3.1 Management of the Contract
Monitoring the various contract activities ensures it is successfully executed in accordance with the agreed terms of the contract and assists the organization in ensuring that its objectives are met. The FHCPS Contract defines the Project Authority as the Senior Director, Strategic and Enabling Initiatives (SEI). Contract Administration, as a distinct unit within SEI, administers the contract on behalf of VAC and the federal partner organizations. These groups fall under the direction of the Service Delivery and Program Management division within the Service Delivery Branch.
Signed by all parties in 2014, the FHCPS Contract between the partners and the contractor defined the broad scope of the authorities, responsibilities, and deliverables relating to the agreement. The FHCPS for VAC, RCMP, and CF Statement of Work lists the general requirements of the contract which VAC CAU must monitor to ensure the agreed terms of the contract are met.
The audit examined VAC CAUs processes for managing the contract and its deliverables. It also examined more broad aspects of contract management, including roles and responsibilities, communications, change management, and risk management.
Monitoring key deliverables
Within contracts, deliverables refer to items specifically required by agreed-upon documents such as an item mentioned in the statement of work. Key deliverables are defined within the FHCPS Contract Statement of Work and additional deliverables may arise due to the Task Authorization Process.
Contract monitoring includes the structures, policies, procedures, and tools used to ensure that the objectives of a contract are accomplished and vendors meet their responsibilities. Given its importance to overall contract management, we expected VAC CAU to have tools in place to monitor the FHCPS contract key deliverables.
According to all interviews, there is a good working relationship between the partner organizations, VAC, and the third party health claims processor which enables the group to discuss and advance deliverables due to the collaborative nature of the discourse. Deliverables which are lagging are discussed openly during regular monthly operations and partnership teleconferences and quarterly face-to-face meetings. Annual plans, annual reports, and monthly dashboards are also produced that address the delivery of significant elements of the contract.
The audit team tested a sample of 34 key deliverables from the Statement of Work to assess how the CAU validated, tracked, and accepted the deliverables. CAU provided the audit team with a response as to the status of all sampled deliverables however there is not a formal tracking document which tracks the status of all of the contract’s deliverables. The addition of a formal tracking mechanism would enable the VAC CAU to better monitor key deliverables in a timely manner.
Roles and Responsibilities
Clear roles and responsibilities are crucial to any contractual arrangement. All parties need to be aware of their rights and responsibilities. The audit found that an updated draft Roles and Responsibilities document was prepared in 2019. The document lists the area of responsibility and function for all of the partners as well as the relevant program units within VAC. Interviews with stakeholders demonstrated that roles and responsibilities are understood. Additionally, the partner organizations expressed that they are generally satisfied with the VAC CAU’s role as primary representative of the Project Authority, responsible for liaison and monitoring of requirements between them, the contractor, and PSPC.
Communication
Communication and sharing of timely and relevant information helps to ensure informed decision making. The FHCPS Statement of Work outlines formal communication mechanisms, including regular teleconference and quarterly face-to face partnership meetings. The audit team interviewed key contract stakeholders and found all were complimentary of the usefulness and benefits of formal meetings and of ad hoc communications. Audit team members also observed two face-to-face quarterly meetings. Communication, both formal and informal, is numerous and proving effective at strategizing on expected policy, completing procedural changes, and providing a forum for information sharing.
Change Initiatives
A formalized change management process strengthens contract management activities by communicating the path to initiate, authorize, and carry out changes to the contracted services. The FHCPS Contract defines the change initiative through a process called a Task Authorization (TA). The TA process is described within the contract including the responsibilities of the Contractor and the Project Authority.
During the quarterly Partnership Meetings, change initiatives are discussed and strategy is created regarding the expected policy and procedural changes. In addition, the third party health claims processor expressed that the TA process, which was part of the new contract, has made the change process easier to complete.
According to interviews, the TA process is well understood. When there are formal changes requested by VAC to the Contract, there is a formal process for authorizing, approving, documenting, and tracking these changes. Interviewees from the partner organizations had generally positive comments regarding the TA process.
Risk Management
Risk management is the identification, evaluation, and prioritization of risks to an organization. This process is followed by coordinated application of resources to minimize, monitor, and/or control the likelihood and impact of future events.
The audit team requested a formal risk identification/management/assessment document which had been completed by the VAC CAU but they were unable to provide such a document. During interviews, respondents were able to discuss risk topics but also indicated they were not formally documented, expressing there was no formal process for identifying risk likelihood and/or impact. In addition to regular meetings, examples of existing processes used to manage risks include the annual independent assurance with the Canadian Standard on Assurance Engagements (CSAE) 3416 Reporting of Controls at a Service Organization and the internal Analysis of FHCPS Expenditures and Contracting Implications Report.
The lack of a formal risk assessment process increases the likelihood that the CAU will not be in a position to adequately manage the risks involved with the FHCPS Contract.
Recommendation 1
It is recommended that the Director General, Service Delivery and Program Management formalizes a mechanism to monitor the Federal Health Claims Processing Services contract deliverables.
Management Response:
The Director General, Service Delivery and Program Management agrees with this recommendation and will further strengthen procedures and tools, such as those associated with annual planning and reporting, and will document the comprehensive process to monitor the Federal Health Claims Processing Services key contract deliverables.
