Procurement practice review of Shared Services Canada New

August 2023

On this page

I. Background

1. The Office of the Procurement Ombudsman (OPO) conducted a review of procurement practices at Shared Services Canada (SSC).

2. In accordance with paragraph 22.1(3)(a) of the Department of Public Works and Government Services Act, the Procurement Ombudsman has the authority to review the procurement practices of departments to assess their fairness, openness and transparency.

3. The procurement practice reviews (PPRs) under OPO’s 2018-2023 PPR Plan are based on issues and complaints brought to OPO’s attention by stakeholders, both in general and in regard to specific solicitations by various federal organizations. Based on this information, OPO has identified the 3 highest-risk procurement elements as: (1) the establishment of evaluation criteria and selection plans; (2) the bid solicitation process; and (3) the evaluation of bids and contract award. For the purposes of this review, these elements are defined as follows:

  1. Evaluation criteria and selection plans – the development of mandatory and point-rated evaluation criteria, and the identification of the selection method to determine the successful bid
  2. Solicitation – the design and execution of the solicitation process, including the clarity and completeness of solicitation documents
  3. Evaluation of bids and contract award – the establishment of a process to ensure the consistent evaluation of bids in accordance with the planned approach, including an evaluation plan and instructions to evaluators, and the adequacy of documentation to support the selection of the successful bidder

4. SSC was selected for review as one of the top 20 federal departments/agencies in terms of the value and volume of its annual procurement activity. OPO is conducting similar reviews of other top 20 departments/agencies over a five-year period ending in 2022-23.

5. SSC is responsible for operating and modernizing the Government of Canada's Information Technology (IT) infrastructure across the public sector. SSC's mandate is to deliver email, data centre, and telecommunications services to federal government organizations. The department also provides services related to cyber and IT security and the purchase of workplace technology devices, as well as offering other optional services to federal government organizations on a cost-recovery basis.

6. The Enterprise IT Procurement (EITP) directorate under the Enterprise IT Procurement and Corporate Services Branch centralizes SSC’s contract administration and the acquisition of IT and other goods and services. The EITP function is a key enabler of the digital services and tools that SSC provides to its partner and client departments, as well as government entities, which are often fulfilled through various procurement instruments and enterprise contracts. The EITP directorate has over 200 employees with procurement officers located across the country with the majority in the National Capital Region.

7. According to information provided by SSC, it awarded 9,541 competitive contracts worth over $3.2 billion during OPO’s review period of April 1, 2020 and March 31, 2022. Of these procurements, 6,636 contracts were awarded by SSC on behalf of other government departments (OGDs) and totaled over $1.3 billion.

II. Objective and scope

8. This review was undertaken to determine whether SSC’s procurement practices pertaining to evaluation criteria and selection plans, solicitation documents, and evaluation of bids and contract award, supported the principles of fairness, openness and transparency. To make this determination OPO examined whether SSC’s procurement practices were consistent with Canada’s obligations under applicable national and international trade agreements, the Financial Administration Act and regulations made under it, the Treasury Board Contracting Policy (TBCP), the Directive on the Management of Procurement (DMP), and, when present, departmental guidelines. In addition, this review assessed whether SSC has established effective governance and oversight mechanisms to support the management of procurement, as required by the DMP.

9. The following 4 lines of enquiry (LOE) were used to assess the highest-risk procurement elements identified in paragraph 3 above, and the DMP requirement to establish appropriate governance and oversight mechanisms:

10. This report also includes a section of other observations identified by OPO through the analysis of the above LOEs.

11. OPO’s review of LOE’s 1 through 3 consisted of an assessment of procurement files for contracts awarded by SSC between April 1, 2020 and March 31, 2022. OPO’s review of LOE 4 consisted of an assessment of procurement files for contracts awarded between July 2021 and March 31, 2022, reflective of the most current version of SSC’s governance framework. Except where otherwise noted below, this review did not include construction contracts, non-competitive contracts, acquisition card activity, or procurement activity for which SSC was not the contracting authority. The review also included the competitive processes to establish two master contracting vehicles predating the review’s scope period, as contemplated in the review’s Terms of Reference.

12. Based on the contracting data provided by SSC, OPO selected 40 competitive procurement files for assessment. The initial sample size was reduced to 37 files after some originally selected files predated the scope of this review or pertained to the same underlying contract. The judgemental sample was developed with consideration to factors including materiality and risk. The risk of selection bias was minimized through random selection of individual files meeting these pre-established factors.

13. The 37 files selected for review included:

The directed contract and the ACAN were included in the 37 file sample because they were identified as “competitive” procurements in SSC’s contracting data.

III. Results

14. SSC’s procurement practices pertaining to evaluation criteria and selection plans, solicitation documents, and evaluation of bids and contract award were assessed against LOEs 1 – 3. SSC’s procurement governance and oversight mechanisms were assessed against LOE 4. To address the issues identified in the review, OPO made 7 recommendations which are summarized in Annex I of this report. The recommendations are based on the analysis of information and documentation provided to OPO by SSC during the course of the review.

15. In instances throughout the report, multiple observations have been made regarding a single file. As a result, the number of observations may not always correspond to the number of files noted in examples provided throughout this report.

Line of enquiry 1: To determine whether evaluation criteria and selection plans were established in accordance with applicable laws, regulations and policies

16. Section 10.7.27 of the TBCP states that “[c]ompeting firms should be told the measurement criteria and the weighting assigned to them. …The courts have ruled that the factors and their weighting must be established beforehand and adhered to strictly. …Fairness to all prospective contractors and transparency in the award process are imperative”.

17. On May 13, 2021, Treasury Board’s Directive on the Management of Procurement (DMP) took effect as a replacement for the TBCP and departments were given a year to transition from the TBCP to the DMP. Between May 13, 2021 and May 13, 2022, departments could use either TBCP or DMP-based processes. The DMP states the following regarding evaluation criteria during the solicitation and bid evaluation process:

4.5 Contracting authorities are responsible for the following:


  • 4.5.7 Designing and conducting the bid evaluation process, financial assessment and due diligence;
  • 4.5.8 Limiting the number of mandatory technical criteria to those determined to be essential requirements in order to achieve the desired outcomes and ensure that no bid is unnecessarily disqualified.

18. In July 2021, SSC announced the DMP to EITP. During the transition period, SSC aligned internal guidance with the DMP and followed both the TBCP and the DMP. While contracting authorities were encouraged to align with the DMP as soon as possible, full compliance was not required until May 2022.

19. This LOE applied to 30 files and of these, evaluation criteria were present in 22 files. In total, 14 contained both mandatory and point-rated evaluation criteria, 7 contained only mandatory criteria, and 1 contained only point-rated criteria. However, of these 22 files, there was 1 file where missing documentation prevented OPO from assessing the evaluation criteria under this LOE. Files were examined to determine if the evaluation criteria and selection methodologies were: aligned with the requirement; not overly restrictive; and clearly communicated in the solicitation. The method of allocating points to point-rated criteria was also assessed to determine whether instructions were clearly communicated and reflected the relative importance of the criteria.

Mandatory criteria

In all but 1 file, mandatory criteria were aligned with requirements; however, a majority of files did not contain clearly stated, demonstrable and measurable mandatory criteria. As well, in 3 files, the mandatory criteria were overly restrictive.

20. In 19 of 21 applicable files reviewed with mandatory criteria , the criteria were aligned with requirements. However, in 13 of 21 files, mandatory criteria were not communicated in a clear, precise and measurable manner. There were an additional 3 files in which the mandatory criteria were overly restrictive.

Unclear or unmeasurable mandatory criteria & misalignment with requirements

21. Unclear mandatory criteria can undermine the transparency and openness of the bid solicitation process and can cause bidders to submit non-compliant proposals because the requirements are not well understood. It also limits SSC’s effectiveness in assessing a supplier’s ability to meet the essential elements of the work to be performed and substantiating the disqualification of a bid for not meeting these vague criteria. As well, when mandatory criteria are not aligned with the requirement, SSC runs the risk of disqualifying potentially capable bidders or conversely, awarding contracts to bidders that may not be qualified to undertake the work. Examples of mandatory criteria that were unclear or unmeasurable and misaligned with the requirement included the following:

  1. In 1 file, mandatory criteria were not aligned with the requirements. The solicitation process issued under the supply arrangement for Task and Solutions Professional Services (TSPS) was seeking resources in multiple categories including the TSPS Stream 4 resource category of “Financial/Cost Specialist for Real Property". The estimated number of resources for Stream 4 outlined in the volumetric data was equal to the estimates for all other resources categories sought (i.e. 8 resources per year). However, there were no mandatory corporate criteria included in the solicitation related to Stream 4. Other than references to the name and descriptor of the Stream and Category, the term “Financial/Cost Specialist for Real Property" only appeared once in the Statement of Work (SOW) under the description of support services. As the TSPS search result list only included suppliers qualified on all the selected categories, the inclusion of this category may have impacted the number of suppliers invited to bid on this requirement.
  2. In 5 files, mandatory criteria required bidders to demonstrate ‘experience’ but did not specify the type of experience or the amount of experience that was required. For example, in a solicitation for facilitator consultants, mandatory criteria required the proposed resource to have “experience facilitating virtual sessions.” However, the amount of experience required was not specified in the criterion. As a result, as little as one day of experience would have resulted in the criterion being met. In such circumstances, the requirement should be tailored to specify the amount of experience that was essential to perform the work. Further, in 2 files, mandatory criteria did not clearly specify the type of experience required to satisfy the criteria. For instance, in a file for IT technical services, the mandatory criteria required either a three year college diploma or university degree at the Bachelor level in certain explicitly stated fields but would also “…accept from another IT related field.” It would be difficult for SSC to find a bid non-compliant to this criterion if a proposed resource held a degree in any field.
  3. In 10 files, the mandatory criteria involved the bidder stating something in its bid which could only be assessed based on an event occurring in the future. For example, in a file for an Enterprise Perimeter Security (EPS) Solution, a mandatory criterion required the bidder to “seek consent from an authorized person or representative of SSC to transmit any information (e.g. usage statistics, URLs visited, etc.) outside the SSC corporate network.” As the transmission of information would be conducted by the contractor in the future once the contract is underway, this cannot be demonstrated beforehand at the solicitation stage. Such requirements belong in the contract awarded to the successful bidder as they relate to the performance of the required services in the future, whereas mandatory criteria are used to confirm skills or experience held by the supplier at the time of bid closing.

