Internal Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company
March 2023
Natural Resources Canada (NRCan)
Conformance with professional standards
This internal audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Michel Gould
Chief Audit and Evaluation Executive
Natural Resources Canada
Acknowledgements
The audit team would like to thank those individuals who contributed to this project and particularly employees who responded to numerous requests as part of this audit.
Background
Procurement in the Government of Canada (GC) is subject to the Directive on the Management of Procurement (and the now rescinded Contracting Policy prior to May 13, 2022)Footnote 1, which has as its objective to ensure that procurement of goods, services and construction obtains the necessary assets and services that support the delivery of programs and services to Canadians, while ensuring best value to the Crown. As a result, among others, procurements are expected to enable operational outcomes, to be subject to effective governance and oversight mechanisms, to be fair, open, and transparent, and to meet public expectations in matters of prudence and probity.
The Prime Minister tasked Minister Fortier, as President of the Treasury Board (TB), along with Minister Jaczek, Minister of Public Services and Procurement, to undertake a review of contracts awarded to McKinsey & Company (McKinsey). On February 8, 2023, the Office of the Comptroller General (OCG) requested from government organizations, by February 15, 2023, a list of all contracts with McKinsey dating back to January 1, 2011, as well as related information on these. For those organizations that have been the technical authority and/or entered into any such contracts as the contracting authority, the OCG has directed the Chief Audit Executives (CAEs) of these organizations to conduct a formal independent internal audit of the related procurement processes, with results to be reported to the OCG by March 22, 2023.
Audit objectives and scope
The objectives of the audit were to determine the following for all scoped-in contracts with McKinsey:
- The integrity of the procurement process was maintained consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest;
- The procurements were conducted in a fair, open and transparent manner consistent with the Treasury Board (TB) Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement); and
- The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls).
The scope of the audit focused on the examination of the procurement practices for all competitive and non-competitive contractsFootnote 2 with McKinsey that were awarded (i.e., signed) by the organization between January 1, 2011, and February 7, 2023Footnote 3. More specifically, the audit included an assessment of the following contracts:
| Contract number | Contract start date & end date | Contract amount | Procurement strategy | Purpose of contract |
|---|---|---|---|---|
| 3000489494 | 2012-08-29 to 2012-11-23 | $875,750 | Competitive | To identify global market opportunities for Canadian energy technologies over the 2012-2020 time horizon, taking into account international market trends and Canadian areas of comparative advantage, and identify enabling government policies for Canada to realize these opportunities. |
| 3000675161 | 2018-10-03 to 2018-10-30 | $24,860 | Non-Competitive | To assess how NRCan calculates and validates estimates with respect to global market potential for small modular reactors and propose improvements. |
The audit did not assess:
- All contracts with any entity other than McKinsey.
- All contracts awarded (and signed) outside of the audit period.
- Compliance with any other policy instruments, laws and/or regulations not specifically mentioned in this audit report.
Approach
The OCG provided all departments with an audit plan and audit work program to ensure consistency of coverage across the GC. While the OCG developed the objectives, scope, audit criteria, and audit work program for use by implicated departments, audit findings were developed independently by NRCan’s internal audit function. NRCan’s internal audit function also considered the results of its recent Audit of the Management of Procurement Services, as presented to the Departmental Audit committee in July 2022. The approach followed by NRCan was in alignment with the approach described in the OCG audit plan and audit work program. To ensure the integrity and objectivity of the audit work, this audit was conducted only by public servant internal auditors subject to the Global Internal Auditing Code of Ethics of the Institute of Internal Auditors.
Findings
Findings for objective 1: integrity of the procurement process
The audit did not find any evidence to indicate that the integrity of the procurement process for the two McKinsey contracts was not maintained, consistent with and adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest.
Findings for objective 2: fairness, openness, and transparency, in line with applicable policy
The audit found that the two McKinsey procurements were conducted in a fair, open and transparent manner consistent with the Treasury Board Policy in place at the time.
Findings for objective 3: adherence to departmental processes and control frameworks
The audit found that the two McKinsey procurements were conducted in a manner consistent with NRCan’s internal processes and control frameworks that were in place at the time.
Management response
The findings of this audit were presented to management of Natural Resources Canada (NRCan). The audit report was reviewed and recommended for deputy head approval by NRCan’s Departmental Audit Committee.
Management has accepted the audit findings. If additional issues or recommendations are found following the results of the external reviews by the Office of the Procurement Ombudsman and/or the Auditor General, NRCan will update the management action plan accordingly to incorporate these and NRCan’s Departmental Audit Committee will be engaged in the monitoring of the implementation of this action plan, in line with the department’s standard internal audit processes.
The Deputy Head of NRCan approves this report, including the management action plan.
