CONTROL AND COMPLIANCE INPUBLIC SECTOR PROCUREMENT

PUBLIC SECTOR PROCUREMENT ASIA MASTERCLASS

5 JUNE 2012YOONG EE CHUAN, CPA, CIA, CISA, CISM, MSID

1

AGENDA

2

Evolution of Procurement – A Public Sector Example

Centralisation to De-Centralisation

Snapshot of Procurement Ecosystem

Managing Procurement Risks

Internal Controls

Auditing and Assurance

Control and Compliance

3

Paper to Digital

Centralisation to de-

centralisation

Instruction Manual

(IM)3B to IM on

procurement

Snapshot of procurement ecosystem

EVOLUTION OF PROCUREMENT

EVOLUTION OF PROCUREMENT

4

5

EVOLUTION OF PROCUREMENT

Principles remain similar i.e. open and

fair competition, transparency and

value-for-money (or previously “lowest

cost meeting specifications”)

Procurement processes were very

manual

IM3B – Government Instruction Manual on Procurement

prescriptive rules for manual handling of

procurement exercises

Rules for quotations vs tenders

Estimated procurement value

(EPV)

6

EVOLUTION OF PROCUREMENT

7

EVOLUTION OF PROCUREMENT

8

Quotations

• Less onerous compliance wise to tenders

• Confidentiality of quotations• Fax quotations vs mailed

quotations• Dedicated fax, officer opening etc.• Posting of quotations on notice

board

EVOLUTION OF PROCUREMENT

9

Tenders

• Offer by vendors – more legal documentation as it is binding

• Confidentiality and integrity important• Tender boxes system with

dual key• Tender opening committee• Tender witnessing officers• Evaluation by committee• Award by approving

authorities based on value• Posting of bids on notice boards

EVOLUTION OF PROCUREMENT

10

[Post-SLA] Finance Circular No 1/2011 [4 March 2011] & Corrigendum [13 May 2011]

New Roles:

• Approving Officer - AO (Approval of Requirement - AOR) function• Approving Officer (Bid Amendment) –Permanent Secretary (PS) or

delegated officer

Other Requirements

• Period contracts require AO (AOR) approval• Good practice to establish own period contracts for regular purchases• Limiting of “Limited” tenders – GPE should seek guidance from

PS/CEO/Head of Agency if in doubt

EVOLUTION OF PROCUREMENT

11

Other Requirements• Quotation Approving Authority (QAA)

preferable (good practice) to be from different department (division/section/unit) requesting procurement

• Goods/services Receipt Officer ensure documentary evidence (e.g. delivery orders, service reports, inventory stock-take) that goods/services delivered or performed

• Segregation of Payment Certifying Officer / Approving Officer duties extended to Statutory Boards

EVOLUTION OF PROCUREMENT

12

Centralisation to de-centralisation• THEN

• Central procurement office (CPO)• Stationeries e.g. pens obtained via CPO• Savings from bulk purchases but spoilage from

stock obsolescence, matching demand/supply• NOW

• Decentralised• E.g. e-Catalogue buy, bulk tender, GeBIZ• You buy what you need, block budget aproach

EVOLUTION OF PROCUREMENT

13

IM3B to IM on procurement• THEN

• Instruction manuals came in paper files• Updating was a pain, manually cross out

super-ceded paras, paste over new paras etc.

• People were more controls & rules conscious• NOW

• Web-based• Ease of reference and ease of forgetting (in

some cases)

EVOLUTION OF PROCUREMENT

MANAGING PROCUREMENT RISKS

14

Inherent Risks

Procurement is susceptible to corruption (in general)

E.g. vendors gifts, ang-pows, free samples

Non-compliances can threaten openness, fairness and transparency occur

Laxity and lapses in basic contract management can result in loss of value-for-money

Report of the Auditor-General highlights cases of non-compliance

15

In the past:

AG’s Report 1994/1995

Audit of Purchases under United States Foreign Military Sales Programme

Review of Financial Systems of Singapore Armed Forces Sports Association

Compliance with Government Procurement Procedures by Statutory Boards

MANAGING PROCUREMENT RISKS

16

MANAGING PROCUREMENT RISKS

17

MANAGING PROCUREMENT RISKS

18

MANAGING PROCUREMENT RISKS

19

Recently –Report of the Auditor-General FY2008/09, Auditor-General’s Overview

Areas of concern

Laxity in procurement and contract management

Lack of financial prudence in procurement and poor management of contracts and agreements

Resulting in higher expenditure for goods and services

MANAGING PROCUREMENT RISKS

20

Areas of concern (cont’d)

Under-performance not detected

Penalties for non-performance not imposed

Revenues due not collected

Little or no assurance of value-for-money in projects carried out

MANAGING PROCUREMENT RISKS

21

MANAGING PROCUREMENT RISKS

22

MANAGING PROCUREMENT RISKS

23

MANAGING PROCUREMENT RISKS

24

MANAGING PROCUREMENT RISKS

INTERNAL CONTROLS

25

• Lapses due to the way people interpret and enforce the rules as well as implementing the procedures

• IM3B now more principles-based, i.e. more room for people to interpret hence critical to educate staff handling procedure about how to apply the principles

• IM3B now provides case studies to help us• Segregation of responsibilities

• Not one person do everything

People

26

• Segregation of responsibilities (cont’d)• GeBIZ – more different roles, e.g. goods

received and goods inspection must be different officers, purchasing officer also cannot be approving etc.

