Audit Release: Significant Cost Savings Can Be Achieved by Modernizing Oregon’s Procurement Systems and Practices


Report Highlights

The Department of Administrative Services (DAS) has taken steps to develop a strategic approach for procuring goods and services more efficiently and at lower costs. However, a lack of detailed purchase data inhibits the agency’s ability to analyze its spending, resulting in missed opportunities for potentially millions of dollars in cost savings. Additionally, although the Office of the State Chief Information Officer (OSCIO) has made some improvements in project oversight processes for major information technology (IT) procurements, those processes remain immature, resulting in inefficiencies and confusion for state agencies.

Background

DAS has the authority and responsibility to oversee procurements for state agencies. The OSCIO, a component of DAS, is responsible for overseeing major IT procurements conducted by the state. The OSCIO also has authority to require agencies to obtain independent quality assurance (QA) for IT projects.

Purpose

The purpose of this audit was to determine whether DAS has implemented effective processes to reduce risk and minimize costs associated with IT procurements. Furthermore, we sought to determine whether costs for QA services for major IT investments align with best practices and are appropriately independent.

Key Findings

  1. Due to reliance on legacy systems and outdated procurement processes, DAS Procurement Services does not adequately analyze state spending data. As a result, during the 2015-17 biennium, the state missed the opportunity to potentially reduce costs between $400 million and $1.6 billion based on DAS Procurement Services’ estimate of $8 billion in procurements during that time.
  2. Although efforts to improve procurement efficiencies and reduce costs through Oregon’s new Basecamp program generally align with best practices, the effectiveness of these efforts is limited due to a lack of detailed purchase data.
  3. The OSCIO has made progress in establishing oversight processes to mitigate significant procurement risks associated with major IT projects. However, some processes remain immature, and lack of training and guidance have contributed to confusion and frustration for agencies with projects subject to OSCIO oversight.
  4. The cost for QA services is below industry norms, averaging 3.5% of total project costs, with a median of 5.1%. Additionally, controls are appropriate to ensure QA remains independent, but report tracking should be strengthened.

Recommendations

Our report includes one recommendation to DAS to modernize strategic sourcing efforts and four recommendations to the OSCIO to strengthen IT investment oversight processes. DAS and the OSCIO agreed with all of our recommendations. The agency’s response can be found at the end of the report.

Read full report here.

Auditors at Work Featured IT Audit New Audit Release

Audit Release: Opportunities Exist to Increase the Impact of State Agency Internal Audit Functions


Report Highlights

When internal audit functions are properly structured and resourced, they are a valuable asset for mitigating risks and improving agency performance and accountability. However, internal auditing has not been a priority in Oregon. Although the Department of Administrative Services (DAS) has the authority to create policy and a legal requirement to support audit functions, the agency has not strategically promoted the role of internal audit functions due to a number of factors. DAS has not effectively monitored, coordinated, or reported on internal audit function impacts, challenges, and resource needs to state legislators and other stakeholders.

Background

Internal audit functions help organizations achieve their objectives and improve performance. The Oregon Legislature determined internal audit activities within state government should be coordinated to promote effectiveness, and directed DAS to adopt rules and set standards to ensure the integrity of internal auditing.

Purpose

The purpose of this audit was to determine the steps DAS should take to more effectively coordinate state internal audit functions, and what actions can be taken to increase the impact of these critical functions.

Key Findings

  1. The effectiveness of an agency’s internal audit function is defined by the tone at the top. In general, the internal audit function at state agencies in Oregon is not prioritized or well understood by agency management and the Legislature. Many current challenges and deficiencies have persisted for more than two decades.
  2. Internal audit independence and impact is directly influenced by the effectiveness of the audit committee and the committee’s relationship with agency leadership. Internal audit functions in some state agencies do not follow important elements of professional audit standards that ensure independence from management. These deficiencies reduce the effectiveness of the functions and leave agencies more vulnerable to fraud, wasted taxpayer dollars, and other substantial risks.
  3. Poor guidance and a lack of strategic management and effective coordination from DAS has contributed to internal audit challenges at state agencies. DAS reporting on statewide internal audit activities and impact could be a valuable tool for both internal auditors and policymakers, but DAS reports are often inaccurate, confusing, and uninformative.
  4. Many internal audit functions are staffed by well-trained, qualified professionals who make contributions to the agencies they serve despite governance and resource challenges. With additional emphasis and resources they could increase their value and return on investment potential.

Recommendations

We include 16 recommendations to DAS intended to enhance the value and impact of state agency internal audit functions. DAS agreed with 13 of 16 recommendations. The agency declined to say whether it agreed or disagreed with three recommendations.

 

Read full report here.

Featured New Audit Release Performance Audit