Restrictive mandatory criteria

22. Overly restrictive mandatory criteria can undermine the fairness and openness of the bid solicitation process by restricting the number of suppliers capable of submitting a compliant proposal. Such criteria further limit SSC’s ability to obtain competitively priced alternatives capable of meeting its operational requirements.

23. There were 3 files for which the mandatory criteria were unnecessarily restrictive or appeared to unnecessarily favour a bidder or group of bidders. As a result even though these were competitive procurement processes, there was little opportunity for competition:

  1. In 3 files, the mandatory criteria appeared to favour a bidder or bidders by requiring the bidder to demonstrate past delivery of services specifically for SSC. For example, in one file a point-rated criterion advised bidders that points would be awarded according to their delivery of services to “SSC’s branches” using one of the contracts provided by the bidder under the mandatory criteria. This creates restrictiveness in the mandatory criteria since in order to obtain points for this point-rated criteria, at least one of the contracts presented under the mandatory criteria must have been for the delivery of services to SSC. In another file, a mandatory criterion required that the proposed resource demonstrated one project with “senior executives at SSC within the last two (2) years where senior executive is defined as at the Director General level or above.” It is noted that only one bid was received to this requirement despite over 30 suppliers having been invited to participate. These types of restrictive criteria may limit competition and create real or perceived instances of favouritism. The Canadian Free Trade Agreement (CFTA), which applied to both of these procurement processes, prohibits limiting participation in a procurement only to suppliers that have previously been awarded one or more contracts by the procuring entity. A third file (to which the CFTA did not apply) details similar criteria and is captured in the point-rated criteria section of this report.
  2. In 1 file, the mandatory criteria was overly restrictive in the experience required of the bidder’s proposed resources. In the solicitation process referenced in the second example above, the mandatory criterion required the bidder to propose a senior project executive with “…a minimum of twenty (20) years of professional consulting experience with Canadian public sector organizations where a minimum of ten (10) years is with the Government of Canada within the last 25 years.” The TSPS flexible grid for a senior Project Leader/Executive category requires 100 minimum points, of which 65 points can be gained if the resource has more than 10 years of experience. As such, the requirement for the resource to have 20 years of experience far exceeds the TSPS flexible grid for this category and strongly hints at bias in favour of a preferred supplier. As previously noted, despite inviting more than 30 suppliers, only one bid was received and deemed compliant.

Point-rated criteria

For the most part, point-rated criteria were not overly restrictive, were aligned with the requirement and reflected the relative importance of the criteria; however, point-rated criteria and scoring grids could be improved to increase clarity and minimize subjectivity.

24. Section 10.7.25 of the TBCP states that “criteria should identify accurately all the performance elements significant to the success of the project and should measure both the competence of the firm and the worth of its particular technical approach.”

25. In 13 of 15 applicable files reviewed, point-rated criteria were aligned with requirements and reflected the relative importance of the criteria. However, in 6 files, the point-rated criteria and scoring grids were not clearly communicated in the solicitation document. As well, 3 files were found to contain overly restrictive point-rated criteria.

26. The 3 files which contained point-rated criteria that were overly restrictive and not aligned with the requirement were the following:

  1. In 1 file for the provision IT professional services using Task-Based Informatics Professional Services (TBIPS), a supplier raised concerns surrounding the fact that multiple resource requirements in point-rated criteria were inconsistent with the TBIPS resource categories and this was “extremely limiting to the pool of qualified candidates providing bidders little chance of qualifying without previous knowledge of this requirement.” The point-rated criteria required the B.2 Business Architect to have experience including data integration and modeling. In the TBIPS category descriptions, these tasks align with those of an I.4 Database Modeller / Information Management Modeller and are not found in the description of the B.2 Business Architect. The supplier requested that the solicitation be amended to add a separate stream to accurately reflect the requirement. SSC responded that the requested resources needed to have this experience and no changes were made to the requirement. Another supplier also noted an apparent misalignment of tasks compared to the resource categories sought which appeared to better align with a different resource category. There was no direct response from SSC to this point. These misalignments may have made it difficult for suppliers to propose resources with the requested experience and may have restricted competition. Ultimately, the incumbent won this requirement and achieved full points for the applicable resources under these criteria.
  2. In 2 files, the point-rated criteria required the bidder demonstrate past delivery of services for SSC. For example in 1 file, a corporate point-rated criterion awarded points for work “performed directly for SSC under 3 or more distinct resource categories” by the proposed resource. This experience was to be demonstrated using a reference contract to be provided under a mandatory corporate criterion. This is restrictive because in order to obtain maximum points under the point-rated criterion, the reference contract used under the corresponding mandatory criterion had to have been awarded by SSC. Further, this point-rated criterion awarded points if the reference contract included work performed by resources under “3 or more” distinct resource categories. However, this requirement was only seeking one resource category. As such, it’s not clear why additional points would be awarded for demonstrating the ability to provide more than one resource category as this does not appear relevant to the requirement.

27. In 6 files, point-rated criteria or scoring grids could be communicated in a clearer and more precise manner to minimize subjectivity. Examples included the following:

  1. In 2 files, scoring grids contained conflicting statements regarding the maximum number of points to be awarded. For instance, in one file for IT professional services, the solicitation document stated “Total available points for all resources is 270.” However, since only 3 resources were to be assessed out of 70 points each, there were only 210 total available points for all resources.
  2. In 4 files, the point allocation scheme was unclear. For example, in a file for the provision of non-IT professional services, a point-rated criterion was separated in two parts, Part A and Part B, with the maximum points for each “part” being 200 points. The bidder was asked to provide up to 4 unique reference contracts (i.e. contracts that had not been referenced in the bidder’s responses to the mandatory criteria). For both Part A and Part B, the scoring scheme stated “for each different contract 45 points” and went on to state “for each different contract 5 points - Note to the Bidder: A maximum of four (4) reference contracts will be evaluated. No extra points will be awarded for additional reference contracts”. It is unclear how the additional 5 points would be applied or why the scores were not simply 50 points per reference contract. In another file, points for a corporate point-rated criterion were awarded (in part) depending on the bidder’s ability to provide a “detailed description of the Bidder’s resources”. The number of points awarded depended on if the description was “detailed”, “standard” or simply “a description…elements are missing”. It is unclear what would constitute a “standard” description versus a “detailed” one.
  3. In 2 files, the point-rated criteria contained vague or undefined terms. For example, in a file for Enterprise Business Analytics Program services, the point-rated criteria stated “The Bidder should demonstrate that the proposed resource has three (3) years of experience interfacing with a Government of Canada and/or a large private sector organization’s Human Resource and Finance systems to load a Data Warehouse.” It is not clear what would constitute a “large” organization as no definition was provided.

28. When evaluation criteria are communicated in a clear, precise and measurable manner, it enables bidders to know the requirements and the methods by which their proposals will be evaluated. Failure to adequately define evaluation criteria at the outset carries the additional risk that evaluators may struggle to interpret these criteria during the evaluation process. It can also be difficult to defend against external challenges to the evaluation process, as it is more difficult to demonstrate that criteria have been strictly adhered to when the criteria are unclear and open to multiple interpretations.

Recommendation 1:

SSC should implement measures to ensure that mandatory and point-rated criteria are clear, precise, and measurable, and do not favour a particular bidder or group of bidders.

Selection methodology

The selection methodology was aligned with the requirement in all files and was clearly communicated in all but 1 file.

29. In all files, selection methodologies were aligned with requirements and common methodologies were used such as “lowest priced responsive bid” and “highest responsive combined rating of technical merit and price”. In 1 file, the selection methodology in the solicitation contained contradictory statements.

  1. In 1 file for non-IT professional services, the selection methodology was not clearly communicated in the solicitation document. The selection methodology was 70% for technical merit and 30% for price. The Basis of Selection stated “The total possible Final Technical Score is 80 while the total possible Final Financial Score is 20.” Contradictory information such as this makes it difficult for potential bidders to know how to structure the technical and financial components of their bids.

Line of enquiry 2: To determine whether solicitation documents and organizational practices during the bid solicitation period were consistent with applicable laws, regulations and policies

30. The TBCP sets out detailed procedures to ensure that government contracting is carried out in a manner that enhances access, competition and fairness and results in best value. Section 10.7 of the TBCP includes the minimum requirements to be included in the solicitation document as well as mandatory elements related to the design and execution of the process.

31. The DMP states CAs are responsible for conducting procurements on behalf of the department or agency, and establishing contracts and contractual arrangements based on sound procurement principles, including fairness, openness and transparency to obtain best value.

32. Solicitation documents must contain work descriptions or specifications defined in terms of clear outputs or performance requirements. Solicitation documents should include: bidder instructions; bid preparation instructions; clear evaluation procedures; certification requirements; security and financial requirements; resulting contract clauses; and instructions informing bidders they may request information on the results of solicitation processes and how their bid was evaluated. Clarity of provided information is key in supporting the Government of Canada’s obligations laid out in the TBCP and the DMP.

33. This LOE applied to 35 of the files reviewed. Solicitation documents (excluding evaluation criteria and selection plans that were assessed under LOE 1) were assessed to determine whether they, among other things, contained a clear description of the requirement and instructions necessary to prepare a compliant bid. The assessment of organizational practices included factors such as whether the solicitation was open to the appropriate number of bidders and for the required duration, and whether communications with suppliers supported the preparation of responsive bids.

Solicitation documents and processes

Most of the files reviewed included clear and complete information about the requirement and instructions for submitting compliant bids, and the majority of files met the documentation and process requirements.

34. In 28 of the 30 applicable files, solicitation documents included clear and complete information and instructions to permit the submission of compliant bids. However, in 2 files, the solicitation did not contain a clear description of requirements. In addition, 2 files contained inappropriate or incomplete instructions to bidders.