John Hannaford
Deputy Minister
Natural Resources Canada
Appendix A: Audit criteria
| Audit Objectives | Criteria | Criteria Sources |
|---|---|---|
| 1. The integrity of the procurement process was maintained and consistent with adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest | 1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. |
Conflict of Interest Act- Part I Directive on Conflict of Interest - 4.2.16, 4.17.3 Values and Ethics Code for the Public Sector – Integrity section (3) Contracting Policy (before May 13, 2022) – 4.2.12,10.8,11.1.1,12.4 Directive on the Management of Procurement 4.2.2, 4.3.2 |
|
2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. |
Conflict of Interest Act – Part I, Part III (35, 36) Directive on Conflict of Interest - 4.2.16 Values and Ethics Code for the Public Sector – Integrity section Contracting Policy (before May 13, 2022) – 4.1.9, 4.2.20, Annex C, schedule 5 Directive on the Management of Procurement (after May 13, 2022) 4.5.5, 4.6.4, 4.10.1.7 |
|
|
2. The procurements were conducted in a fair,open and transparent manner consistent with the TB Policy that was in place at the time (Contracting Policy or the Directive on the Management of Procurement) |
1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. |
Contracting Policy (before May 13, 2022) – Sections 10.2.1, 10.2.6, 10.5, 10.7.30, and Appendix C Directive on the Management of Procurement (after May 13, 2022) – 4.3.1,4.3.2, 4.3.5 (4.1.1 procurement framework should include detailed requirements) Contracting Policy Notice 2007-4 - Non-Competitive Contracting Government Contract Regulations [Current to January 25, 2023] – Section 6 |
|
2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. |
Contracting Policy (before May 13, 2022) Sections 4.1.2; 4.1.4, 4.1.9; 16.1.2; 10.5; 10.7; 10.8; 11.1 and 11.3, Appendix J Directive on the Management of Procurement (after May 13, 2022) – 4.1.1, 4.3.1, 4.3.5 (4.1.1 procurement framework should include detailed requirements) |
|
| 3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. |
Contracting Policy (before May 13, 2022) – Sections 4.2.10; 11.2; 11.3; 12.3; 12.4.1; 12.9, Appendix H 2.6 Directive on the Management of Procurement (after May 13, 2022) – 4.3.1, 4.3.5 (procurement framework should include detailed requirements on contract management), 4.10.6 Policy on Security Appendix A A.6 |
|
|
4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). |
Directive on Delegation of Spending and Financial Authorities [2017-04-01] Sections 4.1.11, A.2.2.1.1 to A.2.2.1.3, A.2.2.1.7 to A.2.2.1.9. Financial Administration Act [2018-03-18 to current] – Section 34 |
|
|
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. |
Contracting Policy (before May 13, 2022) – Section 5.1.6 Directive on the Management of Procurement (after May 13, 2022) – Appendix C Guidelines on the Proactive Disclosure of Contracts- Canada.ca Section 4.1 (amended April 1, 2022). Proactive Disclosure on Contracts, Guidelines on [previous version] – Section 4.1 |
|
| 3. The procurements were conducted in a manner consistent with the organization's internal processes and control frameworks (i.e., consistent with procurement management frameworks, financial controls, security controls) | 1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. |
Contracting Policy (before May 13, 2022) Directive on the Management of Procurement (after May 13, 2022) |
Note: On April 11, 2019, the contracting limits for organizations and PSPC were updated to reflect a 25% increase to account for inflation (see Appendix C of the Contracting Policy).
Appendix B: Management Action Plan
| Recommendation | Management action | Area responsible | Expected deliverables per action | Expected completion date |
|---|---|---|---|---|
| Not Applicable |
Appendix C: Breakdown of findings
| Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
|---|---|---|
| 1. Public servants and Public Office Holders ensure that the integrity of the procurement process is maintained and consistent with the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. | Compliant |
The audit did not find any evidence to indicate that the integrity of the procurement process for the two McKinsey contracts was not maintained, consistent with and adhering to the Values and Ethics Code for the Public Sector and the Directive on Conflict of Interest. The audit did not identify any evidence where involvement of Public Servants or Public Office Holders impacted the integrity of the procurement process. NRCan has internal processes both for reporting conflict of interests (COI) and documenting adherence to the NRCan Values and Ethics Code, through the Employee Confidential Report (ECR). The NRCan Values and Ethics Code requires that employees submit a detailed Confidential Report to the COI Coordinator once a conflict of interest is identified. The ECR process requires employees to report within 60 days of their employment, or when there is a change of position or a substantial change in responsibilities, about their personal assets, liabilities or outside activities. The ECR and COI reporting processes complement procurement policy requirements related to conflict of interest. Under these existing processes the audit observed that there were no conflict of interest declarations on file for the public servants that were involved in the procurement process for these two contracts. |
| 2. Contracting with Former Public Servants and Former Public Office Holders is performed with integrity in accordance with the Directive on Conflict of Interest, Conflict of Interest Act and procurement policy instruments. | Not Applicable | The audit team reviewed the procurement file documentation for the two McKinsey contracts, including CVs of the proposed consultants for both contracts, and did not identify any evidence that the consultants included in the contracts were Former Public Servants or Former Public Office Holders. |
| Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
|---|---|---|
| 1. Procurement: non-competitive - There is documentation to support the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. | Compliant |
The 2018 contract awarded to McKinsey was a non-competitive sole-source procurement process under $25,000, supported by documentation of the justification for non-competitive procurement contracts in accordance with section 6 of the Government Contract Regulations. The audit noted that expenditure initiation and Section 32 of the FAA were provided by the proper delegated authority. A statement of work (SOW) was drafted by the program technical authority and shared by the procurement authority with the contractor for a request for proposal prior to the contract being awarded. The justification for sole sourcing the contract was documented on the file where GRC 6(b) was invoked: “The estimate expenditure does not exceed thresholds”. Additionally, the procurement authority solicited the justification from the program technical authority regarding the choice of a sole source contract and the program technical authority provided a sufficient justification that the contractor provides a unique service under the following: experience, brand and reputation, and impartiality. The program technical authority validated that the price of the contract was fair and reasonable as the amount did not exceed the threshold specified under GRC 6(b). The audit also noted that the SOW provided a list of deliverables and the contractor responded with a proposal detailing the tasks required to perform and submit the deliverables within a specified budget. There is no evidence of contract splitting, given that there was only one contract with McKinsey in 2018. This criterion was not applicable to the 2012 contract awarded to McKinsey, as this contract was procured competitively. |
| 2. Procurement: Competitive - Bid evaluation criteria were provided on Request for Proposal (RFP) documents and were used for contractor selection in an open, fair and transparent manner. | Compliant |
The 2012 contract was awarded to McKinsey via a competitive procurement process. The audit found that the bid selection method and evaluation criteria were clearly defined and outlined within the bid solicitation document prior to the formal RFP being issued. The Statement of Work, work description and evaluation criteria were open, fair and transparent, as evidenced through a detailed requirements description, a clear and documented evaluation methodology, and the number of potential bidders invited to the solicitation. The initial request was authorized by an individual with proper delegated financial authorities. Documentation was on file demonstrating that the contracting authority reviewed the bid solicitation documentation to ensure the procurement structure did not influence the outcome; bids were evaluated in accordance with the terms and conditions of the solicitation; individual and consensus assessments were on file, dated and approved; and that the contract was ultimately awarded to the top-ranking firm in accordance with the evaluation methodology. The duration of the contract was deemed to be reasonable given that the services were completed on time and budget. This criterion was not applicable to the 2018 contract awarded to McKinsey, as this contract was a non-competitive procurement process. |
| 3. Contract Management - Contracts and contract amendments were approved prior to the receipt of any services or the expiration of the original contract and supporting documentation is retained on file. Documented monitoring and certification of the delivery of the services was implemented. | Compliant | The two contracts on file that NRCan awarded to McKinsey were both approved prior to the receipt of services and the expiration of the contract; and were signed by an individual with the appropriate delegated authority. Neither contract included any amendments, nor were any security requirements necessary to the nature of the services procured. Documentation was retained on file to support the regular monitoring of progress and certification of the delivery of services procured, including regular status updates and correspondence. |
| 4. Certification Authority (section 34) - Certification authority is performed by someone with the delegated authority to do so, is accomplished in a timely manner and verifies the correctness of the payment requested (Section 34 of the FAA). | Compliant | The audit team verified that certification authority (section 34) was performed by the appropriate delegated authority for all invoices received against both contracts. Evidence that the procured services required in the contract Statement of Work were received for each contract was included in the procurement files. |
|
5. Proactive Disclosure - Contracts, including amendments, valued at over $10,000 meet minimum proactive disclosure requirements. |
Compliant | The two contracts that NRCan awarded to McKinsey, each valued at over $10,000, were both appropriately disclosed on the Open Government Portal in accordance with the policy, guidelines and Access to Information Act. Neither contract included any amendments, and the contract values and information that were proactively disclosed agree to the contract information on file. There were no disclosure restrictions applicable to either contract. |
| Audit criteria | Audit assessment (Compliant, Partially Compliant, Not Compliant, Unable to assess, Not applicable) | Rationale for assessment |
|---|---|---|
| 1. Procurements are conducted in a manner consistent with your departmental internal processes and control frameworks. | Compliant | The audit team reviewed additional internal processes that were in place at NRCan during the scope of this audit and concluded that the two McKinsey procurements were conducted in a manner consistent with NRCan’s internal processes and control frameworks that were in place at the time. In assessing this criteria, the audit team also considered the results of its recent Audit of the Management of Procurement Services, as presented to the Departmental Audit committee in July 2022. |
Page details
- Date modified: