Audit Report Sample PDF

NATIONAL RESEARCH CO UNCIL CANADA
ARCHIVED – Audit of Construction

Contracts
This PDF file has been archived on the Web.
Archived content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not
been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to
the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada,
you can request alternate formats by contacting us at NRC.WebOperations@nrc-cnrc.gc.ca.
National Research Council Canada
Audit of Construction Contracts
Internal Audit, NRC
January 2009
TABLE OF CONTENTS
1.0 Executive Summary ..................................................................... 1
2.0 Introduction .................................................................................. 6
2.1 Background and context ....................................................................... 6
2.2 About the audit ..................................................................................... 9
3.0 Audit Findings ............................................................................ 12

3.1 Audit Objective One: to provide assurance that NRC complies with
the Government of Canada and NRC construction contracting
policies and directives ........................................................................ 12
3.2 Objective Two: To assess the degree to which the recommendations

and management action plans identified in the 2002 Internal Audit
report Audit of Construction Contracting have been implemented. .... 24
4.0 Conclusion .................................................................................. 26
Appendix A: Audit Criteria and Detailed Findings ............. 29
Appendix B: 2002 Audit Recommendations and 2008

Follow-up Audit Findings ................................... 33
Appendix C: Overall Potential Ratings ................................... 37
Appendix D: Management Action Plan................................... 38
Appendix E: Glossary .................................................................... 41
January 2009 i
Internal Audit, National Research Council of Canada

1.0 Executive Summary
Background
This audit report presents the findings of the National Research Council (NRC) of
Canada’s Audit of Construction Contracts which includes a follow-up to the
recommendations and management action plans identified in the 2002 Internal Audit
report Audit of Construction Contracting. The decision to conduct this audit was
approved by the President following the recommendation of the Audit, Evaluation and
Risk Management Committee on June 27, 2007, as part of the NRC 2007-2008 to
2009-2010 Risk-Based Internal Audit Plan. Under the plan, contracts greater than
$25,000 and contracts less than $25,000 are audited in alternate years given that the
procedures are substantially different for these two broad categories. However, due to
their unique nature and relatively lower overall expenditures, construction contracts
are excluded from the annual compliance work and continue to be audited over a five-
year audit cycle. Expenditures for construction contracts were $17.8 million in 2006-
2007 and $20.5 million in 2007-08.
Audit objective, scope and methodology
There were two audit objectives. The first objective was to provide assurance that
NRC complies with Government of Canada and NRC construction contracting policies
and directives. As such, detailed audit procedures were performed on construction
contracts undertaken in 2006-07 and 2007-08 in order to make this determination.
This audit objective also allowed us to make observations with respect to the extent to
which NRC contracting directives and policies correspond to the Treasury Board
requirements as well as the adequacy of the procurement management control
framework established by NRC for construction contracts. The second audit objective
was to assess the degree to which the recommendations and management action
plans identified in the 2002 Internal Audit report Audit of Construction Contracting
have been implemented.
An NRC-wide approach was used for sampling which allowed for an examination of
construction contracts that are managed by NRC’s Administrative Services and
Property Management (ASPM) Branch as well as by the Regional Material
Management Offices (RMMOs). It was determined that a sample of 20 construction
contracts for each fiscal year for a total of 40 contracts selected on the basis of risk
would be sufficiently robust to determine whether there are any systemic issues with
respect to construction contracting. This involved examining practices in seven of
NRC’s 32 institutes, branches and programs (IBPs).
January 2009 1

The audit was conducted using a series of detailed audit criterion that addressed the
audit objectives, against which we drew our observations, assessments and
conclusions. These audit criteria, presented in Appendix A, are primarily derived from
the Treasury Board Policy Contracting Policy, Policy on Delegation of Authorities,
Policy on Investment Planning and Policy on the Management of Projects as well as
the Financial Administration Act (FAA). The recommendations and management
action plans identified in the 2002 Internal Audit report Audit of Construction
Contracting that we followed-up on their implementation can be found in Appendix B.
Audit opinion and statement of assurance
Within the limitations of the samples and the audit procedures performed, we
conclude that overall the application of Government of Canada and NRC
construction contracting policies and directives is adequate in that most areas of
practice / process are in compliance for construction contracts but there are some
opportunities for improvement. These areas for improvement include: sufficient
documentation supporting non-competitive contract awards, timing of budget
commitments and work commencement, management of contract amendments
and security screenings of contractors who have access to protected information
and assets.
Within the limitations of the audit procedures performed, we found that the
procurement management control framework for construction contracting is
adequate but some areas could be strengthened. These areas include
centralizing procurement procedural guidance into a single source document and
performing data analytics of contract patterns and trends as part of more rigorous
monitoring activities.
Finally, we found that NRC management has fully implemented seven of the eight
recommendations made in of the 2002 Internal Audit report Audit of Construction
Contracting. The recommendation pertaining to the expansion of verification of
delegated authorities (FAA Section 33) is in progress and management reports it
is on track to be fully operational by March 2009.
In my professional judgment as Chief Audit Executive, sufficient and appropriate

audit procedures have been conducted and evidence gathered to support the
accuracy of the conclusions reached and contained in this report. The conclusions
were based on a comparison of the situations as they existed at the time against
the audit criteria. The evidence was gathered in accordance with the Treasury
Board Policy, directives and standards on Internal Audit, and the procedures used
to meet the professional standards of the Institute of Internal Auditors.
January 2009 2

Conclusions and recommendations
conclude that overall the application of Government of Canada and NRC construction
contracting policies and directives is adequate in that most areas of practice / process
for construction contracts are in compliance but there are some opportunities for
improvement 1 . These areas for improvement include: sufficient documentation
supporting non-competitive contract awards, timing of budget commitments and work
commencement, management of contract amendments and security screenings of
contractors who have access to protected information and assets.
While we observed full compliance in many important areas, we found: several

instances of construction work was performed prior to contract award; several
instances where distinct services were repeatedly amended to existing contracts
rather than issuing new contracts; one instance where Treasury Board approval was
not obtained for a contract with cumulative amendments above the required Treasury
Board threshold; a complete absence of security screenings for construction workers
who would have had access to protected assets and information prior to NRC’s new
security directive put in place January 24, 2008 and several instances thereafter.
Problems noted in last year’s audit of contracts less than $25,000 regarding FAA
Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities
and in the earlier 2002 Audit of Construction Contracting are being addressed.
procurement management control framework for construction contracts is adequate
but some areas could be strengthened. NRC has established a procurement
management control framework, including procurement processes and policies to
mitigate procurement risks and to help ensure compliance with Government directives
and policies. Construction contracts are essentially subject to the same management
control framework as non-construction contracts; however, there are specific
directives and policies that are related only to construction. Five key components of
the procurement management control framework that were examined included the
control environment, control activities, risk assessment, information and
communication and on-going monitoring. Some areas for improvements were
observed. There is no single repository of guidance that consolidates all of the
procurement policies and procedures to assist management and Procurement
Officers in contracting. Various manuals on the procurement process are available
either in hard or electronic formats. Some IBPs informed us that they were not aware
of the existence of some manuals. Clarification of the procurement process provided
by Administrative Services and Property Management Branch is currently done
1
See Appendix C for the list of potential overall ratings.
January 2009 3

through emails and training. Other than NRC Internal Audit compliance audits
currently undertaken, there is no formal Quality Assurance Program performed by an
independent unit of contracting activities or data analytics to identify high risk
contracts and / or improper construction contracting practices.
recommendations made in of the 2002 Internal Audit report Audit of Construction
Contracting. The recommendation pertaining to the expansion of verification of
delegated authorities (FAA Section 33) is in progress and management reports it is on
track to be fully operational by March 2009.
Recommendations
1. Except where patent or copyright requirements or where technical compatibility

issues can be clearly documented and there is no doubt there is only one supplier,
Procurement Officers should advertise proposed sole source contract awards
greater than $25,000 through an Advanced Contract Award Notice (ACAN).
2. Administrative Services and Property Management Branch should seek

clarification from Treasury Board regarding what approvals are required when the
cumulative value of amendments exceed $200,000 for construction contracts
using electronic bidding that have an original value less than $2 million.
3. Administrative Services and Property Management Branch should consolidate all

procurement policies and procedures into a single source document which would
be available on its Material Management web-site. In the interim, reference
manuals that are currently available only in hard copies should be made available
electronically and posted on the ASPM Material Management web-site.
Consideration should be given to enhancing the guide where non-compliance was
found to be an issue, specifically with respect to sufficient documentation
supporting non-competitive contract awards, timing of contract commitments and
commencement of contract work, security requirements and contract
amendments.
4. Administrative Services and Property Management Branch should undertake more

rigorous monitoring activities to include a comprehensive quality assurance review
of individual construction procurement files on a sampling basis and adopt data
analytics to monitor contracting patterns and trends that indicate procurement
activities that may not be in accordance with the Government of Canada and NRC
policies and directives. Data analytics should include, but not limited to, contract
January 2009 4

amendments, contract splitting and non-purchase order transactions as well as

leasehold improvements.
The detailed management action plans that address these recommendations can be
found in Appendix D.
_________________________________________
Jayne Hinchliff-Milne, CMA, Chief Audit Executive
NRC Audit Team Members 2 :
Jean Paradis, CA, CIA, Audit Manager
2
The NRC audit team was supplemented by a team of experienced auditors that were contracted to
conduct the audit work.
January 2009 5

