Beaumont Hospital Board

Supplement to Audit Report

Public Procurement and internal control

Public bodies are required in the conduct of their business to observe guidelines and
regulations in relation to the procurement of goods and services. The guidelines and
regulations are concerned with ensuring fairness and transparency in the award of
public contracts and ensuring the achievement of value for money.

The board of each public body is responsible for maintaining a proper system of
internal control designed, among other things, to ensure that appropriate procedures
are followed in relation to public procurement. Among the procedures which a large
organisation would normally be expected to have as part of its system of internal
control are
• measures to ensure an appropriate control environment including procedures
to deal with control failures
• formal procedures for preventing and detecting fraud
• procedures for monitoring the effectiveness of the internal control system such
as an audit committee and an effective internal audit function.

Procurement in Beaumont Hospital

The policy of Beaumont Hospital in relation to procurement was, and is, that
transparency and fairness should be evident in the tendering process and in the criteria
used for the award of the contract. This policy is supported by detailed procedures in
relation to the conduct of the tendering process.

In Beaumont Hospital the Technical Services Division (TSD) is responsible for the
provision of building and maintenance works and technical services. In May 1999 the
Hospital's General Manager wrote to the TSD Manager expressing concern about
work being commissioned by TSD and being completed before the appropriate
documentation was in place. He instructed that in future all tenders should be
approved by him prior to award of contract and that all documentation from the
contractor should be in place before commencing work and should be forwarded to
him with the recommendation to award the contract.

In July 2000 the General Manager again wrote to the TSD Manager. He expressed
concern at the use of Service Request Authorisations (SRAs) by TSD. SRAs were
intended to be used to permit urgent minor repairs to be carried out without the need
for tendering. The General Manager suggested that they were, in fact, being used to
circumvent previously agreed procedures. He also pointed out that, again in
contravention of previously agreed procedures, work was being undertaken without
his prior approval. He instructed that the practice of using SRAs for non-urgent work
should cease.
The General Manager wrote to TSD for a third time in October 2000 expressing
concern that TSD continued to obtain quotations and issue orders for work without
going through the normal tendering process, and in many cases, commencing work
without his approval. He reiterated that orders should not be issued without his prior
approval and that normal procedures should be followed. He indicated that if this
instruction were not obeyed he would have to take "appropriate action".

In January 1999 the Hospital's internal auditor had circulated personnel responsible
for procurement in the Hospital asking to be informed of the time, date and location of
tender openings so as to permit internal audit to carry out spot checks to ensure that
procedures were being followed. Notwithstanding this instruction, internal audit was
not made aware of all tenders in 1999. In particular, TSD did not comply with this
instruction, a fact which was communicated to the audit committee in June 2000. In
July 2001 the audit committee was informed that TSD had not complied during 2000
but the General Manager assured the internal auditor that TSD was complying since
the beginning of 2001.

During the period January to March 2001 internal audit carried out thefirst of three
audits on procurement in TSD. This audit focused exclusively on security installation
contracts awarded by the Hospital since November 1999.

The report identified a significant number of weaknesses and failures to comply with
procedures in the award of these contracts. It found that

• all of the work concerned was awarded to one contractor

• staff members in TSD were circumventing the hospital's purchasing system
and were not adhering to the Hospital's policies and procedures
• there was a lack of documentation on file and a lack of control by Hospital
staff over the systems being implemented
• the contractor to whom the work had been awarded could not produce valid
insurance cover for the period November 1999 to January 2001
• a review of the work paid for established that €36,800 had been paid in respect
of systems which were not working properly, a further €2,500 worth of
materials had never been installed according to staff in the relevant department
and €22,900 of equipment had been only partially installed, despite having
been paid for in full
• there was evidence of work that had already been completed being re-tendered
by the contractor.

The procedure in the Hospital is that internal audit reports once completed are issued
in draft form to the relevant line manager for a reply; when a reply is received, the
draft audit report and reply are issued to the appropriate Senior Manager; on receipt of
a replyfrom the Senior Manager the report is formally issued to the audit committee.

The audit report was issued in draft to the TSD Manager on 20 March 2001. He
disputed the auditfindings and contested the recommendations. A copy of the draft
audit report and the reply receivedfrom the TSD Manager was issued to the Deputy
CEO on 23 April 2001 for his views. On 27 April 2001 the internal auditor and the
Deputy CEO carried out a physical review of the disputed installation by means of a
walk around the site. As a result of this review the findings and the recommendations
in the draft audit report remained largely unchanged.

The second and third audit reports arose out of the attendance of the internal auditor at
the opening of tenders on 18 May 2001 and 31 August 2001 respectively. These
reports concluded that the Hospital's tendering policy had again been circumvented
by TSD staff. They also cast serious doubt over the authenticity of some of the
tenders. These reports were given to the TSD Manager on 28 August and 4
September with a request that he reply within a week.

In September 2001, the TSD Manager resigned following the submission of his
response to matters arising in the internal audit reports. On subsequent examination it
was found that documentary evidence of educational qualifications submitted by the
manager of TSD in support of his application for the position had been falsified.

Consequent on these audit findings, a review was carried out by internal audit of all
construction work on the hospital site over the period 1998 to 2001. This review
noted that all work, to a value of €3.3m, had been carried out by one contractor. Of
this amount

• €1.1m was for a contract where the tendering was carried out by a design team
independent of TSD
• €1.5m was for contracts on foot of tendering through TSD
• The balance of €0.7m was awarded by TSD without a tendering process.

An examination of tenders sought through TSD concluded that, in a number of cases,

there were reasons to doubt the authenticity of the tenders.

In September 2001, a firm of quantity surveyors was commissioned by the Hospital to

report on the value of works executed on site. This report found that procedures in
TSD for preparing documentation, inviting tenders, awarding contracts, monitoring
contracts and maintaining file records relating to the projects examined were deficient
and recommended that ISO procedures be implemented.

The firm concluded, on the basis of examining eight projects, that a reasonable cost
for works undertaken was €368,858 (excl.VAT) while the amount charged to the
Hospital was €782,180 (excl.VAT).

The matter has been referred to the Garda Siochana whose investigations are still
ongoing.

I requested the Chief Executive Officer (CEO) of the Hospital to explain how
arrangements designed to deter fraudulent or other dishonest conduct and to detect
any that occurred were not effective over the period of years in which the problems in
TSD continued. In particular I asked him

• why the operation of the audit committee did not have sufficient impact on the
control environment to prevent the problems in TSD
 • when an internal audit function was first introduced in the hospital and why
the problems in TSD were not brought to light until 2001.

• what controls were in operation in the period in terms of thresholds and

submission of documentation for board and/or senior management approval of
contracts awarded

• why such controls failed to prevent the problems in the TSD

• details of changes in the system and operation of controls and the control
environment since the problems came to light

• what mechanisms the hospital has in place to monitor the efficiency, economy
and effectiveness of expenditure and whether and to what extent expenditure
under the control of TSD was monitored during the period in which the
problems occurred

• to outline the circumstances which allowed a member of staff to be employed

on the basis of invalid documentation regarding their educational
qualifications.

CEO's Response
The CEO informed me that the Board of the Hospital first set up an Audit Committee
in October 1995. The first internal auditor was appointed by the Hospital in April
1996. On 1 June 2000 the Audit Committee noted that the procedure for attendance at
tender openings by the internal auditor was now in place and considered the report for
1999. The Committee noted that there had been "several teething problems". At the
Audit Committee meeting on 31 July 2001 the Committee considered a report on
tender opening for the year 2000. It noted that the Computer Department and TSD
had not complied during 2000 but that both departments had undertaken to comply,
and that TSD had been adhering to regulationsfrom 2001.

As part of its modus operandi, the Audit Committee considered matters raised by the
internal auditor or by external auditors. Neither the internal nor external auditors
raised any concerns with the Audit Committee about tendering in TSD prior to 2000.
Internal audit concentrated its attention on what were seen as major issues at the time,
such as inventory, compliance with regulations and matters raised in management
letters.

Internal audit introduced attendance at tender openings on 5 January 1999, made

efforts throughout 2000 to ensure compliance by TSD and was assured that full
compliance was in place by January 2001. The first tender opening on 28 February
2001 to which internal audit was invited raised issues which it pursued to conclusion.

In relation to controls over the award of contracts, the CEO said that there was
provision for sign-off offender sheets by senior managers and this took place. As the
tender summaries presented for signature were apparently correct, the senior manager
involved had no reason to suspect any irregularities. Apartfrom sign-off of contract
summaries, no other segregation of duty controls operated.

As regards the reason why the controls failed to prevent the problems in TSD, the
CEO said that the TSD Manager went out of his way to circumvent the controls that
did exist and, furthermore, when challenged by internal audit and Senior
Management, he did everything possible to thwart investigations and to prevent
change being implemented in the operation of the department.

The CEO informed me that there had been a fundamental regime change in TSD
including Senior Management change and a project management company now
monitors all major project work. The hospital had introduced a number of policies to
ensure full compliance with public procurement procedures:

• formal policies and procedures for purchasing in TSD were introduced on

17 April 2001
• further TSD purchasing instructions were introduced on 27 August 2002
• new quotation and tender procedures for TSD were introduced on 4 June
2003
• a formal Procurement and Tendering Policy covering all procurement in
the Hospital was approved by the Hospital Board on 12 August 2003 and
now applies to all departments within the Hospital.

In addition, sign-off procedures had been strengthened and provision for examination
of tenders before payment had been included in the procedures of the Finance
function.

On the question of mechanisms to monitor the efficiency, economy and effectiveness

of expenditure, the CEO said that the Hospital took the view that by carrying out
proper tendering procedures it optimised the use of resources. As in the case of TSD,
if there is any doubt as to whether or not value for money has been achieved the
Hospital can get an independent valuation carried out. External project managers had
now been engaged to monitor all major projects and capital expenditure of a
significant nature.

In relation to the qualifications of the TSD Manager, the CEO said that the Hospital
had been supplied with a certificate of registration that was accepted without further
validation. This was in the context that the candidate had held similar engineering
roles in other reputable organisations within Ireland for a number of years prior to
employment with Beaumont Hospital. The recruitment process had now been
reviewed and the policies and procedures now require that qualifications be validated
for successful candidates prior to commencement of employment.

John Purcell
Comptroller and Auditor General
January 2004