35. An example of a solicitation that did not contain a clear description of requirements was the following:

  1. In 2 files the terms of the resulting contracts were not clearly communicated to bidders. For example, in a file for the provision of non-IT professional services, the solicitation document stated “It is intended to result in the award up to two (2) contracts (sic) for two (2) year period, plus four (4) additional one (1) year irrevocable options allowing Canada to extend the term of each contract.” For the purposes of the financial evaluation, the bidders were asked to include their per diem rates into a table. However, the table only provided for option periods 1, 2 & 3 – not option period 4. The resulting contracts included four (4) 1-year options; however, bidders were never required to provide their per diem rates for the fourth option year in their bid. As such, it was unclear as to what rates would be applied if SSC were to exercise the fourth option year. In SSC’s response to this observation, SSC confirmed this was an administrative error and stated the contracts would be amended to reflect three 1-year option periods.

36. Examples of solicitations that contained inappropriate or incomplete instructions to bidders included the following:

  1. In 1 file for the provision of data center equipment, there was no bid enquiry period. The solicitation document stated “All enquiries must be submitted in writing to the Contracting Authority no later than ten (10) calendar days before the bid closing date. Enquiries received after that time may not be answered.” The solicitation was released on March 15 and closed on March 22 (8 calendar days). As a result, effectively there was no bid enquiry period.
  2. In another file for the provision of IT infrastructure components, the solicitation document did not provide any details regarding the bid enquiry process. As detailed further below, the exclusion of this information impacted the supplier’s ability to seek clarification during the solicitation period.

Communication with suppliers

In 14 of the applicable 22 files (i.e. those with communications with suppliers during the solicitation period), there was evidence communications with suppliers were appropriate; however, there were 5 files where this was not the case. Issues regarding the communication of solicitation results were also identified.

37. Section 2 of the TBCP states: “Government contracting shall be conducted in a manner that will: (a) stand the test of public scrutiny in matters of prudence and probity, facilitate access, encourage competition, and reflect fairness in the spending of public funds.” Section 12.3.1 of the TBCP states: “Procurement files shall be established and structured to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions…” Section 4.10.1 of the DMP also states the Contracting Authority is responsible for “…ensuring that accurate and comprehensive procurement records are created and maintained on the contract file to facilitate management oversight and audit…” These requirements apply to all aspects of the procurement process, including interactions with suppliers.

38. For procurements subject to the Canadian Free Trade Agreement and the World Trade Organization—Agreement on Government Procurement, section 12.3.2 of the TBCP requires contracting authorities ensure all communications with bidders are supported by complete documentation and records to demonstrate that the procurement process was carried out in accordance with the agreements. Any significant information given by a contracting authority to a supplier with respect to a particular procurement must also be given simultaneously to all other interested suppliers. Details of OPO’s review are presented below.

39. There were 22 files which contained communications with suppliers. However, of these 22 files, 3 were missing documentation which prevented OPO from assessing the communications under this LOE. Of the remaining files, 2 files indicated not all suppliers were provided with the same information at the same time, and the bid enquiry process and/or responses from SSC in 4 files did not support the preparation of responsive bids.

Unequal Access to Necessary Information in 2 files

40. In 2 files, not all bidders had access to the same information at the same time. For example, in 1 file for branded equipment, suppliers were permitted to bid equivalent products. The original equipment manufacturer (OEM) asked if SSC would accept a substitute of the same branded equipment sought “…equal in functionality and also supports an additional feature…” This question was sent to the Technical Authority who first inquired “Who is asking (sic) question…the reason I asked is because individually they might be similar but how well do the proposed substitute work with other components? I don’t see an issue if the proposal is put forth by (the OEM) for they are the subject experts but will be hesitant if it’s suggested by (the other supplier).” In response, the Contracting Authority confirmed that the OEM had posed the question. Ultimately, the technical team confirmed that the answer to this question would be “yes” and this response was only shared with the OEM (not the other supplier). Firstly, the identity of the supplier posing questions should not be disclosed to the Technical Authority and the answers to questions posed prior to bid closing should be the same, regardless of who poses the question. Second, responses to such questions must be provided to all potential bidders at the same time. The failure to do so in this case both denies other suppliers the opportunity to bid equivalent products, and jeopardizes the fairness and transparency of the procurement process.

Responses to supplier questions or the related process did not support the preparation of responsive bids in 4 files.

41. In 2 files, the bid enquiry process was problematic:

  1. In 1 file for IT infrastructure components, the bid enquiry process was unfair. In an apparent effort not to delay the requirement after having received various questions, the Contracting Authority advised the suppliers that any vendors who had not submitted any questions could “…submit up to 5 questions by end of business day today.” The purpose of the bid enquiry period is to allow suppliers an opportunity to clarify the process and/or requirement in order to help support the submission of responsive bids. The restriction imposed by SSC to only allow for 5 questions to be asked within an extremely short time frame (i.e. “end of business” that same day) after only having been provided the solicitation the previous day, does not support this aim. By imposing this deadline, suppliers were also not permitted the opportunity to pose further follow-up questions on the answers SSC would be providing the next afternoon. Further, only suppliers who had “not submitted any questions” were permitted to submit up to 5 questions. This arbitrary restriction put any supplier who had asked previous questions at a disadvantage. Had all suppliers been made aware of the bid enquiry deadline from the beginning, a supplier who asked questions previously may have chosen to include additional questions in their original submission since it was their only opportunity to do so.
  2. In another file, a supplier question asked during the bid enquiry period was not answered. The solicitation document stated: “All enquiries must be submitted in writing to the Contracting Authority no later than five (5) calendar days before the bid closing date. Enquiries received after that time may not be answered.” Before being extended to July 28th, the original closing date was July 14th and the deadline for questions was July 9th. On July 9th, the bid closing date was extended to July 28th, effectively also extending the deadline for questions to July 23rd. On July 10th a supplier asked a question and in response, the Contracting Authority advised the bid enquiry period had closed and felt that further clarification was not required. The question should have been accepted and response shared with all invited suppliers.

42. In 3 files, responses to suppliers were not clear. For example:

  1. In 1 file for branded equipment where equivalent products could be proposed, a supplier asked “What is needed to substantiate that we are providing equivalent? Do we have to demonstrate the whole solution or at an individual part level?” and in response, SSC stated “…Whatever the vendor proposes as equivalent must meet/exceed the capacity and performance…” After this response was provided to bidders, a member of the SSC team raised concerns about this phrasing of “meet/exceed” as it was felt that the vendor may require further insight into what may be required to demonstrate equivalence and that ‘exceeding’ the requirement was not required. This concern was not addressed based on the emails on file and the response from SSC regarding the need to “meet/exceed” was never modified.
  2. In 1 file, the response provided by SSC to a question posed by a supplier did not address the question posed. A supplier asked “Is the Crown looking for a contract of over 60+ months where the bidder resources worked “with project stakeholders on governance frameworks and transformation project change management performance management” or a combination of projects amounting to 60+ months in the past 5 years?”. In response, SSC simply stated “Confirmed”. It is unclear based on this response which of the two scenarios outlined in the supplier’s question SSC was looking for.

43. Further, communication of solicitation results was found to be inconsistent or did not occur in all applicable files. In 5 files to which domestic and/or international trade agreements applied, a contract award notice was not published on the government electronic tendering system (GETS) (i.e. www.buyandsell.gc.ca) as required. For 3 of these files, SSC has confirmed to OPO that contract award notices will be posted in short order. In 1 of the other 2 files, SSC acknowledged the oversight, however it is not clear based on their response if an award notice is forthcoming. In the other file, SSC provided OPO with a link to the award notification published in their internal procurement system; however, trade agreements require contract award notices be published to GETS. Publishing contract award notices provides transparency in the award process, informs potential suppliers on the state of the market and the goods and services currently being procured by the federal government, and allows unsuccessful bidders to seek detailed debriefings or avail themselves of potential recourse mechanisms such as OPO or the Canadian International Trade Tribunal.

Recommendation 2:

SSC should implement measures to ensure communications with suppliers and related bid enquiry processes support the preparation of responsive bids, including ensuring: fair and equal treatment of all suppliers; clear responses to supplier questions; and contract award notices published as required on the applicable platform and within prescribed timeframes.

Line of enquiry 3: To determine whether the evaluation of bids and contract award were conducted in accordance with the solicitation

44. In order to ensure the fairness and defensibility of evaluation processes, section 10.7.27 of the TBCP requires that evaluation criteria and their weighting be established beforehand, adhered to strictly and applied equally to all bidders. Failure to ensure the consistent evaluation of proposals increases the risk that ambiguities in the selection process may result in the contract being wrongly awarded. Inconsistent evaluations may also call into question the integrity of the procurement process

45. Regarding evaluation, the DMP states CAs are responsible for:

  • 4.3.1 Conducting procurements on behalf of the department or agency, and establishing contracts and contractual arrangements based on sound procurement principles, including fairness, openness and transparency to obtain best value;
  • 4.3.2 Ensuring that the integrity of the procurement process is maintained throughout by:
    • 4.3.2.1 Adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest; and
    • 4.3.2.2 Monitoring and reporting any conflict of interest that may exist and taking appropriate mitigating action as required;
  • 4.5.7 Designing and conducting the bid evaluation process, financial assessment and due diligence;

46. The TBCP/DMP and SSC Procurement Manual also require evaluators to document the results of the bid evaluation:

  1. The TBCP requires:
    • 12.3.1 Procurement files shall be established and structured to facilitate management oversight with a complete audit trail that contains contracting details related to relevant communications and decisions including the identification of involved officials and contracting approval authorities.
    • 12.3.2 Under the North American Free Trade Organization, the World Trade Organization – Agreement on Government Procurement, and the Agreement on Internal Trade, Contracting authorities shall guarantee that complete documentation and records, including a signed and dated record of all communications with suppliers, are maintained to allow verification by the Canadian International Trade Tribunal that the procurement process was carried out in accordance with the agreements.
  2. The DMP states the Contracting Authority is responsible for:
    • 4.10.1 Where applicable, ensuring that accurate and comprehensive procurement records are created and maintained on the contract file to facilitate management oversight and audit, including but not limited to:
      • 4.10.1.2 A record of individual assessments, consensus evaluation, relevant decisions, approvals, communications and dates
  3. The SSC Procurement Manual requires:
    • 6.10 … Documents pertaining to the evaluation of bids must be retained. Evaluators must provide the original or a copy of all evaluation notes and communications to the contracting officer for filing on the procurement file. All such information is subject to the Access to Information Act. For example, evaluators' worksheets must not be destroyed even if the information contained in the worksheets is recorded in other evaluation documents. Following a relevant Canadian International Trade Tribunal decision, it was found that evaluators' worksheets are an integral part of the evaluation process and constitute part of the complete record regarding the procurement and part of the written record of all communications substantially affecting the procurement within the meaning of the international trade agreements. Destroying the evaluators' worksheets is a breach of the international trade agreements. Although no similar provision exists in the Canadian Free Trade Agreement (CFTA), the maintenance of complete documentation is also essential under the CFTA to promote fair and open procurement procedures.
    • 6.10.1 … Complete documentation, including all notes, worksheets, etc. made during the processing or evaluation of the bids must be retained, for future reference, on the SSC procurement file.

47. Of the 37 files reviewed, 22 had a bid evaluation process that included a technical and financial evaluation of bids, 9 had a bid evaluation process focused on a financial evaluation of bids (i.e. no technical evaluation criteria) and 6 did not have bid evaluation processes (i.e. 4 call-ups under standing offers, 1 directed contract and 1 ACAN). Files with bid evaluation processes were examined to determine whether a process had been established to ensure the consistent evaluation of bids, evaluations had been carried out in accordance with the planned approach, and results of evaluations were adequately documented.

Bid evaluation

Inconsistencies in the evaluation of bids and deviations from the planned approach were noted in over half of applicable files.

48. In the 31 applicable files reviewed, 16 files showed inconsistencies in the evaluation of bids and deviations from the planned approach. As well, of the files reviewed several were impacted by the absence of key documents including the solicitation and complete bid evaluations which meant file documentation did not always support the evaluation of bids and the selection of the successful supplier. These files are discussed in further detail in the file documentation section below. There were also multiple instances in which the evaluation was not carried out in accordance with the solicitation, as presented below.

49. In 3 files, contracts were not awarded in accordance with the basis of selection detailed in the solicitation or in the related standing offer or supply arrangement. For example:

  • In a file for provision of network testing equipment, the terms of the Supply Arrangement (SA) contracting procedure were not followed and the resulting contract was inappropriately sole sourced and should have been competed. SSC sought a quote from a supply arrangement holder. The total price of the quote was $24,706.39. Using the exact quote amount for SSC’s estimated expenditure value, SSC completed the Sole Source and Limited Tendering Certification (SSLTC) form.
    It is noted that in order to protect the fairness of the procurement process, departments should not contact prospective suppliers, share information about an upcoming requirement and request pricing information through a non-competitive process prior to establishing an estimate for the acquisition of the goods or services. These estimates should have been established and documented on file prior to contact being made. Further, per the terms of the SA, “For requirements where the estimated price is between $5,000 and $25,000, all-inclusive (taxes included): Bid solicitations are to be issued by the Identified User (IU) to at least three (3) Supply Arrangement holders authorized for the region of delivery.” As such, a sole source process was not appropriate in this case and a competitive process should have been conducted.
  • In the 2 other files, based on the limited documentation, SSC could not demonstrate that the basis of selection was followed. For example in 1 file, the standing offer stipulated that when the value is $25,000 or less, the technical authority can choose a selection methodology of “right of first refusal” or can issue a call-up directly to a listed SO-holder regardless of ranking. When the value is above $25,000, the “right of first refusal” method must be used. As the resulting value of the call-up was $26,400, it appears that “right of first refusal” method should have been used. However, based on the documentation on file, there was no evidence that this process was followed.

50. In 3 files, bids incorrectly underwent financial evaluation. In 2 files, bids were evaluated and identified as non-compliant based on technical criteria, then underwent financial evaluation. In both of these cases, SSC responded to OPO’s finding and stated “This was addressed in subsequent requirements where only the compliant bids were financially evaluated.” The example below details another file where a non-compliant bid was incorrectly assessed and identified as compliant to the technical criteria and was further reviewed as part of the financial evaluation.

  • In 1 file, a bid was evaluated as not having met the minimum point requirement for the corporate point-rated criteria (the bid obtained 85 points, but needed a minimum of 129.5 points to pass). However, the evaluators continued to assess the bid against the resource point-rated criteria. Further, the bid did not meet the overall combined minimum score for both the corporate and resource point-rated criteria (minimum was 227.5 points and the bidder scored 225 points). However, the bidder’s financial bid was then evaluated and was determined to have finished 10th place of 11 bids. Of these 11 bids, the highest ranked 6 bidders were awarded contracts. Since the financial evaluation was done using median bands limits which are based on the firm per diem rates proposed by all technically responsive bids, the inclusion of this bidder’s firm per diem skewed the median band limits to be applied. It was noted that while the inclusion of this non-compliant bidder’s rates impacted the scoring, in this case the same 6 suppliers would have been awarded the contracts even if this bidder’s proposal was not included in the assessment.

51. In 1 file, based on the limited documentation, it appears that bid repair was permitted. Clarifications which do not change the substance or price of a bid may be requested and accepted. However, if a response provided leads to a substantial change in the bid, this is considered bid repair.

  • During the evaluation period, the Contracting Authority sent the sole bidder a request for clarification on their bid as permitted under the terms of the solicitation. However, in the request, the Contracting Authority advised “Please find attached (the)…Compliance Matrix Clarification Spreadsheet for full detail and return…Note that the absence of the aforementioned information did not permit SSC to complete its Technical Evaluation of your proposal submission.” The document provided was a Microsoft Word document which included all of the various SOW sub-criteria to be addressed by the bidder. As SSC asked the bidder to provide additional information that was “absent” from their original bid submission in order to complete their evaluation, the request extended beyond that of simple bid clarification. Per the SSC Procurement Manual, “Any response, which leads to a substantial change in the bid is considered bid repair and must not be considered in the bid evaluation.”

52. In 9 files, the evaluation grid was not identical to the evaluation criteria found in the solicitation document (3.1.1) Examples included the following:

  • In 3 files, clarifications made to criteria during the bid enquiry period were not reflected accordingly in the evaluation grids and do not appear to have been taken into account by the evaluators.
  • In 2 files, the evaluation grids did not reproduce the full text of the criteria and as a result, opting instead to using keywords or phrases to represent the criteria to evaluators. It is not clear that evaluators assessed all relevant elements of the criteria. In 1 file, the available points for point-rated criteria were not accurately reflected in the evaluation grid.
  • In 3 files, the evaluation grids wholly excluded criteria that were to be assessed. For example, in 1 file the solicitation document stated that bids needed to meet all Corporate and Resource mandatory criteria and obtain the required minimum of 70% for the Corporate and Resource point-rated criteria. However, the completed evaluations only included the corporate mandatory and corporate point-rated criteria (not the resource mandatory or resource point-rated criteria).

53. Further, in 7 files, the financial bid evaluation process was not carried out in accordance with the planned approach. In these files, only one Enterprise IT Procurement (EITP) employee was involved in the financial evaluation of the bids. Per SSC’s Procurement Manual, “For any competitive procurement requiring contract entry approval of the DG or above, more than one EITP employee must be involved in the financial evaluation of the bids.” SSC has acknowledged this breach of policy and replied that they will ensure that there is an additional review on the financial evaluation on future solicitations that require DG approval.

54. Evaluations not conducted consistently and in the manner prescribed by the solicitation call into question the integrity of the procurement process. By not adhering strictly to the evaluation criteria, SSC has exposed itself to the risk that ambiguities in the selection process result in the contract being wrongly awarded. It also means SSC may not be able to defend and explain its decisions and actions and prove that they were made in accordance with the applicable laws, regulations, and policies.

Recommendation 3:

SSC should implement appropriate oversight and review mechanisms to ensure that evaluations are carried out in accordance with the planned approach.

File documentation

In the majority of files, file documentation was incomplete.

55. Section 12.3.1 of the TBCP requires that procurement files facilitate management oversight with a complete audit trail containing details related to relevant communications and decisions, including the identification of the involved officials and contracting approval authorities. Section 4.10.1 of the DMP also states the Contracting Authority is responsible for “…ensuring that accurate and comprehensive procurement records are created and maintained on the contract file to facilitate management oversight and audit…” SSC’s Procurement Manual further states that the Contracting Authority has the “responsibility to ensure current electronic procurement files[…] are complete.” The requirement to ensure adequate file documentation extends to the actions undertaken during the solicitation period, the evaluation of bids, as well as the overall procurement file.

56. In 18 out of the applicable 32 files, sufficient documentation was not on file to support the evaluation of bids. This included instances where: individual or consensus evaluations were missing evaluator names, signatures, and/or dates; documents were absent (e.g., missing individual, consensus and financial evaluations); and no or few comments in consensus evaluations supporting findings of non-compliance or the assessment and allocation of points for point-rated evaluation criteria. More specifically in the case of contracts awarded through SSC’s Network Solutions Supply Chain (NSSC) vehicle, which awards contracts to agreement holders using an RFQ process based on lowest price, documentation did not always support the financial evaluation and the selection of the successful supplier. For example:

  • In 2 files, evaluation documents on file were inadequate to support that the prescribed process was followed. In both of these files, the evaluators were not identified.
  • In one of these files, there was insufficient documentation on file to confirm that the lowest price bid was selected. SSC has noted an evaluation form specific to the NSSC vehicle is being developed to strengthen the electronic procurement records.

57. Further, procurement file documentation was found to be incomplete in 19 out of 37 files. Examples of incomplete file documentation included missing conflict of interest documents signed by all evaluators, procurement and contracting approval documents, finalized versions of solicitation documents shared with bidders, and SSC committee minutes supporting procurement strategy review and endorsement.

