📋
Extraído del Informe Consolidado

Esta investigación fue publicada originalmente como parte de un informe consolidado más amplio que contiene múltiples investigaciones. Consulte el PDF consolidado para ver el documento completo.

Riverside County Grand Jury • 2022-2023

County of Riverside Risk Associated with the Lack of Vendor Management

2 pages
View PDF View Full Original

Findings and Recommendations 7 findings

F1
The Grand Jury finds the County does not have documented Standard Operating Procedures (SOP) for vendor management, on post-award contracts. The Grand Jury was unable to find specific guidance for oversight of vendor management as it relates to post-award contracts for goods and/or services. There are no defined or documented responsibilities for purchasing authorities related to post-award vendor contracts. These SOP would apply uniformly to both centralized and decentralized (embedded) purchasing authorities.
Related Recommendations (2)
R2
The Grand Jury recommends the Purchasing Division establish performance-based reviews on vendors. These should also be frequent as it enables the County to recognize emerging issues and remediate them prior to becoming a serious problem. High risk, at least annually. Moderate risk can be spaced to bi-annually. Low risk vendors are transactional, therefore reviews are not always necessary. However, certain events or issues may warrant a more frequent review, in particular a vendor who has experienced a data breach. Based on Findings 1, 2 Financial Impact: Minimal Implementation Date: June 30, 2024
R3
The Grand Jury recommends the Purchasing Division establish Standard Operating Procedures (SOP) responsibilities for post-award administration of contracts for goods and/or services. This would need to include the oversight of contract and vendor performance and ongoing monitoring of contract administration for compliance with contract requirements. Based on Finding 1 Financial Impact: Minimal Implementation Date: June 30, 2024
F2
The Grand Jury finds the County has no compliance administration oversight; periodic reviews of existing contracts to determine adherence to compliance mandates and protocols and to check for nonconformities. The recently added Procurement Compliance Officer has not established the administration of a County-wide Contract Compliance/Audit Program.
Related Recommendations (1)
R6
The Grand Jury recommends the Purchasing Division and Internal Audits, incorporate vendor management audits to review processes and ensure contracts contain adequate provisions for oversight; that vendors are held accountable for compliance with requirements; that the County’s contract administrators are fulfilling their required roles. Performing a vendor management audit can help highlight potential risks, inefficiencies and compliance issues, before they become a problem. Based on Findings 2, 7 Financial Impact: Minimal Implementation Date: June 30, 2024
F3
The Grand Jury finds the County has multiple vendor risks such as compliance, financial, information security, operational and reputation associated to regulations and best business practices, without a formal risk assessment or performance based review (contractually agreed upon expectations) of vendors on a regular scheduled timeframe.
Related Recommendations (1)
R1
The Grand Jury recommends the Purchasing Division establish formal risk assessments on vendors. Dependent upon whether the vendor is high risk, moderate risk or low risk will dictate the spacing of assessments. High risk, at least annually. Moderate risk can be spaced to bi- annually. Low risk vendors, every three years is sufficient. Based on Finding 3 Financial Impact: Minimal Implementation Date: June 30, 2024
F4
The Grand Jury finds the County has insufficiencies in the lack of required fields in the Purchasing module in PeopleSoft Financials 9.1; most prevalent being “Expire Date.”
Related Recommendations (1)
R4
The Grand Jury recommends the Purchasing Division establish County-wide standard procedures for optional data fields entered into the Purchasing module in PeopleSoft Financials 11 Riverside County Facilities Management Audit; Report Date: February 28, 2023 https://auditorcontroller.org/sites/g/files/aldnop171/files/2023-03/Internal%20Audit%20Report%202023- 004%20Riverside%20County%20Facilities%20Management%20Audit.pdf 12 9.1 (and all future PeopleSoft upgrades); to include contract comments, uploaded forms/templates, document naming convections and ensuring Purchase Orders are linked to existing established contracts. Based on Findings 4, 5 Financial Impact: Minimal Implementation Date: September 30, 2023
F5
The Grand Jury finds the County has no standard procedures for optional data entered into the Purchasing module in PeopleSoft Financials 9.1; this includes contract comments, forms/templates that are uploaded, document naming convections and linking Purchase Orders to existing established contracts. There is not any guidance or documentation to enforce consistency on vendor file structure.
No recommendations for this finding
F6
The Grand Jury finds the County has no documented processes, either queries or standardized reports, to extract active contract data from PeopleSoft Financials 9.1 in order to 11 monitor contract’s pivotal milestones, such as expiration date, contract’s total expended dollars, specific contract type, specific vendors, etc.
Related Recommendations (1)
R5
The Grand Jury recommends the Purchasing Division develop and incorporate standardized reporting tools to be used for routine monitoring of active contracts. Based on Finding 6 Financial Impact: Minimal Implementation Date: December 31, 2023
F7
The Grand Jury finds in the review of Internal Audit reports issued from 2017 through 2023, it was determined Internal Audits performed only one audit (issued in 202311) which focused on Purchasing policies and procedures. The audit highlighted several significant findings relating to “Purchasing Processes,” “Purchase Orders” and “Contract Monitoring.”
Related Recommendations (1)
R7
The Grand Jury recommends Internal Audits adopt the Institute of Internal Auditors six primary elements of vendor management, and expand the annual audit plan to include these for all County departments. Based on Finding 7 Financial Impact: Minimal Implementation Date: June 30, 2024