DATE:	January 18, 2005
MEMORANDUM TO:	Arleas Upton Kea, Director
	Division of Administration
FROM:	Russell A. Rau [Electronically produced version; original signed by Russell A. Rau], Assistant Inspector General for Audits
SUBJECT:	FDIC’s Use of Consultants (Report No. 05-003)

The subject final report is provided for your information and use. Please refer to the Executive Summary for the overall evaluation results. Our evaluation of your response is incorporated into the body of the report, and your response is included, in its entirety, as an appendix to the report. Your response adequately addressed the three recommendations to the Division of Administration. The three recommendations are considered resolved, but they will remain undispositioned and open for reporting purposes until we determine that the agreed-to corrective actions have been implemented and are effective.

We appreciate the courtesies extended to the evaluation team.

Background and Purpose of Evaluation Consulting contracts can be a useful and effective tool for the Federal Deposit Insurance Corporation (FDIC), but they present their own set of risks. Consulting contracts are considered sensitive in nature and can potentially influence the authority, accountability, and responsibilities of FDIC officials. Because consulting contracts often provide a less rather than more tangible output, expected work must be clearly defined in order to ensure that the consultant meets the cost, schedule, and deliverable requirements of the contract. Further, these consulting contracts require special management attention to ensure that consultants do not perform functions that should be performed by FDIC management; do not result in conflict of interest situations; and are adequately justified, planned, and managed so that the FDIC benefits from the consulting work. Our overall objective was to evaluate the use of, and benefits derived from, consulting services at the FDIC. Specifically, we determined: (1) the extent to which the FDIC utilizes consulting services; (2) whether consulting contracts are effectively justified, planned, and managed; and (3) whether tangible benefits were achieved from consulting services.

FDIC’s Use of Consultants Results of Evaluation From January 1996 through March 2004, the FDIC awarded 213 consulting contracts valued at $123 million, which represents about 3 percent of the number of contracts awarded and about 5 percent of the value of all FDIC contracts awarded. Our review of 34 sampled contracts, valued at about $41 million, showed that contract files did not always contain evidence that contracts were properly justified, planned, and managed. FDIC contracting personnel did not always follow policies and procedures for documenting contracting activity in the contract file and for clearly defining work requirements. We determined that the FDIC received a benefit from all but 2 of the consulting contracts reviewed. However, because of the lack of documentation in the contract files or because work requirements were vague, only testimonial evidence was available from the program offices for 13 of our sampled contracts to reach this conclusion. Collectively, our findings illustrate an environment in which controls over procurement could be circumvented, and the use of consultants could be abused. Recommendations and Management Response Our report contains two recommendations for actions to address deficiencies we noted in the administration of specific contracts, and one recommendation to generally strengthen the controls over the FDIC’s use of consultants. In addition, because we have identified systemic problems with a lack of contract file documentation in this and previous reports, we are highlighting this matter for further management attention. The following table summarizes the results of our review. Description Number of Contracts* Contract Amount Amount Expended Contract file did not contain justification for noncompetitive award. 10 $915,199 $754,437 The extension of the period of performance may no longer be justified. 1 $170,000 $50,656 Contract file did not contain copies of statements of work. 7 $2,440,612 $1,575,377 Statements of work were not always well-defined. 9 $12,725,003 $7,708,845 Contracts where oversight management was weak or no evidence was available to indicate oversight management. 6 $2,590,390 $1,730,549 No evidence that benefits were received. 2 $200,000 $87,085 Source: OIG Analysis. * Contracts may be included under more than one finding category.

