Finding Text
Finding #2023-001
Significant Deficiency – Lack of Internal Control Over Compliance with Procurement Policy
Assistance Listing Number #14.231
Condition:
In order to test compliance related to procurement, we reviewed the conclusions drawn during management’s review noting no exceptions. In addition, we selected a representative sample of disbursements from all major program contracts. Of the 81 disbursements selected, supporting documentation for 10 items expended under 3 contracts did not contain records sufficient to detail the history and rationale for the method of procurement and the reason the required bid process was bypassed, as allowed by the procurement policy. In discussions with program staff and management, we concluded the Organization’s procurement policies were ultimately followed and no major program noncompliance or questioned costs were identified.
During planning for the 2023 audit, HCVT noted the Organization determined to review the procurement process organization-wide and update the procurement policy, as necessary, to ensure compliance with Uniform Guidance. Management reviewed numerous transactions of vendors with aggregate payments in 2023 that were in excess of the formal bid threshold and for which the Organization relied on sole-sourcing, as allowed by the procurement policy. Although limited documentation was noted, no instances of noncompliance were identified. As such, management determined internal control over compliance with procurement requirements was properly designed, but not consistently implemented.
Criteria:
Uniform Guidance requires all agencies develop a procurement policy ensuring compliance with Section 200.318 through 200.326. The Organization has established a procurement policy which requires sealed bids for contracts or procurements in excess of $250,000 and requires the maintenance of records sufficient to detail the history and rationale for the method of procurement, including in circumstances where the required bid process is bypassed for an allowable reason, as defined in the procurement policy. Management and those charged with governance are responsible for the design, implementation, and maintenance of internal control relevant to compliance with the established procurement policy.
Cause:
The Organization continued to experience significant growth in activities and personnel in 2023, which did not allow for consistent implementation of existing internal control over compliance with the established procurement policy.
Effect:
Although management was able to provide reasonable explanation for bypassing the required bid process in compliance with the procurement policy, records detailing the bypass were not included in the Organization’s files which represents a significant deficiency in internal control over compliance.
Recommendation:
The results of management’s internal review should be communicated organization-wide and specific training should be developed for the program and finance departments on the Organization’s procurement policy and the requirements of Uniform Guidance. Further, management should develop a process to regularly re-evaluate internal control over compliance to ensure proper review and approval of all procurements, including whether appropriate records justifying the bypass of the sealed bid process and the conclusion on allowable vendor selections are being maintained.
Views of Responsible Officials and Planned Corrective Actions:
Management concurs and the Corrective Action Plan previously provided continues to be in process.