Search | Accessibility | Privacy | Information Quality | Plain Writing Act of 2010 | Contact Us | Site Map | Home

FDIC's Contract Oversight Management of the Infrastructure Services Contract

March 2008
Report No. AUD-08-008

FDIC OIG, Office of Audits
Federal Deposit
Insurance Corporation

Why We Did The Audit

The objectives of the audit were to assess (1) the FDICís contract oversight management of Systems Research Applications International, Inc. (SRA), and its subcontractors, including subcontractor selection and performance; and (2) support for payments made by the FDIC for information technology (IT) goods and services provided by SRA and its subcontractors.

Background

In June 2004, the FDICís Board of Directors approved expenditure authority totaling $357 million to procure IT infrastructure services through the General Services Administrationís (GSA) Federal Systems Integrations and Management (FEDSIM) Center. In September 2004, FEDSIM awarded a task order (the Infrastructure Services Contract Ė (ISC)) to SRA under the Millennia Government-wide Acquisition Contract program.

FEDSIM acts as the contracting officer with overall responsibility for contract management, while the FDICís Division of Information Technology (DIT) provides critical advice to GSA regarding the performance of SRA and its subcontractors. The Division of Administration (DOA) provides personnel security services and advice to help ensure that the FDICís contracting and security interests are protected.

As a result of the ISC, DIT was able to eliminate 36 individual IT infrastructure contracts.



Audit Results

The FDIC implemented a framework of controls designed to ensure effective contract oversight management of SRA and its subcontractors. A number of these controls are based on government and industry-recommended practices. Additionally, SRA selected subcontractors consistent with the Federal Acquisition Regulation and the terms and conditions of the ISC and Millennia contract. However, the FDIC can strengthen its oversight management of SRA in some control areas. Management attention in the control areas of ISC oversight roles and responsibilities, acquisition policies, award fee determinations, contractor and subcontractor integrity and fitness, and contractor and subcontractor invoice reviews will strengthen ISC governance and promote transparency and communication throughout the ISC program.

We engaged the Defense Contract Audit Agency (DCAA) to audit selected invoices submitted by SRA and two of its subcontractors. DCAA found that, except for a minor amount of labor and applied indirect costs that did not meet the labor qualifications of the contract, the costs for IT goods and services invoiced under the ISC were allowable, allocable, and reasonable. The minor questioned costs have been forwarded to DIT for appropriate action through GSA.

Recommendations and Management Response

We recommended that the Director, DIT, strengthen ISC contract oversight roles and responsibilities and the award fee determination process by:

  • segregating ISC Program Manager duties, as appropriate;
  • updating Technical Monitor and Subject Matter Expert roles and responsibilities, where appropriate;
  • updating the Award Fee Determination Plan in key areas, including clarifying the criteria used to assess SRAís performance under the ISC and having the Technical Monitors vote on each award fee determination; and
  • coordinating with Technical Monitors and Subject Matter Experts to determine whether certain Service Level Agreements need to be revised in order to achieve more optimal contractor performance outcomes.

With regard to acquisition policies, we recommended that the Director, DOA:

  • address performance-based acquisitions in the FDICís Acquisition Policy Manual;
  • work with the Corporate University to develop performance-based contract management training;
  • document DOAís internal control of conducting periodic on-site inspections of procurement files to review contractor procurement practices; and
  • clarify DOAís role in connection with ISC procurement actions

The FDICís comments on a draft of the report agreed with our recommendations.



FDIC, Federal Deposit Insurance Corporation, Office of Inspector General,Office of Auidts, 3501 Fairfax Drive, Arlington, VA 22226-3500
DATE: March 27, 2008
 
MEMORANDUM TO:Michael E. Bartell, Chief Information Officer and
Director, Division of Information Technology
 
Arleas Upton Kea, Director
Division of Administration
 
FROM:Russell A. Rau [Electronically produced version; original signed by Russell A. Rau]
Assistant Inspector General for Audits
 
SUBJECT:FDIC's Contract Oversight Management of the Infrastructure Services Contract
(Report No. AUD-08-008)
 

The subject final report is provided for your information and use. Please refer to the Executive Summary, included in the report, for the overall audit results. Our evaluation of your response is incorporated into the body of the report. Your comments on a draft of this report were responsive to the recommendations. Sufficient action has been taken to close recommendation 6. The remaining recommendations will remain open for reporting purposes until we have determined that agreed-to corrective actions have been completed and are responsive.