Target completion date: January 31, 2021
Recommendation 2
It is recommended that the Director General, Service Delivery and Program Management implements a formal risk assessment framework to manage the risks of the Federal Health Claims Processing Services contract.
Management Response:
The Director General, Service Delivery and Program Management agrees with this recommendation and will add to existing processes used to manage risk, such as annual external audits and the FHCPS contract’s Threat Risk Assessment, and will develop and implement a formal risk management framework for the contract.
Target completion date: February 28, 2021
3.2 Monitoring of Financial Performance
Monitoring financial performance creates more certainty and confidence in the decision-making within an organization. In turn, tracking and analyzing the contract costs allows VAC to better meet its objectives and goals.
Monitoring Contract Costs
Monitoring budget to actual expenditures is an important part of sound financial management as it supports decision making and allows for timely action where necessary. The audit looked to see whether VAC CAU staff conducted reviews to analyze, compare, and explain financial variances between actual and planned contracting expenditures.
According to the position job description, the VAC CAU Manager is required to manage the budget for the existing contract and conduct forecasting activities to ensure that expenditures are within contractual boundaries. The audit found that VAC CAU has been monitoring and projecting the contract costs. At September, 2018 VAC CAU had identified a $34M projected shortfall on contracting authority and has projected to run out of contracting authority 15 months before the end of the contract. The audit determined that VAC CAU had taken appropriate steps to address this issue including on-going monitoring and communication with necessary stakeholders: internal management, external partners, PSPC, and Treasury Board.
Certification of Invoices for Payment
Section 34 of the Financial Administration Act (FAA) requires that invoices are approved prior to payment. CAU is responsible for administration associated with section 34 of the FAA for both contract and program costs. Specifically, the Act requires that departments:
- verify and document that the work has been performed, the goods supplied, or the services rendered per contract terms;
- certify in a timely manner prior to making a payment, that the contract terms and conditions have been met, including price, quantity and quality; and
- ensure that the payee is entitled to or eligible for the payment.
The audit looked to see whether VAC CAU had processes in place to meet these requirements. It also looked to see whether the person signing the invoices for payment had properly documented delegated signing authority on file.
Section 34 Requirements
VAC CAU has processes in place to ensure rates charged are in accordance with the contract terms. However, with regard to whether services were rendered, the audit team found that opportunities exist to strengthen VAC’s processes for exercising its duties under Section 34 of the Financial Administration Act.
The audit noted that processes exist to support certification that the contracted work has been performed; however, efforts are uncoordinated and together do not ideally address the Section 34 requirements. Key processes include
- VAC CAU and VAC Finance ensure that staff have the required signing authority training to approve invoices;
- Monthly post-payment verification conducted by VAC Finance based on an annual sampling plan. These samples include VAC program expenditures processed by the third party health claims contractor as well as administrative costs. The third party health claims processor’s program costs and/or operating costs may be in-scope depending on samples selected;
- Monthly monitoring of quasi statutory program expenditures to ensure that costs align with historical trends and forecasts;
- Annually, a high level assurance report conducted by an independent auditor assesses operating effectiveness of the third party health claims processor’s financial key controls. This process adds confidence to the integrity of the billing process to VAC;
- Post-payment audits of health care provider billed claims conducted by the third party health claims processor’s Government Business Audit. This process adds confidence to the integrity of health services billed for program expenditures; and
- CAU performs queries from the FHCPS system and compares the third party health claims processor’s invoices to this data. This reconciliation compares the invoiced information to the same system from which the invoices were generated.
Combined, the above controls support Section 34 approval. However, VAC would benefit from a coordinated approach that ensures that all of this information is utilized collectively to support Section 34 sign-off. Further, VAC should refine and tailor the above mentioned activities to more closely link to the line items on the invoices. More focused, coordinated efforts would provide better assurance to VAC that services have been rendered as invoiced.
Delegated Signing Authority
The Director General, Service Delivery and Program Management is required to sign-off on all the third party health claims processor’s invoices. Staff with signing authority are required to have a Delegated Financial Authorities Record (DFAR) on file which outlines the extent of the delegated authority. The audit team sampled 30 invoices to determine whether the person signing the invoice had a valid DFAR on file. In all cases, there was a valid DFAR on file.
Recommendation 3
It is recommended that the Director General, Service Delivery and Program Management in collaboration with the Director General, Finance, create a documented framework outlining the Department’s coordinated approach to exercising it’s responsibilities under Section 34 of the Financial Administration Act with regards to payments made via the Federal Health Claims Processing Services contract. Further, this documented framework should address opportunities to leverage and refine current practices to be applied directly to significant invoiced line items.
Management Response:
The Director General, Service Delivery and Program Management and the Director General, Finance agree with this recommendation. As noted, the processes identified in the report exist but could be strengthened. A document framework will be developed to integrate the details as well as explore opportunities to further strengthen processes based on risk.
Target completion date: January 31, 2021
3.3 Audit Conclusion
Veterans Affairs Canada Contract Administration Unit has processes in place to effectively manage the Federal Health Claims Processing Services contract.
Opportunities exist to strengthen the processes by including a formal risk assessment process and by strengthening and coordinating efforts to exercise duties under section 34 of the Financial Administration Act.