), and amendments issued by the agency:

  • all contractual requirements for goods and services over $200,000.00 (including applicable taxes) requisitioned directly from Statistics Canada, regardless of whether they are to be the subject of competitive or sole-source contracts, including standing offers and supply arrangements
  • all contracts that are to be awarded to former public servants in receipt of a Public Service Superannuation Act pension (as defined in the contracting policy)
  • all contracts with a value within 10% of Statistics Canada's delegation of authority, as set out in Appendix C of the TB contracting policy, "Treasury Board Contracts Directive"
  • all non-competitive contracts for goods or services when both of the following conditions exist:
    • the value is within 10% of $25,000.00 (including applicable taxes)
    • GCR exception 6(b) is used (the estimated expenditure does not exceed $25,000.00, including goods and services tax or harmonized sales tax)
  • all advance contract award notices
  • amendments to non-competitively awarded contracts that bring the value over $25,000.00 (including applicable taxes).

A review of the CRB's terms of reference revealed that, in addition to the items identified above, MACS selects "high-risk" contracts for CRB review, challenge and pre-approval. The term "high risk" is not defined. The chief of MACS, responsible for vetting high-risk files for escalation purposes, defines high-risk contracts as those that have a high probability of failure in either the performance of the contract or the execution of the procurement strategy. Within the scope of the audit, a total of 61 procurement case files were sent to the CRB for review, which included 3 identified as high-risk files by the chief.

Interviews with staff and management involved in the procurement process identified other risk elements, which are not in the terms of reference of the CRB, but could pose compliance risks:

  • The management and resolution of disputes about technical aspects of procurement processes is a risk element.
  • Another risk element is the procurement of goods and services not channelled through the current procurement framework (i.e., justified non-compliance). The Finance Branch monitoring team identifies transactions that require justification for non-compliance, but they are not brought to the attention of the CRB. Without this information, the CRB does not have a full appreciation of the risks related to procurement within the agency, and corrective measures cannot be taken or considered.
  • The CRB does not have a formal role in reviewing contractual disputes or challenges initiated by the vendor community or caused by disagreements between the contract authority, the project authority and the technical authority. MACS confirmed that there is no conflict-resolution process in place for procurement and that the CRB is not involved in disputes. Such information would be beneficial to the CRB in its oversight and monitoring function. Currently, such situations are dealt with through meetings and discussions among stakeholders without the involvement of the CRB.

To strengthen the involvement of the CRB in the areas of risk management and strategic direction, industry practice suggests that governing bodies should review the following information:

  • the results of the MACS quality-assurance review process, including the review of procurement activities carried out in the regions
  • mandatory reports currently produced by MACS for external bodies, which include
    • quarterly reports on all service contracts awarded to former public servants in receipt of a pension under the Public Service Superannuation Act (to the minister)
    • the Annual Procurement Activity Report (to PSPC)
    • the Procurement Strategy for Aboriginal Business (to Indigenous and Northern Affairs Canada)
    • the performance report (to PSPC)
  • reports on justification for non-compliance (information about transactions that were processed outside the procurement framework).

The audit team noted that the CRB does not currently review the above sources of information produced by MACS, which could benefit the CRB in fulfilling its mandate. This information would enhance the risk-management role of the CRB and provide it with context on general trends related to procurement activities at Statistics Canada. This could be useful when making recommendations with regard to new contracting strategies.

Oversight conducted by the Finance Branch staff is effective in supporting the procurement process

The Finance Branch staff ensure that procurement and contracting transactions are recorded and managed through the CDFS at three verification points:

  1. Verification prior to committing funds (section 32 of the FAA)
  2. Pre-payment quality-assurance verification (section 34)
  3. Post-payment monitoring verification.

Through these control points, Finance Branch staff ensure that all required documentation is on file, including contract authority sign-off under section 41 of the FAA, and appropriate authorizations and approvals by the project authority.

Within the scope of the audit (April 2014 to September 2015), the expenditure process for procurement was administered manually and involved routing physical (or paper) forms and supporting documentation. It required up to six individual signatures per transaction (excluding the signature of the Receiver General once payment requisition makes it to PSPC).

