Internal Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company (March 2023)

Internal Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company (March 2023)

Conformance with professional standards

This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Lindy McQuillan
Chief Audit Executive
Veterans Affairs Canada

Background

Procurement in the Government of Canada (GC) is subject to the Directive on the Management of Procurement (and the now rescinded Contracting Policy prior to May 13, 2022)Footnote 1, which has as its objective to ensure that procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. As a result, among others, procurements are expected to enable operational outcomes, to be subject to effective governance and oversight mechanisms, to be fair, open, and transparent, and to meet public expectations in matters of prudence and probity.

The Prime Minister tasked Minister Fortier, as President of the Treasury Board (TB), along with Minister Jaczek, Minister of Public Services and Procurement, to undertake a review of contracts awarded to McKinsey & Company (McKinsey). On February 8, 2023, the Office of the Comptroller General (OCG) requested from government organizations, by February 15, 2023, a list of all contracts with McKinsey dating back to January 1, 2011, as well as related information on these. For those organizations that have been the technical authority and/or entered into any such contracts as the contracting authority, the OCG has directed the Chief Audit Executives (CAEs) of these organizations to conduct a formal independent internal audit of the related procurement processes, with results to be reported to the OCG by March 22, 2023.

Audit objectives and scope

The objectives of the audit were to determine the following for all scoped-in contracts with McKinsey:

  1. The integrity of the procurement process was maintained consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest;
  2. The procurements were conducted in a fair, open and transparent manner consistent with the Treasury Board (TB) Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement); and
  3. The procurements were conducted in a manner consistent with the organization’s internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls).

The scope of the audit focused on the examination of the procurement practices for all competitive and non-competitive contractsFootnote 2 with McKinsey that were awarded (i.e., signed) by the organization between January 1, 2011, and February 7, 2023Footnote 3. More specifically, the audit included an assessment of the following contracts:

Contract number Contract start date & end date Contract amount Procurement strategy Purpose of contract
0A200122912301P 2020/02/11 to 2021/03/31 $24,860 Non-Competitive Develop a solutions-based outreach strategy for the design and delivery of outreach activities directed toward women Veterans that incorporates immediate activities and actions and a template to conduct future outreach with women Veterans.

The audit did not assess:

  • All contracts with any entity other than McKinsey.
  • All contracts awarded (and signed) outside of the audit period.
  • Compliance with any other policy instrument, laws and/or regulations not specifically mentioned in this audit report.

Approach

The OCG provided all departments with an audit plan and audit work program to ensure consistency of coverage across the GC. While the OCG developed the objectives, scope, audit criteria, and audit work program for use by implicated departments, audit findings and recommendations were developed independently by Veteran Affairs Canada’s internal audit function. The approach followed by Veteran Affairs Canada (VAC) was in alignment with the approach described in the OCG audit plan and audit work program.

For VAC’s internal processes, the approach included reviewing the department’s internal direction and guidance for procurement and contracting and using a risk-based approach to identifying key internal processes that were not covered by the OCG audit plan and audit work program. To ensure the integrity and objectivity of the audit work, this audit was conducted only by public servant internal auditors subject to the Global Internal Auditing Code of Ethics of the Institute of Internal Auditors.

Findings and recommendations

Findings for objective 1: integrity of the procurement process

Conclusion

Overall, VAC was compliant with this audit objective. There was no evidence to indicate the integrity of the procurement was not maintained in accordance with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest.

What we found

The audit team reviewed many emails regarding this contract. In reviewing these and the other documentation around the contract, no evidence was found to lead us to believe the Minister or their staff was involved in the contracting process. We also found no evidence that public servants involved in the contracting process did not adhere to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. There was no contracting involving former public servants or Public Office Holders.

Areas of improvementFootnote 4

There are no areas for improvement for this audit objective.

Recommendations

There are no recommendations for this audit objective.

Findings for objective 2: fairness, openness, and transparency, in line with applicable policy

Conclusion

Overall, VAC was compliant with this audit objective. The procurement for this contract was conducted in a fair, open and transparent manner consistent with the Contracting Policy in place at the time of the contract. One area of partial-compliance was found, which relates to a verbal extension of a contract, and is described below.

What we found

The one contract issued to McKinsey and Company by VAC was a non-competitive contract against Public Service and Procurement Canada’s (PSPC’s) Task and Solutions Based Supply Arrangement, valued at less than $40,000.Footnote 5 It did not go through a competitive bidding process, which is appropriate based on section 6 of the Government Contracts Regulations. McKinsey was a qualified supplier under the mandatory supply arrangement in place.

The expenditure initiation documentation was completed and signed off appropriately. The price was determined by procurement to be fair and reasonable. The contract was properly signed and was disclosed on the Government of Canada’s Open Information website.Footnote 6

Three amendments were made. The amendments did not change the value of the contract. All amendments were approved, however, one contract extension was made verbally, with formal documentation signed at a later date. A substantial amount of the work had already been completed by McKinsey under the original contract terms before the verbal contract extension. The verbal extension was for a minor portion of the work left to be completed. The audit team was informed McKinsey continued to engage with the project authority in good faith, all parties believing that the contract was still in effect. The extension revising the contract end date to March 31, 2021 was not disclosed on the Government of Canada’s Open Information website, however, Contracting Policy does not require disclosure of non-financial amendments.

The project authority was involved in the monitoring of the contract, with regular emails, meetings, and examination of the work in progress. The project authority was satisfied with the main deliverable, a 90-page Power Point presentation to guide the facilitation of an outreach workshop directed towards women Veterans, that could then be used as a template for future outreach workshops.

Section 34 of the Financial Administration Act requires certification that the work under a contract has been performed by an authorized person prior to any payment being made. Furthermore, the Directive on Delegation and Spending Authority requires that the person providing Section 34 authority is to verify that the work has been performed per the contract or agreement terms.

The project authority provided Section 34 approval for two contract invoices. Approval for the first invoice was provided electronically by email, as it happened at the beginning of the Covid 19 pandemic. Treasury Board of Canada Secretariat provided guidance during the pandemic that financial authorities can be done via email, provided the necessary controls are in place to ensure the integrity of the electronic authorizations. VAC has controls in place to access the email system, such as password protection. Considering all of these factors, email approval for this invoice is reasonable.

Area of improvement

The verbal contract extension with subsequent documented approval had minimal impact, as the value remaining on the contract was only $5,000, the amendment did not change the value of the contract, the amendment did later get formalized and the work did get completed. However, contracting in this manner has the potential to expose VAC to unnecessary risk.

Recommendations

There are no recommendations for this audit objective, based on the contract examined because the contract presented a low level of risk for VAC.

Findings for objective 3: adherence to departmental processes and control frameworks

Conclusion

Overall, VAC was compliant with this audit objective. Nothing significant came to our attention to lead us to believe that the procurements were not conducted in a manner consistent with the organizations’ internal processes and control frameworks. The area for improvement noted below does not represent non-compliance, merely an observation for improvement.

What we found

At the time of the contract, VAC did not have a procurement management framework in place. The internal processes and control frameworks were guided by Government of Canada legislation, policies and directives, VAC Procurement Services Manual and various guidance documents available to staff on VAC’s intranet site. Subsequent to the timeframes for this contract, VAC implemented a procurement management framework.

VAC does have a Contract Review Board (CRB). At the time of this contract, CRB’s terms of reference indicated it was to act as an objective body in order to maintain a strong challenge function on contractual proposals processed through the Procurement, Contracting and Asset Management unit. The scope of the CRB’s work included review and approval of all service contracts with a value of $10,000 or more. Approval was obtained for this contract in accordance with the CRB terms of reference. However, the objective in the summary information submitted to CRB for approval did not agree with the approved Statement of Work, which is the authoritative document defining objectives and deliverables. These changes did not significantly change the nature of the contract.

VAC’s Senior Designated Official for the management of procurement and the Chief Financial Officer confirmed to the audit team they were not aware of any specific or unique controls in place relevant to the McKinsey contract that differed from normal departmental controls.

Area of improvement

As an oversight body, the CRB plays an important role to ensure contracts are in accordance with policies and procedures. Providing inaccurate information to the CRB leads to a risk of inappropriate approvals.

Recommendations

There are no recommendations for this audit objective, based on the contract examined because the contract presented a low level of risk for VAC.

Management response

The findings of this audit were presented to management of Veterans Affairs Canada. The audit report was reviewed and recommended for deputy head approval by Veterans Affairs Canada’s Departmental Audit Committee.

Management has accepted the audit findings.

The Deputy Head of Veterans Affairs Canada approves this report.

Paul Ledwell
Deputy Minister
Veterans Affairs Canada

Appendix A: Audit criteria

Audit Objectives Criteria Criteria Sources
1. The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest 1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest.

Conflict of Interest Act - Part I

Directive on Conflict of Interest - 4.2.16, 4.17.3

Values and Ethics Code for the Public Sector – Integrity section (3)

Contracting Policy (before May 13, 2022) – 4.2.12,10.8,11.1.1,12.4

Directive on the Management of Procurement 4.2.2, 4.3.2

2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments.

Conflict of Interest Act - Part I, Part III (35, 36)

Directive on Conflict of Interest - 4.2.16

Values and Ethics Code for the Public Sector – Integrity section

Contracting Policy (before May 13, 2022) – 4.1.9, 4.2.20, Annex C, schedule 5

Directive on the Management of Procurement (after May 13, 2022) 4.5.5, 4.6.4, 4.10.1.7

2. The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement) 1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations.

Contracting Policy (before May 13, 2022) – Sections 10.2.1, 10.2.6, 10.5, 10.7.30, and Appendix C

Directive on the Management of Procurement (after May 13, 2022) – 4.3.1,4.3.2, 4.3.5 (4.1.1 procurement framework should include detailed requirements)

Contracting Policy Notice 2007-4 - Non-Competitive Contracting

Government Contract Regulations [Current to January 25, 2023] – Section 6

2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner.

Contracting Policy (before May 13, 2022) Sections 4.1.2; 4.1.4, 4.1.9; 16.1.2; 10.5; 10.7; 10.8; 11.1 and 11.3, Appendix J

Directive on the Management of Procurement (after May 13, 2022) – 4.1.1, 4.3.1, 4.3.5 (4.1.1 procurement framework should include detailed requirements)

3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented.

Contracting Policy (before May 13, 2022) – Sections 4.2.10; 11.2; 11.3; 12.3; 12.4.1; 12.9, Appendix H 2.6

Directive on the Management of Procurement ((after May 13, 2022) – 4.3.1, 4.3.5 (procurement framework should include detailed requirements on contract management), 4.10.6

Policy on security Appendix A A.6

4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA).

Directive on Delegation of Spending and Financial Authorities [2017-04-01] – Sections 4.1.11, A.2.2.1.1 to A.2.2.1.3, A.2.2.1.7 to A.2.2.1.9.

Financial Administration Act [2018-03-18 current to] – Section 34

5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements.

Contracting Policy (before May 13, 2022) – Section 5.1.6

Directive on the Management of Procurement (after May 13, 2022) – Appendix C

Guidelines on the Proactive Disclosure of Contracts - Canada.ca Section 4.1 (amended April 1, 2022).

Proactive Disclosure on Contracts, Guidelines on [previous version] – Section 4.1

Access to Information Act (86-1)

3. The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls) 1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks.

Contracting Policy (before May 13, 2022)

Directive on the Management of Procurement (after May 13, 2022)

Note: On April 11, 2019, the contracting limits for organizations and PSPC were updated to reflect a 25% increase to account for inflation (see Appendix C of the Contracting Policy).

Appendix B: Management Action Plan

Not applicable – No recommendations are required. Some areas for improvement are noted in the report but do not represent a significant risk to VAC to warrant recommendations.

Appendix C: Breakdown of findings

Audit criteria Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) Rationale for assessment
Audit objective 1: The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest
1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. Compliant There is no indication the Minister’s Office or staff were involved in the contracting process. There is also no evidence of the involvement of public servants or public office holders in the contracting process whose behavior or status did not comply with the requirements of the Values and Ethics Code or the Directive on Conflict of Interest.
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. Not applicable There is no evidence of contracting with former Public Servants or former Public Office Holders.
Audit objective 2: The procurements were conducted in a fair, open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement)
1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contracts Regulations. Compliant There is documentation to support expenditure initiation and commitment authority (Section 32 of the FAA) were performed by the individual with the proper delegated authorities and was also documented. A statement of work was defined prior to vendor selection and contract award. Justification for non-competitive contracts was documented, valid, and substantiated. There was also no evidence of contract splitting.
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. Not applicable Not applicable as there were no competitive contracts awarded to McKinsey and Company within the time frame scoped into this audit
3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. Partially Compliant

A signed copy of the written contract and the related three amendment are on file and signed by employees with the appropriate delegated authority. Contract amendments are justified and substantiated due to complications which arose due to the Covid-19 pandemic in 2020. There is evidence of oversight and performance monitoring to ensure the quality and standards of the services delivered.

All amendments were approved, however, one contract extension was made verbally, with formal documentation signed at a later date. There were no additional expenditures beyond the original contract value.

4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). Compliant Section 34 certification authority for 2 invoices related to this contract was performed by the appropriate delegated authority. For 1 of the 2 invoices, authorization was provided by email, due to the Covid 19 pandemic, which as allowable per Treasury Board Secretariat direction. The expenses were certified with proof of execution.
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. Compliant The contract and its amendments were proactively disclosed on the open government portal.
Audit objective 3: The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls)
1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. Compliant

There were no specific or unique procurement controls put in place for this contract that were not assessed under the previous sections of this audit program. The contract was appropriately approved by the Contract Review Board, however, the summary information that was submitted to CRB for approval included an objective that did not agree with the approved Statement of Work. This did not significantly change the nature of the contract.

Nothing else came to our attention to lead us to believe that the procurements were not conducted in a manner consistent with the organizations’ internal processes.