58. Incomplete procurement files result in inadequately supported procurement actions that risk undermining the integrity, fairness and transparency of the procurement process. Keeping complete and detailed evaluation records is crucial for demonstrating that evaluation criteria have been applied equally to all competing bids, and demonstrating that the procurement has been carried out in a manner consistent with SSC’s obligations under the TBCP, DMP, SSC Procurement Manual and applicable trade agreements. SSC’s Procurement Manual does provide guidance regarding electronic record keeping including document and folder naming conventions and provides lists of the documentation that should be saved in procurement files.

Recommendation 4:

SSC should ensure that the existing guidance regarding electronic record keeping is implemented and that appropriate oversight is exercised to support effective record keeping practices, as per the Government of Canada policy, including the on-going development and implementation of an evaluation form specific to the Network Solutions Supply Chain vehicle.

Line of enquiry 4: To determine whether SSC’s procurement governance framework is effective and ensures that procurement activities are monitored, and procurement risks are able to be identified and mitigated

59. The TBCP, rescinded in May 2022, required departments to ensure that adequate control frameworks for due diligence and effective stewardship of public funds are in place and working. The TBCP was replaced by the DMP which requires that departments establish effective governance and oversight mechanisms to support the management of procurement. Within each department, a Senior Designated Official is responsible for establishing, implementing and maintaining a procurement governance framework that includes oversight, planning and reporting mechanisms. This framework must include clearly defined roles, responsibilities and accountability for the various governance committees involved.

60. SSC’s Procurement Governance Framework (the Framework) was established in 2019 and was most recently updated in July 2021 (version 3.0). The Framework is intended to apply a risk-based approach to determine the required level of oversight for SSC procurements, including those carried out on behalf of other government departments. Overall, responsibility for the Framework rests with the Assistant Deputy Minister, Enterprise Information Technology Procurement and Corporate Services (EITP-CSB) who is also the Chief Procurement Officer and the Senior Designated Official for procurement functions at SSC.

61. The most recent version of the Framework (version 3.0) was developed during the transition period from the TBCP to the DMP; previous versions of the Framework were not reviewed as they are no longer in use. This LOE therefore applied to 12 of the files reviewed. The Framework was assessed to determine whether:

  • oversight bodies to monitor procurement risks in projects have been established and communicated, and
  • consideration and management of procurement risk is integrated into the project planning cycle.

Have oversight bodies been established and communicated?

Oversight bodies have been established and communicated; however, opportunities for improvement regarding quorum requirements and governance committee minutes were identified.

62. Oversight within the Framework is accomplished through several internal governance committees. These committees act in an advisory capacity, provide guidance and oversight, and perform a challenge function with regard to the proposed procurement strategy for all procurements subject to governance review. Governance committee review is triggered by the responsible procurement officer completing a risk assessment, which will prompt the need for governance oversight depending on risks selected.

63. Three SSC governance committees fulfill key controls in the Framework. Each committee is responsible for reviewing and endorsing the procurement strategy based on the procurement’s identified risk level:

  • The Procurement Executive Committee reviews and endorses all “Risk Level 1” procurements,
  • The Procurement Review Board reviews and endorses all “Risk Level 2” procurements, and
  • The Finance, Investment and Internal Management Board reviews and endorses all “Risk Level 3” procurements.

For all risk levels, endorsement must be provided before the solicitation process can be initiated. These roles are clearly established in the Terms of Reference for the Procurement Executive Committee and the Procurement Review Board, with responsibility resting with the chair of the committees, who, in both cases, is the Director General, EITP.

64. The Finance, Investment and Internal Management Board is SSC’s executive financial management, investment and internal services forum, whose mandate extends beyond procurement to include the oversight of financial resources, investment activities, corporate wide plans, strategies, policy frameworks and reports. The Terms of Reference for this committee delegates authority to the co-chairs (Executive Vice-President and Assistant Deputy Minister/Chief Financial Officer) for monitoring compliance with TB policies including procurement. The Terms of Reference do not explicitly state that the committee must endorse all level 3 procurements prior to the initiation of the process; however, all procurements submitted to the committee for review must be accompanied by a presentation deck that clearly indicates what decision is being sought (i.e. endorsement of the procurement activity). This mitigates the risk that the committee may be unprepared to review procurement files.

65. Risk assessments are carried out in accordance with the Procurement Governance Framework Risk Ladder Model, which categorizes procurements according to three levels of risk that correspond to the presence of one or more pre-determined criteria. These criteria include risk factors such as the use of SSC exceptional authorities, invocation of the National Security Exception (NSE), if the requirement is for new (and renewed) methods of supply, if the estimated value of the procurement is above certain dollar thresholds, among other factors that increase the risk, complexity, or scope of the procurement. Procurements meeting the criteria for risk levels 1, 2, or 3 are subject to review by the applicable governance committee(s). Procurements can also be raised for governance committee review at the discretion of an executive from EITP. In each case where governance committee review has been triggered, the procurement activity must be endorsed by the applicable committee(s) prior to the initiation of the solicitation process. The following table details how the identified risk level is addressed within the governance structure:

Risk management within governance structures
Risk level Governance structure Sub-committee (when applicable)
n/a Treasury Board Cabinet committee n/a
n/a Executive oversight board n/a
Risk level 3 Finance, investment and internal management board n/a
Risk level 1 and 2 Procurement review board (procurement strategy endorsement) Contract management review committee (PRB sub-committee)
Risk level 1 Procurement executive committee (procurement strategy endorsement) Contract management review committee (PRB sub-committee)

66. Quorum requirements are clearly documented in the Terms of Reference for the Procurement Review Board and the Finance, Investment and Internal Management Board but not for the Procurement Executive Committee. As the Procurement Executive Committee fulfills a key control and endorses the procurement strategy for all “Risk Level 1” procurements, there is a risk that attendance at any given meeting is insufficient and does not support informed decision-making.

67. Terms of Reference for the three key committees under the Framework allow members to designate a delegate, and either specify the minimum level (e.g. director or above) or require delegates to be approved, which is a good practice. The sampled files under this version of the Framework included “Risk Level 1” and “Risk Level 2” procurements which were subject to Procurement Executive Committee or Procurement Review Board oversight. Committee minutes reviewed did not identify levels of members or who delegates were, if applicable, and in the case of the Procurement Review Board, did not indicate that quorum requirements were verified. This increases the risk that both quorum and level requirements are not consistently respected to ensure appropriate attendance by individuals with the knowledge and expertise to detect procurement risks and support informed decision-making.

Recommendation 5:

SSC should establish quorum requirements for the Procurement Executive Committee. Additionally SSC should ensure all Procurement Governance Framework committee minutes clearly document the levels of members and delegates in attendance, as well as the verification of quorum.

68. In order to improve procurement planning and reduce instances of last-minute renewals, extensions and “urgent” procurements, SSC has established the Contract Management Review Committee. A sub-committee of the Procurement Review Board, the Contract Management Review Committee reviews active contracts that are approaching expiry or exhausting funds more quickly than anticipated and raises procurement files to the Procurement Review Board at the discretion of the Chair. This committee supports strategic planning by enabling coordination between contracting authorities and SSC business lines in the contract administration phase.

69. An additional layer of control is fulfilled by another governance committee, the Information Technology Infrastructure Review Board, that operates outside of the Framework, acting as the business and technical challenge function in the early stages of project definition. This committee is co-chaired by the Chief Technology Officer, Assistant Deputy Minister of Data Centre Services and the Assistant Deputy Minister of Network and Security Services. Membership includes the Assistant Deputy Minister of Corporate Services and EITP as well as the Director General, EITP. The Information Technology Infrastructure Review Board is mandated to review and challenge planned network infrastructure requirements where it appears necessary to source the requirement from an Original Equipment Manufacturer (OEM). This committee was established to ensure alignment with SSC’s Network and Security Services and Data Centre Services equipment procurement strategy, and to review and challenge the justification of direct OEM business requirements with an estimated value in excess of $1M prior to submission to EITP.

Is the management of procurement risks integrated into the project planning cycle?

70. In order to meet the departmental obligations required by the DMP, SSC’s Framework must incorporate performance results, lessons learned and best practices to inform procurement decision-making.

71. OPO examined the Framework to determine whether a process exists and is operating effectively to identify, assess and manage procurement risks. OPO identified the following elements within the Framework regarding key oversight, planning and reporting requirements: the Procurement Summary and Risk Assessment (PSRA) tool, the ProTracker, the governance committee framework, SSC’s e-procurement platform Procure-to-Pay (P2P), and the Compliance and Quality Assurance Program (CQAP). OPO’s assessment of these elements is found below.

Weaknesses were identified in the Procurement Summary and Risk Assessment tool, limiting the effectiveness of SSC’s control framework.

72. As mentioned, procurement officers must complete a risk assessment for all planned procurements. This risk assessment must be completed using the PSRA tool and should be completed during the procurement planning stage to allow sufficient time for governance committee(s) review and endorsement, if required.

73. The PSRA is a ‘smart’ form developed by SSC to document strategic considerations, including the identification of procurement process risks, proposed mitigation strategies, and key decisions to facilitate management review and approvals. The PSRA tool contains several versions or sub-forms that are tailored to the characteristics of the procurement. Collectively, the PSRA and its sub-forms allow procurement officers to capture relevant information to enable management oversight and approvals, and document key decisions at different stages of the procurement process.

74. The PSRA is intended to function as a key control in the Framework by determining whether the procurement will be subject to oversight by one of SSC’s governance committees. The “Governance risks” section of the PSRA requires procurement officers to identify whether the procurement contains any of the pre-determined risk factors contained in the Procurement Governance Framework Risk Ladder Model. If any of the governance risk criteria are selected, the form is designed to trigger a notification prompting the procurement officer to add the procurement to the ProTracker (spreadsheet for monitoring procurements requiring governance committee oversight) and submit the file to the EITP Governance and Strategic Planning team.

