County of Riverside Risk Associated with the Lack of Vendor Management

The Grand Jury finds the County does not have documented Standard Operating Procedures (SOP) for vendor management, on post-award contracts. The Grand Jury was unable to find specific guidance for oversight of vendor management as it relates to post-award contracts for goods and/or services. There are no defined or documented responsibilities for purchasing authorities related to post-award vendor contracts. These SOP would apply uniformly to both centralized and decentralized (embedded) purchasing authorities.

The Grand Jury finds the County has no compliance administration oversight; periodic reviews of existing contracts to determine adherence to compliance mandates and protocols and to check for nonconformities. The recently added Procurement Compliance Officer has not established the administration of a County-wide Contract Compliance/Audit Program.

The Grand Jury finds the County has multiple vendor risks such as compliance, financial, information security, operational and reputation associated to regulations and best business practices, without a formal risk assessment or performance based review (contractually agreed upon expectations) of vendors on a regular scheduled timeframe.

The Grand Jury finds the County has insufficiencies in the lack of required fields in the Purchasing module in PeopleSoft Financials 9.1; most prevalent being “Expire Date.”

The Grand Jury finds the County has no standard procedures for optional data entered into the Purchasing module in PeopleSoft Financials 9.1; this includes contract comments, forms/templates that are uploaded, document naming convections and linking Purchase Orders to existing established contracts. There is not any guidance or documentation to enforce consistency on vendor file structure.

The Grand Jury finds the County has no documented processes, either queries or standardized reports, to extract active contract data from PeopleSoft Financials 9.1 in order to 11 monitor contract’s pivotal milestones, such as expiration date, contract’s total expended dollars, specific contract type, specific vendors, etc.

The Grand Jury finds in the review of Internal Audit reports issued from 2017 through 2023, it was determined Internal Audits performed only one audit (issued in 202311) which focused on Purchasing policies and procedures. The audit highlighted several significant findings relating to “Purchasing Processes,” “Purchase Orders” and “Contract Monitoring.”