Beaumont Hospital Board Supplement To Audit Report Public Procurement And
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Beaumont Hospital Board Supplement To Audit Report Public Procurement And as PDF for free.
More details
- Words: 2,209
- Pages: 5
Beaumont Hospital Board Supplement to Audit Report Public Procurement and internal control Public bodies are required in the conduct of their business to observe guidelines and regulations in relation to the procurement of goods and services. The guidelines and regulations are concerned with ensuring fairness and transparency in the award of public contracts and ensuring the achievement of value for money. The board of each public body is responsible for maintaining a proper system of internal control designed, among other things, to ensure that appropriate procedures are followed in relation to public procurement. Among the procedures which a large organisation would normally be expected to have as part of its system of internal control are • measures to ensure an appropriate control environment including procedures to deal with control failures • formal procedures for preventing and detecting fraud • procedures for monitoring the effectiveness of the internal control system such as an audit committee and an effective internal audit function. Procurement in Beaumont Hospital The policy of Beaumont Hospital in relation to procurement was, and is, that transparency and fairness should be evident in the tendering process and in the criteria used for the award of the contract. This policy is supported by detailed procedures in relation to the conduct of the tendering process. In Beaumont Hospital the Technical Services Division (TSD) is responsible for the provision of building and maintenance works and technical services. In May 1999 the Hospital's General Manager wrote to the TSD Manager expressing concern about work being commissioned by TSD and being completed before the appropriate documentation was in place. He instructed that in future all tenders should be approved by him prior to award of contract and that all documentation from the contractor should be in place before commencing work and should be forwarded to him with the recommendation to award the contract. In July 2000 the General Manager again wrote to the TSD Manager. He expressed concern at the use of Service Request Authorisations (SRAs) by TSD. SRAs were intended to be used to permit urgent minor repairs to be carried out without the need for tendering. The General Manager suggested that they were, in fact, being used to circumvent previously agreed procedures. He also pointed out that, again in contravention of previously agreed procedures, work was being undertaken without his prior approval. He instructed that the practice of using SRAs for non-urgent work should cease.
The General Manager wrote to TSD for a third time in October 2000 expressing concern that TSD continued to obtain quotations and issue orders for work without going through the normal tendering process, and in many cases, commencing work without his approval. He reiterated that orders should not be issued without his prior approval and that normal procedures should be followed. He indicated that if this instruction were not obeyed he would have to take "appropriate action". In January 1999 the Hospital's internal auditor had circulated personnel responsible for procurement in the Hospital asking to be informed of the time, date and location of tender openings so as to permit internal audit to carry out spot checks to ensure that procedures were being followed. Notwithstanding this instruction, internal audit was not made aware of all tenders in 1999. In particular, TSD did not comply with this instruction, a fact which was communicated to the audit committee in June 2000. In July 2001 the audit committee was informed that TSD had not complied during 2000 but the General Manager assured the internal auditor that TSD was complying since the beginning of 2001. During the period January to March 2001 internal audit carried out thefirst of three audits on procurement in TSD. This audit focused exclusively on security installation contracts awarded by the Hospital since November 1999. The report identified a significant number of weaknesses and failures to comply with procedures in the award of these contracts. It found that • •
all of the work concerned was awarded to one contractor staff members in TSD were circumventing the hospital's purchasing system and were not adhering to the Hospital's policies and procedures • there was a lack of documentation on file and a lack of control by Hospital staff over the systems being implemented • the contractor to whom the work had been awarded could not produce valid insurance cover for the period November 1999 to January 2001 • a review of the work paid for established that €36,800 had been paid in respect of systems which were not working properly, a further €2,500 worth of materials had never been installed according to staff in the relevant department and €22,900 of equipment had been only partially installed, despite having been paid for in full • there was evidence of work that had already been completed being re-tendered by the contractor. The procedure in the Hospital is that internal audit reports once completed are issued in draft form to the relevant line manager for a reply; when a reply is received, the draft audit report and reply are issued to the appropriate Senior Manager; on receipt of a replyfrom the Senior Manager the report is formally issued to the audit committee. The audit report was issued in draft to the TSD Manager on 20 March 2001. He disputed the auditfindings and contested the recommendations. A copy of the draft audit report and the reply receivedfrom the TSD Manager was issued to the Deputy CEO on 23 April 2001 for his views. On 27 April 2001 the internal auditor and the Deputy CEO carried out a physical review of the disputed installation by means of a
walk around the site. As a result of this review the findings and the recommendations in the draft audit report remained largely unchanged. The second and third audit reports arose out of the attendance of the internal auditor at the opening of tenders on 18 May 2001 and 31 August 2001 respectively. These reports concluded that the Hospital's tendering policy had again been circumvented by TSD staff. They also cast serious doubt over the authenticity of some of the tenders. These reports were given to the TSD Manager on 28 August and 4 September with a request that he reply within a week. In September 2001, the TSD Manager resigned following the submission of his response to matters arising in the internal audit reports. On subsequent examination it was found that documentary evidence of educational qualifications submitted by the manager of TSD in support of his application for the position had been falsified. Consequent on these audit findings, a review was carried out by internal audit of all construction work on the hospital site over the period 1998 to 2001. This review noted that all work, to a value of €3.3m, had been carried out by one contractor. Of this amount • • •
€1.1m was for a contract where the tendering was carried out by a design team independent of TSD €1.5m was for contracts on foot of tendering through TSD The balance of €0.7m was awarded by TSD without a tendering process.
An examination of tenders sought through TSD concluded that, in a number of cases, there were reasons to doubt the authenticity of the tenders. In September 2001, a firm of quantity surveyors was commissioned by the Hospital to report on the value of works executed on site. This report found that procedures in TSD for preparing documentation, inviting tenders, awarding contracts, monitoring contracts and maintaining file records relating to the projects examined were deficient and recommended that ISO procedures be implemented. The firm concluded, on the basis of examining eight projects, that a reasonable cost for works undertaken was €368,858 (excl.VAT) while the amount charged to the Hospital was €782,180 (excl.VAT). The matter has been referred to the Garda Siochana whose investigations are still ongoing. I requested the Chief Executive Officer (CEO) of the Hospital to explain how arrangements designed to deter fraudulent or other dishonest conduct and to detect any that occurred were not effective over the period of years in which the problems in TSD continued. In particular I asked him •
why the operation of the audit committee did not have sufficient impact on the control environment to prevent the problems in TSD
•
when an internal audit function was first introduced in the hospital and why the problems in TSD were not brought to light until 2001.
•
what controls were in operation in the period in terms of thresholds and submission of documentation for board and/or senior management approval of contracts awarded
•
why such controls failed to prevent the problems in the TSD
•
details of changes in the system and operation of controls and the control environment since the problems came to light
•
what mechanisms the hospital has in place to monitor the efficiency, economy and effectiveness of expenditure and whether and to what extent expenditure under the control of TSD was monitored during the period in which the problems occurred
•
to outline the circumstances which allowed a member of staff to be employed on the basis of invalid documentation regarding their educational qualifications.
CEO's Response The CEO informed me that the Board of the Hospital first set up an Audit Committee in October 1995. The first internal auditor was appointed by the Hospital in April 1996. On 1 June 2000 the Audit Committee noted that the procedure for attendance at tender openings by the internal auditor was now in place and considered the report for 1999. The Committee noted that there had been "several teething problems". At the Audit Committee meeting on 31 July 2001 the Committee considered a report on tender opening for the year 2000. It noted that the Computer Department and TSD had not complied during 2000 but that both departments had undertaken to comply, and that TSD had been adhering to regulationsfrom 2001. As part of its modus operandi, the Audit Committee considered matters raised by the internal auditor or by external auditors. Neither the internal nor external auditors raised any concerns with the Audit Committee about tendering in TSD prior to 2000. Internal audit concentrated its attention on what were seen as major issues at the time, such as inventory, compliance with regulations and matters raised in management letters. Internal audit introduced attendance at tender openings on 5 January 1999, made efforts throughout 2000 to ensure compliance by TSD and was assured that full compliance was in place by January 2001. The first tender opening on 28 February 2001 to which internal audit was invited raised issues which it pursued to conclusion. In relation to controls over the award of contracts, the CEO said that there was provision for sign-off offender sheets by senior managers and this took place. As the tender summaries presented for signature were apparently correct, the senior manager
involved had no reason to suspect any irregularities. Apartfrom sign-off of contract summaries, no other segregation of duty controls operated. As regards the reason why the controls failed to prevent the problems in TSD, the CEO said that the TSD Manager went out of his way to circumvent the controls that did exist and, furthermore, when challenged by internal audit and Senior Management, he did everything possible to thwart investigations and to prevent change being implemented in the operation of the department. The CEO informed me that there had been a fundamental regime change in TSD including Senior Management change and a project management company now monitors all major project work. The hospital had introduced a number of policies to ensure full compliance with public procurement procedures: • • •
formal policies and procedures for purchasing in TSD were introduced on 17 April 2001 further TSD purchasing instructions were introduced on 27 August 2002 new quotation and tender procedures for TSD were introduced on 4 June 2003
•
a formal Procurement and Tendering Policy covering all procurement in the Hospital was approved by the Hospital Board on 12 August 2003 and now applies to all departments within the Hospital.
In addition, sign-off procedures had been strengthened and provision for examination of tenders before payment had been included in the procedures of the Finance function. On the question of mechanisms to monitor the efficiency, economy and effectiveness of expenditure, the CEO said that the Hospital took the view that by carrying out proper tendering procedures it optimised the use of resources. As in the case of TSD, if there is any doubt as to whether or not value for money has been achieved the Hospital can get an independent valuation carried out. External project managers had now been engaged to monitor all major projects and capital expenditure of a significant nature. In relation to the qualifications of the TSD Manager, the CEO said that the Hospital had been supplied with a certificate of registration that was accepted without further validation. This was in the context that the candidate had held similar engineering roles in other reputable organisations within Ireland for a number of years prior to employment with Beaumont Hospital. The recruitment process had now been reviewed and the policies and procedures now require that qualifications be validated for successful candidates prior to commencement of employment.
John Purcell Comptroller and Auditor General January 2004
The General Manager wrote to TSD for a third time in October 2000 expressing concern that TSD continued to obtain quotations and issue orders for work without going through the normal tendering process, and in many cases, commencing work without his approval. He reiterated that orders should not be issued without his prior approval and that normal procedures should be followed. He indicated that if this instruction were not obeyed he would have to take "appropriate action". In January 1999 the Hospital's internal auditor had circulated personnel responsible for procurement in the Hospital asking to be informed of the time, date and location of tender openings so as to permit internal audit to carry out spot checks to ensure that procedures were being followed. Notwithstanding this instruction, internal audit was not made aware of all tenders in 1999. In particular, TSD did not comply with this instruction, a fact which was communicated to the audit committee in June 2000. In July 2001 the audit committee was informed that TSD had not complied during 2000 but the General Manager assured the internal auditor that TSD was complying since the beginning of 2001. During the period January to March 2001 internal audit carried out thefirst of three audits on procurement in TSD. This audit focused exclusively on security installation contracts awarded by the Hospital since November 1999. The report identified a significant number of weaknesses and failures to comply with procedures in the award of these contracts. It found that • •
all of the work concerned was awarded to one contractor staff members in TSD were circumventing the hospital's purchasing system and were not adhering to the Hospital's policies and procedures • there was a lack of documentation on file and a lack of control by Hospital staff over the systems being implemented • the contractor to whom the work had been awarded could not produce valid insurance cover for the period November 1999 to January 2001 • a review of the work paid for established that €36,800 had been paid in respect of systems which were not working properly, a further €2,500 worth of materials had never been installed according to staff in the relevant department and €22,900 of equipment had been only partially installed, despite having been paid for in full • there was evidence of work that had already been completed being re-tendered by the contractor. The procedure in the Hospital is that internal audit reports once completed are issued in draft form to the relevant line manager for a reply; when a reply is received, the draft audit report and reply are issued to the appropriate Senior Manager; on receipt of a replyfrom the Senior Manager the report is formally issued to the audit committee. The audit report was issued in draft to the TSD Manager on 20 March 2001. He disputed the auditfindings and contested the recommendations. A copy of the draft audit report and the reply receivedfrom the TSD Manager was issued to the Deputy CEO on 23 April 2001 for his views. On 27 April 2001 the internal auditor and the Deputy CEO carried out a physical review of the disputed installation by means of a
walk around the site. As a result of this review the findings and the recommendations in the draft audit report remained largely unchanged. The second and third audit reports arose out of the attendance of the internal auditor at the opening of tenders on 18 May 2001 and 31 August 2001 respectively. These reports concluded that the Hospital's tendering policy had again been circumvented by TSD staff. They also cast serious doubt over the authenticity of some of the tenders. These reports were given to the TSD Manager on 28 August and 4 September with a request that he reply within a week. In September 2001, the TSD Manager resigned following the submission of his response to matters arising in the internal audit reports. On subsequent examination it was found that documentary evidence of educational qualifications submitted by the manager of TSD in support of his application for the position had been falsified. Consequent on these audit findings, a review was carried out by internal audit of all construction work on the hospital site over the period 1998 to 2001. This review noted that all work, to a value of €3.3m, had been carried out by one contractor. Of this amount • • •
€1.1m was for a contract where the tendering was carried out by a design team independent of TSD €1.5m was for contracts on foot of tendering through TSD The balance of €0.7m was awarded by TSD without a tendering process.
An examination of tenders sought through TSD concluded that, in a number of cases, there were reasons to doubt the authenticity of the tenders. In September 2001, a firm of quantity surveyors was commissioned by the Hospital to report on the value of works executed on site. This report found that procedures in TSD for preparing documentation, inviting tenders, awarding contracts, monitoring contracts and maintaining file records relating to the projects examined were deficient and recommended that ISO procedures be implemented. The firm concluded, on the basis of examining eight projects, that a reasonable cost for works undertaken was €368,858 (excl.VAT) while the amount charged to the Hospital was €782,180 (excl.VAT). The matter has been referred to the Garda Siochana whose investigations are still ongoing. I requested the Chief Executive Officer (CEO) of the Hospital to explain how arrangements designed to deter fraudulent or other dishonest conduct and to detect any that occurred were not effective over the period of years in which the problems in TSD continued. In particular I asked him •
why the operation of the audit committee did not have sufficient impact on the control environment to prevent the problems in TSD
•
when an internal audit function was first introduced in the hospital and why the problems in TSD were not brought to light until 2001.
•
what controls were in operation in the period in terms of thresholds and submission of documentation for board and/or senior management approval of contracts awarded
•
why such controls failed to prevent the problems in the TSD
•
details of changes in the system and operation of controls and the control environment since the problems came to light
•
what mechanisms the hospital has in place to monitor the efficiency, economy and effectiveness of expenditure and whether and to what extent expenditure under the control of TSD was monitored during the period in which the problems occurred
•
to outline the circumstances which allowed a member of staff to be employed on the basis of invalid documentation regarding their educational qualifications.
CEO's Response The CEO informed me that the Board of the Hospital first set up an Audit Committee in October 1995. The first internal auditor was appointed by the Hospital in April 1996. On 1 June 2000 the Audit Committee noted that the procedure for attendance at tender openings by the internal auditor was now in place and considered the report for 1999. The Committee noted that there had been "several teething problems". At the Audit Committee meeting on 31 July 2001 the Committee considered a report on tender opening for the year 2000. It noted that the Computer Department and TSD had not complied during 2000 but that both departments had undertaken to comply, and that TSD had been adhering to regulationsfrom 2001. As part of its modus operandi, the Audit Committee considered matters raised by the internal auditor or by external auditors. Neither the internal nor external auditors raised any concerns with the Audit Committee about tendering in TSD prior to 2000. Internal audit concentrated its attention on what were seen as major issues at the time, such as inventory, compliance with regulations and matters raised in management letters. Internal audit introduced attendance at tender openings on 5 January 1999, made efforts throughout 2000 to ensure compliance by TSD and was assured that full compliance was in place by January 2001. The first tender opening on 28 February 2001 to which internal audit was invited raised issues which it pursued to conclusion. In relation to controls over the award of contracts, the CEO said that there was provision for sign-off offender sheets by senior managers and this took place. As the tender summaries presented for signature were apparently correct, the senior manager
involved had no reason to suspect any irregularities. Apartfrom sign-off of contract summaries, no other segregation of duty controls operated. As regards the reason why the controls failed to prevent the problems in TSD, the CEO said that the TSD Manager went out of his way to circumvent the controls that did exist and, furthermore, when challenged by internal audit and Senior Management, he did everything possible to thwart investigations and to prevent change being implemented in the operation of the department. The CEO informed me that there had been a fundamental regime change in TSD including Senior Management change and a project management company now monitors all major project work. The hospital had introduced a number of policies to ensure full compliance with public procurement procedures: • • •
formal policies and procedures for purchasing in TSD were introduced on 17 April 2001 further TSD purchasing instructions were introduced on 27 August 2002 new quotation and tender procedures for TSD were introduced on 4 June 2003
•
a formal Procurement and Tendering Policy covering all procurement in the Hospital was approved by the Hospital Board on 12 August 2003 and now applies to all departments within the Hospital.
In addition, sign-off procedures had been strengthened and provision for examination of tenders before payment had been included in the procedures of the Finance function. On the question of mechanisms to monitor the efficiency, economy and effectiveness of expenditure, the CEO said that the Hospital took the view that by carrying out proper tendering procedures it optimised the use of resources. As in the case of TSD, if there is any doubt as to whether or not value for money has been achieved the Hospital can get an independent valuation carried out. External project managers had now been engaged to monitor all major projects and capital expenditure of a significant nature. In relation to the qualifications of the TSD Manager, the CEO said that the Hospital had been supplied with a certificate of registration that was accepted without further validation. This was in the context that the candidate had held similar engineering roles in other reputable organisations within Ireland for a number of years prior to employment with Beaumont Hospital. The recruitment process had now been reviewed and the policies and procedures now require that qualifications be validated for successful candidates prior to commencement of employment.
John Purcell Comptroller and Auditor General January 2004
