Secure Border Initiative
Controls over Contractor Payments for the Technology Component Need Improvement Gao ID: GAO-11-68 May 25, 2011In 2005, the Department of Homeland Security (DHS) initiated a multibillion-dollar contract to secure part of the nation's borders, the Secure Border Initiative (SBI). At that time, SBI was to include a single solution technology component; SBInet. DHS assigned the U.S. Customs and Border Protection (CBP) responsibility for overseeing the SBI contract, including SBInet. In January 2011, DHS announced that it was ending SBInet, and replacing it with a new technology portfolio. GAO was asked to (1) assess CBP's controls over payments to the prime contractor under the original SBInet program, and (2) provide information about the SBI program prime contractor's reporting against small business subcontracting goals. GAO assessed CBP controls against federal standards for internal control and relevant federal regulatory provisions, and summarized data on contractor performance against small business contracting goals.
GAO's review of CBP's controls over payments to the prime contractor under the original SBInet program identified the need to improve controls in two critical areas. Specifically, GAO found that CBP's design of controls for SBInet contractor payments did not (1) require invoices with sufficiently detailed data supporting billed costs to facilitate effective invoice reviews or (2) provide for sufficiently detailed, risk-based invoice review procedures to enable effective invoice reviews prior to making payments. Although CBP's established procedures were based on the Federal Acquisition Regulation (FAR), GAO identified numerous instances of CBP contracting officers lacking detailed support in the SBInet contractor invoices they received for review. Because CBP's preventative controls were not fully effective, the agency will continue to (1) be impaired in providing assurance that the reported $780 million it already paid to the contractor under the original SBInet program was allowable under the contract, in the correct amount, and only for goods and services provided, and (2) rely heavily on detective controls (such as timely, effective contract closeout audits) for all SBInet funds disbursed. Further, timely action to improve CBP's preventative controls is critical for the estimated $80 million in original SBInet program funds yet to be disbursed. Also, in light of the recent DHS announcement that it is replacing the originally conceived SBInet program with a new technology portfoliobased approach, GAO's findings concerning weaknesses in CBP's design of controls over payments to the prime contractor under the recently ended SBInet program can serve as "lessons learned" to be considered in designing and implementing controls as part of the newly announced portfolio-based approach to providing technological support to border security. With respect to performance against small business contracting goals, the prime contractor reported that it met two of the six small business subcontracting goals for the overall SBI program. Specifically, it reported that it met subcontracting participation goals for Historically Underutilized Business Zone and Veteran-Owned small business categories, but was unable to meet the other four small business goals because a large steel purchase significantly reduced the subcontract dollars available for small businesses to participate in the SBI contract. GAO makes five recommendations to improve CBP controls over prime contractor payments under the SBInet and the successor technology portfolio, including actions to strengthen invoice review procedures, provide more detailed support, and to better focus closeout audits. DHS concurred in principle with all recommendations, but for some, DHS also commented on the cost-effectiveness or others' role in implementation. GAO addresses these comments in the report.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Susan Ragland Team: Government Accountability Office: Financial Management and Assurance Phone: (202) 512-8486GAO-11-68, Secure Border Initiative: Controls over Contractor Payments for the Technology Component Need Improvement
This is the accessible text file for GAO report number GAO-11-68
entitled 'Secure Border Initiative: Controls over Contractor Payments
for the Technology Component Need Improvement' which was released on
May 26, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Report to Congressional Requesters:
May 2011:
Secure Border Initiative:
Controls over Contractor Payments for the Technology Component Need
Improvement:
SBInet Contractor Payment Controls:
GAO-11-68:
GAO Highlights:
Highlights of GAO-11-68, a report to congressional requesters.
Why GAO Did This Study:
In 2005, the Department of Homeland Security (DHS) initiated a
multibillion-dollar contract to secure part of the nation‘s borders,
the Secure Border Initiative (SBI). At that time, SBI was to include a
single solution technology component; SBInet. DHS assigned the U.S.
Customs and Border Protection (CBP) responsibility for overseeing the
SBI contract, including SBInet. In January 2011, DHS announced that it
was ending SBInet, and replacing it with a new technology portfolio.
GAO was asked to (1) assess CBP‘s controls over payments to the prime
contractor under the original SBInet program, and (2) provide
information about the SBI program prime contractor‘s reporting against
small business subcontracting goals. GAO assessed CBP controls against
federal standards for internal control and relevant federal regulatory
provisions, and summarized data on contractor performance against
small business contracting goals.
What GAO Found:
GAO‘s review of CBP‘s controls over payments to the prime contractor
under the original SBInet program identified the need to improve
controls in two critical areas. Specifically, GAO found that CBP‘s
design of controls for SBInet contractor payments did not (1) require
invoices with sufficiently detailed data supporting billed costs to
facilitate effective invoice reviews or (2) provide for sufficiently
detailed, risk-based invoice review procedures to enable effective
invoice reviews prior to making payments. Although CBP‘s established
procedures were based on the Federal Acquisition Regulation (FAR), GAO
identified numerous instances of CBP contracting officers lacking
detailed support in the SBInet contractor invoices they received for
review.
Table: Excerpt of a SBInet Prime Contractor September 12 through 25,
2008, Invoice Showing Cost Data Submitted for CBP Review and Payment:
Other Direct Cost: $107,889.73;
Travel: $108,148.57;
Overtime Premium: $52.00;
Direct Labor: $1,518,873.38.
Source: GAO analysis of CBP records of contractor invoice.
[End of table]
Because CBP‘s preventative controls were not fully effective, the
agency will continue to (1) be impaired in providing assurance that
the reported $780 million it already paid to the contractor under the
original SBInet program was allowable under the contract, in the
correct amount, and only for goods and services provided, and (2) rely
heavily on detective controls (such as timely, effective contract
closeout audits) for all SBInet funds disbursed. Further, timely
action to improve CBP‘s preventative controls is critical for the
estimated $80 million in original SBInet program funds yet to be
disbursed. Also, in light of the recent DHS announcement that it is
replacing the originally conceived SBInet program with a new
technology portfolio-based approach, GAO‘s findings concerning
weaknesses in CBP‘s design of controls over payments to the prime
contractor under the recently ended SBInet program can serve as ’
lessons learned“ to be considered in designing and implementing
controls as part of the newly announced portfolio-based approach to
providing technological support to border security.
With respect to performance against small business contracting goals,
the prime contractor reported that it met two of the six small
business subcontracting goals for the overall SBI program.
Specifically, it reported that it met subcontracting participation
goals for Historically Underutilized Business Zone and Veteran-Owned
small business categories, but was unable to meet the other four small
business goals because a large steel purchase significantly reduced
the subcontract dollars available for small businesses to participate
in the SBI contract.
What GAO Recommends:
GAO makes five recommendations to improve CBP controls over prime
contractor payments under the SBInet and the successor technology
portfolio, including actions to strengthen invoice review procedures,
provide more detailed support, and to better focus closeout audits.
DHS concurred in principle with all recommendations, but for some, DHS
also commented on the cost-effectiveness or others‘ role in
implementation. GAO addresses these comments in the report.
View [hyperlink, http://www.gao.gov/products/GAO-11-68] or key
components. For more information, contact Susan Ragland at (202) 512-
9095 or raglands@gao.gov.
[End of section]
Contents:
Letter:
Background:
Controls over Prime Contractor Payments for SBI Technology Component
Need Improvement:
SBI's Prime Contractor Reported That It Met Two of Its Six Small
Business Subcontracting Goals:
Implications of January 2011 Decision to End the Original SBInet
Program:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: GAO Contact and Staff Acknowledgments:
Table:
Table 1: Summary of Prime Contractor's Reporting on Small Business
Participation Awards versus Goals for the SBI Program:
Figures:
Figure 1: DHS and CBP Organizational Components that had SBI Contract
Oversight Responsibilities:
Figure 2: Process for Paying SBInet Invoices:
Figure 3: Example of SBInet Prime Contractor Voucher with Lump Sum
Amounts by Cost Element Submitted for CBP Review and Payment:
Abbreviations:
CBP: U.S. Customs and Border Protection:
CO: contracting officer:
COTR: contracting officer's technical representative:
DCAA: Defense Contract Audit Agency:
DHS: Department of Homeland Security:
FAR: Federal Acquisition Regulation:
HSAM: Department of Homeland Security Acquisition Manual:
HSAR: Department of Homeland Security Acquisition Regulation:
HUBZone: Historically Underutilized Business Zone:
IDIQ: Indefinite Delivery/Indefinite Quantity:
NFC: National Finance Center:
OTIA: Office of Technology Innovation and Acquisition:
SBA: Small Business Administration:
SBI: Secure Border Initiative:
SBInet: Secure Border Initiative Network:
SOP: standard operating procedures:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
May 25, 2011:
The Honorable Peter T. King:
Chairman:
The Honorable Bennie G. Thompson:
Ranking Member:
Committee on Homeland Security:
House of Representatives:
The Honorable Michael T. McCaul:
Chairman:
The Honorable William R. Keating:
Ranking Member:
Subcommittee on Oversight, Investigations, and Management:
Committee on Homeland Security:
House of Representatives:
The Honorable Gus M. Bilirakis:
Chairman:
The Honorable Laura Richardson:
Ranking Member:
Subcommittee on Emergency Preparedness, Response, and Communications:
Committee on Homeland Security:
House of Representatives:
The Department of Homeland Security's (DHS) Secure Border Initiative
(SBI), begun in November 2005, was intended as a multiyear effort to
secure the nation's borders. At that time, the Secure Border
Initiative-network (SBInet) component of SBI was intended to provide a
single technology-based solution for the nation's entire Southwest
border using a highly integrated set of fixed sensor towers. The U.S.
Customs and Border Protection (CBP), a component of DHS, was assigned
responsibility for monitoring and overseeing the prime contractor,
including contractor payments, for both the overall SBI and SBInet
programs.
Since its inception, we have issued a number of reports highlighting
issues concerning technical problems, cost overruns, and schedule
delays with the SBI program[Footnote 1].1 In March 2010, the Secretary
of Homeland Security announced a freeze on all SBInet program
disbursements, with the exception of SBInet contractual agreements to
support technology-based security for a 53-mile section along the
Arizona border. In January 2011, the Secretary directed CBP to
terminate the SBInet program as originally conceived, and instead
focus on developing terrain-and population-based solutions utilizing
existing proven technologies. The Secretary also provided that while
the new technology approach should include elements of the former
SBInet program where appropriate, DHS did not plan to use the current
contract to procure any of the technology systems under the new
approach, but rather would solicit competitive offers. Since the
inception of the SBI program, for which Congress has appropriated a
total of about $4.4 billion through fiscal year 2010, about $1.5
billion of that amount has been available for the original SBInet
program. As of January 2011, CBP reported it had paid the prime
contractor a total of about $780 million under the original SBInet
program, and had obligated, but not yet disbursed, almost an
additional $80 million.
In response to your request, this report provides (1) our assessment
of CBP's controls over payments to the prime contractor related to the
original SBInet program and (2) information about the overall SBI
program prime contractor's reporting on the extent to which it met
small business subcontracting goals. In addition, this report provides
our analysis of the implications of the January 2011 DHS SBInet
termination decision on our findings and conclusions related to prime
contractor payment controls under the original SBInet program.
To accomplish our first objective, we assessed the original SBInet
program's internal controls over prime contractor payments in
comparison with our Standards for Internal Control in the Federal
Government[Footnote 2] and other relevant criteria, including relevant
provisions of the Federal Acquisition Regulation (FAR), the Department
of Homeland Security Acquisition Regulation (HSAR), DHS policies, and
CBP procedures. We conducted structured interviews with CBP officials
and a walk-through of CBP's prime contractor invoice review, approval,
and processing procedures under the original SBInet program.[Footnote
3]
We also selected five task orders issued by CBP under the prime
Indefinite Delivery/Indefinite Quantity (IDIQ) contract to review.
[Footnote 4] These task orders represented 84 percent of all payments
made to the prime contractor and 79 percent of the total value of all
task orders from the original SBInet program's inception in November
2005 through the end of fiscal year 2009. The selected task orders
included types priced on both a fixed price and cost reimbursement
basis and included both open and closed task orders. For each of the
five task orders selected for review, we obtained and reviewed
available contract documentation, including individual task orders,
task order modifications, statements of work, and invoices. We also
obtained available information related to all 99 invoices submitted
under the five task orders for the purpose of assessing the extent to
which they complied with the original SBInet contract and were
properly supported.[Footnote 5]
To address our second objective of providing information about DHS's
prime contractor's reporting on the extent to which it met small
business subcontracting goals for the overall SBI program, we obtained
and summarized information from the prime contractor's Subcontractor
Plan, the prime contractor's five semiannual Small Business
Subcontracting Review Summit reports from November 2007 through May
2010, and documentation supporting the prime contractor's small
business subcontracting award reports. We did not assess or validate
the accuracy or reliability of the contractor's reporting and
supporting data.
We also gathered and assessed information DHS provided concerning its
January 2011 decision to terminate the original SBInet program.
Specifically, we assessed information provided in terms of its
implications for the remaining funds yet to be disbursed under the
original SBInet program, SBInet contract closeout audits, and the
limited information available as to the contractor and related
contractor payment controls under the new technology portfolio
approach.
We conducted this performance audit from June 2009 to April 2011,
[Footnote 6] in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives.
Background:
Figure 1 provides an overview of CBP organizational components that
had prime contractor invoice review, approval, and payment
responsibilities under the original SBInet program.
Figure 1: DHS and CBP Organizational Components that had SBI Contract
Oversight Responsibilities:
[Refer to PDF for image: organization chart]
Top level: DHS.
Second level, reporting to DHS: CBP.
Third level, reporting to CBP:
* National Finance Center (NFC);
* Office of Administration Procurement Directorate;
* Office of Technology Innovation and Acquisition (OTIA)[A].
Fourth level, reporting to Office of Administration Procurement
Directorate:
* Enterprise Contracting Office;
- SBI Contracting Division.
Fourth level, reporting to Office of Technology Innovation and
Acquisition (OTIA):
* SBI Program Management Office;
- SBI Business Operations Division.
Source: GAO analysis of SBI documentation.
[A] This office was created in November 2010. According to DHS
officials, SBI was eliminated under the OTIA reorganization.
[End of figure]
CBP's Contracting Division, which is part of the Office of
Administration Procurement Directorate's Enterprise Contracting
Office, was assigned SBInet program prime contractor management and
administrative responsibilities, including receiving and approving or
rejecting invoices. The Office of Technology Innovation and
Acquisition within CBP was assigned responsibility for managing key
program and contractor oversight acquisition functions associated with
SBInet, such as verifying and accepting contract deliverables. This
office was also to work closely with CBP's SBI Contracting Division.
Contracting officers (CO)[Footnote 7] and contracting officer's
technical representatives (COTR)[Footnote 8] in the SBI Contracting
Division were assigned responsibility for reviewing invoices and
maintaining contract files. The SBI Business Operations Division was
responsible for providing CO-approved invoices to CBP's National
Finance Center (NFC) for processing contractor invoices for payment.
In carrying out its assigned prime contractor invoice-related
responsibilities under the original SBInet program, CBP relied on the
FAR, HSAR, as well as DHS, CBP, and SBI program policies and
procedures. The overarching policy for federal contracting is the FAR.
DHS issued a supplemental regulation, HSAR, an acquisition manual for
DHS contracting and, in October 2008, CBP's SBI Contracting
Division[Footnote 9] issued standard operating procedures (SOP)
setting out required review, approval, and processing steps for all
SBI prime contractor invoice processing.[Footnote 10]
Figure 2 provides an overview of CBP's process for reviewing,
approving, and paying prime contractor invoices under the original
SBInet program.
Figure 2: Process for Paying SBInet Invoices:
[Refer to PDF for image: illustration]
Prime contractor:
submits invoice to Contracting Officer‘s Technical Representative
(COTR), Contracting Officer (CO), and National Finance Center (NFC)
(automated process).
CBP: Contracting Division:
COTR: Reviews invoice and recommends payment or rejection of invoice
to CO (automated process);
CO: Obtains COTR rejection or approval, approves or rejects invoice, and
notifies SBI‘s Business Operations Division (automated process).
CBP: Business Operations Division:
For approved invoices, verifies available funding, communicates
payment approval or wire transfer request,and enters information in
SAP (automated process);
Wire transfer request (manual process).
CBP: NFC:
Processes invoice upon receipt of CO and SBI‘s Business Operations
Division approval in SAP and sends payment information to Treasury;
(automated process);
SAP: Financial management and reporting system; records payment
information and general ledger details (automated process).
U.S. Department of the Treasury:
Receives payment information from SAP (automated process);
Pays invoice to Prime contractor via electronic funds transfer or wire
transfer (automated process).
Source: GAO analysis of SBI documentation.
[End of figure]
CBP's process for reviewing, approving, and paying prime contractor
invoices under the original SBInet program relies on both preventative
and detective controls.[Footnote 11] Generally, preventative controls
are more efficient and effective than detective controls. CBP's
detective controls began with SBInet's prime contractor submitting an
invoice to the SBI Contracting Division's CO, COTR, and CBP's NFC for
review. After reviewing the invoice, the COTR was responsible for
recommending whether the CO should approve or reject the invoice. If
the CO and COTR approved an invoice, the CO was to notify the SBI
Business Operations Division within the Program Management Office to
check for fund availability.[Footnote 12] If funds were available,
CBP's NFC was to be notified to process the invoice for payment.
Further, while not required, CBP's COs may request the Defense
Contract Audit Agency (DCAA), a defense agency within the U.S.
Department of Defense, to conduct an invoice review or rate
verification for any invoice. In addition, CBP officials told us that
the CO will always request DCAA to conduct a closeout audit (a
detective control) for any task order, although this is not required.
[Footnote 13] DHS's Office of Procurement provides that the CO submit
a memorandum to request a final audit for the entire IDIQ contract, or
any of it delivery order, or task order components.
Controls over Prime Contractor Payments for SBI Technology Component
Need Improvement:
Under the original SBInet program, CBP took actions intended to
establish internal controls over contractor payments. CBP established
SOPs setting out required contractor invoice review, approval, and
processing steps for CBP's COs and COTRs to follow. These procedures
were based on requirements in the FAR. We identified the need to
improve CBP's controls in two important areas. Specifically, we
identified the need to improve CBP's preventative controls over
payments to the SBInet program contractor with respect to requiring:
* invoices with sufficiently detailed data supporting billed costs to
facilitate effective invoice review and:
* specific, sufficiently detailed, risk-based invoice review
procedures to enable full, effective, and documented reviews prior to
making payments.
Because CBP's preventative controls were not fully effective, the
agency will continue to (1) be impaired in its ability to provide
assurance that the estimated $780 million already paid the prime
contractor under the original SBInet program was proper and allowable,
in the correct amount, and only for goods and services provided and
(2) rely heavily on detective controls (primarily contract closeout
audits) for assurance concerning the propriety of SBInet program
disbursements. Further, until CBP takes action to improve its
preventative controls, it will continue to be impaired in its ability
to effectively review the estimated $80 million obligated, but yet to
be disbursed, to the prime contractor under the original SBInet
program. In addition, our findings have implications as possible
"lessons learned" for DHS to consider and address as appropriate in
designing and implementing contract payment controls for its new
technology portfolio approach.
Detailed Data Supporting Invoiced Costs Not Required:
Standards for Internal Control in the Federal Government and related
guidance provide that an entity's internal controls should enable it
to verify that ordered (invoiced) goods and services were proper and
met the government's specifications.[Footnote 14] CBP's policies and
related SOPs applicable to the original SBInet program required the
prime contractor to submit invoices showing total costs incurred by
cost element (i.e., direct labor, direct materials, major
subcontracts, other direct costs, overtime premium, overhead, travel,
and general and administrative expenses). However, CBP's policies and
procedures did not require the invoices to include any additional
supporting detail. Not requiring such detail not only precluded us
from testing whether invoiced costs complied with the SBInet contract
and were properly supported, but, more important, resulted in numerous
instances in which CBP's COs and COTRs did not have the detailed
support they needed to effectively review the SBInet contractors'
invoices. For example, in one instance a CO requested additional
detailed information such as travel dates and travel destinations to
review the reasonableness of a lump sum invoiced cost amount for
travel.
Figure 3 shows an example of a SBInet prime contractor invoice
submitted and paid for costs incurred for the period from September 12
through 25, 2008. Figure 3 also highlights lump sum invoiced costs for
the "Direct Labor" and "Travel" cost elements.
Figure 3: Example of SBInet Prime Contractor Voucher with Lump Sum
Amounts by Cost Element Submitted for CBP Review and Payment:
[Refer to PDF for image: illustration]
Example of cost element: Travel;
Cost element amount billed for current period (Sept. 12, 2008 through
Sept. 25, 2008: $108,148.57.
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $202,490.24.
Example of cost element: Direct Labor;
Cost element amount billed for current period (Sept. 12, 2008 through
Sept. 25, 2008: $1,518,873.38.
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $20,800,218.64.
Total:
Cost element amount billed for current period (Sept. 12, 2008 through
Sept. 25, 2008: $3,705,718.70.
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $45,571,243,06.
Source: GAO analysis of CBP's records of contractor vouchers.
[End of figure]
In this example, the SBInet prime contractor billed, and CBP paid, a
total of $3,705,718.70, including $1,518,873.38 for the period for
direct labor without any supporting details such as the hours worked
and labor rate category. Supporting details are necessary to allow
reviewing officials to determine, for example, whether the appropriate
rate was charged and to assess the reasonableness of the hours charged.
Similarly, for the $108,148.57 billed for travel for the period, the
contractor did not provide supporting details necessary for a
reviewing official to assess the amount claimed, such as the purpose
of the trip and travel destination. Supporting details help CBP's COs
and COTRs assess the propriety of invoice cost elements billed to the
government, and effectively review the prime contractor's invoices.
Lacking sufficiently detailed data supporting the original SBInet
contractor's invoiced costs, we were unable to determine whether the
99 invoices we sampled for review were proper and in compliance with
original SBInet program contract provisions. Our review identified
numerous instances of CBP CO and COTR frustration when they were
unable to obtain detail to support SBInet contractor lump sum invoiced
costs, despite repeated requests. The SBInet prime contractor denied
these requests on the basis that CBP's policies did not require
supporting detail. CBP paid the invoiced amounts in all cases.
In November 2009, CBP requested, and the SBInet prime contractor began
providing, some additional information with its invoices submitted
under the original SBInet program task orders. For example, the prime
contractor included additional information on work performed for the
invoice period. However, the additional information the contractor
provided did not include sufficient additional detail needed to
support an effective review of invoiced costs, such as hours worked,
labor rate category, purpose of travel, or travel destination.
CBP could have relied on a provision of the contract to obtain
additional support for lump sum invoiced costs. That is, as authorized
by the contract's Allowable Cost and Payment Clause (FAR 52.216-7 (a)
(1)), CBP could have required the SBInet contractor to provide, in
such form and with reasonable details, support for lump sum invoiced
cost element claims. CBP and SBI Contracting Division management
officials told us they were aware of their ability to obtain
supplemental detailed supporting cost information under the FAR
Allowable Cost and Payment clause. However, they also told us that CBP
made a business decision for the overall SBI program (including the
original SBInet program) not to request such detailed supporting data
from its prime contractor, but rather to rely on other oversight
mechanisms (such as closeout audits) to help identify any contractor
billing issues.
Closeout audits are less effective as a control to identify or correct
any contractor payment issues because they may not be conducted until
a number of years after completion of a contract. The contractor's
ability to repay any improper payments may deteriorate, responsible
prime contractor officials may change, their memories may fade, or
needed supporting data may be lost.
Design of Procedures for Review and Approval of Original SBInet
Contractor Invoices Was Not Sufficiently Detailed:
As provided by Standards for Internal Control in the Federal
Government, well-developed and consistently implemented policies and
procedures are critical in providing reasonable assurance that
management's directives are carried out and program risks, such as the
risk of improper payments, are minimized.
CBP's SOP applicable to COs' and COTRs' reviews of SBInet contractor
invoices provided general guidance that COs and COTRs were to
"evaluate invoices to certify receipt of the product or service in
accordance with the terms of the contract or order, as well as the
accuracy and validity of the elements in the invoice." However, CBP's
procedures for reviewing prime contractor invoices submitted under the
original SBInet program were not sufficiently detailed and
appropriately risk based to enable consistent, effective, and
documented invoice reviews.
CBP's prime contractor invoice review procedures under the original
SBInet program did not identify the specific review steps required for
COs and COTRs to carry out and document effective, risk based reviews
that could reasonably ensure that the SBInet contractor's invoices
were in the correct amount and accurately reflected all and only
allowable goods and services as provided for under the original SBInet
program. For example, CBP's SOP for reviewing payments to the prime
contractor under the original SBInet program did not reflect such
specific review steps as how to consider the relative risks and review
invoice cost elements (including major subcontracts, direct materials,
direct labor, and other direct costs); what qualifies as sufficient
supporting evidence for amounts invoiced by the prime contractor; and
how to review invoice credit amounts and contract reserve adjustments.
[Footnote 15]
SBI's Prime Contractor Reported That It Met Two of Its Six Small
Business Subcontracting Goals:
SBI's prime contractor reported to CBP that it met two of its six
small business[Footnote 16] subcontracting goals that were identified
in the prime contractor's subcontracting plan for the reporting period
ended March 31, 2010. The prime contractor reported that it was unable
to meet the remaining small business goals primarily as a result of
non-small business contract awards necessitated by the Secure Fence
Act of 2006, as amended. Specifically, to obtain the material needed
to meet the 2006 statutory directive, in December 2007, the prime
contractor entered into a large-scale steel purchase of approximately
$242 million that it told us was only available from a large business.
Consequently, the SBI prime contractor reported that this steel
purchase reduced the subcontract award dollars available such that it
was unable meet all of its small business contract award goals for the
SBI program.
The SBI's prime contractor reported on its performance against small
business subcontracting goals that were identified in its
subcontracting plan and aligned with the categories used by the Small
Business Administration (SBA) for prime contracts. That is, consistent
with SBA definitions, the SBI prime contractor established five socio-
economic subcategories for its SBI program: (1) Small Disadvantaged
Business,[Footnote 17] (2) Woman-Owned Small Business,[Footnote 18]
(3) Historically Underutilized Business Zone (HUBZone),[Footnote 19]
(4) Veteran-Owned Small Business,[Footnote 20] and (5) Service-
Disabled Veteran-Owned Small Business.[Footnote 21] The SBI prime
contractor-established goals for each subcategory ranged from 1 to 5
percent of the total SBI program contract dollars awarded.
Additionally, the SBI prime contractor also established an overall
small business goal of awarding 40 percent of the total SBI program
contract dollars to small businesses, which included, but was not
limited to socio-economic small business goals.
As shown in table 1, as of March 31, 2010, the SBI contractor reported
that it met subcontracting participation goals for the HUBZone and
Veteran-Owned small business categories. Further, the prime contractor
reported that while it had awarded a total of over $262 million in SBI
program funds to small businesses, its overall small business
participation rate of approximately 33 percent from November 2005
through March 31, 2010, fell short of the 40 percent subcontracting
goal.
Table 1: Summary of Prime Contractor's Reporting on Small Business
Participation Awards versus Goals for the SBI Program:
Category of business: Small Disadvantaged;
Planned percentage participation goal: 5;
Actual percentages reported as of March 31, 2010: 3.77%;
Subcontracting dollars awarded as of March 31, 2010: $29,874,672.
Category of business: Woman-Owned;
Planned percentage participation goal: 5;
Actual percentages reported as of March 31, 2010: 1.70%;
Subcontracting dollars awarded as of March 31, 2010: $13,491,664.
Category of business: HUBZone;
Planned percentage participation goal: 1;
Actual percentages reported as of March 31, 2010: 2.35%;
Subcontracting dollars awarded as of March 31, 2010: $18,615,635.
Category of business: Veteran-Owned;
Planned percentage participation goal: 3.5;
Actual percentages reported as of March 31, 2010: 4.02%;
Subcontracting dollars awarded as of March 31, 2010: $31,917,214.
Category of business: Service-Disabled Veteran-Owned;
Planned percentage participation goal: 3;
Actual percentages reported as of March 31, 2010: 1.13%;
Subcontracting dollars awarded as of March 31, 2010: $8,978,247.
Category of business: Overall small business;
Planned percentage participation goal: 40;
Actual percentages reported as of March 31, 2010: 33.05%;
Subcontracting dollars awarded as of March 31, 2010: $262,221,614.
Source: Prime Contractor's Supplier Diversity Roundtable Report, March
31, 2010.
[End of table]
SBI prime contractor officials told us they relied on self reported
subcontractor data to report on the extent to which it met established
small business participation targets.
Implications of January 2011 Decision to End the Original SBInet
Program:
DHS's January 2011 decision to end the original SBInet program has
implications for contractor payments controls under both the original
SBInet program and its successor program. That is, our SBInet
contractor payment findings apply to the remaining residual original
SBI program funds, to SBInet contract closeout audits, and as "lessons
learned" for the successor SBI technology program.
In January 2011, the Secretary directed CBP to end SBInet as
originally conceived as a single technology solution, and instead to
implement a new border security technology portfolio approach
utilizing existing technologies tailored to specific sectors of the
Southwest border and their varying terrains and population densities.
DHS announced that it intends to acquire all the technologies for the
new approach through full and open competitions. The Secretary also
directed that while the new technology approach should include
elements of the former SBInet program where appropriate, DHS did not
plan to use the current SBInet prime contract to procure any of the
technology systems under the new plan. Therefore, our SBInet
contractor payment findings are directly relevant to the remaining $80
million in original SBI program funds obligated but not yet disbursed.
As discussed previously, CBP has an opportunity to improve the design
of its preventative controls with respect to the remaining funds to be
paid to the original SBInet program prime contractor.
Further, our findings have implications for the contract closeout
activities associated with the contract and task orders under the
original SBInet program. Given our findings on the design of prime
contractor payment controls under the original SBInet program, prompt
action to complete closeout audits related to payments to the prime
contractor under the original SBInet program contract and task orders
is imperative.
While CBP has the authority to do so as of February 2011, it had not
yet requested that DCAA to conduct closeout audits on any of the
original SBInet program contracts and related task orders. CBP actions
to timely request and monitor effective completion of these audits are
important because it may take several years for a contractor to close
its books and additional time for DCAA to review the final rates
applicable in each calendar year. Also, in requesting and monitoring
contract closeout audits, it will be important that CBP also provide
information on our findings so that DCAA can adjust its planned review
and testing procedures accordingly. However, CBP has not yet
established a monitoring mechanism to follow up on the status of any
DCAA closeout audits.
Internal control standards provide that any previously identified
deficiencies related to an entity or program should be considered in
planning future audits of the entity or program.[Footnote 22] They
also state that an entity should establish performance monitoring
activities. Such monitoring represents an essential internal control
activity that can be used to help assess the effectiveness of CBP
controls over contractor payments (including vulnerability to, and
recovery of, any improper payments), and whether any additional follow-
up actions are necessary.
Finally, our findings concerning payments to the prime contractor
under the recently ended SBInet program are useful as "lessons
learned." Our findings related to DHS controls over prime contractor
payments under the original SBInet program will be applicable to
designing procedures and controls for future technology portfolio
contracting efforts. Our findings related to the design of current
SBInet prime contractor payment policies and procedures represent
important "lessons learned" for designing and implementing appropriate
controls over contractor payments under the new technology portfolio
approach.
Conclusions:
Effective controls over contractor payments are essential to helping
provide assurance that SBInet program funds were disbursed only for
authorized goods and services, and in the correct amounts. Because
preventative controls are generally more cost-efficient and effective
than detective controls, timely actions to strengthen controls in this
area are particularly important with respect to the remaining $80
million in original SBInet program funds not yet disbursed.
Furthermore, given the nearly $800 million in contract payments CBP
already disbursed, full and timely completion of detective controls,
particularly closeout audits, will also be essential in providing
reasonable assurance that SBInet program funds were disbursed only for
authorized goods and services and in the correct amounts. As such it
will be important for CBP to take prompt actions to (1) request that
DCAA design and conduct closeout audits recognizing the need to
strengthen detective controls and (2) establish a mechanism to
coordinate and track completed closeout audits to ensure that such
audits are fully effective, and completed in time to effectively
address to any errors or improper payments identified. Further, our
findings concerning the design of CBP's controls over payments to the
prime contractor under the recently ended SBInet program serve as
"lessons learned" to be considered in designing and implementing
controls as part of the newly announced technology portfolio approach.
Recommendations for Executive Action:
We recommend that the Secretary of Homeland Security direct CBP's SBI
Contracting Division Director to take the following five actions.
With respect to the remaining funds not yet disbursed under the
original SBInet contract;
* Revise CBP's SBI SOPs to require the SBInet contractor to submit
data supporting invoiced costs to CBP in sufficient detail to
facilitate effective CO and COTR invoice review.
* Revise CBP's SBI SOPs to include specific, risk-based steps required
for COs and COTRs to properly review and approve contractor invoices
to ensure that they accurately reflect all program costs incurred,
including specifying required documentation of such review and
approval.
With respect to closeout audits under the original SBI prime contract
and any task orders that receive closeout audits under DHS's SOPs,
* Request that DCAA to perform closeout audits as expeditiously as
possible, including providing information on the contractor payment
control findings concerning the original SBInet program that we
identified for consideration in determining the extent and nature of
DCAA testing required as part of such audits.
* Establish procedures for coordinating with DCAA to monitor the
status of closeout audits related to the original SBInet program.
With respect to the new technology portfolio approach:
* Document the consideration, and incorporation as appropriate, of
lessons learned based on our findings on the design of controls over
payments to the original SBInet contractor in designing and
implementing contract provisions and related policies and procedures
for reviewing and approving prime contractor invoices. Such provisions
should provide for obtaining sufficiently detailed data supporting
invoiced costs to support effective invoice reviews and include the
specific, appropriately risk-based steps required for COs and COTRs to
carry out an effective contractor invoice review.
Agency Comments and Our Evaluation:
In commenting on a draft of this report, DHS concurred with two of our
recommendations and concurred in principle with the remaining three.
DHS agreed that the government needs to perform adequate review of
contractor requests for interim and final payments and that the
government should maintain effective and repeatable processes for risk-
based reviews to provide effective "preventative" management controls.
With respect to the two recommendations for which it concurred, DHS
cited actions under way to provide more focused, risk-based invoice
review procedures, and incorporate lessons learned from past contactor
invoice review experience into policies and procedures for invoice
review under the new technology portfolio approach.
For the three recommendations with which it concurred in principle,
DHS expressed concerns with respect to the cost-effectiveness or
appropriateness of the recommended actions. Specifically, regarding
our recommendation to revise CBP's procedures to require the SBInet
contractor to submit data supporting invoiced costs to CBP in
sufficient detail to facilitate effective CO and COTR invoice review,
CBP stated that it plans to enhance its current required review
process by June 30, 2011 to provide copies of all contractor invoices
directly to DCAA. However, DHS commented that requiring the prime
contractor to submit substantial supporting documentation data where
controls are already in place is not cost-effective. In this regard,
we modified our recommendation by deleting examples of details to
accompany invoices in order to allow CBP flexibility to decide
specifically what detailed supporting data are needed. Nonetheless, as
evidenced by numerous CO and COTR requests for more detailed data to
support their invoice reviews discussed previously in our report, we
continue to believe that the contractor should be required to provide
information in sufficient detail to facilitate invoice reviews that
can function as effective preventative controls in this area.
DHS also concurred in principle with our recommendations to request
and monitor the expeditious completion of DCAA closeout audits. DHS
agreed that there is a need to close out contracts as soon as
practical and plans to continue to discuss with DCAA the importance of
completing annual incurred cost audits so that contracts can be
closed. However, DHS commented that DCAA management, not DHS,
ultimately determines the completion of these audits. As discussed in
our draft report, the focus of our recommendations was on DHS
assisting DCAA in efficiently and effectively carrying out its
responsibilities. Specifically, we recommended that DHS provide DCAA
with information on our findings concerning the SBInet contractor's
invoices to help focus its audit work and coordinate with DCAA to
monitor the status of closeout audits. We continue to believe that DHS
and CBP need to establish a mechanism to monitor completed closeout
audits to ensure that such audits are fully effective and completed in
time to effectively address to any errors or improper payments
identified. By strengthening their monitoring of the status of DCAA
closeout audits, DHS and CBP officials could better help ensure that
corrective actions and lessons learned are effectively implemented and
adopted, as appropriate. We therefore believe that these two
recommendations remain valid. We also made changes as appropriate
throughout the draft in response to DHS technical comments.
We are sending copies of this report to the Chairmen and Ranking
Members of the Senate and House Committees on Appropriations and other
Senate and House committees and subcommittees that have authorization
and oversight responsibilities for homeland security. We will also
send copies to the Secretary of Homeland Security, the Commissioner of
U.S. Customs and Border Protection, and the Director of the Office of
Management and Budget. The report also is available at no charge on
the GAO Web site at http://www.gao.gov.
Should you or your staff have any questions on matters discussed in
this report, please contact me at (202) 512-9095 or at
raglands@gao.gov. Contact points for our Offices of Congressional
Relations and Public Affairs may be found on the last page of this
report. Key contributors to this report are listed in appendix I.
Signed by:
Susan Ragland:
Director, Financial Management and Assurance:
[End of section]
Appendix I: GAO Contact and Staff Acknowledgments:
Homeland Security:
May 18, 2011:
Susan Ragland:
Director, Financial Management and Assurance:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Re: Draft Report GAO-11-68 "Secure Border Initiative: Controls over
Contractor Payments for the SBI Technology Component Need Improvement"
Dear Ms. Ragland:
Thank you for the opportunity to review and comment on this draft
report. The U.S. Department of Homeland Security (DHS) and the U.S.
Customs and Border Protection (CBP) appreciate the U.S. Government
Accountability Offices's (GAO's) work in planning and conducting its
review and issuing this report.
DHS agrees that the government needs to perform adequate review of
contractor requests for interim and final payments. DHS also agrees
that the government should maintain effective and repeatable processes
for risk-based reviews to provide effective "preventive" management
controls. While we are in general agreement with the report's
recommendations, some of the detailed conclusions in the draft
report ” specifically statements regarding documentation sufficiency
for cost reimbursement type orders and recommendations for performance
of "closeout audits"” require additional discussion and clarification,
which we provide here and incorporate into our responses to the
report's recommendations.
During the first year and half of the contractor's performance, CBP
worked to ensure appropriate management controls were in place to
oversee contractor performance, including controls for interim
payments (public vouchers). Controls established as a result of these
activities have enabled CBP officials to review and approve (and
reject) contractor public vouchers and ultimately provide assurance
the government is reimbursing the contractor only for allowable costs
on public vouchers and at final payment.
The master contract with the Boeing Company allows CBP to award two
general types of task orders: firm fixed-price and cost reimbursement.
The former type of order provides the government with the least cost
risk, the latter with far more risk. Accordingly, payment terms for
each type of contract vary significantly:
* Firm fixed-price orders are paid when goods or services are
delivered (note that the cost allowability rules in FAR Part 31 apply
to pricing of firm fixed price contracts when cost analysis is
performed, but not to payments under those contracts). Payment on such
contracts are not based on actual costs incurred, and as such do not
require a review of whether the costs are allowable. As such, these
contracts do not require the contractor to submit supporting cost data
regarding actual costs incurred.
* Cost type orders are paid on the basis of actual allowable costs
incurred and are considered provisional – or interim – payments. At
the end of contract performance, a final invoice request is received
and a final "adjustment payment" is made, which reflects the
difference between the interim amounts reimbursed and the final total
amount due. The final total amount due is determined through Defense
Contract Audit Agency (DCAA) annual incurred cost audits. These audits
review all costs incurred on contractor cost type contracts for a
particular fiscal year, i.e., they are not performed on a contract by
contract basis. The results of the audit, including the allowable
direct and indirect costs for each contract, are provided to all of
the contracting officers that have costs incurred on cost type
contracts for that fiscal year.
Given the developmental nature of the initial Secure Border Initiative
Network (SBInet) technology, CBP awarded cost-reimbursement type task
orders for the SBInet Block 1 developmental phase of the program.
Discussion:
The unique nature of payments under cost reimbursement type orders is
defined by Federal Acquisition Regulations (FAR) at Subpart 32.001:
"Commercial interim payment" means any payment that is not a
commercial advance payment or a delivery payment. These payments are
contract financing payments for prompt payment purposes (i.e., not
subject to the interest penalty provisions of the Prompt Payment Act
in accordance with Subpart 32.9). A commercial interim payment is
given to the contractor after some work has been done..."
"Contract financing payment" means an authorized Government
disbursement of monies to a contractor prior to acceptance of supplies
or services by the Government.
(1) Contract financing payments include:
(vi) Interim payments under a cost reimbursement contract, except for
a cost reimbursement contract for services when Alternate 1 of the
clause at 52.232-25[Footnote 1], Prompt Payment, is used."
Interim payments under cost reimbursement contracts are subject to
final audit, i.e., the amount paid on an interim basis are adjusted at
the end of the contract to reflect the final amounts owed.
Once the final amounts owed are determined, the difference between the
interim and final payments is computed, and the difference is paid to
the contractor (if the final payment exceeds the interim payment,
which occurs in most instances) or the contractor provides a refund to
the government (in those instances where the interim payments exceed
the final amount due). Thus, although costs claimed for both interim
and final payments must be allowable, government review for final
payment is performed at a more detailed level, since this is the final
determination of how much the government will ultimately pay. However,
the government also reviews interim payments using risk-based
procedures, and has additional protections to assure there are no
overpayments during contract performance. These protections include
the following:
* The amounts billed during each contractor fiscal year are adjusted
on a regular basis to reflect any significant differences between the
indirect rates being charged and the actual rates being incurred. DCAA
monitors the indirect rates to assure the contractor complies
with this requirement.
* The government withholds 10 percent of the contractor's fee to
mitigate any potential interim overbillings.
* The government generally does not pay the interim payments if the
contractor has significant deficiencies in their accounting or billing
systems. In the subject instance, the SBInet contractor has accounting
and billing systems that have been deemed acceptable by DCAA.
For the SBInet contract, Boeing has adhered to the general guidance
promulgated by DCAA regarding interim and final payment requests,
including the format and content required for its vouchers.[Footnote
2] In particular, CBP is following the FAR requirement for withholding
a percentage of the contract fee, which provides further protection to
the government should an instance arise where an unallowable cost is
included and paid in an interim payment request. Furthermore, the
annual incurred cost audit, which DCAA performs in accordance with
Generally Accepted Government Auditing Standards, provides assurance
that final payments to the contractor will only include allowable
costs in accordance with the provisions of FAR Part 31.
This general construct serves as the foundation for CBP's management
and review of interim payment requests under its orders with Boeing.
To augment these robust controls, CBP relies on a series of management
controls and supporting information necessary to properly oversee and
process interim payment requests. These controls typically include CBP
reviewing the contractor's detailed cost account plans ” derived
originally from their cost proposal ” that identify planned labor
hours, labor rates, travel estimates (i.e., numbers of trips,
locations, etc), as well as indirect and other allocated costs.
Moreover, monthly contractor cost reporting identifies actual labor
hours expended, actual labor costs incurred, actual travel events and
costs incurred, as well as indirect and other allocated costs. The
government and contractor management teams collectively review this
information jointly at least monthly, and usually weekly, in
Integrated Product Teams (IPTs). As part of these management controls,
CBP also receives monthly status reports from Defense Contract
Management Agency (DCMA) that include Defense Contract Audit Agency's
(DCAA's) assessment of the overall health of Boeing's accounting
system.
This recurring management activity is normally sufficient for CBP
officials to develop a detailed understanding of the work the
contractor performed, costs the contractor incurred, products the
contractor delivered, travel the contractor completed, and whether the
actual performance is consistent with the negotiated contract terms
and rates. Therefore, armed with the cost performance information and
insights from management discussions regarding the actual contractor's
performance, CBP officials are well postured each month to conduct a
review of the contractor's interim payment requests and to determine
whether the request conforms to the contractor's actual performance.
When situations have arisen where interim payment requests are
questioned or rejected, additional information is requested of the
contractor. On occasion, CBP has also requested DCAA conduct spot
audits on individual payment requests. DCAA's tests determined that
the contractor invoices were accurate, invoice preparation procedures
were adequate, the billing system was reliable, and actual invoiced
costs were reasonable and accurate.
Finally, CBP acknowledges the potential value and opportunity for
continued process improvement and is establishing and aligning invoice
approval procedures based on "lessons learned," a recent
reorganization, and the need to manage prescribed time lines to avoid
late payment interest penalties. Also, CBP is improving Contracting
Officer (CO) and Contracting Officer Technical Representative (COTR)
awareness of the relative risks associated with the various contract
types through its new COTR Management Program, announced in April 2011.
CBP and the Department as a whole share the GAO concern for assuring
there are effective controls. This is reflected by the recent revision
to the DHS-DCAA Memorandum of Agreement. This agreement now provides
for DCAA to receive copies of all interim payments
on cost type DHS contracts. DCAA will conduct a review of all interim
payments in excess of $1 million, and will include all other interim
payments as part of their periodic sampling universe. This process
will ensure that (a) DHS is included in the regular monitoring by DCAA
of the indirect rates, and (b) assist identifying any significant
costs that were not reimbursable under the provisions of the FAR
and/or the contract. CBP will include the requirement for the
contractor to submit a copy of the public voucher directly to DCAA in
all ongoing and future cost type contracts.
Recommendations:
The report contained five recommendations. As discussed below, DHS
concurs or concurs in principle with all of the recommendations.
Technical comments on the draft report have been provided under
separate cover.
Specifically, GAO recommended that the Secretary of the U.S.
Department of Homeland Security, direct CBP's SBI Contracting Division
Director to take the following actions:
Recommendation #1: With respect to the remaining funds not yet
disbursed under the original SB1net contract, revise CBP's SBI SOPs to
require the SBInet contractor to submit data supporting invoiced costs
to CBP in sufficient detail to facilitate effective CO and COTR
invoice review (for example, requiring invoice support to include
hours worked and labor rates used for invoiced lump sum direct-labor
cost charges).
Response: Concur in principle. DHS agrees that it is imperative for a
contractor to provide sufficient information to support an effective
government CO and/or COTR review and approval. CBP will continue to
exercise robust invoicing review activities that rely on (1) extensive
performance and cost information routinely furnished by the
contractor, and (2) the Defense Contacting Audit Agency (DCAA) reviews
of the contractor's accounting and billing systems, as well as
vouchers, for continued assurance of invoice accuracy and reliability.
In addition, as part of our efforts for continuous improvement, CBP will
enhance the current review process by incorporating the recently
revised DHS Memorandum of Agreement with DCAA to conduct detailed
examinations of all contractor requests for interim payments that exceed
$1 million and all first vouchers under its cost type orders and
contracts.
While DHS concurs in principle with the GAO recommendation, requiring
the contractor to submit substantial supporting data as part of the
public voucher submission is not cost-effective where controls such as
those implemented by CBP are in place. In fact, the Department of
Defense has recognized, via two memorandums to contracting personnel,
the duplication in effort that results from requiring contractors to
submit detailed supporting data with each interim voucher. This
approach results in extensive additional data submitted (which is done
at a significant cost to the government, since the contractor charges
those costs to government contracts). Such additional data could
include a multi-hundred line item report each month, for each invoice,
identifying hours worked, hourly rates, by prime contractor and by
subcontractor, by employee and work site, with travel claims, etc.
This additional detail would not be a cost-effective improvement for
the recurring interim payment review and is contrary to established
best practices for interim payment reviews.[Footnote 3]
By June 30, 2011, CBP will take the following actions:
(1) Modify all existing cost reimbursement contracts to include a
requirement for the contractor to send a copy of all public vouchers
(requests for interim payment) directly to the cognizant DCAA field
office; and;
(2) Modify standard operating procedures to require that any new cost
reimbursement contracts/orders include a requirement for the
contractor to send a copy of the public vouchers directly to the
cognizant DCAA field office.
Recommendation #2: With respect to the remaining funds not yet
disbursed under the original SBInet contract, revise CBP's SBI SOPs to
include specific, risk-based steps required for COs and COTRs to
properly review and approve contractor invoices to ensure that they
accurately reflect all program costs incurred, including specifying
required documentation of such review and approval.
Response: Concur. CBP's Office of Technology Innovation and
Acquisition (OTIA) Program Management Office and Procurement
Directorate are updating the invoice review and approval process, to
include identifying risk-based steps that accommodate various contract
types (e.g., cost-type invoice risks and procedures are different than
fixed-price contracts), focusing on timeliness for invoice approval
and improving awareness and utilization of numerous contract data
sources to facilitate invoice approvals (Estimated Completion Date:
June 30, 2011).
Recommendation #3: With respect to closeout audits under the original
SBI prime contract and any task orders that receive closeout under
DHS's SOPs, request that DCAA perform closeout audits as expeditiously
as possible, including providing information in the contractor payment
control findings concerning the original SBInet program that we
identified for consideration in determining the extent and nature of
DCAA testing required as part of such audits.
Response: Concur in principle. DHS agrees that there is a need to
close contracts as soon as practical after contract performance is
complete. As part of this process, DHS will work closely with DCAA to
try to facilitate the required audits. However, as previously noted in
our response, the key to closing the contract is completion of the
DCAA annual incurred cost audits. The contracts cannot be closed until
these audits are completed. DHS notes that completion of these audits
is ultimately determined by DCAA management, not DHS. However, DHS
will continue to discuss with DCAA senior officials the importance of
completing the annual incurred cost audits so that the contracts can
be closed.
CBP will close contracts within 90 days after receipt of the DCAA
annual incurred cost audits that cover all contract years for the
particular contract/task order at issue. As previously noted, such
close out is contingent upon DCAA completion of the annual incurred
cost audits (DCAA audits final incurred costs based on contractor
fiscal years, not individual contracts).
Recommendation #4: With respect to closeout audits under the original
SBI prime contract and any task orders that receive closeout under
DHS's SOPs, establish procedures for coordinating with DCAA to monitor
the status of closeout audits related to the original SBInet program.
Response: Concur in principle. DHS agrees with the GAO on the
importance of having procedures for coordinating with DCAA on the
status of closeout audits. However, such procedures are already in
place. A current Interagency Agreement exists for the CBP contracting
team to request DCAA support with financial controls and closeout
audits. We currently receive from the Administrative Contracting
Officer, on a monthly basis, a system status matrix (update) used to
monitor Boeing's systems status (i.e., accounting, billing, budget
compensation, information technology, estimating, indirect, labor,
material, purchasing and control environment); the status of forward
pricing; the status of Incurred Cost Audits; and the status of
disclosure statement and Cost Accounting Standards issues. In
addition, our resident DCAA Financial Liaison Advisor has access to
the Boeing Contract Audit Coordinator network, and the staff of DCAA
Field Office in Huntsville, AL, to remain apprised of the status of
Boeing contract audits and Boeing corrective action progress. However,
as previously noted, contract closeout audits cannot be performed
until DCAA has conducted its annual incurred cost audits for the
contractor business segment.
Recommendation #5: With respect to the new SBI technology plan,
document the consideration, and incorporation as appropriate, of
lessons learned based on GAO's findings on the design of controls over
payments to the original SBInet contractor in designing and
implementing contract provisions and related policies and procedures
for reviewing and approving prime contractor invoices. Such provisions
should provide for obtaining sufficiently detailed data supporting
invoiced costs to support effective invoice reviews and include the
specific appropriately risk-based steps required for COs and
COTRS to carry out an effective contractor invoice review.
Response: Concur. As discussed in response to Recommendation #2, the
OTIA Program Management Office and Procurement Directorate are
updating policies and processes for reviewing and approving contractor
invoices on the basis of lessons learned from the past, as well as
enhancements now available through a new DCAA support agreement for
expanded invoice review support. CBP will continue to rely on
extensive periodic program cost and status reporting information to
review and approve interim payment invoices on cost-type contracts. In
the future, CBP's processes will highlight both (1) risk-based steps
required by COs and COTRs, and (2) appropriate use of all available
performance and cost information to approve interim contract payments
(Estimated Completion Date: June 30, 2011).
Please note that CBP has no new SBI technology plan. There is,
however, a new technology portfolio approach that replaces the
obsolete SBInet program. The acquisition strategy for the current
portfolio of procurements includes limited cost-type contracting.
Again, thank you for the opportunity to review and comment on this
draft report. We look forward to working with you on future Homeland
Security issues.
Sincerely,
Signed by:
Jim H. Crumpacker:
Director:
Departmental GAO/OIG Liaison Office:
Footnotes:
[1] Alternate I of the Prompt Payment clause is applicable to most
cost type orders under Boeing's master contract. This provision allows
for the payment of interest under cost reimbursement type orders for
services.
2 Reference DCAA's guide: DCAAP 7641.90 January 2005 - Information For
Contractors, found at [hyperlink,
http://www.dcaa.mil/dcaap7641.90.pdf].
[3] Reference memorandum from the Principal Deputy Undersecretary for
Defense, Acquisition and Technology, of October 2001, Public Vouchers.
[End of Appendix I]
Appendix II:
GAO Contact:
Susan Ragland, (202) 512-9095 or raglands@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, Chanetta Reed, Assistant
Director; Kwabena Ansong; Heather Dunahoo; Nicholas Epifano; Aaron
Livernois; and Stephen Lowery made key contributions to this report.
[End of Appendix II]
Footnotes:
[1] See for example, GAO, Secure Border Initiative: DHS Needs to
Strengthen Management and Oversight of Its Prime Contractor,
[hyperlink, http://www.gao.gov/products/GAO-11-6] (Washington, D.C.:
Oct. 18, 2010); Secure Border Initiative: DHS Needs to Address Testing
and Performance Limitations That Place Key Technology Program at Risk,
GAO-10-158 (Washington, D.C: Jan. 29, 2010); and Secure Border
Initiative: DHS Needs to Address Significant Risks in Delivering Key
Technology Investment, [hyperlink,
http://www.gao.gov/products/GAO-08-1086] (Washington, D.C.: Sept. 22,
2008).
[2] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999).
[3] Throughout this report, we use the term invoice (consistent with
FAR 2.101) to refer to a contractor's bill or written request for
payment under a contract using standard form 1034 "Public Voucher for
Purchases and Services Other Than Personal."
[4] IDIQ contracts are used when the government cannot predetermine,
above a specified minimum, the precise quantities of supplies or
services that the government will require during the contract period.
Under IDIQ contracts, the government can issue delivery orders (for
supplies) and task orders (for services).
[5] While the prime contractor submitted a total of 101 invoices for
these five task orders during this time frame, 2 invoices were
rejected and included in a subsequent invoice.
[6] During this time frame we also issued GAO-11-6 in response to this
congressional request.
[7] COs are responsible for ensuring performance of all necessary
actions for effective contracting, ensuring compliance with the terms
of the contract, and safeguarding the interests of the United States
in its contractual relationships. COs have authority to enter into,
administer, or terminate contracts.
[8] A COTR is delegated authority by the CO to monitor the
contractor's progress, including the surveillance and assessment of
performance and compliance with project objectives.
[9] These SOPs were issued by the SBI Acquisition Office which was
consolidated into the CBP Office of Administration Procurement
Directorate as the SBI Contracting Division in November 2009.
[10] SBI Acquisition Office, SBI Community-400-01 (Oct. 31, 2008).
[11] Preventative controls are designed to prevent improper payments,
or waste, before the payment is made. Detective controls are designed
to identify improper payments, or waste, after the payment is made.
[12] DHS officials commented that more recent guidance calls for the
Project Manager to confirm the COTR's recommendation to approve the
invoice.
[13] The Homeland Security Acquisition Manual (HSAM) and a memorandum
of understanding between DHS and DCAA included in the HSAM establish
contract audit relationships between DHS and DCAA.
[14] GAO, Internal Control: Streamlining the Payment Process While
Maintaining Effective Internal Control, [hyperlink,
http://www.gao.gov/products/GAO/AIMD-21.3.2] (Washington, D.C.: May
2000).
[15] Contract reserve adjustments are amounts that represent prime
contractor charges in excess of available funds for a specific
contract line item. These amounts are adjusted after funding
availability is confirmed.
[16] The Small Business Act defines a small business as a business
concern that is independently owned and operated and is not dominant
in the field of operation. The act states that the definition of a
small business shall vary from industry to industry to the extent
necessary to reflect industry differences. Small business size
standards define the maximum size that a concern, together with all of
its affiliates, may be if it is to be eligible for federal small
business programs.
[17] A small disadvantaged business is a small firm owned and
controlled by one or more individuals who are socially and
economically disadvantaged.
[18] A woman-Owned Small Business is a small business concern in which
one or more women have 51 percent or more stock ownership.
[19] HubZone Small Business is a small business that must be at least
51 percent controlled by U.S. Citizens, or a Community Development
Corporation, or an agricultural cooperative or an Indian tribe. The
principal office must be located within a HUBZone and at least 35
percent of its employees must reside in a HUBZone.
[20] A Veteran-Owned Small Business is a small business that is at
least 51 percent unconditionally owned by one or more veterans (as
defined at 38 U.S.C. 101(2)) and whose management and daily business
operations are controlled by one or more veterans.
[21] A Service Disabled Veteran-Owned Small Business is a small
business that is at least 51 percent unconditionally and directly
owned by one or more service-disabled veterans. The veteran must have
a service-connected disability that has been determined by the
Department of Veterans Affairs or his or her respective military
branch of service.
[22] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