75. OPO reviewed the PSRA template and found that while the prompt to submit the file to the EITP Governance and Strategic Planning team was operating effectively, the prompt to add the procurement to the ProTracker management report was not functioning consistently. The prompt to add the file to the ProTracker only appears if one of five (out of a possible 13) governance risks is selected. Selection of any of the other governance risk criteria, including “Enterprise-wide transformations”, “Advanced Contract Award Notice (ACAN)” and “Contracting with a former public servant”, would not prompt the procurement officer to add the file to the ProTracker, which could result in a procurement not being reviewed by the required committee. Furthermore, while the governance risks are aligned with the criteria in the risk ladder, the smart form does not compute the resulting risk level of each procurement (levels 1, 2, or 3). However, the requirement to submit the form to the EITP Governance and Strategic Planning team, that will confirm the resulting risk level, is designed to act as a compensating control. SSC also noted to OPO that it distributes a weekly communication to prompt procurement officers to update the ProTracker with any new applicable procurements and that the EITP Governance and Strategic Planning team also reviews PSRAs for any procurements that were not added to the ProTracker but should have been.

76. An additional compensating control exists in the requirement to have the appropriate authority within EITP sign off and approve the form. Approval of the PSRA is designed to align with SSC’s delegation of authority and is determined by the estimated value of the procurement. When the PSRA-Procurement Planning Approval Request is signed by the appropriate delegated authority, the procurement strategy is considered approved to proceed. If governance committee review is required, the PSRA-Procurement Planning Approval Request must be signed by the appropriate delegated authority before the solicitation is posted and as soon as possible after endorsement from the appropriate committee has been obtained. The PSRA Writing Guide states that the PSRA should be signed by all levels up to the delegated authority. For example, if the PSRA requires Director General-level approval, the form should also be signed by the procurement officer, team-lead, manager and director. The risk level of the procurement, which is the trigger for governance review, does not impact the approval authority required for the PSRA. As a result, the PSRA for a competitive procurement that contains one or more governance risks, would not necessarily be subject to approval at the executive level (Director level and above) unless the estimated value exceeded $2M.

77. Neither the PSRA form, the PSRA Writing Guide, nor the Procurement Governance Framework Risk Ladder Model specify whether the estimated value of the requirement for governance endorsement is inclusive of taxes. According to SSC’s delegation of authority, financial signing authority is limited to a specific dollar value for each transaction and “this amount represents the maximum expenditures, including any Goods and Services Tax, Quebec Sales Tax or Harmonized Sales Tax that may be authorized by a delegation holder.” Since the Financial Details section of the PSRA form is not linked to the governance risks, the procurement officer must manually select the button denoting that the procurement is valued at or above $5M in order to trigger governance committee review, and the requirement to submit the PSRA form to the EITP Governance and Strategic Planning team that provides oversight. OPO noted two instances where the estimated value of the procurement including taxes exceeded $5M and the procurement officer had not selected the governance risk “procurement valued above $5M (including amendments)”. In both cases, the procurements were not subjected to the required governance committee review.

78. The PSRA contains a number of fields that must be populated before the form can be saved. One such field requires procurement officers to identify potential process risks for the procurement. SSC defines procurement process risks to be considerations that may arise during the procurement process that pose a threat to the established procurement plan, and/or the organization at large. These are described as dynamic risks that should be reviewed and assessed during the governance process and documented in the PSRA and, if governance committee is required, the ProTracker. To assist procurement officers in this risk assessment exercise, SSC’s EITP Governance and Strategic Planning team has developed a Process Risk Guide and Matrix document as an annex to the Framework. This guide provides step-by-step instructions for procurement officers and examples of procurement process risks and mitigation strategies to illustrate the risk assessment exercise.

79. When completing the Procurement Process Risk section of the PSRA form, procurement officers are required to identify the process risk, assess the impact and probability of the risk, and propose a mitigation strategy. Once the impact and probability of the risk have been entered, it produces a risk heat score from 1-3. These identified risks do not automatically trigger additional oversight, regardless of their risk heat score, however the responsible executive in the EITP group can choose to raise a file for additional oversight if deemed necessary. While procurement files can be raised for governance review by an executive or their delegate, this is discretionary and an acceptable procurement risk heat score has not been established. As a result, a procurement with a high risk heat score, that does not contain any of the pre-determined factors that trigger governance committee review (i.e. governance risks), could be approved through the standard approval process without any additional oversight.

Procurement Summary and Risk Assessment forms were not always completed at the appropriate time and did not accurately reflect solicitation documents and processes.

80. Twelve (12) of the sampled files fell under this version of the Framework. These files were reviewed to assess the timeliness, completeness and accuracy of information in the PSRA including approval by the appropriate authority and committee endorsement.

81. In all 12 files, a PSRA was on file and approved but the form was not always completed at the appropriate time, calling into question its value. As the PSRA is used to document the risk assessment of all planned procurements and to obtain approval to proceed with a procurement process, it should be prepared early in the process and prior to the solicitation phase. In 5 files, the PSRA was prepared late in the process including 1 file where the PSRA was approved after suppliers were solicited, and 4 files where the PSRA was approved after the contract was awarded or after the Crown’s signature on the contract. Completing the risk assessment and obtaining required approvals after awarding contracts brings into question the due diligence applied to the risk assessment and risks the potential termination of these contracts and delays to the receipt of the required goods and services.

82. Based on the Procurement Governance Framework Risk Ladder Model, 10 of the 12 files reviewed were subject to governance committee review. As previously noted in paragraph 77, there were 2 files where the estimated value of the procurement including taxes exceeded $5M and the procurement officer had not selected the governance risk “procurement valued above $5M (including amendments)” and the procurements were not subjected to the required governance committee review (the Procurement Executive Committee in both cases). All but 1 of the other 8 files were endorsed by the appropriate committee before the start of the solicitation period. The remaining file was mentioned in the paragraph above as having received committee endorsement after the bid solicitation closing date.

83. OPO’s review found that the PSRA did not accurately reflect the solicitation document and process in 9 of the 12 files reviewed. Examples of inaccuracies include the following:

  1. In 4 files, the description of the requirement in the PSRA was different from the description in the solicitation document. This included, for example, differences between the PSRA and the solicitation document with respect to the number of resources required, the resource categories, number of option periods, and whether substitute products would be permitted.
  2. In 1 file a covering email used to send a PSRA for approval indicated the requirement had received committee approval. This was inaccurate since the requirement had initially been presented to the Procurement Executive Committee as a contract amendment and was not endorsed. The requirement then proceeded as a new procurement under a different vehicle valued over $5M which did not receive Procurement Executive Committee endorsement before proceeding.
  3. In 2 files, the PSRA stated that the solicitations would include a rated advantage for bidders who demonstrate their commitment to providing opportunities, assistance and encouragement for any under-represented group. No such criteria, however, were included in the solicitations. SSC clarified to OPO that these were administrative errors that should not have been included in the PSRAs. In one of these files, the Procurement Review Board minutes of the meeting where endorsement was obtained indicate that this rated advantage would be included in the solicitation.

84. Inaccurate information in the PSRA is concerning as this form is a key control in SSC’s Framework in determining whether a procurement will be subject to oversight by SSC’s governance committees. It is also through this form that procurement strategy approval is obtained as well as approval to proceed with the procurement. Inaccurate PSRAs can result in procurements not being subject to the appropriate oversight and can also result in officials providing approvals to proceed based on inaccurate information, jeopardising the integrity of SSC’s procurement practices.

85. OPO also observed a weakness in the approach to completing the PSRA when the planned strategy is to award multiple contracts to satisfy a requirement. SSC will use such a strategy when there is a need to have multiple suppliers deliver goods or services to create redundancies, ensure continued service delivery and increase supplier access to federal procurement opportunities. SSC’s value-related governance risks in the PSRA are considered in the context of individual contract values as opposed to the total value of the requirement when multiple contracts are planned to be awarded. For example, a PSRA with a planned strategy to award two contracts for a $12M requirement ($6M per contract) would need to be endorsed by the Procurement Executive Committee. In the absence of other governance risks, however, the same $12M requirement would not require committee endorsement if the strategy was to award three $4M contracts because each contract individually would be below the $5M threshold. Similarly, a $30M requirement awarded as a single contract would require Procurement Review Board endorsement but the same requirement awarded as two $15M contracts would only require Procurement Executive Committee endorsement. This creates the opportunity to structure a procurement to avoid governance oversight or a higher level of oversight and could give rise to the possible perception of unnecessarily dividing, or further dividing, an aggregate requirement into a number of smaller contracts, thereby avoiding contract approval authorities.

86. In 5 of 12 files reviewed requiring a PSRA, the intent was to award multiple contracts to satisfy the requirement. In 3 of these files, the procurements may have benefited from additional oversight due to their significant financial investments. For example, in 1 file for the provision of IT professional services, the procurement strategy was to award 6 contracts each estimated at a value of $32.72M, for a total requirement value of $196.35M. The only identified governance risk in the PSRA was “Procurement valued equal to or greater than $20M” and one procurement process risk was identified (related to the contract limitation of the previous contract) which did not result in any additional oversight.

87. Further, the PSRA form does not allow for situations where the intent is to award multiple contracts as the financial details entered in the form determine the required approval level based on the approval value for one contract. In the example provided above, if the values of all 6 contracts and option periods are entered, the PSRA form indicates “The approval amount has exceeded the approval Authority level – Seek Treasury Board Approval.” While SSC’s PSRA Writing Guide does not address these situations, as a workaround used when multiple contracts are planned to be awarded, the procurement officer will enter all of the planned contracts in the PSRA but will only provide the financial values of one contract with the others included as $0. The number of contracts to be awarded, their estimated values and the total value of the requirement are entered in a text box in the “Requirement” section of the form. As a result, the total value of a requirement, regardless of its size, will never trigger additional oversight so long as each individual contract remains within SSC’s delegated authority and the file isn’t raised by an EITP Executive or governance committee for consideration.

As a manually updated tool, procurements requiring governance review may be inadvertently omitted from the ProTracker.

88. The ProTracker is an excel spreadsheet that functions as the primary management report for monitoring high-risk, high-complexity procurements. It includes information on planned procurements that require governance committee oversight, such as current status, governance reviews, procurement schedules, financial values, and key issues. The ProTracker is managed by the EITP Governance and Strategic Planning team and used to schedule committee reviews. Under the Framework, the Contracting Authority is responsible for ensuring that all planned procurements requiring oversight by governance committees (i.e. assessed as risk level 1, 2, or 3 in accordance with the Risk Ladder Model) are accurately captured on key Senior Management reports, such as the ProTracker. While other reports are shared with EITP’s operational directors for information (e.g., monthly Contract Expiry Report, Purchase Requisition Report, and Executive Procurement Dashboard), the ProTracker is the primary management report that provides visibility on planned procurements that require governance review.

