Paragraph 22.1(3)(a) of the Department of Public Works and Government Services Act provides the Procurement Ombudsman with the authority to review the procurement practices of departments to assess their fairness, openness and transparency.
In June 2013, the Office of the Procurement Ombudsman (OPO) received an anonymous letter alleging conflict of interest and unfair advantage pertaining to several Information Technology (IT) contracts being awarded by Employment and Social Development Canada (ESDC) to one IT company.
It was determined by the Procurement Ombudsman that reasonable grounds for the conflict of interest and unfair advantage allegation cited in the anonymous letter did not exist. However, the analysis of publicly available information performed during an expanded assessment, as well as the analysis of 11 complaints about ESDC received by OPO since 2008, resulted in several findings which pointed to possible systemic issues within ESDC's contracting practices:
Awarding of multiple IT service contracts, including Task Authorizations, with identical amounts and the same start and end dates;
Frequent contract amendments, which can include the exercising of contract option periods; and
Contract amendments that significantly increased the total contract value.
Consequently, and as per subsection 4(1) of the Procurement Ombudsman Regulations (the Regulations), the Procurement Ombudsman determined there were reasonable grounds to review the procurement practices of ESDC.
The objective of this review was to determine whether the procurement practices used by ESDC to acquire IT services were consistent with relevant policies and procedures, the Financial Administration Act (FAA) and any regulations made under it, and the principles of fairness, openness and transparency.
Scope and Methodology
The scope of the review focused on procurement practices used by ESDC for acquiring IT services for selected contracts during the period April 1, 2013 – August 31, 2014. Contracts selected were from the Innovation, Information and Technology Branch (IITB) and other branches within ESDC.
The review looked at the management control framework in place for procurement, specifically:
Internal policies and guidelines;
Roles and responsibilities;
Training and guidance;
Monitoring and reporting; and
Exclusions from this review were:
Acquisition card activity due to recent ESDC audit coverage and monitoring plans in place; and
Public Works and Government Services (PWGSC) administered contracts.
The review methodology included interviews with departmental staff, review and analysis of documentation such as internal policies and process maps, and procurement file review.
A judgmental sample of 40 files was selected with consideration given to identified risk factors including contract award dates, contract values and contracts with amendments.
Why this is important
As per the Treasury Board (TB) Contracting Policy, it is the responsibility of departments to "ensure that adequate control frameworks for due diligence and effective stewardship of public funds are in place" and operating as intendedFootnote 1. Having an effective procurement management framework in place, and operating as intended, is important for ensuring procurement is carried out in accordance with policy requirements, while mitigating risk, achieving best value and upholding the principles of fairness, openness and transparency.
The mission of ESDC is to build a stronger and more competitive Canada, to support Canadians in making choices that help them live productive and rewarding lives, and to improve Canadians' quality of lifeFootnote 2.
ESDC delivers a range of programs and services across three business lines:
ESDC delivers numerous benefits to Canadians, such as Old Age Security, Canada Pension Plan, Employment Insurance, and National Child Benefit, that account for 96% of the Department's total expendituresFootnote 4.
Procurement activity within ESDC is centralized. ESDC's Procurement Team is located within the National Capital Region as part of the Investment, Asset and Procurement Management Directorate and reports to the Chief Financial Officer. The Procurement Team is responsible for all contracting activity within the department, with the exception of acquisition card purchases.
In 2012-2013, the Innovation, Information and Technology Branch (IITB), which is the Department's provider of IT systems and services, entered into 300 contracts totalling approximately $134.7MFootnote 5, which accounted for 30% of ESDC's contracts in terms of value, and 7% of contracts in terms of volumeFootnote 6.
Task Authorizations (TAs) represent 70% of the IT services file populationFootnote 7 in scope for this review and accounted for 10% of the total value of contracts issued by ESDC in 2012-13Footnote 8.
Internal policies and guidelines
The TB Contracting Policy establishes the framework within which contracting authorities must be exercised. Departmental policies and procedures are to align with the requirements of the TB Contracting Policy, and departments are expected to have clearly defined roles and responsibilities for those exercising contracting authority.
ESDC has established internal guidance and processes related to procurement. ESDC's procurement policy and supporting documents were cross-referenced with the TB Contracting Policy and were determined to be consistent.
Last updated in July 2013, ESDC's procurement policy reflects the TB Contracting Policy requirement to use competitive contracting whenever practical in order to encourage competition and reflect fairness in the spending of public funds. ESDC's procurement policy provides detailed direction regarding exceptions to the requirements to solicit bids, contracting with former public servants and the use of Standing Offers.
While ESDC's procurement policy and guidelines are consistent with the TB Contracting Policy, OPO's analysis identified areas where additional direction could be provided, as it relates to IT services contracts, most notably with respect to the issuance and administration of Task Authorizations (TAs), contract amendments and documentation requirements.
A contract with TAs is a method of supply, which is used in service contracting situations when there is a defined need by a client to rapidly access one or more categories of service(s) outlined in the contract and that are expected to be needed on a repetitive basis during the period of the contractFootnote 9. Simply put, a TA is the administrative action to authorize work in accordance with the terms of a contract. TAs themselves are not individual contracts.
ESDC's procurement policy provides guidance on competitive and non-competitive contracting, including Standing Offers and Advance Contract Award Notices, but the policy is silent on TAs.
As noted in the background section of this report, TAs represent a significant volume of IT service procurement activity as well as the total procurement population at ESDC. Guidance pertaining to the use of TAs was drafted by the Department from July to November 2014; once integrated into the existing policy, it will support the consistent issuance and administration of TAs.
The TB Contracting Policy allows for contract amendments, but cautions that contracts should not be amended unless they are "in the best interest of the government, because they save dollars or time…or facilitate the attainment of the primary objective of the contract"Footnote 10. While amendments to existing contracts are at times necessary, they "often call for more administrative work and little can be done…to encourage the contractor to do additional work or respond to changes at the lowest possible cost"Footnote 11.
Amendments, including the exercising of contract option periods, were noted in 35% of the IT services file population in scope for this review; 45% of ESDC's procurement expenditures in 2012Footnote 12 were attributed to amendments.
ESDC's procurement policy refers to amendments; however, the reference is limited to defining what an amendment is and clarifying responsibility for amendments. Additional direction that supports the TB Contracting Policy requirement that "a full explanation of why costs will exceed the original contract level"Footnote 13 does not exist.
The TB Contracting Policy states that procurement files "be established and structured to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions including the identification of involved officials and contracting approval authorities"Footnote 14.
ESDC has developed and implemented checklists, specific to the type of procurement (i.e. non-competitive, Task Authorization); however, the checklists are process-based and do not indicate what documentation is required by the Department to be on file.
ESDC informed OPO that their departmental procurement policy is to be revised and updated next year, and that checklists are currently being modified to align with the new financial reporting system. These undertakings will provide the Department with the opportunity to address the areas identified above and to implement improvement measures.
Roles and responsibilities
Roles and responsibilities for the Procurement Team and IITB are clearly documented and communicated. Interviews and document review revealed that clients and procurement officers have a clear understanding of their responsibilities throughout the procurement process.
Within the Procurement Team, files are distributed amongst procurement officers according to expertise and complexity. Delegated contracting authority levels are documented for each procurement officer level; a PG-01 can authorize procurements up to $25,000 while a PG-05 can authorize up to $1.25M.
IITB, as a client of the Procurement Team, is responsible for specific tasks within the procurement process (e.g. developing the statement of work, receiving deliverables). To ensure procurement requirements are clearly defined and supported, all IITB procurement requests valued at more than $10,000 are documented in an IITB Rationale Form, and are reviewed and approved by the delegated financial authority and the Director of Resource Management before they are submitted to the Procurement Team for action.
While this formal review function exists in IITB, currently there is no such review board in place to support the Department as a whole.
Procurement training and guidance
Procurement training and guidance is available to procurement staff, primarily through the Department's intranet site (iService), internal on-line courses and the Canada School of Public Service. Examples of training provided include green procurement, Intellectual Property (IP) and an Aboriginal Affairs and Northern Development Canada led session on Comprehensive Land Claims Agreements. For the purpose of this review, the sufficiency and quality of the procurement training provided was not assessed.
ESDC procurement staff prepare individual learning plans (guided by performance evaluations and work objectives), which are then reviewed, approved and monitored by management.
Noted as a good practice, procurement officers proactively offer guidance to clients via email communications. Guidance includes a "contract management toolkit" which contains contract expenditure worksheets and FAA section 34 checklists, and developing statements of work, including templates for commonly procured services. Links to an on-line training ("Procurement 101") are also included. In addition, updates and changes to policy or procedures are communicated to procurement staff and clients through bulletins.
