Capital project procurement audit – Ventigence Singapore
Major capital projects are key contributor of many companies’ organic growth strategy. Due to their innate nature such as: multi-year time horizon, significant financial commitment, deliverable and quality uncertainties…, they tend to face an enormous number of risks.
Capital project procurement audits should be a key part of a well-structured and in-depth construction audit program. If you want to know more about auditing capital projects, you might want to check the link below, for my article published by IIA Singapore.
The temporary nature, tight schedule and transaction velocity of major capital projects create additional risks within the project procurement function. On a relatively short notice, the PMO has to develop its project specific procurement policies and procedure in line with the project charter and the project management plan.
The design and development of the project procurement policies and procedure faces the following potential risks:
- Procurement policies and procedures are not aligned with the project management plan
- Internal controls are not integrated into the procedure
- No systematic, independent review and approval of the internal control design
- Design of controls is not effective in mitigating project procurement risks
- Segregation of duties risk is not properly analyzed and addressed
- Conflict of interest is not clearly defined
- Yearly conflict of interest declarations are not properly maintained and/or spot checked for potential misrepresentations
- Tendering through a closed bid process is not properly defined
- Technical and commercial bid evaluation process lacks detail and clarity…
For start, I would look at the project charter, project management plan, the EPC or EPCM agreement.
Let me give you more details in the section below.
Risk-based project procurement audit planning
First, diving into the project charter, one would gain a fundamental understanding of the project objectives, scope, key deliverable, project constrains, key stakeholders, etc.
Second, the project management plan provides a more in-depth knowledge of the project’s baseline for scope, schedule and costs. It also includes how management plans to control and monitor the project’s scope, cost, quality, schedule, procurement, risk etc.
Finally, we would look at the procurement management and oversight processes defined in EPC or EPCM agreement. This allows us to identify potential conflicts of interest in the compensation structure for the EPC or EPCM firms. Furthermore, we would gain a high-level insight into the procurement oversight mechanisms, which would be indicative of the overall control environment.
The approach presented above allows the auditor to assess existence of fundamental weaknesses in the procurement process control design. However, a risk-based procurement audit plan cannot be developed without a thorough review of the project procurement policies and procedure.
Ultimately, the auditor has to map out the various procurement risks (some listed in the section above) from both higher and lower level project documents. This exercise enables prioritization of procurement risk areas by the auditor and the development of a risk-based audit plan.
If you like my post, Do not forget to give Thumbs Up and post your Comments.
#procurement #internalaudit #governance #internalcontrols