89. When governance risks are identified in the PSRA form, the form prompts the procurement officer to add the procurement to the ProTracker; however, as mentioned in paragraph 75 above, this prompt is not operating effectively and only 5 out of 13 possible governance risks produce this prompt. Because the ProTracker is manually updated by the Contracting Authority, as opposed to generated by the P2P system, there is a risk that procurements requiring governance oversight are omitted or inadvertently deleted from the ProTracker, effectively bypassing the governance framework.

SSC captures and tracks the status of all action items resulting from governance committee review.

90. Decisions rendered by governance committees are captured in committee minutes as well as the ProTracker. The Governance and Strategic Planning team within EITP has developed a Governance Action Register (GAR)Footnote 1 – a tool to capture and track the status of all action items resulting from governance committee review. The GAR is a record of each agenda item presented to the Procurement Executive Committee and Procurement Review Board, the meeting date, and the action items identified during the meeting. Unlike the ProTracker that is filled out by each procurement officer, the GAR is maintained by the EITP Governance and Strategic Planning team. For the Finance, Investment and Internal Management Board, the Board’s Secretariat distributes records of decision which are presented and approved at subsequent meetings and an Executive Committees Action Tracker is used to track outstanding action items.

SSC’s Procurement Governance Framework control measures are inadequately supported in SSC’s e-procurement system.

91. SSC implemented their e-procurement system in 2016 using Procure-to-Pay (P2P) commercial off-the-shelf software. The majority of SSC’s procurement and contracting process occurs in P2P (full end-to-end supply chain process). P2P integrates accounts payable and procurement processes, provides end-to-end electronic financial approvals (i.e. commitment, transaction and certification authorities) and is linked to SSC’s financial system as well as Buyandsell.gc.ca (now CanadaBuys). Purchase requisitions are created in P2P by the client, (including other government department clients) and are assigned to a procurement officer by a workload manager. The solicitation document is created in P2P and the solicitation process, including Q&A and the submission of bids occurs in the P2P system. If a solicitation used open tendering, questions can be received via P2P but responses will be published on Buyandsell.gc.ca (now CanadaBuys). While bid evaluation occurs outside of P2P, there are system controls that prevent financial bids from being opened until the technical evaluation has been completed and a bid has been deemed compliant. Contracts, purchase orders and invoicing are also created, approved and managed in P2P.

92. The Framework requires that committee endorsement of the procurement strategy be received before a solicitation process can be initiated; however, there is no mandatory control in the P2P system that requires this certification be made prior to soliciting bids. The system does require that the procurement officer confirm that the PSRA has been completed by checking the applicable box and providing a link to the procurement file (including any link in this field would satisfy the system requirements). However, these fields are only required to be completed in order to generate the contract for award. There is no control within P2P that prevents bids from being solicited prior to the completion of the PSRA, or confirmation that committee endorsement was obtained, if applicable. P2P also does not identify whether a procurement was identified as high risk (levels 1, 2, 3) and subject to governance oversight, nor are the procurement process risks identified in the PSRA tracked in P2P.

93. There is a risk that procurements can be initiated in P2P without the required governance committee endorsement. There is also a risk that procurement process risks are not being managed throughout the procurement process as these are not tracked in the system.

Recommendation 6:

SSC should implement measures, including exploring options to update its e-procurement system, to:

  • ensure Procurement Summary and Risk Assessments are completed accurately and at the appropriate time, including using the total value of the requirement;
  • ensure that the procurement process risk assessment is integrated into the Procurement Governance Framework, triggering committee oversight if the residual risk value exceeds an established threshold;
  • enable reporting on the status of all procurements, including the ability to filter procurements by risk level to enable effective oversight, and to identify procurements that should be subject to governance review; and
  • ensure procurements are not initiated in the e-procurement system without completion of the Procurement Summary and Risk Assessment and obtaining required committee endorsements.

Compliance and Quality Assurance Program reviews are not being completed at the opportune time.

94. SSC’s Compliance and Quality Assurance Program (CQAP) was implemented “to ensure that procurements respect SSC’s procurement governance framework, relevant Treasury Board and SSC procurement policy instruments, applicable legislation, regulations and trade agreements.” Quality assurance reviews are mandatory for procurements requiring governance committee review and are conducted at the pre-solicitation, pre-contract award and/or post-contract award stages. The ProTracker is used to identify files requiring mandatory quality assurance reviews. Procurement files not requiring governance committee review may be reviewed under the CQAP and senior management may also request a quality assurance review on an ad-hoc basis.

95. According to SSC’s CQAP Strategic Direction: “Pre-contract award and post-contract award file review is mandatory for all procurements meeting SSC’s Procurement Governance Framework (PGF) criteria.” This is not reflected in SSC’s CQAP Process Guide which is silent as to when mandatory reviews will be performed in the process. In order to mitigate risk and remedy any identified issues as soon as possible, CQAP reviews should be completed early in the process (i.e. prior to contract award). In the 10 files previously mentioned that were subject to governance committee review (and therefore subject to CQAP review), 8 had a CQAP review completed at the post-award stage and none were completed at the pre-award stage. The other 2 files are the same 2 previously mentioned that were not subjected to the required governance committee review because the PSRA failed to identify that the procurements were valued above $5M. As a result, the files were not added to the ProTracker and CQAP reviews were not completed as required. At the time of OPO’s review, SSC reported that 44 post-contract award reviews had been performed to date in 2022-23 but that no pre-solicitation or pre-contract award reviews had been performed.

96. SSC has had 2 EITP staff members performing reviews under the CQAP. While SSC reports that this number is expected to go up and that they are actively working to staff vacancies, the number of staff performing reviews appears to be a factor in the lack of reviews performed at the pre-award stage.

Recommendation 7:

SSC should ensure that a risk-based approach to conducting compliance and quality assurance reviews is implemented to ensure risks are identified, governance committee approvals are received and a mitigation plan is developed to deal with identified risks and deficiencies appropriately and in a timely manner.

IV. Simplification

97. OPO regularly hears from both Canadian businesses and federal officials who believe the contracting process is unnecessarily complex. In reviewing SSC’s procurement practices, OPO sought to identify opportunities to alleviate unnecessary administrative burdens placed on bidders and federal procurement officials, and draw attention to good practices for simplifying the procurement process.

Simplification of evaluation criteria

98. There were certain cases where evaluation criteria were unnecessary and could have been removed to reduce the number of evaluation criteria used and simplify the process. Examples included the following:

  1. In 3 files, bidders were asked to respond to mandatory criteria which reflected multiple elements within the Statement of Work (SOW). In 2 of these files, this resulted in bidders being required to respond to over 200 “sub-criteria” in each file.
  2. In another file, a corporate mandatory criterion required the bidders to respond to the mandatory and point-rated criteria for all of the Senior level resources. As the requirement was seeking 13 different resource categories, bidders had to respond to over 70 resource mandatory criteria. The solicitation document had specifically stated that resources would not be assessed at the time of solicitation, which caused bidders to raise this contradiction to SSC’s attention. Specifically, a supplier questioned the value of such criteria to proposed sample resources which may not be presented upon contract award. However, SSC maintained that no change could be made to the criterion. Of the 23 suppliers invited to bid, only 2 suppliers submitted bids. The intention was to award 3 contracts but ultimately only 2 could be issued. The additional mandatory elements that resulted from the inclusion of this criterion may have been a contributing factor to the low number of bid submissions.

99. The inclusion of unnecessary evaluation criteria, particularly as mandatory criteria, unnecessarily complicates the procurement process by making it administratively burdensome for bidders to prepare their proposals. Further, it creates opportunities for bidders to make mistakes and for their proposals to be deemed non-responsive for failing to meet mandatory criteria that are ultimately not required. Such criteria can deter suppliers from submitting bids and can result in reduced competition in solicitation processes.

V. Other observations

Disclosure of trade agreement applicability to suppliers

100. In May 2012, SSC announced a blanket National Security Exception (NSE) would apply to all SSC procurements related to e-mail, network/telecommunications, data centre systems, infrastructure and services. During this time, SSC established several Master Contracting Vehicles (MCVs) to which the blanket NSE applied:

  • Network Solutions Supply Chain (NSSC)
  • Physical Infrastructure Supply Arrangement (PISA)
  • Cyber Security Procurement Vehicle (CSVP)

101. The resulting supplier agreements and arrangements under these vehicles stipulated that the NSE applied to all requirements stemming from these vehicles. In July 2020, SSC’s blanket National Security Exception (NSE) expired but continued to apply under certain circumstances where the NSE was properly invoked and publicly announced prior to July 1, 2020. This included solicitations, awarded contracts and contractual arrangements, or to call-ups and contracts pursuant to Standing Offers and Supply Arrangements.

102. However, in an internal email dated November 5, 2020, SSC confirmed the former blanket NSE invocation would not apply to solicitations, contracts awarded and contractual arrangements, or to call-ups and contracts pursuant to Standing Offers and Supply Arrangements that were negotiated prior to July 1, 2020.

103. Of the 37 files OPO reviewed, 9 files related to procurement processes for requirements under these MVCs dated after November 5, 2020. In these files, there was no indication on file that suppliers were made aware of the applicability of trade agreements for these procurements. SSC clarified to OPO that following the expiration of SSC’s blanket NSE, its application was removed from subsequent procurements but that the supplier MVC agreements and arrangements under these vehicles had not been amended to notify suppliers of this change. Moving forward, SSC confirmed that suppliers will be informed should there be a change to the application of the NSE to an overall procurement vehicle.

104. When trade agreements apply, the recourse mechanism for contract award disputes raised by suppliers is the Canadian International Trade Tribunal (CITT). Given the CITT’s strict complaint filing timelines, it is imperative that suppliers are made aware at the time of the solicitation of the applicability of trade agreements to a solicitation so they are not disadvantaged from seeking recourse and challenging the results of the evaluation.