Monitoring and reporting activities
Departmentally, monitoring and reporting activities, that include procurement information, take place as follows:
Weekly "look-ahead" report for senior management;
Proactive Disclosure of all contracts and amendments greater than $10,000; and
Major Projects and Investment Board meets regularly to approve and monitor IT projects, which include procurements.
Within IITB, regular monitoring and reporting of procurement information occurs:
Corporate Management Tracker, which tracks all IITB transactions;
Task Authorization monitoring, which tracks the spend, amendments and dates of TAs;
A Chief Financial Officer Branch Work Chart, which is shared with the Procurement Team to track status of requisitions;
Review and approval of all procurement requests over $10,000;
Monthly scorecard report, which informs senior management of progress on implementation of IT projects; and
Chief Information Officer Executive Committee meets bi-weekly to review information, including procurement.
Within the Procurement Team, the following monitoring and reporting activities take place:
Annual Procurement Report, which captures overall procurement activity and provides trend analysis based on line objects, departmental purchasers and methods of supply;
Purchasing Activity Report (TBS);
Commodities-based multi-year trend analysis;
Informal staff review each other's procurement files;
Quality Assurance performed on all Request for Proposals valued at more than $100,000; and
Monitoring plans developed and implemented to address areas of concern (i.e. FAA section 32 certification that sufficient funds are available); if errors are detected, an action plan is required to ensure corrective action is taken.
The implementation of a new financial system (SAP) in April 2014 resulted in various procurement data irregularities, ranging from the improper carry-over of multi-year contracts from the previous financial system to duplicate entries in the SAP materiel management module. During this review, 3/40 (8%) of sample files had to be replaced due to duplicate file numbers or improper carry-overs.
In order to correct these inaccuracies, and to ensure the data represents the actual procurement activity, the Procurement Team has undertaken a 100% validation exercise of 2,176 procurement transactions.
While there are numerous monitoring and reporting activities occurring, such as the quality assurance review of all request for proposal (RFPs) over $100,000 and IITB's approval of all contracting over $10,000, a systematic, risk-based approach to the monitoring of departmental procurement, which includes a departmental-wide challenge function, was not evident; no other evidence of a departmental risk-based approach or framework was provided during the examination phase of this review.
Though not required by the TB Contracting Policy, the Policy does state that "contracting authorities are encouraged to establish and maintain a formal challenge mechanism for all contractual proposals"Footnote 15. Contracting review board mechanisms are considered to be a best practice by OPO, as "the procurement challenge and oversight function is a key component of the broader set of management controls that are used to ensure the sound management of government procurement"Footnote 16.
As described in the TB Contracting Policy, these mechanisms can range from formal review boards to regional advisory groups, depending on the size of the department. Membership can be composed of senior financial and procurement officers, as well as members from different program areas, to ensure there is balance and independence in the review process. The mandate can be established according to procurement activity and risk factors (e.g. contracts where the value is close to trade agreement limits) that are approved by senior management.
A departmental-wide challenge mechanism would help ensure IT services contracting activity is consistent with the management framework, addresses corporate risks and supports departmental priorities and the principles of fairness, openness and transparency.
Integrated procurement planning
ESDC has three main components to its planning process: the Report on Plans and Priorities, the departmental Integrated Business Plan, and individual branch business plans.
IITB has an IM/IT strategy, which outlines branch plans and priorities as well as its governance and processes to support the achievement of those priorities.
Project Procurement plans are required for all projects more than $1M. These integrated plans contain the project overview, identified risks, resourcing requirements and the procurement strategy. All plans require approval from the Major Projects Investment Board, and must include all anticipated procurement to support the project.
While the Procurement Team does not have a formal plan in place, a list of commonly procured goods and services is published on the departmental website, including past expenditure amounts.
OPO noted a good practice within IITB regarding the development and implementation of a branch risk register. This register identifies major risks to all IM/IT assets, services and approved IT project, as well as mitigation strategies implemented to address the risks. Risks include those relating to procurement and resourcing (e.g. identifying technical learning requirements for staff to ensure training contracts are put in place to support the completion of projects) and are aligned with ESDC's Corporate Risk Profile. Risk register information is included in the monthly scorecard monitoring and reporting exercise for senior management.
File review was designed to assess if ESDC's procurement framework was operating as intended, as it relates to procuring IT services. The results should not be considered indicative of ESDC's entire procurement population.
Files were reviewed to ensure: competitive processes were used whenever possible; exceptions were provided in instances where a non-competitive process was selected; and mandatory Standing Offers were utilized as required.
85% (34/40) of files were procured through a competitive process. Files for which non-competitive processes were used contained the required rationale for invoking an exception to competition. Mandatory Standing Offers were used when applicable.
Capacity-on-Demand contracting vehicles were noted as a good practice. These vehicles are used when all or a portion of the work will be performed on an as and when requested basis. They have been established to increase the Department's ability to leverage IT professional services to support the execution of IT projects quickly and with less administrative effort.
Statements of Work
Whether or not the objectives of a contract are achieved relies heavily on the clarity and precision of the statement of work (SoW), which is why it is important the SoW describes the work in terms of expected results with specific deliverables and definitive milestones.
Without clear deliverables to support the work to be carried out, responsibility centre managers may have difficulty certifying work has been performed, goods supplied, or services rendered in accordance with section 34 of the FAA.
Overall, the SoWs on the files reviewed were clear and included specific deliverables as well as the timeframe for the work to be completed. This correlates with clients having guidance from the Procurement Team on how to develop SoW, including SoW templates for frequently procured IT services, and a Standing Offer in place to help clients develop SoWs.
Two files (5%) were determined to have an unclear SoW as the work to be carried out was vague and the deliverables were imprecise. Wording such as "participate/contribute to the development and review of project" and "provide program and project management expert advice on an as and when requested basis" was used. In one other file, documentation indicates the contractor created their own SoW while under contract with the Department.
Files were reviewed to determine if: the contract or TA had been signed by the appropriate contracting authority and in a timely manner; TAs were authorized according to terms stipulated in the contract; and contract amendments were issued according to applicable policies.
90% (36/40) of files reviewed were deemed to be administered according to policies and guidelines. The following exceptions were noted:
TB Contracting Policy
Two TAs were signed by a departmental contracting authority when the contract required PWGSC authorization, given the value of each TA was more than $100K (including Goods and Services Tax / Harmonized Sales Tax (GST/HST)); evidence that ESDC notified PWGSC of these actions was not provided to OPO.
One TA was amended twice: the first amendment (issued September 30, 2014) exceeded the limit of the approved Procurement Plan; the second amendment (issued November 4, 2014) reduced the TA within the Procurement Plan limits; and
A non-competitive contract, valued at less than $25,000, was issued to a contractor who wrote their own statement of work.
In addition to the files cited above, OPO noted two files which showed:
One TA was amended (March 31, 2014) for time only via email from the contracting authority. There was email confirmation from the supplier that the amendment was accepted on the same day, but no signed amendment on file; and
One TA was amended (March 31, 2014) for time and money via email from the contracting authority. There was email confirmation from the supplier that the amendment was accepted on the same day; a retroactive amendment was also on file (signed June 27, 2014).
While not inconsistent with the requirements of TB Contracting Policy, two other procurements were conducted in a manner that may not "stand the test of public scrutiny in matters of prudence and probity"Footnote 17:
ESDC entered into a contract, with an estimated expenditure valued at less than $25,000, without soliciting bids. This is permitted as per Section 6b)i) of the Government Contracts Regulations (GCRs). When the contract was amended to increase the value by $14,000, the Basic Contracting Limits for amendments to non-competitive contracts were respected as per Appendix C - Treasury Board Contracts Directive.
While ex facie the procurement is consistent with the GRCs and TB Contracting Policy, documentation on file indicated the statement of work was prepared by the contractor who was already working as an external IM consultant with the department. Evidence also demonstrates that deliverables were subsequently added to the statement of work and the dollar value of the contract was increased above $25,000 through an amendment.
ESDC leveraged the Task-Based Informatics Professional Services (TBIPS) method of supply to solicit bids for a contract valued at $69,410. The minimum posting period of five calendar days and minimum number of suppliers invited as per the TBIPS Supply Arrangement for a contract valued at less than $80,400 were respected. When the contract was amended to $93,000 it was done in accordance with TB Policy and TBIPS requirements, as there is no threshold in TBIPS that precludes a contracting authority from amending a contract beyond $80,400.
While ex facie the procurement is consistent with the GRCs and TB Contracting Policy, documentation on file revealed that prior to soliciting bids, queries were raised regarding the possibility of increasing the contract value and duration, within a proposed solicitation process and timeline, as it related to the TBIPS Method of Supply and the North American Free Trade Agreement (NAFTA) threshold. Documentation also indicated that an increase in the contract over $80,400 would require a longer solicitation period and a greater number of supplier invitees as per the TBIPS Supply Arrangement.