This report contains information that may be proprietary. Accordingly, we request that you safeguard this report to the fullest extent possible and make no disclosures of this report, or information therefrom, outside the FDIC without prior permission of the Inspector General. We will redact proprietary information prior to releasing the final report publicly.

If you have questions concerning the report, please contact me at (703) 562-6350 or Mark F. Mulholland, Director, Corporate Management and Security Audits, at (703) 562-6316. We appreciate the courtesies extended to the audit staff.

Attachment

cc: Rack D. Campbell, DIT
James H. Angel, Jr., OERM
Daniel H. Bendler, D





Contents Page

BACKGROUND
AUDIT OBJECTIVES AND APPROACH
OVERALL RESULTS
ROLES AND RESPONSIBILITIES
PROCUREMENT MANAGEMENT
ACQUISITION POLICIES
AWARD FEE DETERMINATIONS
CONTRACTOR INTEGRITY AND FITNESS
RECOMMENDATIONS
CORPORATION COMMENTS AND OIG EVALUATION
APPENDICES

1. OBJECTIVE, SCOPE, AND METHODOLOGY

2. CORPORATION COMMENTS

3. MANAGEMENT RESPONSE TO RECOMMENDATIONS

TABLES

ISC Facts at a Glance

FIGURES

1. Annual Corporate IT Expenditures

2. Ceiling Amounts for Key Components of the ISC

3. FDIC Assessments of SRAís Performance

4. ISC Governance Structure





Background

In June 2004, the FDICís Board of Directors approved expenditure authority totaling $357 million to procure information technology (IT) infrastructure services through the General Services Administrationís (GSA) Federal Systems Integration and Management (FEDSIM) Center.

In September 2004, FEDSIM awarded a task order (the Infrastructure Services ContractóISC) to Systems Research Applications International, Inc. (SRA), under the Millennia Government-wide Acquisition Contract program.

ISC Facts at a Glance
Contract Type Cost Plus Award Fee (Performance-based)
Ceiling Price $341,766,035
Term 5 years (1 base year, plus four 1-year option periods)
Period of Performance September 21, 2004 Ė September 20, 2009
Sponsoring Division Division of Information Technology (DIT)
Prime Contractor SRA
Key Subcontractors [Material Redacted]
Contractor Staff Approximately 205
Source: Office of Inspector General (OIG) analysis of ISC documentation.

IT infrastructure services procured through the ISC include (among other things):
  • Mainframe Data Center Operations
  • Local Area Network Management
  • Hardware and Software Procurements
  • Help Desk Operations
  • Telecommunications Support
  • Equipment and Software Maintenance
  • Disaster Recovery Operations
  • Security Operations
  • Wireless Communications
  • Desktop and Server Engineering
  • IT Asset Management
FDIC's mainframe computer at the Virginia Square Data Center, Servers on the Local Area Network at the Virginia Square Data Center

The portion of DITís expenditures pertaining to the ISC increased during the initial years of the contract. This occurred as SRA assumed increasing responsibility for the FDICís IT infrastructure. As a result of the ISC, DIT was able to eliminate 36 individual IT infrastructure contracts.

[ D ]

According to financial information provided by DIT, the FDIC had expended $191,401,707 of the ISCís $341,766,035 ceiling amount as of December 31, 2007.

[ D ]

The FDICís assessments of SRAís performance under the ISC have been favorable.

As of October 2007, the FDIC had awarded [Material Redacted] fees available at that date under the ISC.









Figure 3 [Material Redacted]








select D link for text representation of image [ D ]

Audit Objectives and Approach

  • The objectives of the audit were to assess:
    • the FDIC's contract oversight management of SRA and its subcontractors, including subcontractor selection and performance, and
    • support for payments made by the FDIC for IT goods and services provided by SRA and its subcontractors.
  • To accomplish our objectives, we:
    • interviewed officials from FDIC, SRA, and the GSAís FEDSIM Center;
    • analyzed relevant reports, documents, and policies and procedures; and
    • observed key meetings related to the ISC.
  • We engaged the Defense Contract Audit Agency (DCAA) to audit selected invoices submitted by SRA and two of its subcontractors ( [Material Redacted] ).
  • Key criteria used in the audit included relevant regulations, FDIC policies and procedures, the ISC (and its deliverable products), and government and industry-recommended practices.
  • We performed our audit work from October through December 2007 in accordance with generally accepted government auditing standards.
  • Details on our objectives, scope, and methodology are in Appendix 1.

Overall Results

  • The FDIC implemented a framework of controls designed to ensure effective contract oversight management of SRA and its subcontractors. However, the FDIC can strengthen its oversight management of SRA in some control areas.
  • DCAA found that, except for a minor amount of labor and applied indirect costs that did not meet the labor qualifications of the contract, costs for IT goods and services invoiced under the ISC were allowable, allocable, and reasonable. The minor questioned costs have been forwarded to DIT for appropriate action through GSA.
  • The FDIC has implemented several contract oversight management controls that are based on government and industry-recommended practices. Such controls include:
    • A Program Manager, Technical Monitors, and Subject Matter Experts who monitor work and assess performance
    • A comprehensive award fee determination process that evaluates contractor and subcontractor performance
    • A DIT Procurement Management Board that reviews budgets and procurement actions for items procured through the ISC
    • Regularly scheduled reports and meetings with SRA
    • A formal process that assesses risks associated with contract service providers, such as SRA
  • SRA selected subcontractors consistent with the Federal Acquisition Regulation and the terms and conditions of the ISC.
  • The FDIC can strengthen its contract oversight management of SRA in the following control areas:
    • ISC Oversight Roles and Responsibilities
    • Acquisition Policies
    • Award Fee Determination Process
    • Contractor and Subcontractor Integrity and Fitness
    • Review of Contractor and Subcontractor Invoices
  • Management attention to these areas will strengthen ISC governance and promote transparency and communication (throughout the ISC program).
  • Notably, corrective action is ongoing in a number of areas.

Roles and Responsibilities

select [D] link to get text representation of image [ D ]

select [D] link to get text representation of image [ D ]

select [D] link to get text representation of image [ D ]

Procurement Management

select [D] link to get text representation of image [ D ]

Acquisition Policies

select [D] link to get text representation of image [ D ]

Award Fee Determinations

select [D] link to get text representation of image [ D ]

Contractor Integrity and Fitness

select [D] link to get text representation of image [ D ]

Recommendations

With regard to ISC oversight roles and responsibilities, we recommend that the Director, DIT:

  1. Segregate the duties of the ISC Program Manager position, where appropriate, when DIT completes ongoing efforts to hire an Infrastructure Project Manager and Service Delivery Manager in the Infrastructure Services Branch.
  2. Update the FDICís memorandum to FEDSIM regarding Technical Monitor and Subject Matter Expert duties and responsibilities to reflect current practices, and incorporate these duties and responsibilities into a formal DIT policy.

With regard to the Award Fee Determination Process, we recommend that the Director, DIT, in coordination with FEDSIM:

  1. Update the Award Fee Determination Plan to reflect current practices, including clarifying criteria used to assess SRAís performance under the ISC and requiring Technical Monitors to vote on each award fee evaluation, and appoint a Secretariat to maintain the Award Fee Determination Plan and related documentation.
  2. Coordinate with the Technical Monitors and Subject Matter Experts to determine whether certain SLAs need to be revised in order to achieve more optimal contractor performance outcomes.

With regard to acquisition policies, we recommend that the Director, DOA:

  1. Address performance-based acquisitions in the FDICís Acquisition Policy Manual.
  2. Work with the Corporate University to develop performance-based contract management training.
  3. Document DOAís internal control of conducting periodic on-site inspections of procurement files to review contractor procurement practices.
  4. Clarify DOAís role in connection with ISC procurement actions.

Corporation Comments and OIG Evaluation

On March 19, 2008, the CIO and Director, DIT, and the Director, DOA, provided a written response to a draft of this report. The Corporationís response is in Appendix 2. Management concurred with our recommendations and provided planned, ongoing, and completed corrective action. A summary of managementís response to each recommendation is in Appendix 3.

Sufficient action has been taken to close recommendation 6. The remaining recommendations are resolved but will remain open until we determine that the agreed-to corrective actions have been completed and are responsive.


APPENDIX 1

OBJECTIVE, SCOPE, AND METHODOLOGY

Objectives and Scope

The objectives of the audit were to assess (1) the FDICís contract oversight management of SRA and its subcontractors, including subcontractor selection and performance and (2) support for payments made by the FDIC for IT goods and services provided by SRA and its subcontractors. We conducted this performance audit from October through December 2007 in accordance with generally accepted government auditing standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

The scope of our audit focused on assessing the FDICís management controls that were designed to ensure effective contract oversight management of SRA and its subcontractors. Our audit did not assess contract administration services provided by the GSA. With respect to payments made by the FDIC for IT goods and services, we engaged DCAA to perform appropriate audit procedures to determine whether such payments were adequately supported consistent with the terms and conditions of the ISC and the Millennia contract. DCAA conducted its work in accordance with GAGAS.

Methodology

To achieve our objectives, we:

  • Interviewed DIT and DOA representatives regarding their roles and responsibilities for the ISC and the controls the FDIC had in place to help ensure effective contract oversight management of SRA and its subcontractors. We also interviewed SRA management officials to obtain their perspective on the FDICís oversight management practices with respect to the ISC. Further, we met with contracting officials at GSAís FEDSIM Center to obtain an understanding of their role in the ISC program.
  • Analyzed relevant reports and contract-specific documents, such as SRA status reports and award fee determination reports.
  • Observed key ISC-related meetings, including meetings of the DIT Procurement Management Board and the Award Fee Determination Board.
  • Selected a non-statistical sample* of 40 subcontractor employees to determine whether required background investigations, confidentiality agreements, and preexit clearance forms had been completed consistent with FDIC policy. We selected the sample from the same four invoices reviewed by DCAA. We included SRA and subcontractor employees that were in the FDIC Virginia Square location and various field offices.
  • Selected a non-statistical sample of six SRA subcontractors to determine whether integrity and fitness certifications had been completed as prescribed by FDIC policy. We selected the sample from the same four invoices reviewed by DCAA.
  • Considered FDIC and DIT-specific policies related to contract oversight management and IT procurement, including:
    • The FDICís Acquisition Policy Manual, including the Letter of Oversight Manager Confirmation and Letter of Technical Monitor Confirmation.
    • Circular 1610.2, Security Policy and Procedures for FDIC Contractors and Subcontractors, dated August 1, 2003.
    • DIT Policy No. 05-002, Procuring IT Assets, dated May 25, 2005.
    • DIT Internal Policy Memorandum, Receiving of IT Assets Policy, dated February 12, 2003.
    • DIT Memorandum to GSA, Technical Monitor and Subject Matter Expert Designations, Duties, and Responsibilities, dated October 2, 2007.
  • Considered federal regulations, policies, and recommended practices pertaining to interagency and performance-based contracting. Such criteria included applicable sections of the Federal Acquisition Regulation (FAR), guidance published by the Office of Federal Procurement Policy, and reports issued by the Government Accountability Office.
  • Engaged DCAA to determine whether charges for IT goods and services contained in selected invoices submitted under the ISC were adequately supported consistent with the terms and conditions of the ISC and Millennia contract. Specifically, DCAA assessed whether charges for IT goods and services provided by SRA and two of its subcontractors were supported with adequate, original documentation consistent with the terms and conditions of the ISC and Millennia contract. DCAAís audit procedures included, for example, examining timesheets to verify that the hours billed were actually worked and reviewing qualifications, experience, and education for a sample of contractor and subcontractor employees to ensure the employees satisfied the minimum requirements of the ISC and Millennia contract.

The FDIC OIG selected the following four ISC invoices for DCAAís detailed review.

Invoice Number Period of Performance Amount
600231193 December 1-31, 2006 $ 7,739,724.44
600240511 January 1-31, 2007 $11,601,627.29
600278697 May 1-31, 2007 $ 4,448,444.71
600294828 June 1-30, 2007 $ 7,646,601.36

Internal Control

We assessed key FDIC internal controls related to the oversight management of the ISC, including:

  • Relevant FDIC and DIT policies, procedures, guidance, and training.
  • The roles and responsibilities of key ISC stakeholders, including the ISC Oversight Committee, Program Manager, Technical Monitors, and Subject Matter Experts.
  • The ISC governance structure.
  • The ISC award fee determination process.

In addition, DCAA performed appropriate tests of contractor internal controls for the purpose of planning and conducting its audit work.

Reliance on Computer-processed Data. Our audit objective did not require that we separately assess the reliability of computer-processed data to support our significant findings, conclusions, and recommendations. Additionally, in performing this audit, we did not consider it necessary to evaluate the effectiveness of information systems controls in order to obtain sufficient, appropriate evidence.

Performance Measurement. We determined that DITís performance measures under the Government Performance and Results Act were not significant to our audit objectives.

Compliance with Laws and Regulations

The following regulations were relevant to our audit objectives:

  • 12 Code of Federal Regulations (C.F.R.) Part 366, Minimum Standards of Integrity and Fitness for an FDIC Contractor Ė establishes the minimum standards of integrity and fitness that contractors, subcontractors, and employees of contractors and subcontractors must meet if they perform any service or function on the FDICís behalf. Part 366 implements sections 12(f)(3) and (4) of the Federal Deposit Insurance Act (12 United States Code sections 1822(f)(3) and (4)) regarding contractor conflicts of interest and disapproval.
  • FAR Subchapter G, Contract Management Ė establishes uniform policies and procedures for contract management by all executive agencies, including contract management, subcontracting, and quality assurance. We used the FAR as criteria because the ISC is a task order awarded under the FEDSIMís Millennia contract, which is based on the FAR.

We assessed the risk of fraud related to the audit objectives in the course of evaluating audit evidence.

Prior Coverage

We considered the following reports previously issued by the FDIC OIG in planning and conducting our work:

  • Evaluation Report No. EM-08-002, Information Technology Procurement Integrity and Governance, dated March 4, 2008.
  • Evaluation Report No. EM-07-003, Follow-up Work Related to FDICís Contract Assessment Report, dated May 30, 2007.
  • Audit Report No. 07-004, Interagency Agreement with the General Services Administration for the Infrastructure Services Contract, dated January 10, 2007.
  • Evaluation Report No. 06-026, FDICís Contract Administration, dated September 29, 2006.

APPENDIX 2

CORPORATION COMMENTS

FDIC, Federal Desposit Insurance, 3501 Fairfax Drive, Arlington, VA, 22226-3500
 
DATE:March 19, 2008
 
TO:Russell A. Rau
Assistant Inspector General for Audits
 
FROM:Arleas Upton Kea [Electronically produced version; original signed by Arleas Upton Kea]
Director, Division of Administration
 
FROM:Michael E. Bartell [Electronically produced version; original signed by Michael E. Bartell]
Chief Information Officer and
Director, Division of Information Technology
 
SUBJECT:Management Response to the Draft OIG Audit Report Entitled:
Audit of the FDICís Contract Oversight Management of the Infrastructure Services Contract (Assignment No. 2007-036)
 

This is in response to the subject Draft Office of Inspector General (OIG) Audit Report, issued February 28, 2008. In its report, the OIG made eight recommendations.

We appreciate that the OIG noted that the FDIC has implemented a framework of controls to ensure effective oversight of the Systems Research Applications International, Inc. (SRA) contract and its subcontractors. However, we recognize that additional steps could be taken to enhance these controls. This response outlines our planned corrective actions for each of the recommendations cited in the OIGís Report.

MANAGEMENT DECISION

Finding: Infrastructure Services Contract (ISC) Oversight Roles and Responsibilities

Recommendation 1: That the Director, Division of Information Technology (DIT) segregate the duties of the ISC Program Manager position, where appropriate, when DIT completes ongoing efforts to hire an Infrastructure Project Manager and Service Delivery Manager in the Infrastructure Services Branch.

Management Response 1: DIT concurs with this recommendation.

Corrective Action: A selection for the Infrastructure Project and Service Delivery Manager has been made and an offer has been made to the individual. The process is now in salary negotiation. Once on-board, the ISC Program Manager will work with the individual to delegate some program management responsibilities.

Completion Date: May 30, 2008


Recommendation 2: That the Director, DIT update the FDICís memorandum to Federal Systems Integrations and Management (FEDSIM) regarding Technical Monitor and Subject Matter Expert duties and responsibilities to reflect current practices, and incorporate these duties and responsibilities into a formal DIT policy.

Management Response 2: DIT concurs with this recommendation.

Corrective Action: A draft policy updating and defining the oversight roles has been completed and has been distributed for review and comment.

Completion Date: April 30, 2008

Finding: Award Fee Determination

Recommendation 3: That the Director, DIT update the Award Fee Determination Plan to reflect current practices, including clarifying criteria used to assess SRAís performance under the ISC and requiring each Technical Monitor to vote on each award fee determination, and appoint a Secretariat to maintain the Award Fee Determination Plan and related documentation.

Management Response 3: DIT concurs with this recommendation.

Corrective Action: A draft update of the Award Fee Determination Plan has been completed, including designation of all Technical Monitors as voting members of the Award Fee Evaluation Board (AFEB). In addition, the Secretariat and Recorder positions have been established and assigned. The changes will be included in the next contract modification to be effective beginning with the next Award Fee Period.

Completion Date: April 30, 2008

Recommendation 4: That the Director, DIT coordinate with the Technical Monitors and Subject Matter Experts to determine whether certain service level agreements (SLAs) need to be revised in order to achieve more optimal contractor performance outcomes.

Management Response 4: DIT concurs with this recommendation.

Corrective Action: The Service Level Manager has met with the FDIC ISC Program Manager including all the Technical Monitors and Subject Matter Experts, the FEDSIM Program Manager and the Deputy CIO, Infrastructure to perform a review of the SLAs. Suggestions for modifications and/or additional SLAs have been drafted and presented to the vendor for review. Once that review has been completed a reconciliation of the recommendations will be conducted and a presentation for final updates will be submitted. Once final recommendations have received concurrence the changes will be submitted to FEDSIM for contract modification.

Completion Date: April 30, 2008

*

Finding: Acquisition Policies

Recommendation 5: That the Director, DOA, address performance-based acquisitions in the FDICís Acquisition Policy Manual.

Management Response 5: DOA concurs with this recommendation.

Corrective Action: DOA recognizes the importance of the successful use of performance-based acquisitions in fulfilling FDIC requirements. As such, the topic has been addressed in the revised APM and associated Procedures, Guidance and Information document. OIG will have the opportunity to review this information during the Directives Review process. Publication is expected by May 30, 2008.

Completion Date: May 30, 2008

Recommendation 6: That the Director, DOA work with the Corporate University to develop performance-based contract management training.

Management Response 6: DOA concurs with this recommendation.

Corrective Action: DOA recognizes the importance of the successful award and management of performance-based contracts for FDIC requirements. DOA also recognizes that the foundation of a successful performance-based contract is the work statement. Therefore, ASB, in conjunction with Corporate University, is sponsoring the Statement of Work Preparation Training Course. Ten sessions of this course will be held in 2008, with the first class held February 20-21, 2008 (See attached). Registration for the training is available through the Corporate University Learning Server. This course, designed for anyone involved in the procurement process, addresses the process of writing standard and performance-based statements of work. The course presents detailed specifications and formats for each type of statement of work and identifies when to use each. It also describes the characteristics of effective statements of work, statements of objectives, and performance based statements of work. Further, Corporate University, in conjunction with DIT, presented two (2) Performance-Based Workshops in 2007, and has one more scheduled for June 16-17, 2008. This course focuses on the best practices and tools associated with contract monitoring, assessing contractor performance, receiving, accepting, and closing IT-related service contracts and is intended for DIT OMs, TMs, Task Order Oversight Managers (TOOMs), and Subject Matter Experts (SMEs) in DIT who work with or manage IT-related service contracts. The two classes provide the necessary training for successful performance-based contracting. DOA considers this action closed.

Completion Date: March 17, 2008

Recommendation 7: That the Director, DOA documents DOAís internal control of conducting periodic on-site inspections of procurement files to review contractor procurement practices.

Management Response 7: DOA concurs with this recommendation.

* This attachment is not included in the report.
*

Corrective Action: GSA has a quality control function as part of their responsibility to oversee the SRA contract. The GSA Contracting Officer Representative will periodically, but no less than every three months, review procurement actions under the ISC to ensure that all applicable procurement rules have been adhered to and the procurement action represents the best value to the government. While FDIC has no privity of contract with SRA, GSA is willing to accept and accommodate our interest in accompanying them on these reviews. GSA will issue a modification to the SRA task order documenting the review process in the SRA Quality Assurance Surveillance Plan by May 31, 2008.

Completion Date: May 31, 2008

Recommendation 8: That the Director, DOA clarify DOAís role in connection with ISC procurement actions.

Management Response 8: DOA concurs with this recommendation.

Corrective Action: DOA does not approve procurement actions processed through the ISC. However, DOA will review all actions valued at one million dollars or above, to assist in determining the appropriate procurement strategy. This process will be documented in a memo issued jointly by DOA and DIT prior to May 31, 2008.

Completion Date: May 31, 2008

If you have any questions regarding this response, the points of contact are: for DOA, contact William Gately at (703) 562-2118; and for DIT, contact Rack Campbell at (703) 516-1422.

cc:Glen Bjorklund, DOA
Michael J. Rubino, DOA
Elizabeth Walker, DOA
James H. Angel, Jr., OERM
Russell Pittman, DIT
Rack Campbell, DIT
William J. Gately, Jr., DOA





* Subsequent to our receipt of the Corporationís official comments, GSAís Contracting Officer Representative (COR) provided a clarification to this sentence on April 10, 2008. Specifically, the COR commented that the SRA operates under an approved purchasing system, and as such, is required to adhere to applicable procurement regulations and ensure the best value for the government. The COR has neither the authority nor the responsibility for SRAís adherence to procurement regulations.



APPENDIX 3

MANAGEMENT RESPONSE TO RECOMMENDATIONS

This table presents the management response on the recommendations in our report and the status of the recommendations as of the date of report issuance.

Rec. No. Corrective Action: Taken or Planned Expected Completion Date Monetary Benefits Resolved:a Yes or No Open or Closedb
1 The ISC Program Manager will work with the Infrastructure Project Manager and Service Delivery Manager (once on board) to delegate some program management responsibilities. May 30, 2008 $0 Yes Open
2 DIT will finalize a draft policy that updates and defines the oversight roles of the Technical Monitors and Subject Matter Experts. April 30, 2008 $0 Yes Open
3 DIT has drafted an update to the Award Fee Determination Plan that designates all Technical Monitors as voting members. In addition, a Secretariat and Recorder have been assigned. These changes will be included in the next contract modification. (Also, see actions taken in response to recommendation 4.) April 30, 2008 $0 Yes Open
4 DIT, in coordination with FEDSIM, has reviewed the SLAs and presented proposed modifications to SRA. Once final recommendations have received concurrence from all parties, the changes will be submitted to FEDSIM for contract modification. April 30, 2008 $0 Yes Open
5 DOA has addressed performance-based acquisitions in a revised draft of the APM and associated procedures and guidance. May 30, 2008 $0 Yes Open
6 DOA, in conjunction with the Corporate University, is sponsoring performancebased contract management and statement of work training in 2008. March 17, 2008 $0 Yes Closed
7 DOA will accompany GSA on its periodic reviews of SRA procurement actions. GSA will issue a contract modification documenting the review process in the SRA Quality Assurance Surveillance Plan. May 31, 2008 $0 Yes Open
8 DOA will document its process for reviewing ISC procurement actions in a memorandum to be issued jointly by DOA and DIT. May 31, 2008 $0 Yes Open
a Resolved Ė (1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.
(2) Management does not concur with the recommendation, but planned alternative action is acceptable to the OIG.
(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.
b Once the OIG determines that the agreed-upon corrective actions have been completed and are effective, the recommendation can be closed.


Search | Accessibility | Privacy | Information Quality | Plain Writing Act of 2010 | Contact Us | Site Map | Home
Last updated 6/30/2008