Risk Matrix - Procurement Process

Page 1 of 3

Risk Matrix Procurement Process

"A" = Actual Control "P" = Proposed Control
CONTROLS C-1 C-2 Policies C-3 POs C-4 C-5 C-6 C-7 C-8 C-9 C-10 Terms C-11 C-12 C-13 Buyer Employees and & assignments are Procedures System Mgmt Approved Purchasing Processes Electronic POs procedures reviewed conditions properly controls info is evaluated are exist to vendor list requests are data trained. exist and and are in produced feedback on interchange on citycommodity report PO is automated are wide approved violations to place on a maintained from depts. electronically agreements with based. documented by dept City regular on-line about to the extent give City vendors is basis & head or Mgr/Council problem sufficient basis possible used combined designee vendors rights to extent possible C-14 C-15 Open PO Users contracts must are have monitored proper on a open monthly PO #s basis by or dept. vendors will not accept the order C-16 Depts. C-17 C-18 can indicate Performance Employee suggestions objectives performance for vendors clearly is evaluated on defined & on a regular purchase system basis requisitions tracks appropriate information

THREATS OPEN PURCHASE ORDERS COMPLIANCE T-1 Purchasing issues open POs >$5,000 without obtaining at least 3 quotes, whenever practicable T-2 Departments make a single purchase >$20,000 under an open PO. T-3 Purchasing issues open POs >$75,000 without obtaining Council approval. T-4 Departments make an addition to an open PO which brings the cumulative total amount of the open PO >$75,000 without obtaining Council approval. T-5 Purchases between $20,000 and $75,000 are not reported to the City Council on a quarterly basis. T-6 Departments authorize open purchase orders when conditions for using them have not been met. OPEN PURCHASE ORDERS AUTHORIZATION PROCESS T-7 Purchasing issues open POs for requisitions that were not properly authorized T-8 Unauthorized users (i.e. from the department, from other departments) charge items against an open PO. T-9 Departments order unauthorized items under open POs. OPEN PURCHASE ORDERS SELECTION PROCESS T-10 Open POs are not processed efficiently. T-11 Purchasing does not process open purchase orders in a timely manner. T-12 City does not obtain best price because Department does not have sufficient information to properly analyze procurement history (i.e. monitoring usage of items or services. Vendors who have monitored the City's usage of items and services). T-13 The City loses volume discounts because open POs from different departments are not combined. T-14 Vendor selection is not properly justified. A

http://www.sanjoseca.gov/auditor/procurement.htm

23/03/2011

Risk Matrix - Procurement Process

Page 2 of 3

T-15 A vendor list is not maintained and categorized to solicit responsible and responsive competition in each commodity area. T-16 Purchasing uses problem vendors repeatedly. T-17 The City is not adequately protected when a vendor does not perform. Open PO agreements do not provide the City with sufficient rights to ensure satisfactory vendor performance. OPEN PURCHASE ORDERS RECEIVING PROCESS T-18 Items that do not meet quality standards are received. STANDARD PURCHASE ORDERS COMPLIANCE T-19 Purchasing issues purchase orders between $5,000 and $20,000 without obtaining at least 3 quotes. T-20 Purchasing makes a purchase >$20,000 without using the formal bid process. STANDARD PURCHASE ORDERS REQUISITION PROCESS T-21 Purchasing Division issues inappropriate items due to unclear or incomplete requisitions. STANDARD PURCHASE ORDER AUTHORIZATION PROCESS T-22 Purchasing issues purchase orders for requisitions that were not authorized by department head or authorized designee. STANDARD PURCHASE ORDER SELECTION PROCESS T-23 Purchase orders are not processed efficiently T-24 Purchasing does not process purchase orders in a timely manner. T-25 City does not obtain best price because management does not have sufficient information to properly analyze procurement history. T-26 The City loses volume discounts because purchases from different departments are not combined. T-27 Vendor selection is not properly justified. T-28 A vendor list is not maintained and categorized to solicit responsible and responsive competition in each commodity area. T-29 Purchasing uses problem vendors repeatedly. STANDARD PURCHASE ORDER RECEIVING PROCESS T-30 Items that do not meet quality standards are received. FORMAL BID -

P?

http://www.sanjoseca.gov/auditor/procurement.htm

23/03/2011

Risk Matrix - Procurement Process

Page 3 of 3

SELECTION PROCESS T-31 The City does not obtain best value because the Code requires selection of lowest responsible and responsive bidder. T-32 Formal bid process is not cost effective. T-33 The City Manager or Council must reject bids because of specification irregularities CREDIT CARD PROGRAM T-34 Controls and procedures over the credit card program are not adequate, reasonable and cost beneficial. T-35 Credit card purchases are not properly budgeted and purchases are not paid promptly. EMERGENCY PURCHASE ORDERS T-36 Emergency Purchase Orders (EPOs)are used in situations that do not qualify as emergencies (as defined in the purchasing manual). WAREHOUSE T-37 Warehouse space is not fully utilized. PURCHASE ORDER PAYMENT PROCESSING T-38 Inappropriate payments are made. T-39 Departments do not process invoices in a timely manner. FORMS MANAGEMENT T-40 The City does not use current technology to improve the efficiency of forms management and printing needs.

|CSJ Home Page| Auditor's Home Page| Risk Matrix Library|

If you have any questions or comments about this web page, please send comments to webmaster minh.nguyen@ci.sj.ca.us. Last revised July 25, 2002.

http://www.sanjoseca.gov/auditor/procurement.htm

23/03/2011