Clear segregation of duties was in place for expenditure initiation, commitment authority (section 32 of the FAA), transaction authority (section 41), certification authority (section 34) and payment authority (section 33). Controls embedded in the CDFS module are effective in ensuring that requests for contracts and the subsequent contracts are approved only by authorized individuals.

To simplify the expenditure process, the Electronic Request Approval (ERA) system was created and began as a pilot project in June 2015. The system was fully implemented in December 2015, and all sign-offs for sections 32 and 34 of the FAA are now recorded electronically. Since the conduct phase of the audit ended in September 2015, the file review sample for the audit included only a few contracts that were processed through the ERA system. The files that had been processed through the new ERA system were compliant with contracting policies, directives and guidelines.

The Finance Branch monitoring team performs a post-payment review of transactions for compliance with the FAA. The team does not assess the appropriateness of the procurement vehicles used, as this is a MACS responsibility. When issues related to approvals under sections 32 and 34 of the FAA are detected, the project authority is notified by email of the situation and is required to take corrective measures to resolve it. This also applies to transactions that are generated outside the procurement framework (i.e., the contract authority did not sign under section 41). These instances are formally documented by the Finance Branch staff and recorded as requiring justification for non-compliance. The Finance Branch monitoring team reports incidents of non-compliance to MACS and the chief financial officer (CFO). After analysis, the CFO decides whether escalation or any remedial actions are required.

The audit team reviewed the transactions requiring justification for non-compliance. The majority of these items originated from subscription renewals and interdepartmental settlements, while others were for unforeseen circumstances or emergency situations that required immediate attention. Consequently, the CFO is required to make decisions on the eligibility for payment outside the procurement framework.

Instances of non-compliance detected by the Finance Branch staff are not currently subject to review by the CRB. As a result, individuals with delegated authority over procurement are not fully aware of risks to the agency associated with procurement and contracting.

Recommendations

It is recommended that the assistant chief statistician of Census, Operations and Communications ensure that

  • the dispute resolution process is formalized for contracting advisors in situations when they carry out their duty to uphold the openness and fairness of processes
  • contracting advisors are required to use the transaction checklist tool, as it is considered a key control tool
  • MACS uses regional contract files in its annual quality-assurance review of post-contract files to increase the level of assurance on compliance with policies and directives in regional offices
  • the mandate of the CRB is amended to require board members to periodically review MACS quality-assurance reports, mandatory reports provided to external bodies and reports on justification for non-compliance to further enhance their role in the areas of risk management, strategic direction and oversight of procurement activities.

Management response

Management agrees with the recommendations.

The mandate of the CRB, as well as its terms of reference, will be modified to include dispute resolution, and the modifications will be communicated to all stakeholders.

Deliverables and timeline: The director general of the Operations Branch will revise the CRB's mandate and terms of reference by summer 2016.

The transaction checklist tool will be replaced by a contract plan and advanced approval document that will be required for all procurement.

Deliverables and timeline: The director of the Corporate Support Services Division will develop and implement the contract plan and advance approval document by April 2016.

MACS will apply the current selection methodology to the regional contract files for its annual quality-assurance review of post-contract files beginning in April 2016. The results will be documented, and feedback will be provided to the regional contract authorities.

Deliverables and timeline: The director of the Corporate Support Services Division will include regional contracts as part of the annual quality-assurance review by April 2016.

The mandate and terms of reference of the CRB will be modified to include the review of the following reports:

  • the Annual Procurement Activity Report
  • the Public Sector Accounting Board Annual Report
  • the Annual Forecast of Contracts Awarded to Former Public Servants
  • the Quarterly Proactive Disclosure of Contracts Report
  • the Quarterly Former Public Servant Report
  • the Quarterly Contracting Activity Report
  • reports on the justification for non-compliance.

The CRB will hold quarterly meetings to discuss issues and analyze trends.

Deliverables and timeline: The director general of the Operations Branch will revise the mandate and terms of reference of the CRB by summer 2016; the CRB will begin holding quarterly meetings by the second quarter of the 2016/2017 fiscal year.

Compliance with applicable policies, procedures, laws and regulations

Statistics Canada's procurement and contracting activities are generally compliant with relevant legislative requirements, TB and PSPC policies, and the GCR.

Most notably, testing results revealed that appropriate procurement vehicles are used; sole-source justifications are on file and well documented; security requirement clauses are aligned with Statistics Canada's Directive on the Security of Sensitive Statistical Information; contracts are approved by individuals with the appropriate delegated authority; and, in all cases, evidence to certify the receipt of goods or services was available.

In contrast, the current process to meet proactive disclosure requirements must be strengthened to ensure compliance.

Procurement and contracting activities should comply with relevant legislative requirements, TB and PSPC policies, the GCR, and Statistics Canada's Directive on the Security of Sensitive Statistical Information.

Procurement practices at Statistics Canada are generally compliant with the Treasury Board contracting policy, directives and the Financial Administration Act

A broad legislative and policy spectrum establishes requirements for contracting activities within the Government of Canada. These include legislative requirements, such as contracting regulations and trade agreements, as well as TB and PSPC policy and procedural requirements.

The Government of Canada is committed to open, fair and transparent procurement and real property transactions. The requirement that all procurement and contracting activities be processed through contracting advisors is the key control to identify, assess and mitigate administrative and operational risks related to procurement and contracting. These risks include excessive sole-source contracts, contract splitting, improper use of contracting methods or vehicles, and risks related to the requirements of the Policy on Government Security.

To test the compliance of procurement activities carried out at Statistics Canada, a sample of 59 procurement files was selected for testing. The sample included 50 files from headquarters (MACS) and 9 files from various regional offices. The sample was selected based on a combination of systematic and risk-based judgmental approaches to ensure sufficient coverage of various types of transactions. Coverage of procurement vehicles and purchasing methods obtained through this sample is as follows:

  • for MACS at the head office, coverage included competitive processes (5), competitive standing offers or supply arrangements (8), non-competitive processes not involving standing offers or supply arrangements (21), the Professional Services Online automated purchasing tool (1), Task-Based Informatics Professional Services (4), traditional competitive processes (5), and procurement processed through PSPC (6)
  • for regional offices, coverage included competitive processes (5), non-competitive processes (3), and procurement processed through competitive standing offers or supply arrangements (1).

Key findings from the contract file review were as follows:

  • Procurement vehicle used

    The review of 59 procurement files revealed that, in all cases, the procurement vehicle used was in accordance with contracting policies, directives and guidelines. This included 10 files where mandatory standing offers were applicable.
  • Sole-source justification and review for indications of contract splitting

    Within the sample selected, 23 files involved a sole-source contract. The audit team found that, in all cases, the sole-source justification was on file and well documented.

    Interviews with MACS staff revealed that they do not search the vendor database for historical information that could provide an indication of potential contract splitting. The audit team reviewed the historical information on file for each of these suppliers and found no evidence indicating potential contract splitting.
  • Security requirements

    Statistics Canada is responsible for protecting the confidentiality of all sensitive statistical information to meet its legal responsibilities and support its reputation as a professional and trustworthy organization. Security requirements set by the project authority should be commensurate with the sensitivity of the information being accessed by contractors, in accordance with Statistics Canada's Directive on the Security of Sensitive Statistical Information.

    The review of 59 procurement files revealed that there is a process whereby staff of the security unit at Statistics Canada and at PSPC challenge the security requirements set by the project authority. For 56 of the 59 files reviewed, the required documentation was found in the respective procurement files. For the three files where documentation was absent, the audit team confirmed that the documentation for security verification was available as email confirmations to the contracting advisors. In all cases, the level of security set as a requirement was consistent with the Directive on the Security of Sensitive Statistical Information and appropriate for the sensitivity of the information being accessed.
  • Statements of work and evaluation criteria used to assess bidders

    The review of 59 procurement files revealed that SOWs and evaluation criteria were adequately established and well documented, and that the rationale was documented and included in each procurement file.

