Connect Support Advance

White paper

Auditing Tender
Specifications
and Assessment
Criteria
UPDATED 2020

Level 7, 133 Castlereagh Street, Sydney NSW 2000 | PO Box A2311, Sydney South NSW 1235
T +61 2 9267 9155 F +61 2 9264 9240 E enquiry@iia.org.au www.iia.org.au
 Auditing Tender
Specifications and
Assessment Criteria
Contents level of risk. There is a trend internationally of expanding the
coverage of this type of legislation, such as foreign corrupt
Background 2 practices and anti-slavery.
- Purpose 2 High probity expectations and court decisions requiring
- Background 2 appropriate practices by tendering entities also increase
potential exposures.
Discussion 2
Tendering is additionally high risk due to a history of
- Issue 2
fraud, corruption and poor decision-making. The risks are
- History 2 exacerbated due to participation of people with limited
- Discussion 2 knowledge and experience of tendering, the tendency to
rely on bureaucratic rules at the cost of critical thought, and
- Understand the Context 3 an inclination to vastly underestimate the consequences or
- Objectives 3 likelihood of things going wrong in a particular tender being
- Lessons Learned 3 undertaken.

- Risks and Opportunities 3

Discussion
- Specification 4
Issue
- Assessment Criteria 4
- Weightings 5 Auditing tenders, especially tender specifications and
assessment criteria, is often complex. Many auditors focus on
Conclusion 5 procedural matters, such as tender electronic box opening,
- Summary 5 at the cost of taking a step back and looking critically at the
specifications and assessment criteria. It can be argued that
- Conclusion 5
the majority of tender failures are caused by problems in the
Bibliography and References 5 original specifications and assessment criteria.
Purpose of White Papers 5 History
Author’s Biography 5 There have been numerous court cases, media accounts and
About the Institute of Internal Auditors–Australia 6 reports by regulators, special commissions, parliamentary
Copyright 6 bodies, state and commonwealth auditors, anti-corruption
bodies, public sector ombudsmen, and other entities
Disclaimer 6 both in Australia and internationally, that have identified
serious failings in tender processes that can on occasion
be catastrophic. In many cases, auditors failed to identify
Background
problems in the tender process, even when they were auditing
Purpose real-time. Historically, tenders are often high-risk.

The purpose of this white paper is to help auditors effectively Discussion

audit tender specifications and the criteria used for selecting An analysis of reports about tender failures indicates tender
the tenderer to whom the contract will be awarded. These specifications and assessment criteria are often faulty
areas are critical to a successful tender process and, it may be because the drafters of them failed to:
argued, are the two areas that most frequently contribute to
tenders failing to achieve the desired outcomes, and resulting › Understand the context of the specific procurement.
in a range of significant problems to the organisation. › Consider the objectives of that specific procurement.
Background › Examine lessons learned from previous tenders, and the
Tendering is a high-risk area due to large payments to experience of others making similar procurements.
suppliers, potential reputational and brand damage and the › Identify and assess risks and opportunities relating to that
potential adverse consequences to strategies and operations procurement.
from poor decisions, fraud and corruption.
A well-developed report is potentially a powerful marketing
Legislation imposing significant penalties on organisations instrument for internal audit.
whose supply chain entities act unlawfully increases the

© 2020 - The Institute of Internal Auditors - Australia 2

 Auditing Tender
Specifications and
Assessment Criteria
Understand the Context management process, and be prepared after proper
consultation with key stakeholders.
It is common for a decision to be made about the procurement
method, for example, whether open tender or select tender Lessons learned
and then to go straight to drafting the specifications and
It is often valuable to consider lessons learned from previous
assessment criteria.
procurement experiences, and experiences of others, before
An essential stage, that is often missed, is to understand the drafting the specifications and assessment criteria. This can
context of the procurement. Missing this stage often results help to avoid mistakes and incorporate measures to increase
in a flawed process, inappropriate and missing specifications, chance of a successful outcome. Project management has
faulty assessment criteria and, poor decisions. Consequences shown that incorporating lessons learned can vastly improve
often include procurement that does not meet strategic and results.
operational needs, overpayments, inadequate quality, fraud
The key question is: “How can I take into account what
and corruption, and exposure to other significant risks such as
happened before, or happened to others, to make the
breach of legislation and reputational exposure.
specifications and assessment criteria more effective and
The context should cover both internal and external matters avoid failures and problems?”
relevant to the procurement.
Lessons learned might be considered from:
Ideally, there should be a document such as a procurement
› The previous tender for the services or goods.
strategy or plan that adequately explains the context, so
people involved in the procurement are given the information › Other similar tenders.
they need to understand key issues and make more informed
› The way the goods or services were delivered by the
decisions. The document will also help drafters of the contract
previous vendor.
and those involved in contract management.
› Experiences of other organisations who have tendered for
The length of the document will vary from tender to tender. It
similar goods and services.
may be a few paragraphs to many pages, depending on the
complexity, level of risk, and other factors. › Reports of media, research, regulators, public audit and
investigative bodies.
Good practice is for the document to include key assumptions
made. Invariably, assumptions are made, whether they relate Risks and opportunities
to technological matters, security of supply, financial factors,
Risks and opportunities should be properly considered.
legislative influences, compliance with ethical standards,
assurance matters, or anything else. If the key assumptions It is not uncommon for risk and opportunity assessments to
are clearly stated, they can be critically examined and if need be done primarily as a cut and paste exercise from previous
be, specific information requested from tenderers to address tenders, or done by listing risks in a generic way that has
those assumptions. These would be addressed in the risk and little value. It is essential for risk and opportunity assessments
opportunity assessment, or other appropriate measures taken. to be performed by really applying one’s mind to all the
Stating the key assumptions is useful so the specifications and circumstances of that particular procurement, and the
assessment criteria can be adapted to address uncertainties proposed use of the goods or services being procured.
and reduce exposure, if warranted.
There is frequently overlap between lessons learned and risks
Objectives and opportunities. However, because the methodologies are
different, a risk and opportunity assessment should always be
It is essential the objectives be clearly stated and answer
undertaken separately.
the question: “Why are we buying these goods or services?”
Generally, the overall reason should be stated, as well as any Factors the auditor may examine include:
individual components of the reason.
› Was the risk and opportunity assessment undertaken by
The detail in which objectives are stated should be sufficient people with the appropriate skills and experience?
to enable the specifications and assessment criteria to be
drafted, so they ensure the objectives will be met. › Did the risk and opportunity assessment include
consultation with sufficient people with relevant
The auditor should consider whether the objectives are knowledge of the specific strategic, operational and
reasonable, aligned with organisational objectives, clearly procurement issues?
stated, reasonably comprehensive, useful for people who
will be involved in the rest of the procurement and contract

© 2020 - The Institute of Internal Auditors - Australia 3

 Auditing Tender
Specifications and
Assessment Criteria
› Did the risk and opportunity assessment include specifications, and does the team have the required
appropriate research? understanding?
› Were all key risks and opportunities considered? Specifications can be audited through a number of audit
techniques, and ideally a mix of them, including:
› Has the cumulative effect of risks and opportunities been
considered? › A review of relevant documentation.
› Does the risk and opportunity assessment appear to › I nterviews with people, such as those who evaluated
be reasonable and in accordance with established the context and risks, drafted the specifications, the
processes and procedures? evaluation team, technical experts, tenderers and
potential tenderers.
› Have the risks and opportunities identified been recorded
in a way that is likely to help in the formulation of › A
review of the tender submissions to see if tenderers
specifications and assessment criteria, drafting of the appear to have understood the specifications and
contract and, future contract management? properly addressed them.
Specification › A
review of queries from potential tenderers in tender
briefings and through other channels.
The specifications are a significant determinant of the success
or failure of the procurement and any subsequent contract › A
review of evaluation records to see if the specifications
management. appear to have been clear, comprehensive, appropriately
addressed, and to see if the evaluation team appears to
Questions the auditor should consider include:
have understood them properly.
› In light of the context, do the specifications make sense?
Assessment criteria
› If each specification is met, will they cumulatively result in
It is not uncommon for procurements to fail catastrophically
the procurement objective being met?
because of poor assessment criteria and evaluation teams
› Is each specification necessary, and will it help meet the misapplying the criteria. The failure is often not evident
procurement objective? immediately after the procurement, and frequently only
becomes clear over the life of the contract. This generally
› Are the individual specifications aligned with each other?
allows the drafters of the assessment criteria and the
› D
o any of the specifications contradict or detract from evaluation team to escape accountability, not learn from
other specifications? their mistakes, and keep repeating their errors on other
procurements.
› Are there apparent gaps in the specifications?
Auditors may consider whether each criterion is:
› I s each specification clear, complete, and likely to be
understood by potential tenderers? › Necessary.
› I s each specification fair to all potential tenderers, not › Appropriate for the context.
unreasonably favouring or disadvantaging any potential
› S
ensible, useful and relevant in terms of the context, and
tenderers?
helpful for meeting the procurement objective.
› D
o the specifications cumulatively address all the
› Drafted so it does not detract from other criteria.
significant risks and opportunities, and will the information
provided by tenderers be adequate to assess risk Auditors may consider whether cumulatively the criteria:
mitigation by the tenderers?
› P
rovide sufficient transparency to tenderers that the
› I f appropriate, do the specifications cover the assurance evaluation will be fair and in compliance with appropriate
framework needed from the supplier of the goods or standards.
services?
› Result in the procurement objective being completely met.
› H
ave the specifications been reviewed carefully by a
› R
esults in all significant risks and opportunities being
person independent of their drafting?
addressed.
› H
ave reasonable measures been undertaken to give
› A
dequately address the assurance framework to be
the tender evaluation team an understanding of each
provided by the supplier.
specification, together with the cumulative effect of the

© 2020 - The Institute of Internal Auditors - Australia 4

 Auditing Tender
Specifications and
Assessment Criteria
Auditors should also consider whether the criteria were Bibliography and References
drafted by a person with sufficient knowledge and skill, and
whether the criteria were reviewed by someone independent Purpose of White Papers
of the drafting. A White Paper is a report authored and peer reviewed by
Auditors should review whether the evaluation team were experienced practitioners to provide guidance on a particular
given a clear understanding of what the criteria mean, and subject related to governance, risk management or control. It
how to use them in the tender evaluation. seeks to inform readers about an issue and present ideas and
options on how it might be managed. It does not necessarily
Weightings represent the position or philosophy of the Institute of
Assessment criteria are often weighted. It is common for the Internal Auditors–Global and the Institute of Internal Auditors–
weightings to be cut and pasted mindlessly from previous Australia.
procurements, arbitrary rather than carefully reasoned, Author’s Biography
not related to the objectives, opportunities and risks, and
therefore not necessarily appropriate for the procurement. Written by:
This can often result in the wrong tenderer being selected. Barry Davidow
Auditors should carefully consider whether the weightings: B.Com, B.Acc, M.TaxLaw, ACA, CFE, CRMA, PFIIA, Advanced
› Make sense for this specific procurement. Diploma of Government (Management), Diplomas in Risk
Management and Business Continuity, Government (Fraud
› T
ake into account stakeholder requirements, the context, Control), Government (Investigation) and International
opportunities and risks. Financial Management.
Barry was a Director of Fraud Prevention & Governance Pty
Conclusion Ltd and has over 20 years of experience in internal audit,
Summary fraud and corruption control, investigations, governance and
compliance. He has contributed to books on fraud control,
In auditing tender specifications and tender assessment computer fraud, communications and sociology.
criteria, auditors should consider the context and objectives
of the specific procurement, examine lessons learned He co-authored the IIA–Australia White Papers Auditing
from previous tenders, the experience of others making operational effectiveness, Corruption indicators in internal
similar procurements, and review the risk and opportunity audit, Conducting fraud and corruption investigations,
assessment relating to that procurement. Corruption related risks in decision making, Fraud and
corruption risk assessments, Fraud risk indicators, Auditing
Specifications are a significant determinant of the success or projects, Conflicts of interest in the award of contracts, and
failure of a procurement, and future contract management. Conflicts of interest: a framework.
This is why auditors should critically assess them.
Naveen Moda
It is not uncommon for procurements to fail catastrophically
because of poor assessment criteria and evaluation teams B.Com, Chartered Accountant (CA ANZ), Diploma in Public
misapplying the criteria. There are a range of factors that the Sector Management, Diploma in Investigation.
auditor should examine during an audit of the assessment Naveen is working with the NSW Government and has over
criteria. 15 years of internal audit experience. He has over 10 years
Conclusion of experience in the public sector, and has managed and
delivered a large range of operational, compliance and
In auditing tender specifications and tender assessment performance audits.
criteria, auditors should examine the individual factors listed
in this white paper, as well as taking a step back and critically He co-authored the IIA–Australia White Papers on Auditing
considering whether the specifications and tender assessment operational effectiveness and Auditing projects.
criteria make sense in the specific circumstances of that Edited by:
procurement.
Andrew Cox
MBA, MEC, GradDipSc, GradCertPA, DipBusAdmin,
DipPubAdmin, AssDipAcctg, CertSQM, PFIIA, CIA, CISA, CFE,
CGAP, CSQA, MACS Snr, MRMIA

© 2020 - The Institute of Internal Auditors - Australia 5

 Auditing Tender
Specifications and
Assessment Criteria
About the Institute of Internal Auditors–Australia time. Permission is not given for any commercial use or sale of
the material.
The Institute of Internal Auditors (IIA) is the global professional
association for Internal Auditors, with global headquarters in Disclaimer
the USA and affiliated Institutes and Chapters throughout the Whilst the Institute of Internal Auditors–Australia has
world including Australia. attempted to ensure the information in this White Paper is
As the chief advocate of the Internal Audit profession, the IIA as accurate as possible, the information is for personal and
serves as the profession’s international standard-setter, sole educational use only, and is provided in good faith without
provider of globally accepted internal auditing certifications, any express or implied warranty. There is no guarantee given
and principal researcher and educator. to the accuracy or currency of information contained in this
White Paper. The Institute of Internal Auditors–Australia does
The IIA sets the bar for Internal Audit integrity and not accept responsibility for any loss or damage occasioned
professionalism around the world with its ‘International by use of the information contained in this White Paper.
Professional Practices Framework’ (IPPF), a collection of
guidance that includes the ‘International Standards for the
Professional Practice of Internal Auditing’ and the ‘Code of
Ethics’.
The IIA–Australia ensures its members and the profession
as a whole are well-represented with decision-makers and
influencers, and is extensively represented on a number of
global committees and prominent working groups in Australia
and internationally.
The IIA was established in 1941 and now has more than
200,000 members from 190 countries with hundreds of local
area Chapters. Generally, members work in internal auditing,
risk management, governance, internal control, information
technology audit, education, and security.
Historians have traced the roots of internal auditing to
centuries BC, as merchants verified receipts for grain brought
to market. The real growth of the profession occurred in
the 19th and 20th centuries with the expansion of corporate
business. Demand grew for systems of control in companies
conducting operations in many locations and employing
thousands of people. Many people associate the genesis of
modern internal auditing with the establishment of the Institute
of Internal Auditors.
Copyright
This White Paper contains a variety of copyright material.
Some of this is the intellectual property of the author, some
is owned by the Institute of Internal Auditors–Global or the
Institute of Internal Auditors–Australia. Some material is
owned by others which is shown through attribution and
referencing. Some material is in the public domain. Except
for material which is unambiguously and unarguably in
the public domain, only material owned by the Institute of
Internal Auditors–Australia–Global and the Institute of Internal
Auditors–Australia, and so indicated, may be copied, provided
that textual and graphical content are not altered and the
source is acknowledged. The Institute of Internal Auditors–
Australia reserves the right to revoke that permission at any

© 2020 - The Institute of Internal Auditors - Australia 6