2.0 Introduction
2.1 Background and context

Following the recommendation of the Audit, Evaluation and Risk Management
Committee on June 27, 2007, NRC’s President approved this audit of Construction
Contracts as part of the NRC 2007-2008 to 2009-2010 Risk-Based Internal Audit
Plan. Under the plan, contracts greater than $25,000 and contracts less than $25,000
are audited in alternate years given that the procedures are substantially different for
these two broad categories. However, due to their unique nature and relatively lower
overall expenditures, construction contracts are excluded from the annual compliance
work and continue to be audited over a five-year audit cycle.
Several Government of Canada regulations and policies govern how NRC must
contract construction contracts. Government procurement is highly regulated and is
based on a strong policy framework, including but not limited to the Treasury Board
Contracting Policy, the Financial Administration Act (FAA), the North American Free
Trade Agreement (NAFTA), the Agreement on Internal Trade (AIT) and the World
Trade Organization – Agreement on Government Procurement (WTA). The Treasury
Board Policy on Investment Planning and the Policy on the Management of Projects
provide directives that impact the planning, management and contracting of large
construction projects. There are no special contracting provisions resulting from
NRC’s status as a departmental corporation.
Like other government departments, NRC has in place construction procurement and
contracting policies that NRC employees must follow. It is within the authority of each
department to establish its own policies and guidelines as long as they continue to
comply with the government established policies and guidelines. In other words,
departments can define policies that are more restrictive than government policies but
not the reverse.
NRC’s Management Control Framework for Construction Contracts
Being the leading resource for science and technology development and
commercialization, capital projects play an important role in NRC’s strategic plan.
NRC’s Long term Capital Plan 2006-2007 to 2010-2011 includes a Recapitalization
Program with planned expenditures for existing buildings to address building
reinvestment requirements. NRC has 188 buildings of which two-thirds were built
more than 30 years ago. The Plan also includes capital initiatives such as additions
January 2009 6

and alterations to existing buildings and facilities to address new program

requirements and acquisitions and / or construction of new facilities to support NRC’s
current or future research activities. Expenditures for construction contracts were
$17.8 million in 2006-2007 and $20.5 million in 2007-2008 totaling $38.3 million for
both years as shown below in Exhibit 1.
In accordance with government policy and directives, NRC has full contracting
authority for construction projects up to $6 million. ASPM Branch is responsible to
provide functional direction and guidance on contracting architectural and engineering
services, construction, repairs, renovations and restorations for all of NRC. IBPs that
require these services must contact the Construction Contracting Office to discuss
their requirements and best approach to take for achieving them.
Exhibit 1
Categories, Value and Number of Construction Contracts
April 1, 2006 to March 31, 2008 3
Categories of Construction Contract Percentage Number of Percentage Average

Contracts Value ($) Contracts (#) Value
($) ($)
Less than $25,000 $2,738,239 7% 375 62% $7,302
Between $25,000 and $60,000 $2,944,883 8% 71 12% $41,477
Between $60,000 and $100,000 $4,821,908 13% 62 10% $77,773
Over $100,000 $27,837,508 72% 96 16% $289,974
Total $38,342,538 100% 604 100% $63,481
As shown in Exhibit 2 below, contracting authority has been delegated to procurement

staff in ASPM Branch and in the RMMOs within specific thresholds. The RMMOs have
contracting authority that is limited to $60,000 for construction contracts but they as
well as ASPM have a requirement to issue a Public Bid Notice when it’s above
$60,000. Both ASPM and RMMO Procurement Officers can contract directly with
some suppliers through call-ups against standing offers. Standing offers are
3
There were no major fluctuations or differences between the two fiscal years.
January 2009 7

agreements that have been pre-negotiated by PWGSC or by NRC Procurement

Services for specialized services. The call-up limit varies for each standing offers in
accordance with their terms. The Treasury Board Contracting Policy threshold allows
the competitive process to be set aside for estimated contracting expenditures under
$25,000. Construction Contracts valued at $100,000 or greater must use the Standard
Federal Government Construction Contract template as per the Treasury Board
Contracting Policy as well as electronic bidding for construction contracts as required
by the Agreement on Internal Trade.
Exhibit 2
NRC Construction Contracting Authorities
ASPM RMMO PWGSC
Construction Contracts Less than $25,000 • •

(NCR)
Call-ups against NRC or PWGSC Standing Offers • •

($ limits vary by standing offer)
(NCR)
Construction Contracts less than $60,000 • •

(NCR)
Construction Contracts between $60,000 and $100,000 •

(Requirement to issue a Public Bid Notice)
(NCR)
Construction Contracts between $100,000 and $6 million •

(Requirement to use Standard Federal Government
Construction Contract Template and Public Bid Notice)
Construction Contracts greater than $6 million •

(Requirement to issue a Public Bid Notice)
January 2009 8

2.2 About the audit
Objectives
There were two audit objectives. The first objective was to perform detailed audit
procedures on construction contracts undertaken in 2006-07 and 2007-08 in order to
conclude whether NRC construction contracts comply with Government of Canada
and NRC contracting policies and directives. This audit objective also allowed us to
make observations with respect to the extent to which NRC contracting directives and
policies correspond to the Treasury Board requirements as well as the adequacy of
the procurement management control framework established by NRC for construction
contracts. The second audit objective was to assess the degree to which the
recommendations and management action plans identified in the 2002 Internal Audit
report Audit of Construction Contracting have been implemented.
A risk-based approach was used to determine the audit objectives as well as the audit
criteria. Key issues and risks relating to construction procurement were considered to
prioritize specific audit activities and to focus on areas of greatest importance.
Scope
The scope of the first audit objective consisted of NRC construction transactions that
were undertaken in fiscal years 2006-2007 and 2007-2008. Construction contracts,
as defined by the Treasury Board Contracting Policy are contracts entered into for the
construction, repair, renovation or restoration of any work except a vessel and
includes: 1) a contract for the supply and creation of a prefabricated structure; 2) a
contract for dredging; 3) a contract for demolition; or 4) a contract for the hire of
equipment to be used in or incidentally to the execution of any contract referred to in
this definition. Accordingly, architectural and engineering service contracts which
pertain to the provision of services in respect of the planning, design, preparation or
supervision of the construction, repair, renovation or restoration of a work, are not
considered construction contracts. Rather, they are service contracts which have an
opportunity for audit as part of the annual compliance audits on contracts less than
$25,000 and contracts greater than $25,000 which are audited in alternate years.
An NRC-wide approach was used for sampling which allowed for an examination of
construction contracts that are managed by NRC’s Administrative Services and
Property Management (ASPM) Branch as well as by the Regional Material
Management Offices (RMMOs). It was determined that a sample of 20 construction
contracts for each fiscal year for a total of 40 contracts selected on the basis of risk
would be sufficiently robust to determine whether there are any systemic issues with
January 2009 9

respect to construction contracting. This involved examining practices in seven of

NRC’s 32 institutes, branches and programs (IBPs). Those contracts selected for
audit are shown below in Exhibit 3 by category of construction contract and region.
The audit field work was conducted in two stages. The first stage covering the
transactions for fiscal year 2006-2007 took place from February 25 to March 31, 2008.
The second phase covering fiscal year 2007-2008 took place from June 2 to July 31,
2008.
The scope of the second audit objective consisted of determining the current
implementation status with respect to eight recommendations identified in the 2002
Internal Audit report Audit of Construction Contracting and related action plan
proposed by management as presented in Appendix B.
Exhibit 3
2006-07 and 2007-08 Transactions Sampled by