---

RESULTS IN BRIEF

BACKGROUND

EVALUATION RESULTS

The Extent of Consulting Contracts Used by the FDIC
Justification, Planning, and Management of Consulting Contracts
Adequacy of Justification for Consulting Contracts
Recommendation 1
Adequacy of Acquisition Planning and Management for Consulting Contracts 12
Recommendation 2
Benefits Achieved
Enhanced Controls are Warranted
Recommendation 3

CORPORATION COMMENTS AND OIG EVALUATION

APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY

APPENDIX II: CORPORATION COMMENTS

APPENDIX III: MANAGEMENT RESPONSES TO THE RECOMMENDATIONS

TABLES:

Table 1: Summary of Findings
Table 2: Total Purchase Orders and Consulting Contracts
Table 3: Number of Consulting Contracts and Amounts Spent by Division or Office
Table 4: APM Guidance for the Use of JNCPs
Table 5: JNCP Interim Policy Guidance
Table 6: Sampled Contracts with Missing JNCPs
Table 7: Sampled Contracts with Missing or Vague SOWs
Table 8: Modifications to Contracts with Missing or Vague SOWs
Table 9: Contracts with Specific Oversight Management Deficiencies
Table 10: Unreconciled Difference – Service Costing (Benchmarking) Contract
Table 11: Analysis of Benefits

FIGURES:

Figure 1: Categories of Consulting Contracts (As a Percentage of Consulting Contract Dollars)
Figure 2: Average Consulting Contract Amount by Division

ACRONYM LIST

APM - Acquisition Policy Manual
ASB - Acquisition Services Branch
CO - Contracting Officer
DIR - Division of Insurance and Research
DIRM - Division of Information Resources Management
DOA - Division of Administration
DOF - Division of Finance
DRR - Division of Resolutions and Receiverships
DSC - Division of Supervision and Consumer Protection
FAR - Federal Acquisition Regulation
FDIC - Federal Deposit Insurance Corporation
GAO - Government Accountability Office
GSA - General Services Administration
IT - Information Technology
JNCP - Justification for Noncompetitive Procurement
ODEO - Office of Diversity and Economic Opportunity
OERM - Office of Enterprise Risk Management
OM - Oversight Manager
OPA - Office of Public Affairs
PCIE - President’s Council on Integrity and Efficiency
POS - Purchase Order System
SOW - Statement of Work

RESULTS IN BRIEF

Background

Consulting contracts can be a useful and effective tool for the Federal Deposit Insurance Corporation (FDIC), when expertise in a specialized area is required, but the need is not great enough to justify hiring personnel to perform the function. Although consulting contracts in government are generally not high-dollar procurements, they do present their own set of risks to the FDIC. Consulting contracts require the contractor to provide advice, opinions, recommendations, ideas, reports, analyses, or other work products and thus have the potential for influencing the authority, accountability, and responsibilities of FDIC officials. Further, the Government Accountability Office (GAO) has identified contract and consulting service payments as one of a number of sensitive payment areas that could present scrutiny and criticism from the public and media in the event of any impropriety or conflict of interest, real or perceived, regardless of the cost involved.

As with all contracting engagements, the FDIC is obligated to ensure that consultants are subject to fair and open competition and that decisions to noncompetitively award consulting contracts receive appropriate justification and authorization. In addition, because consulting contracts often provide a less rather than more tangible output, expected work must be clearly defined in order to ensure that the consultant meets the cost, schedule, and deliverable requirements of the contract. For these reasons, consulting contracts require special management attention to ensure that consultants are not performing functions that should be performed by FDIC management; do not result in conflict of interest situations; and are adequately justified, planned, and managed so that the FDIC benefits from the consulting work. We performed this evaluation as part of our continuing effort to provide oversight in areas that present risk to the FDIC.

Objective

Our overall objective was to evaluate the use of, and benefits derived from, consulting services at the FDIC. Specifically, we determined:

• the extent to which the FDIC utilizes consulting services;
• whether consulting contracts are effectively justified, planned, and managed; and
• whether benefits were achieved from consulting services.

Evaluation Results

From January 1996 through March 2004, the FDIC awarded 213 consulting contracts valued at $123 million, which represents about 3 percent of the number of contracts awarded and about 5 percent of the value of all FDIC contracts awarded. Our review of 34 sampled contracts, valued at about $41 million, showed that contract files did not always contain evidence that contracts were properly justified, planned, and managed. FDIC contracting personnel did not always follow policies and procedures for documenting contracting activity in the contract file and for clearly defining work requirements. We determined that the FDIC received a benefit from all but two of the consulting contracts we reviewed. However, because of the lack of documentation in the contract files or because work requirements were vague, only testimonial evidence was available from the program offices for 13 of our sampled contracts to reach this conclusion.