From an OPO perspective, queries of this nature suggest the estimated contract values for the two above-mentioned procurements were not fully defined during the planning phase. As such, there is a risk that these amendments could result in a perceived or real circumvention of control functions, such as sole source limitations and solicitation requirements, thus posing a risk to the principles of fairness, openness and transparency.
It is important to note that these two procurements were not from IITB, and therefore were not subjected to the oversight provided by IITB's formal procurement review mechanism, which ensures procurement requirements are clearly defined and supported before procurement strategies are actioned.
OPO observed other issues with amendments in five of the aforementioned files. Amendments were approved as required, however most approvals contained only what the amendment entailed (e.g. increasing level of effort (money), extending contract period) and not the reason for the amendment (e.g. unforeseen delay). As per the TB Contracting Policy "a full explanation of why costs will exceed the original contract level must be provided when requesting approval to increase the value of a contract"Footnote 18.
As previously stated, current ESDC guidance does not explicitly outline the requirement to document the explanation for the amendment, making it difficult for the Department to understand and explain why amendments are issued and validate that contract amendments are being issued in the best interest of the government.
The TB Contracting Policystates that "deputy heads are required to publicly disclose, quarterly, contracts entered into or amendments valued at over $10,000"Footnote 19. To support this reporting activity at ESDC, monthly reports are reviewed by the Procurement Team to ensure the information is accurate and complete.
As part of the review, 2/40 files (5%) were not disclosed in the appropriate reporting quarter and with the correct dollar value. OPO notified the Department of the two undisclosed files and we were advised the files were not disclosed due to 'challenges with reporting' and would be disclosed as soon as possible. The undisclosed files originated during the first quarter of the fiscal year following the implementation of the new financial reporting system (SAP) on April 1, 2014. The Procurement Team has already taken measures to address these reporting challenges as per their 100% validation exercise, in addition to on-going monthly reporting. ESDC's external website indicates that "due to a system error, amendments for the 1st, 2nd and 3rd Quarter for 2014-15 are not included in their respective reports. The missing information will be included in the 4th Quarter disclosure"Footnote 20 report.
ESDC has a procurement management framework in place to procure IT services. The framework is consistent with applicable legislation, regulations, policies and guidelines; the majority of files reviewed were procured and administered in compliance with the framework. As such, and based on the criteria examined through this review, no systemic issues within ESDC's procurement practices were noted. The procurement practices used by ESDC to acquire IT services were consistent with relevant policies, legislation and the principles of fairness, openness and transparency, with exceptions noted.
Good practices were recognized with regard to: the proactive offering of guidance from procurement staff to clients; the use of an IITB risk register to enhance branch planning; and the establishment of Capacity-on-Demand contracting vehicles to support the execution of IT projects quickly and with less administrative effort.
Areas for improvement were identified in the procurement management framework, specifically with regard to policies and direction to support the administration of Task Authorizations (TAs), contract amendments and documentation requirements. Lack of a systematic, risk-based approach to monitoring was also identified.
Subsequent events: a "Risk-Based Monitoring Framework: Procurement" document was provided to OPO during the report clearance process. As such, its contents were not examined or reviewed as part of this review.
The Procurement Ombudsman recommends ESDC continue to improve its procurement policies and practices in order to support consistent and compliant procurement practices for IT services by:
Updating internal policies and guidelines in key areas relating to amendments, Task Authorizations and file documentation; and
Taking the necessary measures to ensure a senior management sanctioned risk-based approach to monitoring departmental procurement activity is applied consistently across the department.
In accordance with section 5 of the Regulations, the Procurement Ombudsman provided ESDC the opportunity to comment on the proposed recommendations of this review and the reasons for them. Departmental comments were taken into consideration prior to the report being finalized and published.
Agreed. ESDC is pleased to see that the procurement Ombudsman's report confirms that there are no systemic issues within ESDC's procurement practices. ESDC uses a risk-based approach to monitoring departmental procurement and will continue to review and update it to further align with its recent implementation of Systems Applications Products of data information (SAP). In addition, ESDC will continue its procurement policy review, which is in line with the recommendations in the report. Finally, subsequently to the conduct of this review, ESDC has reviewed its process document for leveraging its large capacity on demand contracts and has made it available on its internal-facing website.