• Previously can circumvent if manual, now with GeBIZ roles, more difficult

• Evaluation team for tenders shouldn’t all be from the same dept/team

• Education and awareness of IM 3B (and 3G)• Trade-off between controls and efficiency

People

INTERNAL CONTROLS

27

• Implement systems and processes that adhere to IM3

• But public agencies do vary in implementation• E.g. of SBs that had dubious quotations

• Get internal audit to review• Perhaps external audit may review

• However, does not focus too much on internal controls over procurement, i.e. more concerned about validity and authorisation, completeness of recording of purchasing and payment transactions then procurement principles: openness, fairness and transparency

System of procurement

INTERNAL CONTROLS

28

• Controls are built into the procurement process

• More difficult (but not impossible! i.e Singapore Land Authority case) to circumvent relative to manual processes

• Examples• Openness of web invitations to quotes and

invitations to tenders and request for proposals (global)

• Routing for approvals• Publication of awards

GeBIZ: A game changer

INTERNAL CONTROLS

29

• To what extent does your agency adhere to principles of IM3B/G?

• To what extent is your standard operating procedures for procurement in line with IM3B/G?

• How familiar are your people with IM3B/G principles and procedures (i.e. GeBIZ use)

• Have you set-up assurance and audit of procurement• Get your internal audit to look into it• Ask your external auditor to look into it

Some issues for consideration:

INTERNAL CONTROLS

AUDITING AND ASSURANCE

30

CAATs include:Generalised

audit software (e.g. ACL,

IDEA)

Utility software Test data

Application software for continuous

online audits

Audit expert systems

CAATs are a significant tool for auditors to gather information

independently

31

Benefits

Increased audit coverage

More thorough and consistent analysis of data

Reduction in risk

ChallengesIT knowledge, expertise and

experience of auditor

Availability of suitable CAATs and IT facilities

Efficiency and effectiveness of using CAATs over manual techniques

Time constraints

Integrity of the information system and IT environment

Level of audit risk

AUDITING AND ASSURANCE

Key characteristics• Ability to extract data from commonly used file

formats and tables of database systems e.g. ascii, flat file, comma separated variable, tab separated variable, PDF, prn etc.• Can audit any application on any technology

platform

Functions• Data queries• Data stratification• Sample selection

AUDITING AND ASSURANCE

Functions (cont’d)• Missing sequence identification• Statistic analysis• Calculations• Operations to join files and

tables• Fraud analysis – e.g. Benford

analysis

AUDITING AND ASSURANCE

IDEA• Data analysis or generalised audit software

AUDITING AND ASSURANCE

Review organisation’saccess control list for

potential conflictsGeneral analysis of

roles by dept/section

Trend analysis: mean, median and high/low

Test controls over segregation of duties•i.e. officer performing goods receipt vs goods inspection not the same officer

AnalyseFinance’s/Procurement

roleSystem owner roles vsuser department roles

AuditApproach

AUDITING AND ASSURANCE

Review expenditure

• Highest Purchase Order Value/Number

• Highest Number of Invitations-to-Quote / Tenders called

Vendor/Supplier review

• Screen against “blacklist” (i.e. SLA fraud known “front” companies)

• Summarise vendor by amount in period (financial year or calendar year)

AUDITING AND ASSURANCE

Vendor/Supplier review (cont’d)

• Reasonableness test of top 10 vendors by value or number of purchase orders against ACRA Bizfile check and understanding of business

Invitations-to-Quote review

• Summarise by Dept, Section, Staff, Vendor

• Review for unusual patterns or unexplained trends

AUDITING AND ASSURANCE

CONTROL AND COMPLIANCE

Learning Points

CAATs is a tool

Auditor’s understanding of business and risks critical

Organisation’s oversight by individual heads of department on expenditure important

Segregation of duties and staff rotation important

THANK YOU!Questions?Contact

• Yoong Ee Chuan, Director/Internal Audit Office• 535 Clementi Road, Singapore 599489• Ngee Ann Polytechnic (www.np.edu.sg)

• yec2@np.edu.sg• DID: 6460-6275• Twitter: @eechuan• LinkedIn: http://sg.linkedin.com/in/eechuan

39