Risk of employer-employee relationships

105. Subsection 4.1.9(b) of the TBCP required contracting authorities to “ensure that an employer-employee relationship will not result when contracting for the services of individuals in accordance with criteria established by the Canada Customs and Revenue Agency and pertinent court rulings.”

106. The DMP requires business owners to ensure that employer-employee relationships are not formed during contracts and that contracting authorities are informed of conditions or changes that may create such a relationship. Contracting authorities are responsible for ensuring that business owners are aware of the risks associated with the creation of employer-employee relationships and for including terms and conditions that prevent these risks.

107. SSC’s Procurement Manual also states that “contracting officers should carefully review the circumstances in order to avoid establishing an employer-employee relationship” when contracting for the services of individuals.

108. SSC uses TBIPS or TSPS method of supply to obtain professional services to support various initiatives and activities (e.g. application delivery, IT security, Digital Government Transformation, database administration, etc.). Resourcing considerations are documented to support the need to hire professional services on contract as opposed to using existing employees or hiring new indeterminate or term employees and is often related to requiring specialized skillsets and expertise which are not readily available in the federal government workforce.

109. The Canada Revenue Agency considers several factors in determining an individual’s employment status, including the level of control the payer has over the worker’s activities. Wording regarding expected work hours and reporting relationships are elements of control over a worker that could increase the risk of creating an employer-employee relationship, real or perceived, and should be avoided.

VI. Conclusion

110. SSC’s procurement practices pertaining to evaluation and selection plans, solicitation, and evaluation of bids and contract award were assessed for consistency with Canada’s obligations under sections of applicable national and international trade agreements, the Financial Administration Act and regulations made under it, the TBCP, the DMP, and, when present, departmental guidelines, to determine if they supported the principles of fairness, openness and transparency. In addition, this review assessed whether SSC established effective governance and oversight mechanisms to support the management of procurement, as required by the DMP.

111. Regarding LOE 1, OPO found that mandatory criteria were aligned with requirements; however, a majority of files contained mandatory criteria that were not clearly stated, demonstrable and measurable. As well, in some instances, mandatory criteria were found to be overly restrictive. For the most part, point-rated criteria were not overly restrictive, were aligned with the requirement and reflected the relative importance of the criteria; however, some point-rated criteria and scoring grids could be improved to increase clarity and minimize subjectivity. In all files reviewed, the selection methodology was aligned with the requirement, and was clearly communicated in all but one file.

112. Regarding LOE 2, OPO found that most solicitations included clear and complete information about the requirement and instructions for submitting compliant bids and the vast majority of files met the documentation and process requirements; however, some files were found to be lacking in this area. Communications with suppliers were appropriate in the majority of files; however, certain files contained responses to supplier questions that raised fairness issues regarding equal and timely access to information and did not support the preparation of responsive bids. Communication of solicitation results was also found to be inconsistent or did not occur in all files.

113. Regarding LOE 3, OPO found considerable deficiencies in bid evaluations and file documentation. Inconsistencies in the evaluation of bids and deviations from the planned approach were noted in over half of applicable files, including one instance where bid repair appears to have been permitted. File documentation was found to be incomplete in the majority of files which were lacking documentation such as completed and signed individual, consensus and financial evaluations, evaluator conflict of interest declarations, procurement and contracting approval documents, and solicitation documents. This inhibits SSC’s ability to demonstrate good stewardship of Crown resources and that the procurements were conducted in a fair, open and transparent manner.

114. Regarding LOE 4, OPO found that SSC has an established procurement governance framework with established oversight bodies. These oversight bodies have clearly communicated roles and responsibilities and adequate representation of procurement expertise; however, opportunities for improvement regarding quorum requirements were identified. While SSC captures and tracks the status of all action items resulting from governance committee reviews, certain weaknesses were identified in the tools supporting governance including a lack of integration of procurement risks into the project planning cycle, manual controls, and a governance framework that is not linked with SSC’s e-procurement system, which could limit the effectiveness of SSC’s control framework. Procurement risk assessments were not always completed at the appropriate time and did not always accurately reflect solicitation documents. Further, while SSC has implemented a Compliance and Quality Assurance Program, the low number of staff performing reviews appears to be a factor in the timing of the reviews.

115. In order to address issues identified, OPO made 7 recommendations. These recommendations can be found in Annex I of this report.

VII. Organizational response

116. In accordance with section 5 of the Procurement Ombudsman Regulations, the Procurement Ombudsman provided SSC with the opportunity to comment on the proposed recommendations in this review and the reasons for them. SSC was further given the opportunity to comment on the review’s findings, and many of these comments were taken into consideration and integrated into the final version of the report.

117. Shared Services Canada (SSC) would like to thank the Office of the Procurement Ombudsman (OPO), and their review team, for the observations noted in the report and their professionalism during the process. SSC appreciates the opportunity to strengthen procurement processes, and implement best practices from other departments.

118. The procurement function within SSC plays an important role in the delivery of information communications technology services within the Government of Canada. SSC agrees with OPO that a strong and comprehensive procurement foundation is in place, and understands that the review findings are similar to those noted in OPO’s reviews of departments of similar size and complexity. These recommendations will be addressed by implementing the action plan provided in Annex I of this report.

VIII. Acknowledgment

119. OPO wishes to express its appreciation to the staff of SSC’s EITP directorate for the assistance and cooperation extended to the reviewers during this assessment.

Alexander Jeglic
Procurement Ombudsman

Annex I—Organizational response and action plan

Procurement Practice Review of Evaluation and Selection Plans, Solicitation, and Evaluation of Bids and Contract Award at Shared Services Canada

Summary of recommendation and organizational response
Recommendation SSC response / Action plan Timeline for Implementation
1. SSC should implement measures to ensure that mandatory and point-rated criteria are clear, precise, and measurable, and do not favour a particular bidder or group of bidders. While SSC does not believe it to be a systemic problem, SSC agrees that steps can be taken to strengthen mandatory and point-rated criteria, and to enhance its evaluation practices.
  • SSC’s Enterprise IT Procurement Directorate will pilot a peer review program in each of its operational divisions to ensure clarity and consistency of its evaluation criteria.
  • SSC will also continue to enhance its Quality Assurance review tool to assess whether evaluations on sample files were conducted as per the planned approach, and debrief the officer and their Team Lead or Manager to highlight lessons learned.
April 30, 2025
3. SSC should implement appropriate oversight and review mechanisms to ensure that evaluations are carried out in accordance with the planned approach.
2. SSC should implement measures to ensure communications with suppliers and related bid enquiry processes support the preparation of responsive bids, including ensuring: fair and equal treatment of all suppliers; clear responses to supplier questions; and contract award notices published as required on the applicable platform and within prescribed timeframes. SSC agrees that there is an opportunity to refine communications with suppliers.
  • SSC will develop a Communications Checklist to support procurement professionals in their interactions with suppliers, and distribute it throughout the procurement function.
  • For procurements meeting Procurement Governance Framework criteria, SSC’s Compliance Team will examine sample files for communications compliance and inform the officer of any areas for improvement.
July 31, 2024
4. SSC should ensure that the existing guidance regarding electronic record keeping is implemented and that appropriate oversight is exercised to support effective record keeping practices, as per Government of Canada policy, including the on-going development and implementation of an evaluation form specific to the Network Solutions Supply Chain vehicle. SSC agrees that there is an opportunity to improve record keeping practices.
  • SSC will continue to enhance its Quality Assurance review tool to evaluate procurement file compliance on selected files earlier in the procurement process including implementation of existing guidance regarding electronic record keeping.
  • SSC will add an objective of properly storing electronic procurement files into the performance management agreements of procurement professionals.
  • SSC will develop an evaluation form specific to the Network Solutions Supply Chain (NSSC) procurement vehicle.
April 30, 2024
5. SSC should establish quorum requirements for the Procurement Executive Committee. Additionally SSC should ensure all Procurement Governance Framework committee minutes clearly document the levels of members and delegates in attendance, as well as the verification of quorum. SSC agrees that efforts can be made to add greater detail to governance documentation.
  • SSC has updated the Terms of Reference (TOR) for the Procurement Executive Committee (PEC) to include a quorum requirement that at least 50% of the voting membership (or their delegate) must be present along with the committee chair (or their delegate).
  • SSC has also updated the Meeting Minutes for the PEC as well as the Procurement Review Board (PRB) to include a more comprehensive list of attendees, with the position titles of each attendee as well as a written verification of quorum.
Completed
6. SSC should implement measures, including exploring options to update its e-procurement system, to:
  • ensure Procurement Summary and Risk Assessments are completed accurately and at the appropriate time, including using the total value of the requirement;
  • ensure that the procurement process risk assessment is integrated into the Procurement Governance Framework, triggering committee oversight if the residual risk value exceeds an established threshold;
  • enable reporting on the status of all procurements, including the ability to filter procurements by risk level to enable effective oversight, and to identify procurements that should be subject to governance review; and
  • ensure procurements are not initiated in the e-procurement system without completion of the Procurement Summary and Risk Assessment and obtaining required committee endorsements.
SSC will consider this recommendation.
  • SSC will assess the value, cost, and risk associated with the addition of a Program Management module that can be added to the current electronic procurement system.
  • SSC will perform a review of the Procurement Governance Framework (PGF) to determine how the procurement process risks can be integrated.
  • SSC will respond to this recommendation through the assessment of the additional P2P Program Management module described above.
  • SSC will explore adding two checkboxes into its e-procurement system to confirm that the Procurement Summary and Risk Assessment (PSRA) form has been uploaded as an attachment and that endorsement from the appropriate governance committees has been obtained.
March 31 2025
7. SSC should ensure that a risk-based approach to conducting compliance and quality assurance reviews is implemented to ensure risks are identified, governance committee approvals are received and a mitigation plan is developed to deal with identified risks and deficiencies appropriately and in a timely manner. SSC agrees that its Compliance and Quality Assurance Program (CQAP) can be broadened.

SSC will continue to enhance its Quality Assurance review tool to evaluate procurement compliance and procurement strategy coherence for selected files earlier in the procurement process.
March 31, 2024
Date modified: