REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT



Similar documents
AUDIT REPORT Audit of Controls over GPO s Fleet Credit Card Program. September 28, 2012

AUDIT REPORT REPORT NUMBER Information Technology Professional Services Oracle Software March 25, 2014

Los Angeles Unified School District Office of the Inspector General Contract Audit Unit Contract Audit Report

PROCUREMENT. Actions Needed to Enhance Training and Certification Requirements for Contracting Officer Representatives OIG-12-3

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

AUDIT REPORT REPORT NUMBER Information Technology Microsoft Software Licenses March 27, 2014

GAO HOMELAND SECURITY. Contract Management and Oversight for Visitor and Immigrant Status Program Need to Be Strengthened

Audit of Veterans Health Administration Blood Bank Modernization Project

Hotline Complaint Regarding the Defense Contract Audit Agency Examination of a Contractor s Subcontract Costs

AUDIT OF SBA S SYSTEM AUDIT REPORT NUMBER 4-42 SEPTEMBER 10, 2004

Department of Homeland Security

U.S. Department of Justice Office of the Inspector General Audit Division

EPA Should Improve Policies and Procedures to Ensure Effective DCAA Audit Report Resolution

Audit of Controls Over Contract Payments FINAL AUDIT REPORT

Audit of Controls over Government Property Provided under Federal Student Aid Contracts FINAL AUDIT REPORT

Office of the Inspector General Department of Defense

Department of Homeland Security

U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits

Audit Report OFFICE OF INSPECTOR GENERAL. Farm Credit Administration s Purchase Card Program A Auditor-in-Charge Sonya Cerne.

Office of Audits. Independent Auditor s Report on the Application of Agreed-Upon Procedures Related to Selected DynCorp Invoices UNCLASSIFIED

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

KAREN E. RUSHING. Audit of Purchasing Card Program

US EPA: Meaningful Analysis of the FY11 Service Contract Inventory. Table of Contents

Office of Inspector General Corporation for National and Community Service

Pre-Award Accounting Systems

Department of Homeland Security Office of Inspector General. Immigration and Customs Enforcement Management Controls Over Detainee Telephone Services

Navy s Contract/Vendor Pay Process Was Not Auditable

Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

May 2, 2016 OIG-16-69

Controls Over EPA s Compass Financial System Need to Be Improved

EXECUTIVE SUMMARY. We found that back-up activities were reasonably effective to minimize data loss but that improvements were needed in the areas of:

LEGAL SERVICES CORPORATION OFFICE OF INSPECTOR GENERAL FINAL REPORT ON SELECTED INTERNAL CONTROLS RHODE ISLAND LEGAL SERVICES, INC.

SIGAR. USAID s Measuring Impact of Stabilization Initiative: Audit of Costs Incurred by Management Systems International APRIL

Department of Defense Inspector General OAIG-Audit Policy and Oversight ATTN: APO, Suite 11D Mark Center Drive Alexandria, VA

United States General Accounting Office May 2000 GAO/AIMD

March 17, 2015 OIG-15-43

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

MEMORANDUM OF UNDERSTANDING Between Defense Contract Audit Agency and Department of Homeland Security

OFFICE OF INSPECTOR GENERAL

MEMORANDUM OF UNDERSTANDING Between Defense Contract Audit Agency and Department of Homeland Security

The Environmental Careers Organization Reported Outlays for Five EPA Cooperative Agreements

SYSTEMS AND CONTROLS. Management Assurances FEDERAL MANAGERS FINANCIAL INTEGRITY ACT (FMFIA) ASSURANCE STATEMENT FISCAL YEAR (FY) 2012

MONITORING PERFORMANCE

FEDERAL TRADE COMMISSION. Office of Inspector General

QUALITY CONTROL REVIEW REPORT

1/ff~. Schanz Inspector General. March 26, 2015

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

REVIEW OF NASA S INTERNAL CONTROLS FOR AWARDS WITH SMALL BUSINESSES

United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit

Department of Homeland Security

EPA Should Improve Its Contractor Performance Evaluation Process for Contractors Receiving Recovery Act Funds

OFFICE OF INSPECTOR GENERAL. Audit Report

Office of Inspector General

Audit Report OFFICE OF INSPECTOR GENERAL. Farm Credit AdministraƟon s Mobile Device Cost Controls A Auditor in Charge Tammy Rapp

AUDIT REPORT. Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit

CHAPTER 3 FINANCIAL MANAGEMENT SYSTEMS: POLICY, ROLES AND RESPONSIBILITIES FOR CONFORMANCE, EVALUATION, AND REPORTING

Government Contractor Business Systems and Overview of System Assessments

SIGAR. USAID s Higher Education Project: Audit of Costs Incurred by the University of Massachusetts APRIL

Significant Revisions to OMB Circular A-127. Section Revision to A-127 Purpose of Revision Section 1. Purpose

Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission

U.S. Department of Justice Office of the Inspector General. Improving the Grant Management Process

December 2014 Report No An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission

Department of Homeland Security

Subject: GSA On-line Procurement Programs Lack Documentation and Reliability Testing

U.S. Department of Agriculture Office of Inspector General Financial and IT Operations Audit Report

FOR PUBLIC RELEASE. Office of the Secretary. Commerce Should Strengthen Accountability and Internal Controls in Its Motor Pool Operations

Strategic Implications of the New DFARS Business System Rule Co-presented by Venable LLP and Argy, Wiltse & Robinson June 12, 2012

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Examination Report

INSPECTOR GENERAL UNITED STATES POSTAL SERVICE

September 2008 Report No. AUD Controls Over Contractor Payments for Relocation Services AUDIT REPORT

A GUIDE TO BEST PRACTICES FOR CONTRACT ADMINISTRATION

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE May 23, 2000.

Evaluating the Impact of Interagency Agreement Revenue

Peace Corps Office of Inspector General

Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit

CMS DID NOT ALWAYS MANAGE AND OVERSEE CONTRACTOR PERFORMANCE

OAIG-AUD (ATTN: AFTS Audit Suggestions) Inspector General of the Department of Defense 400 Army Navy Drive (Room 801) Arlington, VA

Audit of the SEC s Contracting Officers Representative Program

Subj: Appointment as a Contracting Officer's Technical Representative (COTR)

Review of Select Time-and- Materials and Labor-Hour Contracts

AUDIT OF THE CORPORATION S PROCUREMENT AND TRAVEL CREDIT CARD PROGRAMS

How To Check If Nasa Can Protect Itself From Hackers

OAIG-AUD (ATTN: AFTS Audit Suggestions) Inspector General, Department of Defense 400 Army Navy Drive (Room 801) Arlington, VA

February 15, The Honorable Joshua B. Bolten Director Office of Management and Budget th Street, NW Washington, DC 20503

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL 400 MARYLAND AVENUE, S.W. WASHINGTON, DC

Department of Homeland Security Office of Inspector General. FLETC Leases for Dormitories 1 and 3

FEDERAL ELECTION COMMISSION OFFICE OF INSPECTOR GENERAL

DoD Methodologies to Identify Improper Payments in the Military Health Benefits and Commercial Pay Programs Need Improvement

Program Management Office Provided Adequate Oversight of Two Contracts Supporting the Defense Enterprise Accounting and Management System

Maryland Automobile Insurance Fund

B Baker Tilly Beers & Cutler - A Guide to GSA Contractual Requirements

A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER

U.S. SMALL BUSINESS ADMINISTRATION OFFICE OF INSPECTOR GENERAL WASHINGTON, D.C

~ l O~rs. UNITED STATES DEPARTMENT OF COMMERCE Office of Inspector General Washington. D.C August 9, 20 12

AUDIT OF AGENCY CONTROLS GOVERNING THE PROCESS FOR PROCUREMENT OF VENDOR TRAINING SERVICES

U.S. Army Corps of Engineers, New York District Monitoring of a Hurricane Sandy Contract Needs Improvement

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

W September 14, Final Report on the Audit of Outsourcing of Desktop Computers (Assignment No. A-HA ) Report No.

Transcription:

REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT SUBMITTED TO THE U.S. SECURITIES AND EXCHANGE COMMISSION OFFICE OF INSPECTOR GENERAL Cotton & Company LLP Auditors Advisors 333 North Fairfax Street, Suite 401 Alexandria, Virginia 22314 (703)836-6701 www.cottoncpa.com

June 25, 2004 Mr. Walter Stachnik Inspector General U.S. Securities and Exchange Commission 450 Fifth Street, NW Washington, DC 20549 Subject: Independent Evaluation and Assessment of Internal Control for Contract Oversight Task Order No. SECJQ1-03-D-0175 (September 24, 2003) Dear Mr. Stachnik: In accordance with terms of the subject task order, Cotton & Company LLP performed an independent evaluation of the U.S. Securities and Exchange Commission s internal control over contract management oversight of its customer service agreements with the Millennium Services Center (MSC) at the U.S. Department of Transportation (DOT) for services provided by Science Applications International Corporation (SAIC). The evaluation included review of management procedures and practices established to implement federal procurement, acquisition, and contract laws and regulations and the Commission s own procurement regulations and policies. This evaluation focused on 1) the Commission s management controls used to obtain information technology (IT) support services through customer service agreements with MSC from November 2001 through April 2003 under Commission Contract No. SECHQ1-00-H-0239, and 2) a review and assessment of all task orders issued from February 2000 through December 2003 and MSC invoices submitted through the U.S. Treasury s Interagency Payment and Collection (IPAC) system. We identified specific control weaknesses and deficiencies and developed recommendations designed to improve contract management oversight functions and procedures. We conducted the evaluation in accordance with Government Auditing Standards, as revised. We were not engaged to, and did not perform a financial statement audit, the purpose of which would be to express an opinion on specified elements, accounts, or items. This report is intended to meet the objectives described above and should not be used for other purposes. Please call me at (703) 836-6701 if you have questions. Very truly yours, COTTON & COMPANY LLP Michael W. Gillespie, CPA, CFE Partner

CONTENTS Section Page Executive Summary 1 Scope, Objectives, and Methodology 2 Scope and Objectives 2 Methodology 2 Background 4 Evaluation Results 5 1. Task Orders 5 2. Management Fees 6 3. Invoice Certification 6

REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT SUBMITTED TO THE U.S. SECURITIES AND EXCHANGE COMMISSION OFFICE OF INSPECTOR GENERAL EXECUTIVE SUMMARY The Office of Inspector General (OIG), U.S. Securities and Exchange Commission, contracted with Cotton & Company LLP to perform an independent evaluation of internal control over contract management oversight of the Commission s customer service agreements (task orders) with the Millennium Services Center (MSC) located at the U.S. Department of Transportation (DOT) for services provided by Science Applications International Corporation (SAIC). The evaluation included a review of management procedures and practices established to implement federal procurement, acquisition, and contract laws and regulations and the Commission s own procurement regulations and policies. We conducted this evaluation from September 2003 to March 2004 in accordance with Government Auditing Standards, as promulgated by the Comptroller General in the "yellow book for performance audits, and AICPA standards for consulting services. We also adhered to all relevant federal and Commission guidelines. For the time period covered by our review, the Commission did not establish adequate controls for obtaining information technology (IT) support services using a customer service agreement with MSC. Commission officials indicated that the controls were improved during the course of the contract, including improvements made subsequent to our review period. The Commission elected the option to have MSC maintain direct contract authority, administrative responsibilities, and contract management control over SAIC s performance. However, this arrangement did not meet the oversight needs of the Office of Information Technology (OIT), the office using SAIC s (and its subcontractors ) services. We noted specific control weaknesses over contract management oversight functions and procedures with respect to the MSC customer service agreements, including: 1. Commission task orders were not sufficiently detailed to fully describe the Commission s expectations and the oversight responsibilities of the MSC and the Commission. 2. MSC applied a management fee on SAIC invoices before sending them to the Commission. The Commission s Contracting Officer s Technical Representative (COTR) stated that the COTR was unaware of the amount or basis for the fees. 3. The Commission s COTR certified invoices without sufficient supporting documentation. The Commission may have been billed labor costs for employees who did not work on Commission tasks. This weakness relates to the decision to have MSC be responsible for contract administration. OIT technical staff did not clearly understand the limitations on their administrative duties under the contract. 1

We are recommending enhancing the Commission s existing policies and procedures and COTR training to improve the controls over task orders under customer service agreements with other federal agencies. SCOPE, OBJECTIVES, AND METHODOLOGY Scope and Objectives The Commission s OIG contracted with Cotton & Company LLP to perform an independent evaluation of its internal control over contract management oversight of the customer service agreements with MSC. The evaluation included review of management procedures and practices established to implement federal procurement, acquisition, and contract laws and regulations and the Commission s own procurement regulations and policies. This evaluation focused on 1) the Commission s management controls used to obtain IT support services through customer service agreements with MSC from November 2001 through April 2003 under Commission Contract No. SECHQ1-00-H-0239, and 2) a review and assessment of all task orders issued from February 2000 through December 2003 and MSC invoices submitted through the U.S. Treasury s Interagency Payment and Collection (IPAC) system. The evaluation covered key phases of contract oversight processes for initiating and issuing task orders; modifying task orders; obligating and controlling funds; monitoring contractor activities; and assessing contractor performance. The evaluation also included review of controls established to protect the Commission from waste, fraud, and abuse by ensuring that only authorized work is performed, work performed is within the scope of the contract, and task-order deliverables are met. The evaluation also covered the Commission controls used to certify vendor payments processed through IPAC. This includes activities of the COTR and Contracting Officer (CO) from the time a task order was issued and executed. The evaluation did not include pre-award functions and activities. The evaluation objective was to determine the adequacy, effectiveness, and sufficiency of controls to validate and verify that: Methodology All work performed by SAIC was authorized. Work performed by SAIC was within contract and task-order scope. Task orders were within the scope of the contract. SAIC and MSC invoices submitted to the Commission through IPAC were accurate, complete, and allowable. To achieve the evaluation objectives, we obtained, compared, and assessed applicable federal laws, regulations, and guidance governing federal agency acquisition of information technology and services to the Commission s contract oversight policies, procedures, and practices. We also reviewed relevant Commission, DOT, and SAIC financial records and documents supporting invoices to the Commission. This included tracing the Commission s task-order requests to MSC to support its work authorizations issued by MSC to SAIC. Further, we traced SAIC invoices 2

submitted to MSC to documents supporting the transfer of funds from the Commission to MSC in the IPAC system. We also performed the following: Interviewed relevant Procurement and Contracting Branch (PCB) and Office of Information Technology (OIT) officials and staff and Department of Transportation (DOT) and MSC officials. Gained an understanding of the Commission s contract oversight processes and procedures and relevant Securities and Exchange Commissions Reviews (SECR) in place during the evaluation period and changes occurring within the past two years. Gained an understanding of the PCB and OIT organizational structures and operations. Conducted tests of customer service agreements (task orders), management oversight controls for issuing tasks, oversight and monitoring of contractor work, work assignment, and invoice certification. Compared the Commission s controls to those it used under similar agreements with other federal agencies. Assessed PCB and OIT processes and procedures used to modify task order requests issued through customer service agreements. We conducted this evaluation from September 2003 to March 2004 in accordance with Government Auditing Standards, as promulgated by the Comptroller General in the "yellow book for performance audits, and AICPA standards for consulting services. We used the following federal and Commission established guidelines as criteria for this evaluation: Federal Acquisition Regulation (FAR). A Guide to Best Practices for Contract Administration, October 1994, issued by the Office of Federal Procurement Policy (OFPP). Federal Acquisition Streamlining Act of 1994 and other relevant legislation and promulgated guidance. Office of Management and Budget (OMB) Circulars A-127, Financial Management Systems, and A-123, Management Accountability and Control. Applicable Commission procurement and contracting regulations, policies, guidance. 3

BACKGROUND Since February 2000, the Commission has issued a series of task orders under the customer service agreements with MSC (issued under Commission No. SECHQ1-00-H-0239 and modifications). The purpose of these task orders was to obtain IT services from SAIC through MSC. The MSC is a component of the DOT, and the customer service agreement was issued under MSC s Government-Wide Acquisition Vehicle (GWAC) known as Information Technology Omnibus Project (ITOP). ITOP is a multiple-award, indefinite delivery, indefinite quantity, contract vehicle designed to provide federal agencies with a fast and efficient way to obtain IT technical services, hardware and software. Customer service agreements and the related agency task orders are similar to contracts in that they specify an agency s expectations, responsibilities, duties, and authorities, as well as provide a statement of work, list of deliverables, invoicing procedures, supporting documentation, and reporting procedures. Depending on the complexity and nature of work covered, the agreements may be large, formal documents describing all requirements or less formal reimbursable agreements. PCB (within the Office of Human Resources and Administrative Services (OHRAS), formerly the Office of Administrative and Personnel Management), and OIT are responsible for issuing task orders and performing contract oversight activities. Specifically: PCB is responsible for purchasing and contracting for goods, services, supplies, and equipment. It also is responsible for performing a variety of contract and procurement activities including determining the appropriate type of contract for services needed, and reviewing statements of work and justifications for other than full and open competition. OIT is responsible for developing and maintaining the Commission s IT infrastructure and developing the IT security program, policies, and procedures. OIT responsibilities include daily management of support functions for systems and IT services, software development and maintenance, network and data communication design and maintenance, design engineering and oversight of the IT architecture, and configuration management and quality assurance group management. OIT is responsible for writing statements of work and initiating (when applicable) justifications for other than full and open competition. From February 2000 through December 2003, the Commission awarded 95 tasks with a total obligation of $29,255,686. From November 2001 through April 2003, the Commission awarded 43 task orders with a total obligation of $10,918,699. During this period MSC s fee structure was based on a percentage of costs (e.g., 10 to 15%) as well as direct charge amounts. 4

EVALUATION RESULTS The following is a discussion of the findings that we noted during our evaluation and recommendations designed to improve contract management oversight procedures. 1. Task Orders Commission task orders to the MSC provided some information, but were not sufficiently detailed. Additional information would have better: Defined the Commission s expectations. Clarified and specified Commission and MSC contract oversight duties and responsibilities for SAIC. Identified deliverables. Defined reporting requirements. Specified invoicing procedures. Clarified the agreed-upon MSC management fees and fee basis. Specified the types of contracts available to the Commission through the ITOP contract with SAIC. The importance of clarifying respective roles (especially in a complex arrangement involving two federal agencies and a contractor) was shown by an issue arising repeatedly during the contract. OIT technical staff questioned numerous invoices submitted by SAIC through the MSC. The technical staff felt the invoices were not sufficiently detailed and did not adequately support the costs claimed (see the finding on certification of invoices, below). OIT technical staff did not clearly understand the limitations on their administrative duties under the contract, since the Commission was paying MSC to be responsible for contract administration. In June 2004, the General Services Administration (GSA) and DOT entered into an agreement that moved ITOP to GSA. Additionally, DOT announced that no new task orders or modifications to existing tasks would be accepted by DOT for ITOP and that all existing work would cease on September 30, 2004 (later extended to December 31, 2004). As a result of these actions, we are not making recommendations relating to modifications of existing task orders to MSC. Our recommendation relates to better defining future task orders. Recommendation A: The Office of Human Resources and Administrative Services should revise its existing policies and procedures to help ensure that task orders under GWAC-type vehicles clearly describe the services being requested, management fees, deliverables, performance period, invoicing procedures, and other required information. 5

2. Management Fees During the period of our evaluation, MSC invoiced the Commission for $11,566,646; of this amount, $10,428,199 was for SAIC s services, and $1,138,447 was for management fees. MSC management fees were a combination of percentage of costs (ranging from 10 to 15 percent) and direct charges. Although the Commission s task orders contained a line item for an MSC fee, none of the task orders disclosed either the fee amount or percentage. We identified the management fee only by reviewing documentation maintained by MSC in its contract files. The Commission COTR was unaware of the amount of the fees or how they were derived. Recommendation B The Office of Human Resources and Administrative Services, in consultation with the Office of General Counsel and the Office of Financial Management, should submit a written request to MSC asking it to review whether the fees billed to the Commission were consistent with the fee structure in the ITOP contract. 3. Invoice Certification MSC submitted SF 1081s and billing statements as support for reimbursement against Commission funds held at Treasury. The Commission received SF 1081s showing dollar amounts transferred by Treasury from the Commission fund account to MSC. For instance, in January 2003, Treasury transferred $438,429 from the Commission to MSC under the contract; accompanying this document was MSC s Invoice No. 40. The MSC invoice included the primary account number, secondary account code, description of service, current hours by account code, and monthly charges incurred during the period November 9 through December 6, 2002. The invoice did not include timesheets or other information to confirm that hours billed were actually worked by SAIC personnel. The COTR (assisted by the OIT technical staff) was required to certify the charges or take exception to the billing. The OIT technical staff repeatedly raised questions about the amount of the invoices and how they were derived. OIT verbally requested that MSC provide a detailed breakdown of the labor hours for each task order. MSC was unable to accommodate this request because it did not have this information, but the COTR certified the invoices anyway (so that SAIC would continue to provide services under the contract). Under the MSC contract, the DOT COTR was responsible for the accuracy of SAIC billings, as part of DOT s contract administration duties (which the Commission paid for in its fee). However, OIT staff did not clearly understand this contract provision (in part because of staff turnover in OIT, according to PCB). During our review of SAIC invoices at MSC, we inquired of MSC and DOT personnel about whether any detailed supporting documentation, such as timesheets or a listing of names of SAIC personnel and subcontractors that worked on Commission tasks, accompanied the invoices. We were informed that they did not have this documentation, and that it would have to be obtained directly from SAIC. 6

During the evaluation, we obtained a list of personnel from SAIC who charged hours against the various MSC task orders for work performed at the Commission. We submitted the list to individual OIT task managers for confirmation and verification. We specifically asked the task managers if they knew the individuals and if they knew the individuals had worked on the specific tasks for which the hours were billed. From this test, we determined that the task managers could not verify 25,021.75 hours worked by 41 SAIC personnel invoiced at $961,081. Given the circumstances described above, an audit of the timesheets and other documentation supporting the invoices appears appropriate. Recommendation C The Office of Human Resources and Administrative Services should require COTRs and related technical staff to attend refresher training once every three years on contract administration (including certifying invoices). Recommendation D The Office of Human Resources and Administrative Services, in consultation with the Offices of Information Technology, General Counsel and Financial Management should request that the Defense Contract Audit Agency (the cognizant audit agency for SAIC) perform an audit of specified task orders under the MSC customer agreement. Recommendation E The Office of Information Technology should develop appropriate procedures for its COTRs to follow in certifying contractor invoices. OIT indicated that it will develop procedures that OIT COTRs are to follow when certifying contractor invoices. These procedures will be based on SECR 10-15: Contracting Officer s Technical Representative (COTR) and Inspection and Acceptance Official (IOA), dated November 4, 2004. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information