The presentation covers public sector procurement risk and controls from an auditor\'s perspective. It gives an overview of how public sector procurement in Singapore has evolved and the risks that procurement managers, professionals, control and risks managers, internal/external auditors should be alert to when dealing with risks in procurement.
Control And Compliance In Public Sector Procurement
1. CONTROL AND COMPLIANCE IN
PUBLIC SECTOR PROCUREMENT
PUBLIC SECTOR PROCUREMENT ASIA MASTERCLASS
5 JUNE 2012
YOONG EE CHUAN, CPA, CIA, CISA, CISM, MSID
1
2. AGENDA
Evolution of Procurement – A Public Sector Example
Centralisation to De-Centralisation
Snapshot of Procurement Ecosystem
Managing Procurement Risks
Internal Controls
Auditing and Assurance
Control and Compliance
2
3. EVOLUTION OF PROCUREMENT
Instruction
Centralisation Manual Snapshot of
Paper to
to de- (IM)3B to IM procurement
Digital
centralisation on ecosystem
procurement
3
6. EVOLUTION OF PROCUREMENT
Principles remain
IM3B – Government
similar i.e. open and
Instruction Manual
fair competition,
on Procurement Estimated
transparency and
prescriptive rules for procurement value
value-for-money (or
manual handling of (EPV)
previously “lowest
procurement
cost meeting
exercises
specifications”)
Procurement
Rules for quotations
processes were very
vs tenders
manual
6
8. EVOLUTION OF PROCUREMENT
• Less onerous compliance wise to
tenders
• Confidentiality of quotations
• Fax quotations vs mailed
Quotations quotations
• Dedicated fax, officer opening etc.
• Posting of quotations on notice
board
8
9. EVOLUTION OF PROCUREMENT
• Offer by vendors – more legal
documentation as it is binding
• Confidentiality and integrity
important
• Tender boxes system with
dual key
Tenders • Tender opening committee
• Tender witnessing officers
• Evaluation by committee
• Award by approving
authorities based on value
• Posting of bids on notice boards
9
10. EVOLUTION OF PROCUREMENT
[Post-SLA] Finance Circular No 1/2011 [4 March 2011] &
Corrigendum [13 May 2011]
New Roles:
• Approving Officer - AO (Approval of Requirement - AOR) function
• Approving Officer (Bid Amendment) –Permanent Secretary (PS) or
delegated officer
Other Requirements
• Period contracts require AO (AOR) approval
• Good practice to establish own period contracts for regular purchases
• Limiting of “Limited” tenders – GPE should seek guidance from
PS/CEO/Head of Agency if in doubt
10
11. EVOLUTION OF PROCUREMENT
Other Requirements
• Quotation Approving Authority (QAA)
preferable (good practice) to be from
different department (division/section/unit)
requesting procurement
• Goods/services Receipt Officer ensure
documentary evidence (e.g. delivery orders,
service reports, inventory stock-take) that
goods/services delivered or performed
• Segregation of Payment Certifying Officer /
Approving Officer duties extended to
Statutory Boards
11
12. EVOLUTION OF PROCUREMENT
Centralisation to de-centralisation
• THEN
• Central procurement office (CPO)
• Stationeries e.g. pens obtained via CPO
• Savings from bulk purchases but spoilage from
stock obsolescence, matching demand/supply
• NOW
• Decentralised
• E.g. e-Catalogue buy, bulk tender, GeBIZ
• You buy what you need, block budget aproach
12
13. EVOLUTION OF PROCUREMENT
IM3B to IM on procurement
• THEN
• Instruction manuals came in paper files
• Updating was a pain, manually cross out
super-ceded paras, paste over new paras
etc.
• People were more controls & rules conscious
• NOW
• Web-based
• Ease of reference and ease of forgetting (in
some cases)
13
14. MANAGING PROCUREMENT
RISKS
Inherent Procurement is susceptible to corruption (in
general)
Risks
E.g. vendors gifts, ang-pows, free samples
Non-compliances can threaten openness,
fairness and transparency occur
Laxity and lapses in basic contract management
can result in loss of value-for-money
Report of the Auditor-General highlights cases
of non-compliance
14
15. MANAGING PROCUREMENT
RISKS
AG’s Report 1994/1995
In
the
past: Audit of Purchases under United States
Foreign Military Sales Programme
Review of Financial Systems of
Singapore Armed Forces Sports
Association
Compliance with Government
Procurement Procedures by Statutory
Boards
15
19. MANAGING PROCUREMENT
RISKS
Recently –
Report of Areas of concern
the Auditor-
General
FY2008/09,
Auditor- Laxity in procurement and contract
General’s
Overview management
Lack of financial prudence in
procurement and poor management of
contracts and agreements
Resulting in higher expenditure for
goods and services
19
20. MANAGING PROCUREMENT
RISKS
Areas Under-performance not detected
of
concern
(cont’d)
Penalties for non-performance
not imposed
Revenues due not collected
Little or no assurance of value-
for-money in projects carried out
20
25. INTERNAL CONTROLS
People
• Lapses due to the way people interpret
and enforce the rules as well as
implementing the procedures
• IM3B now more principles-based, i.e. more
room for people to interpret hence critical
to educate staff handling procedure about
how to apply the principles
• IM3B now provides case studies to help us
• Segregation of responsibilities
• Not one person do everything
25
26. INTERNAL CONTROLS
People
• Segregation of responsibilities (cont’d)
• GeBIZ – more different roles, e.g. goods
received and goods inspection must be
different officers, purchasing officer also
cannot be approving etc.