    Documentation for the evaluation process was generally comprehensive and complete. With the exception of two files, the evaluation was completed in accordance with the criteria in the request for proposals, and the evaluation form was signed and on file as required. The audit also found that MACS applies rigour in documenting cases involving disputes between the contract authority and a project authority, or between the contract authority and the vendor community. This is a good practice, as it leaves an audit trail for review by external stakeholders.

    Of the 59 procurement files reviewed, 2 files involved disputes on the use of evaluation criteria, where a complaint from the supplier community was made through PSPC regarding the use or application of evaluation criteria. After reviewing these two cases and following up with interviews with MACS staff, the audit team confirmed that the cases were resolved, but there is no established protocol in place at Statistics Canada for conflict resolution.
  • Contract Review Board approval

    Of the 59 procurement files reviewed, 9 cases required CRB approval as per documented procedures. In all nine cases, CRB approval was obtained and formally documented on file.
  • Authorization by delegated authorities

    or 58 of the 59 files reviewed, the Goods or Services Requisition form (form 1920) and the contracts were authorized by a person with the appropriate delegated authority. In one case, the 1920 form was not on file. This was a transaction of low dollar value processed through the library for a membership renewal. Such transactions are identified in the sample-based post-payment review process of the Finance Branch staff.
  • Contract amendments

    Of the 59 procurement files reviewed, 14 included contract amendments. The audit team reviewed documentation on file in support of amendments and found that, in all cases, amendments were justified and had been issued prior to the end date of the contract.
  • Proactive disclosure of contracts

    The TB contracting policy requires the disclosure of contracts with a value over $10,000. It also requires the disclosure of an amendment when its value is over $10,000, or when the amendment modifies the initial value of a contract to an amended contract value that is over $10,000.

    A review process is in place to ensure that the requirements for proactive disclosure are met. Prior to sending the list of contracts for posting on the website, the chief of MACS and the director general of the Operations Branch review and approve the list. Information that is posted for proactive disclosure is entered on the website by staff of the Dissemination Division. Once it has been entered, and before it is officially made available to the public, the contract information is reviewed again by MACS to ensure that it is correct and complete.

    The audit team verified that all contracts that required proactive disclosure had been posted on the PSPC website. Among the contracts included in the sample, 28 of the 59 contracts had a value over the $10,000 threshold and required disclosure. Results revealed that information for 5 of the 28 contracts was inaccurate on the website. Specifically, the published procurement vehicle was not the vehicle that was actually used. In addition, two contracts were not disclosed on the website as required by policy.
  • Evidence of deliverables for section 34 of the Financial Administration Act

    For all contracts included in the sample, evidence to certify that goods and services were received, as per section 34 of the FAA, was obtained and reviewed. Evidence was initially obtained from the Finance Branch payment files. In some cases, additional evidence of goods and services received was requested from the project authority, based on deliverables described in the SOW. The audit confirmed that there was sufficient evidence in the files to support the receipt of goods and services, which is required for the certification of payments under section 34 of the FAA.

    Statistics Canada's procurement and contracting activities were mostly compliant with relevant legislative requirements, TB and PSPC policies, and the GCR. Procurement and contract clauses were aligned with Statistics Canada's Directive on the Security of Sensitive Statistical Information. The current process to meet proactive disclosure requirements needs to be strengthened to ensure compliance.

Recommendations

It is recommended that the assistant chief statistician of Census, Operations and Communications ensure that

  • the current process to meet proactive disclosure requirements is strengthened to ensure transparency, fairness and compliance.

Management response

The current process to meet requirements for the proactive disclosure of contracts will be strengthened, better documented and closely monitored to ensure full compliance. Starting in the calendar year 2016, Statistics Canada will be able to publish its contracting activities quarterly on the new Open Government portal. The new process will merge the data elements of the Purchasing Activity Report with those of the Proactive Disclosure of Contracts. Once the new publishing system is released to all organizations, Statistics Canada will modify the documented process to reflect the changes.

Deliverables and timeline: The director general of the Operations Branch will amend the mandate of the CRB to include review and oversight of the process for proactive disclosure of contracts by summer 2016.

