Tag Archives: government contracting

Letting Government Contractors Pick Their Own Auditors is a Bad Idea

Standard
Hand in Jar istockphoto by Getty

Image: istock photo by Getty

“THE PROJECT ON GOVERNMENT OVERSIGHT”

“The law in question is the 2017 National Defense Authorization Act (NDAA) passed late last year.

When it comes to contract auditing, giving audit responsibilities to a company working directly for a contractor hampers the government’s ability to negotiate good deals for taxpayers.

Section 820 of the law states that “contractors with the Department of Defense may present, and the Defense Contract Audit Agency shall accept without performing additional audits, a summary of audit findings prepared by a commercial auditor” of contractors’ indirect costs (with some exceptions). This section is scheduled to go into effect on October 1, 2018.

Last year, in annual legislation setting defense policy, Congress gave military contractors the authority to hire their own auditors to review the bills those contractors send to the government. For decades, the Pentagon’s own Defense Contract Audit Agency (DCAA) has helped government contracting officials negotiate better deals by examining a contractor’s charges. But last year’s legislation, which goes into effect next year, diminishes the DCAA’s oversight authority to the detriment of taxpayers.

The topic was broached in an important, but under-the-radar Congressional oversight hearing in April.

Most of the hearing centered on the cost of government versus private auditors, with two conflicting tales being told. But a bigger issue went largely unaddressed: whether allowing contractors to pick their own auditors creates inherent conflicts of interest since the auditors would be in the position of serving contractors—their client—rather than taxpayers. There is a reasonable fear that these private sector auditors, in an effort to keep their client happy and win repeat business, would be reluctant to disclose to the government that the contractor is overcharging taxpayers.

New legislation pending before Congress would rescind Section 820, but it would also allow “contractors to engage commercial auditors to perform incurred cost audits,” according to a Department of Defense (DoD) analysis. The analysis also states that the new provision creates “several unintended consequences that will negatively impact the Department and industry.” The DoD opposes both Section 820 and the new Congressional language. The DoD’s proposed alternative keeps the power to conduct these audits in DCAA’s hands with an option allowing the government (rather than the contractors) to hire private sector auditors on a case-by-case basis. After analyzing the issue, POGO supports the Department’s proposed alternative.

DCAA’s Role

DCAA is responsible for auditing the financial side of certain defense contracts to “ensure that warfighters get what they need at fair and reasonable prices,” according to  its website. DCAA looks for whether contractor costs are “allowable, allocable, and reasonable,” and it performs other audits to ensure contractors have adequate business and accounting systems and adhere to federal cost and accounting principles. DCAA’s report for fiscal year 2016 notes that it audited $287 billion in contract costs that year. These audits are not usually intended to uncover fraud, although DCAA sometimes finds indicators of criminal activity and participates in law enforcement investigations.

What Are “Indirect Costs” and Why Do They Matter?

Contractors charge the government for two types of costs: direct costs that specifically relate to the contract, such as labor and materials, and indirect costs that exist apart from specific work on the contract, such as the rent a contractor pays for its office or fringe benefits for employees.

But there’s nothing fringe about these costs. Within incurred cost audits, indirect costs make up the majority of all questioned costs, according to DCAA Director Anita Bales. Because they are less clear-cut than direct audits, audits of indirect costs can be contentious—especially when auditors want more access to contractor information than the contractor is willing to provide—and quite technical. For instance, contractors are allowed to charge the government for indirect costs associated with litigation under some circumstances, but not in other situations. Contractors can easily pad their profits at taxpayers’ expense if these costs are not carefully examined.

An example of indirect cost overbilling made the news in February 2016 when the Justice Department announced that Centerra Services International (formerly known as Wackenhut Services LLC) agreed to pay $7.4 million to resolve a whistleblower lawsuit alleging the company had defrauded taxpayers. According to the Justice Department, Centerra double billed its labor costs while providing firefighting services on a military base in Iraq. The government alleged Centerra “inflated its labor costs by billing the salaries of certain managers as direct costs under the subcontract, when those salaries had already been charged as indirect costs.”

The Centerra case isn’t a one-off. In 2015, a DCAA audit questioned $14.6 million in costs that a contractor charged the government, according to a DoD Inspector General report to Congress. The vast majority—$14 million—involved wrongly billed indirect costs.

Lessons from the Recent Past

We don’t have to look very far back in history to see that allowing profit-motivated companies to hire their own profit-motivated auditors can lead to problems.

The Enron scandal showed that accountants and auditors aren’t immune from conflicts of interest. “Obviously the history of Enron and the financial crisis suggest we have to be very careful in this situation,” Representative Seth Moulton (D-MA), Ranking Member of the House Armed Services Oversight and Investigations Subcommittee said during his opening statement at the April hearing. Arthur Andersen, Enron’s auditor, had conflicts of interest. It was simultaneously employed as internal and external auditor, meaning that the supposedly independent external auditor could cover up the inaccuracies of the internal audit team.

More recently, during the fallout of the Great Recession, the government required banks to conduct mortgage foreclosure reviews. Banks were allowed to hire for those reviews their own “independent consultants” who proved to be not so independent. The New York Department of Financial Services (NYDFS) punished several of these consultants, including Promontory Financial Group, Deloitte, and PricewaterhouseCoopers, for “misconduct, violations of law, and lack of autonomy.” Settlements generally included multi-million dollar fines and temporary bans from consulting.

“A consultant’s allegiance too often goes to the client that pays the bills,” former NYDFS General Counsel Daniel Alter wrote in a 2015 piece for American Banker. Laws like Sarbanes-Oxley, which create criminal liability for misrepresenting financial statements, have helped to prevent future Enrons by balancing that pressure. However, criminal liability doesn’t apply to other types of financial reporting, such as the consulting work done in the aftermath of the housing crisis and the proposed contract audits.

Counting the Costs  

At the April Congressional hearing, DCAA Director Anita Bales testified that third-party auditors would cost an estimated 30 percent more than DCAA auditors. David Berteau, President and CEO of the Professional Services Council, a contractor lobbying group, countered in his testimony that when civilian agencies have used private auditors, they have in some cases paid significantly less than they used to pay DCAA.

Bales’ claim that DCAA auditors were 30 percent cheaper was based on a comparison of hourly billing rates, according to emails provided to POGO through the Freedom Of Information Act (FOIA). Berteau and other employees of the Professional Services Council did not respond to emails requesting evidence supporting their claims.

Other members of the federal auditing community have told POGO that the comparison of auditing costs is not clear cut. DCAA has more specialized experience and might charge lower costs per auditor hour, but they may also take longer to conduct audits (which may be a good thing in the long run, as more thorough audits may save even more money). Pricing for private auditors can also vary widely from company to company and even year to year, making a comprehensive analysis difficult.

And although cost was the most-discussed factor at the hearing, it isn’t the only factor that needs to be examined. A federal source, not authorized to speak on the record, who is familiar with both DCAA and private contract audits for civilian agencies said the work of private auditors still has to be closely checked, even when they are hired directly by the government. Both last year’s NDAA and a recent proposal for this year’s NDAA prohibit DCAA from examining the work of private auditors before accepting the results.

There is also concern over how the records generated by private auditors would be handled: Will they be subject to FOIA? How would the discovery of potential fraud be handled? Would private sector audits be incorporated into the DCAA’s “Management Information System” that tracks audit data so that auditors can spot trends and look at the bigger picture?

What About Incurred Costs?

New Congressional language would rescind Section 820 but would allow contractors to hire auditors to audit incurred costs. The argument for this is DCAA’s lower rate of return when it audits incurred costs. However, DCAA’s other auditing work with the same contractor and on the same contracts benefits from its incurred cost audits, and vice-versa. For instance, DCAA conducts audits of contractors’ billing, accounts, and internal control systems. The insights DCAA gains from those audits assists DCAA when it audits a contractor’s incurred costs. According to a DoD analysis of the impacts of the recently proposed legislation, keeping incurred cost audits in the hands of DCAA:

…allows for the continuation of many initiatives that DCAA has put in place to more efficiently and effectively perform audits (e.g., the use of the low risk sampling process, the coordination of subcontract assist audits, and the process for obtaining and determining adequacy of incurred cost proposals). Without one group coordinating the need for commercial auditors, the Department will lose many of these efficiencies and will lose adequate oversight over the complete incurred cost audit process. [emphasis added]

One of the primary motivations for the new Congressional language on incurred cost audits is DCAA’s incurred cost audit backlog, which was relatively large until a few years ago and has recently become more manageable according to DCAA’s most recent annual report. The agency said it was on track to eliminate the backlog by next year, although with the hiring freeze it may have to re-evaluate that goal. Regardless of whether the backlog is eliminated one or three or even five years from now, Congress is proposing a rather drastic solution to a problem that is no longer drastic itself.

This is not a backyard experiment with few consequences for failure. Billions of taxpayer dollars are on the line every year. While DCAA has room for improvement, privatizing the agency’s work would most likely make it harder to crack down on contractor overbilling.

Given the large risks and the unclear benefits or privatizing contract audits, Section 820 should be repealed. If DCAA needs a temporary boost, it should be given authority to hire more staff on a temporary basis, or perhaps even hire private sector auditors on a short-term basis. The Defense Department proposes the latter, calling it “much more effective” while ensuring “that a function that is inherently governmental in nature continues to be performed by Government auditors when feasible, but allows for the use of commercial auditors when necessary to address incurred cost backlog.”

POGO does not often agree with the Defense Department, but its proposal makes sense. Let’s learn from our past mistakes rather than repeat them.”

http://www.pogo.org/blog/2017/06/letting-contractors-pick-own-auditors-bad-idea.html

Are You Prepared for a Contract Cancellation?

Standard

 

nbmcwdot com 31949-Termination-of-Contract

Image:  nbmcwd.com

 

“WASHINGTON TECHNOLOGY”  By Darrell Hineman, Brian Courtney

“The possibility of a contract termination should be incorporated into every government contractor’s business continuity plan.

Implementing safeguards and procedures designed to mitigate the risk of a termination will limit the impact it has on your organization’s operations.

Preparing for the possibility of a contract termination is a defensive strategy that contractors should undertake now. Here are three key steps you should consider immediately:

  1. Plan ahead. Never consider your contract as “termination-proof.”
  2. Fully understand the contract termination process
  3. Learn how to calculate and submit your Request for Equitable Adjustment or settlement proposal.

The possibility of a contract termination should be incorporated into every government contractor’s business continuity plan. Implementing safeguards and procedures designed to mitigate the risk of a termination will limit the impact it has on your organization’s operations. Ask yourself, “Does my organization have procedures in place to deal with cure notices, customer complaints, and quality issues? What about monitoring subcontractors?”

If you are still reading this article, you probably are not as well prepared for a contract termination as you should be. Most contract terminations have a root cause and are not solely due to the government no longer requiring the items or services.

Here are some common contract termination causes and how to prevent them:

Failure to immediately address government concerns

Whether a complaint or “suggestion” is received verbally or in writing from the government, there should be a process in place to respond immediately. Often, we hear from clients that their program personnel were in the process of addressing a government issue (but apparently not in real-time). Now, they are dealing with a cure notice for many items to be corrected in two weeks.

Incorporate the handling and response to government communications and complaints/concerns into your program management policy and procedures. All complaints/concerns should be documented and tracked from the initial problem to the eventual solutions.

Regular communication with the government is also critical in staying ahead of potential contract issues and preventing a termination. The contractor program manager should routinely relay project status to the government in writing – even if not required under the contract terms. We recommend weekly communications but, depending on the project, monthly communications may suffice.

Failure to evaluate change orders for potential effect on cost or schedule

Sometimes, trying to fully please the client can actually lead to a termination. A contractor has only 30 days from the date of receipt of a written order to assert its right to an adjustment. Often, accepting changes without evaluating the impact on scope, cost, and/or schedule can lead to project delays and cost overruns. These may ultimately result in missed delivery/performance dates.

As a preventative measure, create a standard procedure to evaluate the impact of any change request on the scope, cost, and/or schedule of a project. Share this required procedure with the customer: “Yes, we can make changes, but we first need to evaluate the scope, cost, and schedule to identify any project impacts.”

Subcontractor performance issues

Many contractors focus on complying with the requirement to issue subcontracts and neglect their associated responsibility for managing subcontractors under FAR 42.202(e)(2), Assignment of Contract Administration. Prime contractors often assume, without oversight or verification, that their subcontractors will meet prescribed performance and deliverable requirements.

When a subcontractor fails to deliver, the prime contractor is ultimately responsible for addressing the issue, or may face termination. Therefore, you should ensure that you flow down the proper terms and conditions to your subcontractors, including the prime contract termination clauses and deliverable dates.

Another step we recommend is to create a post-award subcontract administration procedure to address the risk. Ensure that adequate and comprehensive subcontractor oversight is built in to your procurement and project management processes. Any issue that can affect contract performance/delivery must be escalated quickly for resolution.

Bidding on unprofitable work

Today, when lowest price, technically acceptable typically beats out best value (though recent legislation directs more limited use of LPTA procurements), contractors often estimate their cost to fit the price they want to bid and what they think the government is willing to pay. Instead, you should be focusing on the actual cost required to address the government’s mission-stated requirements.

Even though you may know that the “price to win” is too low to perform the work adequately, the proposal development organization might not want to deviate from that winning number.

To avoid bidding on unprofitable work, you should develop a comprehensive estimating manual and system so that your estimated costs are based on real costs/prices currently in the marketplace. As part of this, build and encourage a corporate culture that incentivizes employees for more profitable work as opposed to contract wins exclusively.

As no contract is termination proof, the key is to always be prepared and have a defense strategy in place at all times.”

About the Authors

Darrell Hineman is the director of the government compliance group at the accounting, tax and advisory firm CohnReznick LLP. https://www.cohnreznick.com/industries/government-contracting

Brian Courtney is a senior manager at the accounting, tax and advisory firm CohnReznick LLP. https://www.cohnreznick.com/industries/government-contracting

https://washingtontechnology.com/articles/2017/06/09/insights-contractor-termination.aspx

 

For more information on the types of contract terminations, preparing for them and managing them, please see the article linked below:

http://www.smalltofeds.com/2011/08/federal-government-contract.html

GAO: “Late Means Late for Contract Proposals”

Standard

Image: National Defense Magazine

“NATIONAL DEFENSE MAGAZINE” By By Julia Lippman and Jason Workmaster

“GAO’s opinion should serve as a warning to contractors that a late proposal will not be considered.

Especially with the use of electronic submission processes, a matter of seconds can be the difference between a timely and late proposal.

The Government Accountability Office on Feb. 27 reiterated its long standing rule that, when it comes to proposal submissions, “late” means “late.”

GAO addressed a protest filed by Tele-Consultants Inc. in connection with a request for proposals issued by Naval Sea Systems Command. TCI’s protest argued that its proposal was improperly rejected by the agency for being submitted after the deadline.

Under the request for proposals, the Navy sought support services for the Naval Undersea Warfare Center through the issuance of a task order to a small business holder of the SeaPort-e multiple award indefinite-delivery/indefinite-quantity contract. The solicitation was issued Sept. 28, 2016 and proposals were to be submitted electronically through the SeaPort-e portal by Nov. 8 at 2:00 p.m. eastern time. The solicitation required compliance with the proposal submission instructions outlined in the SeaPort-e multiple award contract and the SeaPort Vendor Portal User Guide.

In using the portal, contractors were required to designate an “authorized user” who could confirm the intent to engage in a legally binding action, such as submitting a proposal. When a contractor was ready to submit its proposal, its authorized user was required to use the “submit signed proposal” button. The portal would then generate a confirmation prompt that would require the user to confirm his or her intent to electronically sign and submit the proposal.

The portal was set up so that contractors could store their proposals on the contractor side of the portal prior to submitting their proposal.

The agency received three proposals by the deadline. TCI’s proposal was not among them. Rather, TCI’s proposal remained in its draft form on the contractor side of the portal because it had not engaged the submit button.

Based on a review of the server logs, the agency determined that TCI’s representatives had unsuccessfully tried to engage the button 23 and 34 seconds after the proposal deadline. TCI reached out to the contracting officer by phone and email stating that the proposal button had not allowed it to submit its proposal but that “TCI’s proposal was timely submitted and it was intended to be binding on TCI.”

TCI received an email that evening from the SeaPort-e portal that noted that, “[a]n event for which you created a draft proposal has closed without you completing the final submission process. As a result, the draft will not be considered.” There was no indication that the portal had experienced any technical malfunction that would have prevented TCI from timely submitting its proposal.

TCI argued that its proposal should not have been rejected because, even though it did not receive notice that its proposal was timely submitted, its proposal was, in fact, submitted on time. Additionally, TCI argued that, even if its proposal was late, it was in the government’s control and was, thus, subject to the exception set forth in FAR 15.208. Under FAR 15.208, proposals that are submitted after the deadline are late unless, among other exceptions, there is evidence that the proposal “was received at the government installation designated for receipt of proposals and was under the government’s control prior to the time set for receipt of proposals[.]”

TCI argued that the archival lock on proposal files was acceptable evidence to establish that its proposal was received at the government installation designated for receipt of proposals and was under the government’s control prior to the time set for receipt of proposals.

The agency responded that TCI’s failure to engage the button meant that TCI had failed to submit its proposal either on time or after the deadline. The agency explained that proposals were not added to the government side of the portal until the submit button was selected. Thus, TCI’s proposal was never received by the government or under the government’s control. The agency also proffered that it could not know if TCI meant to be legally bound by its proposal in light of its failure to engage the button.

Although noting that it was not clear that FAR 15.208 even applied to this FAR Part 16 procurement, GAO nevertheless agreed with the agency and found that TCI failed to submit its proposal. GAO reiterated the well-established rule that an offeror is responsible for delivering its proposal to the designated place by the designated time and that an agency is not required to consider a proposal when there is no evidence that it was “actually received” by the agency.

GAO found that there was no evidence that TCI had actually submitted its proposal to the agency as the electronic submission of a legally binding offer was not completed. TCI did not dispute that it tried to use the submit button after the 2:00 p.m. EST deadline. And TCI never engaged the button even though it tried to do so. TCI’s failure to engage the button meant that it had never submitted a legally binding proposal. GAO concluded that it had “no basis to challenge the agency’s decision that it had not received, and could not consider, TCI’s draft proposal.”

Contractors should take extra care when submitting a proposal electronically to ensure that all proper submittal steps for the submission of a legally binding proposal have been completed well before a proposal deadline.

Additionally, a proposal stored on a government portal may not be sufficient to establish it was in the government’s control.”

Jason N. Workmaster is of counsel and Julia Lippman is an associate in the government contracts practice at Covington & Burling LLP.

http://www.nationaldefensemagazine.org/articles/2017/6/15/late-means-late-for-contract-proposals

 

 

National Geospatial Intelligence Agency (NGA) To Offer Data to Industry for Partnerships

Standard
NGA Federal News Radio

NGA Headquarters – Image:  “Federal News Radio”

“BREAKING DEFENSE”

“The idea: offer companies chunks of the “wonderland” of unclassified NGA data so they can use them to build new products or to test algorithms key to their products.

It’s a bold and rare move by a large and largely secretive government agency.

The top two leaders of the National Geospatial Intelligence Agency, Robert Cardillo and Susan Gordon, met with Anthony Vinci, now NGA’s director of plans and programs, to discuss ways to get more value from the agency’s incredibly valuable pools of data.

Using The Economist‘s description of data as the oil of today — the most valuable commodity in our economy — Vinci argued the agency must deploy it and help pay the American people back for the investment they have made in building the agency. If data is the new oil, Vinci said companies should “turn it into plastic,” adding value.

Cardillo told reporters would NGA would create a B corporation — in effect a non-profit government company — and hire an outsider to run it.

This, I think it’s fair to say, is not a slam dunk. Culturally, it will be challenging, Vinci admitted. “It’s straightforward, but it sort of breaks every rule we have in the IC (Intelligence Community).” The IC doesn’t share data and it doesn’t partner with outsiders, except for allied and friendly governments when needed.

This process may sidestep the whole process of generating a requirement for an intelligence system. “I don’t think that’s how problems can be solved any more,” Vinci said. The current system, which can be circumvented if an urgent need exists, is generally slow and restrictive, one that the Pentagon and the IC are increasingly trying to amend.

I spoke with three senior industry officials who listened to Vinci’s presentation and they were hopeful but cautious. All three said they thought the new effort could yield unexpected and useful returns on taxpayer’s investments in the data.

The biggest obstacle may be Congress. Although NGA would not be making money from the data sharing and it would not be releasing any data that could help our enemies, they would be sharing a government resource which voting taxpayers paid for and over which lawmakers have oversight. Whether the products resulting from the data would be licensed back to NGA, or allowed to generate profits for companies is all still to be determined.

“That’s part of what were trying to figure out Vinci told me,: “taxpayers paid for this data and how can we get that value back to them.”

http://breakingdefense.com/2017/06/nga-to-offer-data-to-industry-for-partnerships/

 

Tight Government Agency Budgets Bring a Silver Lining

Standard
Risk vs. Opportunitiy - alumni.bm.ust.hk

Image:  http://alumni.bm.ust.hk

“WASHINGTON TECHNOLOGY” By Stan Soloway

“Growing funding pressures and uncertainty place a growing onus on agencies to navigate the turbulence in new and innovative ways.

Thus, far from being a market killer, it actually presents opportunity.

For years, the question of when the government might return to “regular order” –that is, a “normal” process in which appropriations are essentially completed by the end of September—has been a prominent one.

Agency leaders, industry, and others, have continually and appropriately harped on the deleterious impacts of the funding yo-yo that has dominated the scene for far too long.
And if there was one thing many hoped for as a result of having one party in control of both the White House and Congress, it was a return to regular order.

Well, it’s probably not going to happen. As virtually all recent reports have indicated, the budget debate within the parties, let alone between the parties, remains fierce and the chances of getting a full year fiscal 2018 funding bill by Sept. 30th are slim indeed.

President Trump’s budget blueprint – the “skinny budget” — generated plenty of debate; the release of his full proposed budget will only turn up the heat further. No  budget resolutions have yet been proposed, let alone passed, and no spending instructions given to the appropriations committees.

Beyond that, consider what else Congress has to deal with over the next four months: the farm insurance bill; the children’s insurance program (CHIP); health care; possibly tax reform; and, of course, the debt ceiling. In other words, while a complex and many-layered debate is virtually certain, it has not yet really begun and one or more continuing resolutions appear almost certain.

To complicate matters further, the Senate cannot even take up the budget until after it finishes with health care, because as soon as a budget bill is passed the rules change previously instituted by the Democrats (requiring only a majority vote) will revert back to the standard rule under which 60 votes will be needed.

Thus, the betting is that another continuing resolution, or a series of them, will be needed.

And that is never a good thing for smart planning and program execution.

Nonetheless, it would appear that over the years most agencies have actually gotten pretty good at adjusting to the external dynamics and finding a way to do their jobs. Even as agencies struggled with the White House’s early budget instructions, most continued to operate relatively normally. And that has mostly carried over to the market as well.

Unlike what we saw with sequestration—the impacts of which were seen and felt months before it went into effect—the impacts of the potential or expected spending reductions are not reflected in a broad market slow-down. In fact, with the exception of State and EPA,  just the opposite seems to be happening.

Through the first two quarters of fiscal 2017, civilian agency spending on professional services and IT both grew by double digits over the same period last year. At the Defense Department, for which we only have data for the first quarter, the pattern was the same (16 percent for professional services; 10 percent for IT).

And while it may seem counter-intuitive, this is actually consistent with what we’ve seen in recent years. Often, those agencies under the toughest budgetary pressures have also been those in which the market has performed best.

Again, this is in part the result of agencies having learned to operate amidst the chaos. But more importantly, it appears to validate another key market dynamic: as agencies are forced to be more and more selective with their funding, their highest priority missions, and thus those most fully funded, tend to be highly tech-centric (cyber, analytics, automation, etc.).

Almost by definition, those missions require more private sector support than other, more routine operations. Thus, market growth in a constrained environment is not only possible, it is likely.

Going forward, aside from major reductions in mission or service, agencies’ best hopes and strategies for dealing with the budget realities largely lie in aggressively expanding the degree to which they capitalize on opportunities to substantially reduce costs (and improve service) across the board, driven by the emergence of the digital economy.

It’s happening across the commercial sector; and this budget could well catalyze a similar transition in government.

This is not to say that predictability and stability should not still be a goal. It absolutely should be. Nor is it to suggest that some budget cuts won’t have very real negative impacts on segments of industry. They will.

But as the data and other trends suggest, stability may not be the holy grail it once appeared to be. ”

https://washingtontechnology.com/articles/2017/05/22/insights-soloway-budget-silverlining.aspx

About the Author

Stan Soloway

Stan Soloway is a former deputy undersecretary of Defense and former president and chief executive officer of the Professional Services Council. He is now the CEO of Celero Strategies.

Defense Companies Are Here To Stay

Standard

“DEFENSE NEWS” By Charles Mahoney

“Like it or not, government agencies responsible for national security are dependent on private defense firms.

These companies are primarily responsible to shareholders rather than the American people. How can they be held accountable to the nation’s interests?

What is certain is that for-profit military and intelligence firms will remain an integral part of U.S. national defense. My research focuses on the changing nature of the private defense industry. Military contracting is still big business, although media coverage of private military firms has diminished since the withdrawal of the U.S. from Iraq in 2011. Today, contractors’ work ranges from assisting in drone missions to analyzing signals intelligence to training police forces in fragile countries like Afghanistan.”

top-100-image1

Image: “Defense News”

“New frontiers

In recent years, private military companies have adapted to changing demands from U.S. defense agencies. During the wars in Iraq and Afghanistan, the U.S. military relied heavily on contractors to support counterinsurgency operations. However, high-profile incidents of alleged human rights abuses by the company CACI at Abu Ghraib prison in Iraq and Blackwater at Nisour Square, Iraq brought to light the difficulty the American military faces monitoring private defense companies.

At the same time, Americans have since become averse to nation-building campaigns in failing states. So, private defense firms have shifted away from supporting “boots on the ground.” Instead, they are increasingly assisting military and intelligence agencies with counterterrorism and cybersecurity.

While the American people generally want to avoid deploying troops to conflict zones, they still demand protection from terrorism. The Pentagon, CIA and other defense agencies receive assistance in these areas from private companies with expertise in drone warfare, special forces operations and analysis of electronic surveillance of potential terrorist threats. These traditionally were duties of public employees.

Cybersecurity is another area in which private military companies see increasing demand. Information gleaned from hacking government agencies, world leaders and political campaigns can be used by rogue states like Russia and nonstate actors like WikiLeaks to harm American interests.

Serving the public interest?

Most defense analysts now acknowledge that the question is not whether to privatize, but where to draw the line. If the U.S. government is going to work extensively with contractors, it requires a more robust oversight system. Government agencies and courts also need assurances they can hold defense firms accountable if they break the law overseas.

During the Iraq War, this was a point of serious contention. It was unclear what legal jurisdiction applied to employees of private defense firms. The uncertain legal status of contractors caused significant tension between the U.S. and the government of Iraq and hampered American counterinsurgency efforts.

Here are three ways Congress could increase accountability for private defense firms as the industry becomes more enmeshed in national security.

  • Congress could create an independent regulatory agency to report on contractors’ performance. While major firms in the industry insist they can regulate themselves, an independent oversight agency could more adequately assess how defense contractors perform.
  • As things stand now, the U.S. government often overlooks bad behavior and renews contracts with companies that have less than stellar records. Instead, the government could more severely penalize firms that do not fulfill the terms of their agreements.
  • Government employees often transition from public service into lucrative positions at billion-dollar defense corporations. Stricter rules to limit this “revolving door” would make government employees more willing to penalize firms.

Private defense contractors will likely be a major part of U.S. national defense for the foreseeable future. Diligent oversight and regulation of companies in this rapidly evolving industry, I believe, are necessary to ensure that these firms advance the public good of American security.”

http://www.defensenews.com/articles/private-defense-companies-are-here-to-stay-what-does-that-mean-for-national-security

Charles Mahoney is a professor of political science at California State University, Long Beach. His commentary was originally published on The Conversation .

 

 

 

Pentagon Contractor Performance Monitoring Lacks Timeliness and Content

Standard

CPARS report_575

“THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

“Last week, the Department of Defense (DoD) Inspector General (IG) released a summary of a series of reports assessing how effectively the Pentagon tracks the performance of its contractors.

The DoD measures contractors’ past performance with performance assessment reports, or PARs, evaluations that provide a record—both positive and negative—of performance on a contract during a specific period of time.

The DoD IG audited 18 DoD divisions, including the main service branches—Navy, Air Force, and Army (POGO blogged about the IG’s report on the Army last year)—and the Defense Logistics Agency. The audit reviewed a total of 238 PARs on contracts worth a total of $18 billion.

PARs are compiled in a database called the Contractor Performance Assessment Reporting System (CPARS) and are shared government-wide via the Past Performance Information Retrieval System (PPIRS) database.

PARs are incredibly important because without access to timely, accurate, and complete past performance information, the government risks awarding taxpayer money to non-responsible contractors, which is a violation of the law, or allowing performance deficiencies to fester. The former happened several years ago with the botched rollout of the HealthCare.gov website, a fiasco that might have been avoided had the Centers for Medicare and Medicaid Services more thoroughly researched the performance history of the contractor it put in charge of designing and testing the site. An example of the latter was recently discovered on a US Marshals Service contract to manage the Leavenworth Detention Center in Kansas. The Department of Justice IG found the Marshals Service was not entering past performance evaluations of the contractor into CPARS. As a result, safety and security problems at the maximum-security prison caused by understaffing persisted for almost a year.

The IG found the information reported in CPARS and PPIRS “was not consistently useful” because contracting officials did not always comply with requirements for evaluating contractor performance. Although the IG found DoD agencies are preparing more PARs in a timely manner than ever before (74 percent in fiscal year 2016, almost 20 percentage points higher than the previous year), more than a third of the 238 PARs were still late by an average of 73 days. The agencies seem to have a bigger problem with completeness: 84 percent of the PARs contained performance ratings, written narratives, or contract descriptions that fell short of past performance reporting requirements. For example, officials gave contractors an “exceptional” or “very good” rating for required evaluation factors without adequately explaining why the rating was justified, or sometimes even failed to provide a rating at all.

Finally, we would be remiss if we didn’t use this opportunity to reiterate our call for publicly releasing contractor past performance evaluations. Bits of past performance information occasionally turn up in judicial opinions and bid protest decisions, but the government has long resistedpublicly releasing this data on a regular basis in a centralized location. Public availability of contractor past performance records would incentivize responsible business conduct, which would protect the government’s and taxpayers’ interests in the long run.”

http://www.pogo.org/blog/2017/05/watchdog-finds-dod-must-improve-contractor-performance-monitoring.html

 

 

 

Navigating Defense Department Cyber Rules

Standard

Cyber Rules

“NATIONAL DEFENSE MAGAZINE”

“Defense contractors by Dec. 31 are expected to provide “adequate security” to protect “covered defense information” using cyber safeguards.

Thousands of companies who sell directly to the Defense Department, and thousands more who sell to its suppliers, are or will be, subject to the rule.

This obligation arises from a Defense Acquisition Regulation System Supplement clause, “Network Penetration Reporting and Contracting For Cloud Services,” that was finalized last October and described in the National Institute of Standards and Technology (NIST) Special Publication 800-171.

The Pentagon is well-justified to seek improved cyber protection of sensitive but unclassified technical information. Hackers have exploited network vulnerabilities in the defense supply chain for the unauthorized exfiltration of valuable and sensitive defense information. Senior defense officials have expressed alarm at this persistent and pervasive economic espionage. 

Since 2013, the Defense Department has used acquisition regulations to protect controlled technical information significant to military or space. Other forms of information may not have direct military or space significance, but loss of confidentiality through a cyber breach can produce serious, even grave national injury. 

The Defense Department is the leader among federal agencies in using its contractual power to cause its vendors to improve their cybersecurity. The principal instruments are two contract clauses, DFARS 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls,” and DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” Both were the subject of final rulemaking released Oct. 21.

Where the -7008 “compliance” clause is included in a solicitation, the offeror commits to implement the SP 800-171 safeguards by the end of this year. Defense Department contracts will include the -7012 “safeguards” clause, which defines the types of information that must be protected, informs contractors of their obligation to deliver “adequate security” using SP 800-171 controls, and obligates reporting to the department of cyber incidents.  

Every responsible defense supplier supports the objectives of these cyber DFARS rules. But the requirements are complex and are not currently well-understood. Outside of a few of the largest, dedicated military suppliers, many companies in the defense supply chain view these rules with a mix of doubt, concern and alarm. This recipe serves neither the interests of the Defense Department nor its industrial base.

A technology trade association, the IT Alliance for Public Sector, released a white paper that examines the Defense Acquisition Regulation System Supplement and other federal initiatives to protect controlled unclassified information. The goal was to assist both government and industry to find effective, practical and affordable means to implement the new cyber requirements. The paper examines these five areas: designation, scope, methods, adoption and compliance.

As for designation, the department should accept that it is responsible to identify and designate the covered defense information that contractors are obliged to protect. It should confirm that contractors only have to protect information that it has designated as covered, and that such obligations are only prospective — newly received information — and not retrospective.

In regards to “scope,” the Defense Department should revise the rule to clarify that contractors must protect information that it has identified as covered and provided to the contractor in the course of performance of a contract that is subject to the rule. The definition of “covered defense information” should be revised to remove confusing language that can be interpreted to require protection of “background” business information and other data that has only a remote nexus to a Defense Department contract.

The October 2016 revision now allows defense contractors to use external cloud service providers, where covered information is involved, only if those vendors meet the security requirements of FedRAMP Moderate “or equivalent.” The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

The regulation fails to explain what is meant by “or equivalent” and who decides. The Defense Department needs to explain what it expects from cloud services to satisfy SP 800-171 and the DFARS rules. A security overlay should be prepared by NIST to add cloud-specific controls. But it is unnecessary to impose the whole of the FedRAMP process and federal-specific controls on commercial cloud providers.

The Defense Department continues to depend on small business for many needs, and seeks their innovative ideas. The supplements are an obstacle and burden on smaller businesses, and yet security is just as important at the lower levels of the supply chain as at the top. The department can improve the ability of small business to implement the required security controls. Several specific recommendations are made as to how it can reach and assist the small business community. One recommendation is to make increased use of the NIST voluntary cybersecurity framework.

As far as compliance, contractors are required to represent that they will deliver “adequate security” and fully implement the SP 800-171 controls by the year-end deadline. The Defense Department needs to better inform its contractors how they can be confident their security measures will satisfy the requirements should they come under scrutiny following a cyber incident. The white paper explores different ways to create a safe harbor for compliance. A key component is contractor documentation of a system security plan, which was added as a 110th requirement to SP 800-171.        

The White Paper is available here. The Defense Department is hosting an industry day on the cyber DFARS, June 23 at the Mark Center in Alexandria, Virginia. Information and registration details available here. ”     

http://www.nationaldefensemagazine.org/articles/2017/4/21/navigating-defense-department-cyber-rules

Wars to Keep the Military Industry in Demand

Standard
defensehikes.jpg.w300h214

Image: Batr.org

The defense industry in America has utilized the threat of war and self-fulfilling prophesies to promote engagements by our country in several countries over the last 15 years. They pay more in lobbying costs each year than they pay in taxes.
There have been two major factors in the U.S. approach to undeclared warfare:
1. The motives of the U.S. and International Military Industrial Complexes, USAID and other western USAID counterparts in fostering continued warfare during this period, netting billions in sales of weapons to the war fighters and massive construction and redevelopment dollars for international companies who often operated fraudulently and fostered waste, looting and lack of funds control.
It is common knowledge that many of these corporations spend more each year in lobbying costs than they pay in taxes and pass exorbitant overhead and executive pay cost on to the tax payer in sales, thus financing their operating personnel riches while remaining marginally profitable to their stockholders.
I watched this from the inside of many of these companies for 36 years. Here is my dissertation on that subject. You can read it on line at:
Here is an example of how the lobbying and behind the scenes string pulling worked:
2. The complete lack of cultural understanding between U.S. and Western decision makers and the middle east cultures they were trying to “Assist” by nation building.
The only real understanding that existed during the period was in the person of General Schwarzkopf who spent much of his youth in the Middle East with his father who was an ambassador to Saudi Arabia. He was fascinated by the Arab culture, commended their respect and like Eisenhower led a coalition during the Gulf War. He then astutely recommend no occupation of Iraq, went home and stayed out of government. Norman, like Ike, knew the power of the MIC and he wanted no part of it.
The U.S Tax payer has funded billions in USAID and construction projects in Iraq and wasted the money due to a lack of cultural understanding, fraud and abuse. POGO documents many:
There is history repeating itself here – much like Vietnam the above two factors are deeply at play with the lack of astute learning in our government as we look back over our shoulder.
We must come to the understanding, like a recent highly respected war veteran and West Point Instructor has, that military victory is dead.
“MODERN WAR INSTITUTE AT WEST POINT”
“Victory’s been defeated; it’s time we recognized that and moved on to what we actually can accomplish. “
Frank Spinney is an expert on the MIC. He spent the same time I did on the inside of the Pentagon while I worked Industry. You may find his interviews informative.

Government Contractor Tax Day Tidbits – “Food for Thought”

Standard

tax day

“THE PROJECT ON GOVERNMENT OVERSIGHT”

[On] the federal tax filing deadline, the Project On Government Oversight (POGO) offer[ed] some tax-related contractor oversight food for thought:

  • ” The Treasury Inspector General for Tax Administration (TIGTA) found that the Internal Revenue Service (IRS) awarded contracts to at least 20 companies that owed more than $5 million in delinquent federal taxes. TIGTA also found that 11 contractors owing $4.3 million in taxes were awarded more than $356 million in IRS contracts and an additional $3.7 billion in contracts from other federal agencies
  • POGO tracks tax violations in our Federal Contractor Misconduct Database, which shows that contractors have paid $3.64 billion to resolve cases with local, federal, and foreign revenue collection authorities. The bulk of this amount comes from GlaxoSmithKline’s record-breaking $3.4 billion payment in 2006 to settle IRS charges of under-reporting profits.
  • There are some noteworthy tax misconduct cases pending against the large federal contractors, including actions by New York City and State against FedEx and United Parcel Service for allegedly trafficking in contraband cigarettes, and a complaint filed with the IRS accusing ExxonMobil of violating tax laws to wage a campaign attacking climate science.
  • Earlier this month, the IRS launched a program employing private debt collection companies to recover delinquent income taxes. This is the third time since 1996 the IRS has tried to outsource tax debt collection—both previous attempts were dismal failures.
  • Congress has taken another stab at passing a law that would prevent individuals with seriously delinquent tax debts from obtaining federal employment, contracts, and grants. Similar bills introduced in 2011, 2013, and 2015 ultimately failed to advance. The Senate is also attempting to strengthen protections for those who blow the whistle on tax fraud.

So get those tax returns out the door! You can rest assured that POGO will do its best to make sure the government collects what it is owed and does not waste that money.”

http://www.pogo.org/blog/2017/04/tax-day-tidbits.html