Category of Construction Contract and Region
Categories of Construction Contracts Number of Contracts Reviewed
NCR Outside NCR
Less than $25,000 0 7
Between $25,000 and $60,000 0 4
Between $60,000 and $100,000 6 2
Over $100,000 17 4
Over $6 million 0 0
Total 23 17
Approach and Methodology
With respect to confirming construction contracts comply with Government of Canada

and NRC policies and directives, a risk-based approach was used whereby 75
percent of the contracts selected were higher dollar value contracts valued over
$60,000 and 25 percent from construction contracts administered by the regional IBPs
January 2009 10

valued at less than $60,000. Within each category (over and below $60,000), the
individual contracts selected for audit were identified using a risk-based approach
whereby 60 percent of the sample was selected from construction contracts with a
higher probability of risk (e.g., higher dollar value, more frequent amendments and / or
non competitively awarded) and 40 percent of the sample was selected from contracts
that were considered to have a lower probability of risk. This resulted in seven IBPs
being selected for audit ranging from 24 contracts administered by Administrative
Services and Property Management Branch and 26 contracts from six IBPs ranging
from two to four contracts each.
Interviews were conducted with key personnel in order to examine program

processes, procedures and practices. These included managers and staff in
Administrative Services and Property Management Branch, Finance Branch and the
five IBPs selected for audit. We reviewed relevant program documentation which
included, but was not limited to, Treasury Board and NRC policies and guidelines vis-
à-vis the detailed transactions recorded in the paper files and electronically in
SIGMA–NRC’s integrated management information system (based on SAP) that is
used to collect financial, human resources, payroll, asset and real property
information. Data mining techniques were also employed to detect, among other
things, risks for NRC as a whole as well as evidence of potential contract splitting.
In order to determine the adequacy of the procurement management control

framework, we compared NRC’s framework against defined criteria for five key
components that can be found in the control models developed by the Canadian
Institute of Chartered Accountants (CoCo – Criteria of Control) and by the Committee
of Sponsoring Organizations of the Treadway Commission (COSO) (Internal Control –
Integrated Framework, Enterprise Risk Management – Integrated Framework). These
components included the control environment, control activities, risk assessment,
information and communication, and on-going monitoring. Information used to assess
the adequacy of the procurement management control framework was obtained from,
among other things, survey questionnaires completed by ASPM Branch
representatives, RMMO Procurement Officers and IBP Budget Managers as well a
review of available relevant documents.
The audit was conducted using a series of detailed audit criteria that addressed the
audit objective, against which we drew our observations, assessments and
conclusions. Prior to finalizing the audit criteria, process control flowcharts were
prepared and walkthroughs of several transactions for construction contracts were
conducted to assess the areas of greatest risk. These audit criteria, presented in
Appendix A, are primarily derived from the Treasury Board Contracting Policy, Policy
on Delegation of Authorities, Policy on Investment Planning and Policy on the
Management of Projects as well as the Financial Administration Act (FAA).
January 2009 11

With respect to the follow-up to the 2002 audit recommendations, a questionnaire was
sent to ASPM and the Finance Branch to obtain their comments on the status of the
action plans in respect to the recommendations noted in the 2002 Internal Audit report
Audit of Construction Contracting. Documents were examined in support of the
implementation of the recommendations and interviews were conducted with
managers as needed. The recommendations made in the earlier audit are detailed in
Appendix B.
3.0 Audit Findings
3.1 Audit Objective One: to provide assurance that NRC

complies with the Government of Canada and NRC
construction contracting policies and directives
Overall Conclusion
conclude that overall the application of the Government of Canada and NRC
construction contracting policies and directives is adequate in that most areas of
practice / process for construction contracts are in compliance but there are some
opportunities for improvement 4 . These areas for improvement include:
• Sufficient documentation supporting non-competitive contract awards;
• Timing of budget commitments and work commencement;
• Management of contract amendments;
• Security screenings of contractors; and
• Centralized procurement guidelines and monitoring.
We also found that the procurement management control framework for construction
contracting is adequate but some areas could be strengthened. These areas include
centralizing procurement procedural guidance into a single source document and
4
January 2009 12

performing data analytics of contract patterns and trends as part of more rigorous
monitoring activities.
Detailed findings for the entire sample of transactions by audit criterion can be found
in Appendix A.
Findings
The audit team noted a number of significant strengths with respect to compliance
with government and NRC policies and directives for construction contracts. These
included very high compliance rates for the following:
• Financial Administration Act Section 32 and 34 approvals were correctly

obtained (39 of 40 contracts (98 percent ) for FAA 32; and 38 of 40 contracts
(95 percent) for FAA 34);
• For competitive contracts, requirements were defined prior to the bidding

process and sufficient documentation on the competitive process was present
(26 of 26 competitive contracts; 100 percent);
• There was no evidence of contract splitting (24 of 24; 100 percent) contract
amendments and 1 potential case found through data mining of all transactions
for the seven IBPs examined);
• The Standard Federal Government Construction Contract template was used

for construction contracts greater than $100,000 (14 of 14 contracts; 100
percent) and public bid notices were issued for construction contracts over
$60,000 (24 of 24 contracts; 100 percent);
• Project Completion Certificates and Contract Payment Certificates were

completed prior to releasing holdbacks (16 of 16 contracts; 100 percent);
• There is evidence contracts received appropriate monitoring and evaluation of

performance (39 of 39 5 contracts; 100 percent); and
• There is evidence construction services were provided in accordance with the

contract (39 of 40 contracts; 98 percent).
5
At the time of the audit, one construction contract had not yet been completed; hence a completion
certificate would not have been applicable.
January 2009 13

Appropriate FAA Section 32 and 34 approvals
Key government controls for procuring, verifying and paying for purchases rest with
FAA Section 32, 34, and 33 approvals. These three sections require the following:
• That funds be available and committed for the purchase (Section 32);
• That verification of the purchase of goods or services had been performed,

supplied, or rendered, and the price was as stated in the contract and that the
person with delegated financial authority certifies (via signature) that the
verification has been completed (Section 34); and
• That no payment for a purchase be made unless it has been properly

requisitioned and certified (Section 33).
In accordance with the Treasury Board Policy on Delegation of Authorities, we

expected to find that NRC has delegated spending authority to responsibility centre
managers in relation to their budgetary responsibilities in order to ensure they have
adequate authority and full responsibility for their decisions. The policy also makes
provisions for the use of central staff to record commitments and confirm price and
performance in conformance with Sections 32 and 34 of the FAA when this is more
effective and economical or in support of the manager who has budgetary
responsibility. NRC’s delegation document, “Financial Signing Authorities”, makes
use of these provisions by delegating this authority, among others, to Invoice Clerks.
However, in our opinion this does not negate the necessity to have an adequate audit
trail that can be traced back to the responsibility centre manager with budgetary
responsibilities for these expenditures. We limited our expectations to verifying that in
the absence of responsibility centre managers exercising their authority electronically
in Sigma to some form of written communications from them such as an email or a
signed purchase requisition or invoice.
Last year’s Internal Audit report Limited Annual Assurance Compliance Audit -
Contracts under $25,000 and Acquisition Card Purchases for 2006-2007 transactions
provided recommendations in regards to FAA Sections 32 and 34 certifications
indicating that there needs to be a verifiable link to the actual “Budget Holder” with
budgetary responsibilities. At the time of the current audit, we found evidence that
these issues are being addressed. Internal memos have been provided to personnel
by ASPM Branch and Finance Branch stating the importance of FAA controls and
detailing specific procedures; as well, financial delegation training was provided to all
staff who have budget responsibilities. We also observed that responsibility centre
managers as of June 2008 are required to provide their approval electronically for
FAA Section 34 certifications that goods or services have been received and that
January 2009 14