Appendices

Appendix A: Audit criteria

Appendix A: Audit criteria
Control objective / Core controls / Criteria Sub-criteria Policy instruments
Objective 1: The framework that supports procurement and contracting activities is appropriate, comprehensive and effective.
1.1 Statistics Canada has established a procurement and contracting framework that is documented and adequately communicated. 1.1.1 Policy and program guidelines exist, are communicated to all relevant stakeholders, and are reviewed on a regular and timely basis to guide procurement staff and client users in their daily activities.

1.1.2 Management and oversight bodies, including the Contract Review Board, have clearly communicated mandates that include, as appropriate, roles with respect to both monitoring and day-to-day administration of procurement and contracting.

1.1.3 Management receives complete and timely information related to procurement and contracting in support of decision making, and performs ongoing monitoring.
Statistics Act

Management Accountability Framework (MAF)

Various Statistics Canada guidelines

Treasury Board (TB) contracting policy

Policy on Government Security

Financial Administration Act (FAA)
1.2 Authority, responsibility and accountability are clear and communicated. 1.2.1 Sufficient and relevant information has been developed and communicated in a timely manner to the appropriate stakeholders, enabling them to perform their assigned responsibilities.

1.2.2 A clear and effective organizational structure is established and documented.

1.2.3 Authorities required for the approval of contract requests are clearly defined, established at the appropriate level and communicated.

1.2.4 Authority is delegated with consideration of risks (including materiality and complexity).

1.2.5 Issues, concerns and disputes are formally escalated to responsible authorities and are resolved in a timely manner.
Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA
1.3 Statistics Canada has comprehensive and well-integrated systems and procedures for the effective management of procurement and contracting activities. 1.3.1 Systems and procedures for the management of procurement and contracting are documented and communicated. Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA
1.4 Management identifies and assesses the existing controls that are in place to manage their risks. 1.4.1 Mechanisms are in place to identify, assess and mitigate administrative and operational risks related to procurement and contracting.

1.4.2 Employees are aware of values and ethics directives and understand where and to whom to report potential wrongdoing.
Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA
Objective 2: Procurement and contracting activities comply with applicable policies, procedures, trade agreements, laws and regulations.
2.1 Management has established processes to review, approve, solicit, award, and manage procurement and contracting activities in accordance with applicable central agency and departmental policies, directives and guidelines. 2.1.1 Procurement and contracting transactions are recorded and managed through the CDFS.

2.1.2 Requests for contracts are authorized by a person with the required authority.

2.1.3 The processes in place comply with relevant legislative requirements, TB and PSPC policies, and the GCR (this applies to issues such as former public servants, contract splitting, employer–employee relationships, sole sourcing and evidence of deliverables on file).
Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA
2.2 Financial and non-financial reporting with respect to procurement is reviewed and approved. 2.2.1 Procurement information is available for quality review and monitoring. Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy<

Policy on Government Security

FAA
2.3 There is appropriate segregation of duties. 2.3.1 Individuals responsible for the initiation of transactions (FAA section 32 on commitment) or approval of payment for transactions (FAA section 34) must not be the same individuals as those responsible for payment (FAA section 33 on requisition). Incompatible functions must not be combined. Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA
2.4 Records and information are maintained in accordance with policies, laws and regulations. 2.4.1 Responsibility for maintaining the contracting-related information is clearly assigned, understood and adhered to. Statistics Act

MAF

Various Statistics Canada guidelines

TB contracting policy

Policy on Government Security

FAA

Appendix B: Acronyms and initialisms

Appendix B: Acronyms
Acronym Description
CDFS Common Departmental Financial System
CFO Chief financial officer
CRB Contract Review Board
DAC Departmental Audit Committee
DFSA Delegation of Financial Signing Authorities
ERA Electronic Request Approval
FAA Financial Administration Act
GCR Government Contracts Regulations
ICN Internal Communications Network
IT Information technology
MACS Materiel and Contract Services
MAF Management Accountability Framework
PPAR Procurement Planning and Advance Review
PSPC Public Services and Procurement Canada
SCA Support Centre for Acquisitions
SOW Statement of work
SRM Service Request Management
TB Treasury Board
Date modified: