While North Dakota University System Office officials accept the findings of a recent state auditor’s report, they contend the report didn’t take into account various factors, including that the division that was audited didn’t exist before 2013 and that rules around procurement have changed in recent years.
The audit report, released late Tuesday afternoon, looked at three areas, including a reciprocity agreement with Minnesota and two areas within the NDUS information technology division.
While the audit report listed no issues with the reciprocity agreement with Minnesota, it listed two areas of improvement needed in the technology division.
The audit showed that from July 2016 through June 2018, the information technology division of the university system, known as Core Technology Services, did not properly rebid five of the 14 contracts the audit tested. Those contracts totaled $3.2 million.
"Citizens should have confidence that contracts are awarded in a way that gets the best return on their investment,” Auditor Josh Gallion said. “Moving forward, CTS should take the necessary steps to comply with the rules.”
Procurement is the process of acquiring commodities or services, including acquisition of services, solicitation of bids/proposals, evaluation and selection of sources, preparation and awarding of a contract and contract administration. When procurement begins, a lead procurement officer is designated and then the process proceeds.
The NDUS procurements were for software and software maintenance contracts. The audit claims that the following contracts were not properly procured:
McGraw-Hill Education, Inc.: $750,000 – lacking supporting documents for procurement
T2 Systems Inc.: $275,000 – did not perform formal bidding
MSR Customs Corporation: $190,000 – did not perform formal bidding
Ex Libris USA Inc.: $370,000 – did not perform formal bidding
Ellucian Company LP: $1,600,000 – did not perform formal bidding
The audit states that “CTS was not aware that services … are required to go through the procurement process.” In addition, procurement records were not kept by other NDUS institutions who procured contracts for CTS. This failure meant competitive pricing was not obtained as required by NDUS and North Dakota law.
In its response, CTS says it “partially agrees with the findings.”
However, NDUS compliance officer Karol Riedman contends that there have been changes made around procurement within NDUS to improve the process and training. She also stated that three of the five original procurements took place before CTS was even formed in 2013.
“CTS agrees in two of the five cases that an alternate procurement process to document the variance from procurement procedures should have been conducted. CTS made changes to its practices after these procurements took place,” NDUS said in its response. “In the other three cases, CTS feels the findings do not accurately reflect current business processes and circumstances surrounding the original procurement.”
CTS says in two of the three remaining cases, a new procurement was performed either at the time or shortly following the transactions identified.
“In the final case, the original 2004 contract does reference (a request for proposal); however, CTS is not in possession of nor does CTS know of any documentation of the solicitation,” the audit stated. “CTS did re-sign a new contract in 2017 with current NDUS terms and conditions, but felt policy wasn’t clear that an Alternate Procurement was required to continue paying for support/maintenance of an existing software product.”
Speaking to the Herald Wednesday, Gallion said despite the fact that the procurements pre-dated CTS, those contracts should have been looked at sooner than 2017. State law and NDUS policy states that contracts should not last longer than 10 years, Gallion said.
“If that contract was initiated in 2004 then why wasn’t it relooked at in 2014? Why wait until 2017 and why didn’t they go through a competitive procurement process in 2017 when that contract was done?” Gallion said. “I understand that they say it was done before them, but they had an opportunity to go back and re-bid it to make sure that the North Dakota taxpayers, the students, they are not overpaying for services. That’s why we have these processes in place.”
Gallion said procurement processes force government institutions to reevaluate contracts in order to ensure the entity is not overpaying for various services.
Darin King, vice chancellor for information technology at NDUS, said in 2013 CTS took on “dozens and dozens” and possibly even hundreds of contracts that had been initiated on campuses. That meant those contracts had to be reorganized and reviewed.
“We caught this during the review process,” he said. “Granted, it was three years late and certainly we understand that and that’s why we did the recontracting (in 2017.)” King said the recontracting involved everything down to the terms and conditions.
King said the division now looks at the contracts every two years to ensure they are staying up-to-date with the contracts.
“We certainly recognize that in a couple of these cases we needed to do an alternate procurement to document our decisions,” King said.
To avoid future issues, CTS said it would "adjust procedures starting in June 2019 to utilize the Alternate Procurement procedure to document when we are resigning contracts to continue to provide existing IT services."
“As these are decided, proper procurement processes are followed,” CTS stated in the report. “However, it is important for us to note that until all software has been refreshed, findings such as this may continue to occur in the future.”
Billie Jo Lorius, spokeswoman for NDUS, said the audit will help the system be more accountable going forward.
“Some of this predates our current (workflow), but I think it’s good that it was found so that we can do the right thing going forward,” Lorius said.
Riedman agreed with Lorius’ statement, adding the university system has new training in place and other measures to ensure procurements are being carried out correctly.
“I feel like, as a compliance person, that everything is getting lined up and in a lot better shape,” she said. “We were just less organized and maybe needed some updating before that but things really are turning around now with all the new trainings and things that we have.”
The audit also found deficiencies with general ledger transactions within CTS. The audit claims that CTS did not approve journal entries for 27 out of the 32 items tested.
Gallion said this is a problem because the journal entries could be manipulated if there is no oversight for them.
“The reason that you want to approve all those ledger entries is to avoid any potential or minimize any potential for fraud or improper transactions,” Gallion said.
In its response, CTS said it agrees with the recommendation and as of spring 2019 it had already implemented mandatory workflows where all journal entries, whether initiated in house or not, are approved by the CTS controller.
NDUS Chancellor Mark Hagerott is on annual leave this week and was not available to discuss the audit report.