invoices can be approved for payment. Invoices greater than $25,000 have always
required that responsibility centre managers certify FAA Section 34 by their signature.
With respect to FAA Section 32, we observed that purchase requisitions were
approved by delegated responsibility centre managers in accordance with NRC
directives. Only one purchase requisition was not verified by the delegated
responsibility centre manager. With respect to FAA Section 34, we observed that only
two of 40 invoices (5 percent) in two of seven IBPs examined were not certified by the
delegated responsibility centre managers – both of which were approved solely by
centralized invoice clerks in accordance with NRC directives.
Finance Branch in consultation with ASPM and Treasury Board will continue its
ongoing review of processes for verifying internal practices pertaining to FAA Section
32 and 34 with due regard for associated risks.
Sufficient Documentation Supporting Non-Competitive Contract Awards
During the course of the audit, 40 construction contracts were reviewed of which 33
were competitively awarded either through the MERX electronic bidding system or a
limited tendering process (26), by advertising the proposed award through Advance
Contract Award Notices (2) or by using existing PWGSC or NRC Standing Offer
Arrangements (5). The remaining 7 contracts were sole sourced, i.e., not subjected to
a competitive process. 6
The Treasury Board Contracting Policy allows for four exceptions to set aside the
competitive process. They are:
1. The need is one of pressing emergency in which delay would be injurious to

the public interest;
2. the estimated expenditure does not exceed
$25,000,
$40,000 7 , where the contract is for the acquisition of architectural,

engineering and other services required in respect of the planning,
6
In order to address areas of greatest risk, the sample selected was deliberately skewed to ensure a
higher representation of sole sourced construction contracts than normally incurred. The actual
distribution of sole sourced construction contracts for NRC in 2006-2007 and 2007-2008 was only eight
percent.
7
The Treasury Board Contracting Policy Section 10.2.1.b. second paragraph normally identifies this as
$100,000; however, for NRC this amount is $40,000.
January 2009 15

design, preparation or supervision of the construction, repair,

renovation or restoration of a work, or
$100,000 where the contract is to be entered into by the member of

the Queen’s Privy Council of Canada responsible for the Canadian
International Development Agency and is for the acquisition of
architectural, engineering or other services required in respect of the
planning, design, preparation or supervision of an international
development assistance program or project;
3. the nature of the work is such that it would not be in the public interest to
solicit bids; or
4. only one person is capable of performing the contract.
Justification for any use of the four exceptions to the bidding requirement must be fully
documented. Of the seven contracts sampled that did not use a competitive process,
the documentation on file sited that only one person was capable of performing the
contract. The policy and guidelines are clear that setting aside the competitive bidding
process for this reason should not be used because a proposed contractor is the only
one known to management. This exception is quite definitive and should only be used
where patent or copyright requirements or technical compatibility factors and
technological expertise suggest only one contractor exists. In these instances, the
contract authority is “encouraged whenever possible” to advertise the proposed award
through an Advance Contract Award Notification (ACAN). If no statement of
capabilities meeting the requirements set out in the ACAN are received within 15
calendar days, the proposed contract is deemed to be competitive and may be
awarded.
Of those construction contracts that were sole sourced, we found that one of seven
(14 percent) contracts in one IBP provided a justification on file that was not
supported by sufficient documentation that “only one person is capable of performing
the contract.” It was approved by Treasury Board and therefore one can make a
logical conclusion that appropriate justification was provided; however, there was no
documentation on file to support that assumption. These sole sourced contracts had
original values that were under $25,000 (five), Treasury Board approval (one) or had
technology compatibility issues that were only available at the contracted firm (one).
January 2009 16

Recommendation 1:
Except where patent or copyright requirements or where technical compatibility issues

can be clearly documented and there is no doubt there is only one supplier,
Procurement Officers should advertise proposed sole source contract awards greater
than $25,000 through an Advanced Contract Award Notice (ACAN).
NRC Management Response:
Agreed. Construction contracts are rarely sole source as a result of patent or

copyright requirements. Regardless, if a sole source cannot be clearly documented
or where there is doubt that there is only one supplier, a Procurement Officer will post
an ACAN. Where there is no doubt, that only one supplier exists, the rationale will be
fully documented and include supporting documentation. If it cannot be fully
documented, an ACAN will be posted.
Timing of Budget Commitments and Contract Commencement
We observed in three regional of seven IBPs examined where work for three of 40
contracts (seven percent) was performed prior to the contract being signed. We were
informed by ASPM Branch and observed that certain purchase requisitions for
construction contracts were created at the time or a few days prior to the contract
being issued; therefore, contracting activities took place prior to the commitments
being recorded.
Section 32 of the Financial Administration Act indicates that no contract should be

entered into unless there is a sufficient unencumbered balance available.
Furthermore, records of commitments should be maintained. If several commitments
are unrecorded, management will not have complete information to be able to confirm
funds will be available when invoices for payment are received and that NRC will be
legally obligated to pay. Management informed us this practice has rarely, if ever,
resulted in the cancellation of a requirement due to insufficient funds. While we were
not able to confirm this assertion, we did not find any instances where this occurred.
Problems with respect to the timing of budget commitments and work commencing
before contracts are signed can be addressed by more comprehensive
communications of guidelines as well as more rigorous monitoring regime with
investigative capacity. Recommendations are made later in this report that pertain to
both.
January 2009 17

Management of Contract Amendments
The Treasury Board Contracting Policy indicates contracts should be properly

administered to avoid unanticipated amendments except to change the scope of the
initial work. Every effort should be made to avoid inadequate initial funding and that
pre-planning and work definitions should be carefully developed. Amending a contract
for unforeseen circumstances or an amendment that is very small relative to the
original work are acceptable reasons. A good rule of thumb is that when amendments
are above 50 percent of the original contract value, a new contract should be
considered and its justification carefully documented; this does not mean that no
contract may be amended above 50 percent of its original value if there is a good
reason. However, when the other deliverables are distinct from the first one, then a
new contract should be issued rather than an amendment.
While overall, the compliance rates with Treasury Board and NRC policies and
directives for amendments are high (ranging between 90 and 100 percent), there are
two exceptions – 2 of 24 amended contracts (eight percent) that were administered by
ASPM. Each was awarded using a standing offer arrangement that was awarded by
NRC to a single company using a competitive process that was approved by Treasury
Board for the maintenance, renovation and minor construction work performed in the
National Capital Region up to a value of $5.0 million annually. The standing offer
agreement itself was treated as a contract which is contrary to PWGSC guidelines
which state a “separate contract is formed each time a call up for the provision of
goods and services is made against a Standing Offer.” At the time the purchase
orders had been put in place for each, contracts for distinct services were established.
One contract, issued on August 18, 2006 with an initial value of $38,076, was
amended four times on the same day for a final value of $151,201. The second
contract, issued on March 31, 2008 with an initial value of $5,628, was modified nine
times over 8 days for a final value of $977,748 as of April 8, 2008. While this was
done to streamline and reduce the costs of a high-volume, low-value payment
process, in our opinion, this process gives the appearance of contract amendments
that are not consistent with the Treasury Board Contracting Policy that indicates that
contracts should be properly administered to avoid unanticipated amendments. The
other six IBPs included in our sample used amendments appropriately for the
remaining 22 construction contract amendments selected for detailed examination.
In addition to the 40 contracts examined in the seven IBPs, we employed data mining
techniques used to examine amendments, on a limited basis, for the whole of NRC for
both 2006-2007 and 2007-2008. For construction contracts only, we found a total of
11 contracts in 2 of NRC’s 32 IBPs that had an original value less than $25,000 which
were amended on the same day or within 378 days. Most were increased
significantly more than a 100 percent of their original value. Eight contracts were
January 2009 18

amended in less than 35 days of the original contract; four of these were amended
either the same day or the next day. The risk occurs that these contracts may appear
to be deliberately under valued in order to circumvent the $25,000 competitive
threshold for competitive bidding; however, we found that only one of these contracts
has not been competitively awarded.
Other concerns pertain to the authority NRC has to amend contracts that exceed
$200,000 in total. In accordance with Appendix C of the Treasury Board Contracting
Policy, “NRC may enter into a competitive construction contract awarded through the
electronic bidding process if the amount does not exceed $6,000,000 and amend
such contracts that are over $2,000,000 by up to 10 percent of the contract award.”
Construction contracts less than $2 million must follow Schedule I of Appendix C of
the policy which requires Treasury Board approval for amendments exceeding
$200,000. However, Schedule 1 of Appendix C of the policy does not provide
contract value or amendment limits for construction contracts using electronic bidding.
Many departments have therefore interpreted this as meaning that Treasury Board
approval should be requested when the cumulative value of amendments exceed
$200,000 for contracts that are less than $2 million. This would have required 3 of 11
construction contracts (27 percent) to have received Treasury Board’s approval prior
to making the amendments that cumulated over $200,000. However, it’s recognized
that the Treasury Board Contracting Policy is not entirely clear in this matter.
Finally we have concerns for public reporting requirements of contracts greater than
$10,000 under the Treasury Board Policy on Proactive Disclosure on Contracts over
$10,000. Our analysis as noted above shows that amendments can within a very
short timeframe increase over $10,000 but they have not been publicly reported.
Seven of the 11 construction contracts that were amended had an original value less
than $10,000 with final values ranging from $38,654 to $977,747. At the time of the
audit, the policy only required contracts with an initial value of $10,000 or more to be
reported and not those amended above that amount. The Treasury Board Policy on
Proactive Disclosure on Contracts Over $10,000 is a recent government measure to
ensure greater transparency of government contracts – an area of public controversy
from time to time in regard to the manner in which they are awarded among other
things. The non-disclosure of non-competitive contractual arrangements which
accumulate significantly above $10,000 may also have adverse reputational risks for
NRC as it may give the appearance that IBPs are using amendments to avoid
disclosing contracts. Revisions to the Treasury Board Policy are imminent which
require as of September 1, 2008, the disclosure of all contracts including amendments
above $10,000.
January 2009 19

Recommendation 2:
Administrative Services and Property Management Branch should seek clarification

from Treasury Board regarding what approvals are required when the cumulative
value of amendments exceed $200,000 for construction contracts using electronic
bidding that have an original value less than $2 million.
Agreed. We will obtain clarification from the Treasury Board Secretariat by January
2009.
Ensuring Security Requirements Are Met
The Treasury Board Contracting Policy requires that the provisions of the
Government’s Security Policy be applied to procurement contracts which require
individuals undergo personnel screening processes if their duties or tasks necessitate
access to classified or protected information and assets. None of the 31
contracts (0 percent) reviewed in which security screenings of contractors should
have been undertaken met these requirements. For the purposes of this audit,
security screenings were considered necessary where construction workers would
information and assets.
On January 24, 2008, a memorandum was sent to all NRC Directors General and IBP
Finance Branch Officers providing guidance in regard to security requirements to
those responsible for requisitioning contracts, Project Authorities and Procurement
Officers. Specific instructions were provided to ensure that security requirements are
addressed and risk mitigation procedures are established. As well, the purchase
requisition form was modified to include a security block which must be completed
and signed in all instances as evidence that the security requirements have been
explicitly considered. Where a security requirement is identified, the Security
Requirement Check List (SRCL) must be completed and sent with the purchase
requisition to the Contracting Authority. Procurement Officers are required to include
the appropriate security clauses in bid solicitation and contract documentation. All
contracts that contain a security provision must be reviewed by the Procurement
Officer and the Security Office. Once the contract is awarded, an SRCL with the
names of the individuals are forwarded to the Security Office for security screening.
However, we noted that 4 of the 33 purchase requisitions requiring security

screenings were dated after January 24, 2008. Despite the fact that construction work
January 2009 20

for these four contracts took place inside NRC premises that have protected
information and assets, the security requirements were not completed in accordance
with the new guidelines.
Problems with respect to security screenings can be addressed by more

comprehensive communications of guidelines as well as a more rigorous monitoring
regime with investigative capacity. Recommendations are made later in this report
that pertain to both.
The Need for Centralized Procurement Guidelines and Monitoring
We found certain directives in the Guide to NRC Procurement Process Guide that
were not applied in a consistent manner. As noted earlier in this report, these
included sufficient documentation supporting non-competitive contract awards, timing
of contract commitments and commencement of contract work, security requirements
not applied, contracts with initial values less than $10,000 but later amended
significantly with a day or two well above $10,000 that were not reported under
Treasury Board Policy on Proactive Disclosure on Contracts Over $10,000 and other
contract amendment irregularities.
Assignment of contracting responsibility and procedural guidelines for contracting are

detailed in the procurement guide which is available in electronic form on the ASPM
Branch Material Management web-site. This document provides a procurement
process map and includes information on the procurement process, roles and
responsibilities from the creation of a purchase requisition to the payment of invoices.
Additional information is available in four other manuals: (1) Financial Management
Manual; (2) Procurement Reporting-User Guide for Data Entry; (3) Public Tenders
Procedures; and (4) Invited Tenders Procedures. Electronic copies of the first two
manuals are available although some sections of the Financial Management Manual
are still in progress. The other two manuals are available in hard copy format only.
Additional procurement information is also available to Procurement Officers on
NRC’s common drive (e.g., checklists, templates, and security documentation) and on
the ASPM Material Management web-site (e.g., information on contracting, employer-
employee relationships, contracting limits, security requirements). Clarification
provided by ASPM Branch on the procurement process is currently done through
emails and training. There is no single, centralized procedures document for the
procurement process. Our survey questionnaire and interviews indicated that some
RMNOs and managers are not aware of the existence of some manuals which could
help to explain non-compliance.
January 2009 21

Recommendation 3:
Administrative Services and Property Management Branch should consolidate all

procurement policies and procedures into a single source document which would be
available on its Material Management web-site. In the interim, reference manuals that
are currently available only in hard copies should be made available electronically and
posted on the ASPM Material Management web-site. Consideration should be given
to enhancing the guide where non-compliance was found to be an issue, specifically
with respect to sufficient documentation supporting non-competitive contract awards,
timing of contract commitments and commencement of contract work, security
requirements and contract amendments.
Agreed. Our Material Management documentation needs to be updated and

maintained in a central repository. Our Material Management Policy Manual currently
exists in hard copy, not in electronic format. In order to implement these
recommendations, we will assign resources as required in order to:
• Prepare policy documents;

• Update the Material Management Policy Manual;
• Implement a quality assurance process;
• Monitor contracting activities;
• Coordinate and respond to all audit enquiries and reports; and
• Coordinate all Material Management reporting, such as the quarterly Contract
Disclosure Reports, and the Annual Procurement Activity Report.
Consistent with generally accepted management control frameworks that reflect best
practices, we expected to see quality assurance review activities of individual
construction contract files as well as data analytics techniques being employed to
monitor NRC’s overall compliance with Government of Canada and NRC contracting
policies and directives. These techniques can be used to detect irregularities, among
others, with respect to contract splitting, identification of non-purchase order contracts
and potentially inappropriate contract amendments.
Our interviews and survey questionnaires indicate that ASMP Branch officials monitor
and review contracting activities and processes, consult NRC Legal Services as
required and review the report of contracts over $10,000 to ensure appropriate
disclosure. Briefing notes, meetings and memos are used to communicate findings to
Procurement Officers.
January 2009 22

We also confirmed that Finance Branch uses a risk-based approach in its review of
invoices sent by ASPM Branch Invoice Clerks as part of the payment process.
Features are integrated into Sigma to identify high-risk transactions including sensitive
accounts and high-dollar payments which are automatically blocked for further
prescribed review procedures before being released for payment. For all
transactions, the general ledger codes are reviewed for reasonableness and FAA
Section 34 approvals including signatures are verified. Discrepancies are followed up
by Accounts Payable clerk with ASPM and IBPs as required. In 2007-2008, Finance
Branch began planning the implementation of a Monitoring Unit that once fully
operational will increase its regular sampling of expenditures.
Despite these strengths, we noted two areas where on-going monitoring could be
strengthened. Other than compliance audits currently undertaken by NRC Internal
Audit, there is no formal, independent quality assurance program of contracting
activities or data analytics to identify high risk contracts and / or improper construction
contracting practices.
ASPM Branch Monitoring Division work is limited at this time to ensuring sole source
justifications are on file for contracts greater than $25,000 for which the competitive
process was set aside. Our findings reveal that monitoring activities should be
extended to include more rigorous verification of sole source awards, security
screening requirements, contract award and construction commencement dates and
amendments. Also of use would be to undertake data analytics for monitoring contract
patterns and trends to aid in identifying high risk contracts and / or improper
contracting practices such as potential contract splitting, inappropriate amendments or
other irregularities. For example, during the course of our review, we undertook audit
data mining techniques of non-purchase order transactions to identify potential
construction contracts. We found that despite NRC directives that all contracts must
be initiated with a purchase order, we noted that a significant number of leasehold
improvements were being undertaken that did not have the benefit of ASPM Branch’s
input or controls - two leases valued at $968,000 in 2006-07 and 2007-08. Due to the
fact they did not use purchase order requisitions as required by NRC directives, they
have not be disclosed under the Treasury Board Policy on Proactive Disclosure on
Contracts Over $10,000.
Recommendation 4:
Administrative Services and Property Management Branch should undertake more

rigorous monitoring activities to include a comprehensive quality assurance review of
individual construction procurement files on a sampling basis and adopt data analytics
to monitor contracting patterns and trends that indicate procurement activities that
January 2009 23

may not be in accordance with the Government of Canada and NRC policies and
directives. Data analytics should include, but not limited to, contract amendments,
contract splitting and non-purchase order transactions as well as leasehold
improvements.
Agreed. We will respond to these recommendations with an appropriate level of

monitoring based on a determination of the best approach, and with consideration to
the risk and available resources. The objective is to download the following activities
to facilitate the implementation of audit recommendations:
• Determine the approach needed;

• Prepare policy documents;
• Update the Material Management Policy Manual;
• Implement a quality assurance process;
• Monitor contracting activities;
• Coordinate and respond to all audit enquiries and reports; and
• Coordinate all Material Management reporting, such as the quarterly Contract
Disclosure Reports, and the Annual Procurement Activity Report.
3.2 Objective Two: To assess the degree to which the

recommendations and management action plans identified
in the 2002 Internal Audit report Audit of Construction
Contracting have been implemented.
Overall Conclusion
We found that of the eight recommendations made in the 2002 Internal Audit report
Audit of Construction Contracting, seven recommendations have been fully
addressed; the remaining recommendation is in the process of being implemented.
Findings
In 2002 an audit was undertaken to examine selected financial and managerial

elements of construction contracts undertaken between 1999 and 2001. The audit
January 2009 24

included the examination of 32 construction contracts over $5,000 to determine the

extent to which NRC construction projects complied with government contracting
policies and key requirements. Overall, the audit observed that construction
contracting processes at NRC were well managed, controlled and documented.
However eight recommendations were noted including those to strengthen financial
management controls. Given the amount of time that has elapsed since the last
audit 8 ; we expected to find that all eight recommendations would have been
implemented.
Due to the amount of time that has passed, management assertion in part, had to be
relied upon to confirm implementation. Further details of actions and measures
undertaken are presented in Appendix B. Based on our discussions with
management and examination of supporting documents, we noted that
recommendations pertaining to the five recommendations listed below were
immediately addressed and implemented in 2003:
• Exceeded Treasury Board contract authorities [recommendations 2.2.9 and

2.2.10];
• Problems regarding internal delegated authorities and amendments including

their ratification [recommendation 2.3.3];
• Account verification procedures and controls [recommendation 2.4.17];
• NRC seek confirmation from the Treasury Board Secretariat where Finance
Branch’s interpretation of FAA Section 34 requirements differs from accepted
federal government practices in order to ensure its interpretation complies with
government policy and requirements [recommendation 2.5.8] and
• ASPM Branch and Finance Branch requirements assessments

[recommendation 2.6.8].
The audit’s recommendation that Finance Branch document its interpretation of FAA
Section 34 responsibilities [recommendation 2.5.7] was addressed in 2007 and the
first half of 2008.
With regard to the recommendation that Finance Branch expand its verification
procedures performed under its delegated payment authority (FAA Section 33) such
as to provide greater assurance of the effectiveness of Section 34 account verification
8
Beginning with the NRC 2006-07 to 2008-09 Risk-Based Internal Audit Plan, NRC has made a
commitment to follow-up formally on all audit reports approximately two years following their completion
depending upon the level of risk presented.
January 2009 25

controls and procedures [recommendation 2.4.18], much effort has been undertaken
recently to install a Monitoring Unit within the Branch. Once the unit is fully staffed and
operational (expected by March 2009), current sampling procedures vis-à-vis
associated risks will be revisited.
4.0 Conclusion
conclude that overall the application of Government of Canada and NRC construction
contracting policies and directives is adequate in that most areas of the
practices / processes in relation to construction contracting are in compliance but
there are some opportunities for improvement 9 . These areas for improvement include:
sufficient documentation supporting non-competitive contract awards, timing of budget
commitments and work commencement, management of contract amendments and
security screenings of contractors who have access to protected information and
assets.
While we observed full compliance in many important areas, we found: several

instances of construction work was performed prior to contract award; several
instances where distinct services were repeatedly amended to existing contracts
rather than issuing new contracts; one instance where Treasury Board approval was
not obtained for a contract with cumulative amendments above the required Treasury
Board threshold; a complete absence of security screenings for construction workers
who would have had access to protected assets and information prior to NRC’s new
security directive put in place January 24, 2008 and several instances thereafter.
Problems noted in last year’s audit of contracts less than $25,000 regarding FAA
Section 32 and 34 approvals in accordance with NRC Financial Signing Authorities
and in the earlier 2002 Audit of Construction Contracting are being addressed.
procurement management control framework for construction contracts is adequate
but some areas could be strengthened. NRC has established a procurement
management control framework, including procurement processes and policies to
mitigate procurement risks and to help ensure compliance with Government directives
and policies. Construction contracts are essentially subject to the same management
control framework as non-construction contracts; however, there are specific
9
January 2009 26

directives and policies that are related only to construction. Five key components of
the procurement management control framework that were examined included the
control environment, control activities, risk assessment, information and
communication and on-going monitoring. Some areas for improvements were
observed. There is no single repository of guidance that consolidates all of the
procurement policies and procedures to assist management and Procurement
Officers in contracting. Various manuals on the procurement process are available
either in hard or electronic formats. Some IBPs informed us that they were not aware
of the existence of some manuals. Clarification of the procurement process provided
by Administrative Services and Property Management Branch is currently done
through emails and training. Other than NRC Internal Audit compliance audits
currently undertaken, there is no formal Quality Assurance Program performed by an
independent unit of contracting activities or data analytics to identify high risk
contracts and / or improper construction contracting practices.
recommendations made in of the 2002 Audit of Construction Contracting. The
recommendation pertaining to the expansion of verification of delegated authorities
(FAA Section 33) is in progress and management reports it is on track to be fully
operational by March 2009.
Recommendations
1. Except where patent or copyright requirements or where technical compatibility

issues can be clearly documented and there is no doubt there is only one supplier,
Procurement Officers should advertise proposed sole source contract awards
greater than $25,000 through an Advanced Contract Award Notice (ACAN).
2. Administrative Services and Property Management Branch should seek

clarification from Treasury Board regarding what approvals are required when the
cumulative value of amendments exceed $200,000 for construction contracts
using electronic bidding that have an original value less than $2 million.
3. Administrative Services and Property Management Branch should consolidate all

procurement policies and procedures into a single source document which would
be available on its Material Management web-site. In the interim, reference
manuals that are currently available only in hard copies should be made available
electronically and posted on the ASPM Material Management web-site.
Consideration should be given to enhancing the guide where non-compliance was
found to be an issue, specifically with respect to sufficient documentation
supporting non-competitive contract awards, timing of contract commitments and
January 2009 27

commencement of contract work, security requirements and contract

amendments.
4. Administrative Services and Property Management Branch should undertake more

rigorous monitoring activities to include a comprehensive quality assurance review
of individual construction procurement files on a sampling basis and adopt data
analytics to monitor contracting patterns and trends that indicate procurement
activities that may not be in accordance with the Government of Canada and NRC
policies and directives. Data analytics should include, but not limited to, contract
amendments, contract splitting and non-purchase order transactions as well as
leasehold improvements.
The detailed management action plans that address these recommendations can be
found in Appendix D.
January 2009 28

Appendix A: Audit Criteria and Detailed Findings
No. Audit Criterion Findings /Compliance Rate
Audit Objective 1: To provide assurance that NRC complies with the Government of Canada and NRC
construction contracting policies and directives.
Requirements are defined prior to the bidding process on the MERX electronic bidding system or a limited 100%
1.
tendering process. (26/26) 1
86%
2. Justifications of non competitive contract awards are appropriately documented and substantiated.
(6/7)
The ACAN defines the requirements or expected results of the contract; identifies the proposed contractor;
100%
3. provides the reason the contract should be issued; and includes an estimate of the cost of the proposed
(2/2)
contract (if possible).
Call-ups against standing offers are within specified limits. 100%

4.
(5/5)
Standard Federal Government Construction Contracts are used for all construction contracts greater than 100%
5.
$100,000. (14/14)
1
During the course of the audit 40 construction contracts were reviewed of which: 26 were awarded following the MERX electronic bidding system or a
limited tendering process; two were awarded following an Advanced Contract Award Notification (ACAN) by NRC; five were awarded using existing NRC
or PWGSC Standing Offer Arrangements; and seven were sole sourced.
January 2009 29

100%
6. Public bid notices were issued for construction contracts bids over $60,000.
(24/24)
There is no evidence of contract splitting, i.e., contracts are awarded under the thresholds with amendments 100%
7.
to increase the contracts over $25,000 or AIT, NAFTA and WTA thresholds. (24/24)
Data mining Techniques
revealed 1 potential case of
contract splitting in the 7 IBPs
examined.
0%
8. Documented evidence is on file that NRC Security verified the security clearance of contractor(s).
(0/31)
100%
9. The contract is signed in accordance with NRC Financial Signing Authorities for Contracting.
(40/40)
93%
10. Construction work commences only after the contract or the purchase order has been signed.
(37/40)
98%
11. FAA Section 32 certification is made by the responsibility centre manager with budget responsibilities.
(39/40)
January 2009 30

FAA Section 32 certification in accordance with NRC’s Financial Signing Authorities for Expenditure 100%
12.
Initiation at the time of the audit. (40/40)
Amendments are justified and in the best interest of the government and are for an actual change in the 92%
13.
scope of work. (22/24)
Contract amendments are within the levels identified in Appendix C of the Treasury Board Contracting 100%
14.
Policy. (24/24)
90%
15. The contract amendment is ratified by the contractor.
(18/20) 2
100%
16 There is evidence of appropriate monitoring and evaluation of contract performance.
(39/39) 3
Documentation is in the file (e.g., progress report update and statutory declaration) to support that 98%
17.
construction services were provided in accordance with the contract terms. (39/40)
2
Only 20 contracts of 24 required rectification by the contractor because amendments to standing offer call-ups do not require that contractors provide
their signature.
3
At the time of the audit, no invoices had yet been received for one contract.
January 2009 31

95%
18. FAA Section 34 certification by the responsibility centre manager with budget responsibilities.
(38/40)
FAA Section 34 certification is in accordance with NRC’s Financial Signing Authorities for Performance 100%
19.
Certification at the time of the audit. (40/40)
The Project Completion Certificate and Contract Payment Certificate are signed by ASPM Branch prior to 100%
20.
releasing the holdbacks. (16/16)
January 2009 32

Appendix B: 2002 Audit Recommendations and 2008

Follow-up Audit Findings
2002 Audit Recommendations Status of 2008 Follow-up Audit Findings

Recommendations
Audit Objective 2: To assess the degree to which the recommendations and management action plans identified in the 2002 Audit of
Construction Contracting have been implemented.
2.2.9 We recommend that the NRC contracting authority – the Yes Following verification with Treasury Board, only one of
Administrative Services and Property Management Branch the four contracts identified required NRC complete a
Implemented 2003
(ASPM) – seek ratification from Treasury Board of the above formal submission.
noted contracts and contract amendments.
Treasury Board approval was confirmed as having
(Note: This recommendation was made with respect to four been received on May 15, 2003.
contracts that were found to have exceeded NRC’s delegated
authority).
2.2.10 We recommend also that the ASPM Branch review its Yes Management informed us that meetings were held with
contracting processes and controls in order to minimize possible senior Procurement Officers; the authorities were
Implemented 2003
oversights with respect to awarding contracts without the required explained and discussed. Exact dates were not
TBS approvals. provided as to when the meetings occurred.
2.3.3 We recommend that ASPM reviews its current contracting Yes According to management, the following actions were
procedures and practices with respect to the issues noted. undertaken:
Implemented 2003
• Training sessions / meetings were held with
senior Procurement Officers to review the
(Note: This recommendation was made with respect to
contracting process;
contractors ratifying amendments, internal delegated authorities
being exceeded and appropriate documentation to support • Senior Contracting Authorities began reviewing
amendments). invoices to ensure appropriate approvals prior to
payments and continue to do so; and
• An Invoice Payment Checklist was developed and
continues to be used.
January 2009 33


Recommendations
Exact dates were not provided as to when these
actions were put in place.
2.4.17 We recommend that the Finance Branch, in collaboration Yes ASPM

with ASPM Branch, performs a detailed assessment of the current
Implemented 2003 Based upon their assessment, ASPM reorganized its
system of account verification procedures and controls. The goal
Procurement Group to ensure a better segregation of
of this assessment would be to help determine where and how
duties; it now reports to Invoice Payment Supervisors
existing procedures and controls should be strengthened.
that were hired as evidenced by the ASPM
organizational chart. As per the NRC Guide to
Procurement Process, prior to payments, invoice
clerks perform account verification procedures
including: matching and verifying the invoice to the
purchase order or contract; ensuring costs conform to
prices, quantities and specifications in the contract;
verifying all terms and conditions of the contract have
been met; applying applicable discounts and
holdbacks; confirming the invoice was not previously
paid; and ensuring the invoice was approved by the
appropriate FAA Section 34 delegated authority.
Using a risk-based approach, Finance Branch reviews
invoices sent by the ASPM Branch Invoice Clerks as
part of the payment process. High-risk transactions are
identified for further review as outlined in written
procedures. There are also system blocks in Sigma
which flag requests for payment over $50,000 for
further review.
2.4.18 We recommend that the Finance Branch expand its In-Progress According to management, statistical sampling was
verification procedures performed under its delegated payment implemented in 2002-2003 following the 2002 audit of
Full Implementation
authority (FAA section 33), such as to provide greater assurance construction contracts in order to verify FAA Section
expected by March
of the effectiveness of section 34 account verification controls and 32 and 34 at nine institutes; however, the practice was
2009
procedures. discontinued in 2003-2004. Efforts to implement a
Monitoring Division began in earnest in 2007-2008,
which will be responsible, among other things, for
January 2009 34


Recommendations
reviewing transactions on a statistical sampling basis.
A full time Monitoring Officer was also assigned to the
team in the summer 2007 as well as a Statistical
Sampling Officer who was hired in fall 2007. A
competitive process to employ a Monitoring Division
Director is currently in process. Sampling software has
been purchased for these purposes, and associated
training completed. Sampling has begun using an
NRC-wide random sampling approach. However, NRC
management has indicated that once the Unit is fully
staffed and operational, regular sampling of
expenditures will be reviewed and the associated risk
assessment process will be revisited.
2.5.7 We recommend that Finance Branch document its Yes A memorandum dated October 31, 2007 was sent to
interpretation of section 34 responsibilities and requirements. all employees from NRC’s President informing them of
Implemented 2007
Approved policy and procedures pertaining to the exercise of the importance of compliance with the FAA.
delegated financial authorities should be communicated.
Beginning June 2007, “Budget Managers” are required
to certify by their signature that funds are available and
to commit funds under FAA Section 32. Starting in
June 2008, for invoices less than $25,000, “Budget
Managers” can electronically provide their FAA Section
34 certifications that goods or services have been
received and that invoices can be approved for
payment. Invoices greater than $25,000 still require
that “Budget Managers” certify FAA Section 34 by their
signature.
Mandatory financial delegation authorities training has
been implemented for all Budget Managers and
Budget Holders. All IBP’s have been visited by
Finance Branch and offered training. New employees
with financial signing authority are trained on an
ongoing basis.
January 2009 35


Recommendations
2.5.8 Where Finance Branch’s interpretation of section 34 Yes NRC Finance Branch obtained confirmation from the
requirements differs from accepted federal government practices; Financial Authorities and Regulations sector of the
December 2008
it should seek confirmation from the Treasury Board Secretariat Office of the Comptroller General – Treasury Board
(TBS) that its interpretation complies with government policy and Secretariat through discussions conducted in
requirements. December 2008.
2.6.8 We recommend that ASPM and Finance branches perform Continuous Work commenced in 2002 to update policies and
a thorough assessment of policy and procedures requirements beginning 2002 procedures, e.g., documents “How to Request Goods
within their respective areas of responsibility. and Services” (addressing requisitioning, contracting,
receipt and payment of goods and services along with
a flow chart of the process) and “Terms and Conditions
for Invited Tenders” were both updated in early 2002.
Both ASPM Branch and Finance Branch have stated
commitments to continue their efforts in updating other
reference documents as well as ensuring their
respective policies are consistent and comprehensive.
For example, Desktop procedures for all aspects of the
finance function have been established and are
available through the On-Demand tool. Finance
Branch, as part of its business plan, has committed to
review all of its policies and procedures over the next
three years (33% per year) - targeting the most
contentious in the first year. It has also committed to
document and communicate best practices related to
financial management and processes across all IBPs.
January 2009 36

Appendix C: Overall Potential

Ratings
Management Attention Required – significant issues exist that require management’s

attention.
Needs Improvement – some areas of practices / processes are in compliance with

Government of Canada and NRC policies and directives pertaining to construction
contracts but many deficiencies exist.
Adequate – most of the areas of practices / processes are in compliance with

Government of Canada and NRC policies and directives pertaining to
construction contracts but there are opportunities for improvement.
Strong – all areas of practices / processes are in compliance with Government of

Canada and NRC policies and directives pertaining to construction contracts. No
areas for improvement were identified.
January 2009 37

Appendix D: Management Action Plan
Audit Recommendations Corrective Management Action Plan Expected Implementation Responsible

NRC Contact
1. Except where patent or copyright Agreed. Construction contracts are rarely sole December 2008 Head, Services
requirements or where technical source as a result of patent or copyright and
compatibility issues can be clearly requirements. Regardless, if a sole source Construction
documented and there is no doubt cannot be clearly documented or where there Contracting,
there is only one supplier, is doubt that there is only one supplier, a Administrative
Procurement Officers should advertise Procurement Officer will post an ACAN. Services and
proposed sole source contract awards Where there is no doubt, that only one Property
greater than $25,000 through an supplier exists, the rationale will be fully Management
Advanced Contract Award Notice documented and include supporting
(ACAN). documentation. If it cannot be fully
documented, an ACAN will be posted.
2. Administrative Services and Property Agreed. We will obtain clarification from the Head, Services
Management Branch should seek Treasury Board Secretariat. January 2009 and
clarification from Treasury Board Construction
regarding what approvals are required Contracting,
when the cumulative value of Administrative
amendments exceed $200,000 for Services and
construction contracts using electronic Property
bidding that have an original value less Management
than $2 million.
3. Administrative Services and Property Agreed. Our Material Management Contingent on SEC approval Manager,
Management Branch should documentation needs to be updated and of our staffing request per Material
consolidate all procurement policies maintained in a central repository. The our Business Plan, Management,
and procedures into a single source Material Management Policy Manual currently commence staffing process Administrative
document which would be available on exists in hard copy, not in electronic format. In in April 2009, have resource Services and
its Material Management web-site. In order to implement these recommendations, on-board by September Property
the interim, reference manuals that are we will assign resources as required in order 2009. Management
January 2009 38


NRC Contact
currently available only in hard copies to:

should be made available Commence with
electronically and posted on the ASPM • Prepare policy documents. implementation of
Material Management web-site. • Update the Material Management Policy Recommendations 3 and 4
Consideration should be given to Manual; in September 2009.
enhancing the guide where non- • Implement a quality assurance process.
compliance was found to be an issue, • Monitor contracting activities; Complete Material
specifically with respect to sufficient • Coordinate and respond to all audit Management Policy Manual
documentation supporting non- enquiries and reports; and update and centralization of
competitive contract awards, timing of • Coordinate all Material Management documents by September
contract commitments and reporting, such as the quarterly Contract 2011.
commencement of contract work, Disclosure Reports, and the Annual
security requirements and contract Procurement Activity Report.
amendments.
4. Administrative Services and Property Agreed. We will respond to these Contingent on SEC approval Manager,
Management Branch should undertake recommendations with an appropriate level of of Commence with Material
more rigorous monitoring activities to monitoring based on a determination of the implementation of Management,
include a comprehensive quality best approach, and with consideration to the Recommendations 3 & 4 in Administrative
assurance review of individual risk and available resources. The objective is September 2009. Services and
construction procurement files on a to download the following activities to facilitate Property
sampling basis and adopt data the implementation of audit Complete Material Management
analytics to monitor contracting recommendations: Management Policy Manual
patterns and trends that indicate update and centralization of
procurement activities that may not be • Determine the approach needed; documents by September
in accordance with the Government of Prepare policy documents; 2011.
Canada and NRC policies and • Update MM policy manual;
directives. Data analytics should • Implement a quality assurance process;
include, but not limited to, contract • Monitor contracting activities;
amendments, contract splitting and • Coordinate and respond to all audit
non-purchase order transactions as enquiries and reports; and
well as leasehold improvements. • Coordinate all Material Management
January 2009 39


NRC Contact
reporting, such as the quarterly Contract

Disclosure Reports, and the Annual
Procurement Activity Report.
January 2009 40

Appendix E: Glossary
List of Abbreviations
ACAN – Advance Contract Award Notice

AIT – Agreement on Internal trade
ASPM – Administrative Services and Property Management (Branch)
CA – Chartered Accountant
CIA – Certified Internal Auditor
CMA – Certified Management Accountant
IBP – Institute, Branch or Program
FAA – Financial Administration Act
MERX – MERX is an Internet-based electronic tendering system that advertises
government contracting opportunities to potential bidders across Canada.
NCR – National Capital Region
NRC – National Research Council Canada
NAFTA – North American Free Trade Agreement
PWGSC – Public Works and Government Services Canada
RMMO – Regional Material Management Offices
SRCL – Security Requirement Check List
WTA – World Trade Agreemen
January 2009 41

Audit Report Sample PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Audit Report Sample PDF

Загружено:

Авторское право:

Доступные форматы

NATIONAL RESEARCH CO UNCIL CANADA

ARCHIVED – Audit of Construction

This PDF file has been archived on the Web.

Audit of Construction Contracts

Internal Audit, NRC

1.0 Executive Summary ..................................................................... 1

2.0 Introduction .................................................................................. 6

2.1 Background and context ....................................................................... 6

2.2 About the audit ..................................................................................... 9

3.0 Audit Findings ............................................................................ 12

3.2 Objective Two: To assess the degree to which the recommendations

4.0 Conclusion .................................................................................. 26

Appendix A: Audit Criteria and Detailed Findings ............. 29

Appendix B: 2002 Audit Recommendations and 2008

Appendix C: Overall Potential Ratings ................................... 37

Appendix D: Management Action Plan................................... 38

Appendix E: Glossary .................................................................... 41

Internal Audit, National Research Council of Canada

1.0 Executive Summary

Audit objective, scope and methodology

Internal Audit, National Research Council of Canada

Audit opinion and statement of assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate

Internal Audit, National Research Council of Canada

Conclusions and recommendations

While we observed full compliance in many important areas, we found: several

Internal Audit, National Research Council of Canada

1. Except where patent or copyright requirements or where technical compatibility

2. Administrative Services and Property Management Branch should seek

3. Administrative Services and Property Management Branch should consolidate all

4. Administrative Services and Property Management Branch should undertake more

Internal Audit, National Research Council of Canada

amendments, contract splitting and non-purchase order transactions as well as

NRC Audit Team Members 2 :

Jean Paradis, CA, CIA, Audit Manager

Internal Audit, National Research Council of Canada

2.1 Background and context

NRC’s Management Control Framework for Construction Contracts

Internal Audit, National Research Council of Canada

and alterations to existing buildings and facilities to address new program

Categories of Construction Contract Percentage Number of Percentage Average

Less than $25,000 $2,738,239 7% 375 62% $7,302

Between $25,000 and $60,000 $2,944,883 8% 71 12% $41,477

Between $60,000 and $100,000 $4,821,908 13% 62 10% $77,773

Over $100,000 $27,837,508 72% 96 16% $289,974

Total $38,342,538 100% 604 100% $63,481

As shown in Exhibit 2 below, contracting authority has been delegated to procurement

Internal Audit, National Research Council of Canada

agreements that have been pre-negotiated by PWGSC or by NRC Procurement

ASPM RMMO PWGSC

Construction Contracts Less than $25,000 • •

Call-ups against NRC or PWGSC Standing Offers • •

Construction Contracts less than $60,000 • •

Construction Contracts between $60,000 and $100,000 •

Construction Contracts between $100,000 and $6 million •

Construction Contracts greater than $6 million •

Internal Audit, National Research Council of Canada

2.2 About the audit

Internal Audit, National Research Council of Canada

respect to construction contracting. This involved examining practices in seven of

2006-07 and 2007-08 Transactions Sampled by

Categories of Construction Contracts Number of Contracts Reviewed

NCR Outside NCR

$40,000 7 , where the contract is for the acquisition of architectural,

$100,000 where the contract is to be entered into by the member of