• Previously can circumvent if manual, now
with GeBIZ roles, more difficult
• Evaluation team for tenders shouldn’t all be
from the same dept/team
• Education and awareness of IM 3B (and 3G)
• Trade-off between controls and efficiency
26
27. INTERNAL CONTROLS
System of procurement
• Implement systems and processes that adhere to
IM3
• But public agencies do vary in implementation
• E.g. of SBs that had dubious quotations
• Get internal audit to review
• Perhaps external audit may review
• However, does not focus too much on internal
controls over procurement, i.e. more concerned
about validity and authorisation, completeness of
recording of purchasing and payment
transactions then procurement principles:
openness, fairness and transparency
27
28. INTERNAL CONTROLS
GeBIZ: A game changer
• Controls are built into the procurement
process
• More difficult (but not impossible! i.e
Singapore Land Authority case) to
circumvent relative to manual processes
• Examples
• Openness of web invitations to quotes and
invitations to tenders and request for
proposals (global)
• Routing for approvals
• Publication of awards
28
29. INTERNAL CONTROLS
Some issues for consideration:
• To what extent does your agency adhere to
principles of IM3B/G?
• To what extent is your standard operating
procedures for procurement in line with
IM3B/G?
• How familiar are your people with IM3B/G
principles and procedures (i.e. GeBIZ use)
• Have you set-up assurance and audit of
procurement
• Get your internal audit to look into it
• Ask your external auditor to look into it
29
30. AUDITING AND ASSURANCE
CAATs are a significant tool for
auditors to gather information
independently
CAATs include:
Generalised Application
audit software Utility software for Audit expert
Test data
(e.g. ACL, software continuous systems
IDEA) online audits
30
31. AUDITING AND ASSURANCE
Benefits Challenges
IT knowledge, expertise and
experience of auditor
Increased audit coverage
Availability of suitable CAATs and IT
facilities
Efficiency and effectiveness of using
CAATs over manual techniques
More thorough and consistent
analysis of data
Time constraints
Integrity of the information system
and IT environment
Reduction in risk
Level of audit risk
31
32. AUDITING AND ASSURANCE
Key characteristics
• Ability to extract data from commonly used file
formats and tables of database systems e.g.
ascii, flat file, comma separated variable, tab
separated variable, PDF, prn etc.
• Can audit any application on any technology
platform
Functions
• Data queries
• Data stratification
• Sample selection
33. AUDITING AND ASSURANCE
Functions (cont’d)
• Missing sequence identification
• Statistic analysis
• Calculations
• Operations to join files and
tables
• Fraud analysis – e.g. Benford
analysis
35. AUDITING AND ASSURANCE
Review organisation’s
General analysis of
access control list for
roles by dept/section
potential conflicts
Audit Test controls over
segregation of duties
Approach Trend analysis: mean,
median and high/low
•i.e. officer performing goods
receipt vs goods inspection
not the same officer
Analyse
System owner roles vs
Finance’s/Procurement
user department roles
role
36. AUDITING AND ASSURANCE
Vendor/Supplier
Review expenditure
review
• Highest Purchase • Screen against
Order “blacklist” (i.e. SLA
Value/Number fraud known “front”
• Highest Number of companies)
Invitations-to- • Summarise vendor
Quote / Tenders by amount in
called period (financial
year or calendar
year)
37. AUDITING AND ASSURANCE
Vendor/Supplier Invitations-to-
review (cont’d) Quote review
• Reasonableness • Summarise by
test of top 10 Dept, Section,
vendors by value Staff, Vendor
or number of • Review for
purchase orders unusual patterns
against ACRA or unexplained
Bizfile check and trends
understanding of
business
38. CONTROL AND COMPLIANCE
Learning Points
CAATs is a tool
Auditor’s understanding of business and risks
critical
Organisation’s oversight by individual heads
of department on expenditure important
Segregation of duties and staff rotation
important