Collectively, our findings illustrate an environment in which controls over procurement could be circumvented and the use of consultants could be abused. Our report contains two recommendations for actions to address deficiencies we noted in the administration of specific contracts, and one recommendation to generally strengthen the controls over the FDIC’s use of consultants. In addition, we have identified systemic problems with a lack of contract file documentation in this and previous reports. While additional recommendations are not warranted at this time, we are highlighting this matter for further management attention. Table 1 summarizes the results of our review.

Table 1: Summary of Findings

	Description		Number of Contracts*		Contract Amount		Amount Expended
	Contract file did not contain justification for noncompetitive award.		10		$915,199		$754,437
	The extension of the period of performance may no longer be justified.		1		$170,000		$50,656
	Contract file did not contain copies of statements of work.		7		$2,440,612		$1,575,377
	Statements of work were not always well-defined.		9		$12,725,003		$7,708,845
	Contracts where oversight management was weak or no evidence was available to indicate oversight management.		6		$2,590,390		$1,730,549
	No evidence that benefits were received.		2		$200,000		$87,085

Source: OIG Analysis.
^* Contracts may be included under more than one finding category.

BACKGROUND

Consulting contracts can be a useful and effective tool to help the FDIC accomplish its mission when expertise in a specialized area is required, but the need is not great enough to justify hiring to perform the function. For purposes of this evaluation, we focused on consulting services that provided FDIC management with information necessary to assist in decisionmaking and excluded services such as implementation of management’s decisions and training programs. We used the following definition of consulting services to evaluate the FDIC’s use of consultants:

Definition of Consulting Services Consulting services are those services designed to support or improve: organizational policy development; decision-making; management and administration; program and/or project management and administration; research and development activities; and professional advice and assistance about management. Outputs from consulting contracts may include information, advice, opinions, alternatives, analysis, evaluations, and recommendations.

Source: Adapted from Advisory and Assistance Services, A Practical Reference Guide.^{[ 1 ]}

Although consulting contracts in government are generally not large dollar procurements, they do present their own set of risks to the FDIC. For example, the Federal Acquisition Regulation (FAR)^{[ 2 ]} notes that contracts for services that require the contractor to provide advice, opinion, recommendations, ideas, reports, analyses, or other work products have the potential for influencing the authority, accountability, and responsibilities of agency officials. Therefore, consulting contracts require special management attention to ensure that they do not result in performance of inherently governmental functions by the consultant and that agency officials properly exercise their authority.^{[ 3 ]} While the FDIC is not required to follow the FAR, its provisions on consultants represent a prudent business practice for governmental entities that use consultants.

Moreover, the Government Accountability Office (GAO) identified contract and consulting service payments as one of a number of sensitive payment areas that could present scrutiny and criticism from the public and media in the event of any impropriety or conflict of interest, real or perceived, regardless of how much money is involved. For example, an agency’s control framework should adequately ensure against potential conflict of interest problems such as:

• direct or noncompetitive award by senior executives;
• ownership interest in companies that the consultant does business with, as evidenced by financial disclosure forms or other substantiated data;
• senior executive approval of contractor invoices for payment;
• repeated use of the same contractors;^{[ 4 ]} and
• contract(s) that give unfair competitive advantage over competing contractors, unless every effort is first taken to mitigate such conflict or advantage.

As with all contracting engagements, the FDIC is obligated to ensure that consultants are subject to fair and open competition and decisions to noncompetitively award consulting contracts receive appropriate justification and authorization. Further, because many consulting contracts are advisory in nature, the FDIC needs to ensure that these contracts clearly define the work requirements and measurable expectations for the contractor’s satisfactory performance.

The Federal Deposit Insurance Act empowers the FDIC to enter into contracts which would include using private sector firms to provide goods or services. This Act also provides that the FDIC may establish policies and procedures to administer the powers granted to it, including the power to enter into contracts. The authority to establish policies and procedures for the contracting program has been re-delegated by the Board of Directors to the Director, Division of Administration (DOA). The DOA’s Acquisition Services Branch (ASB) is responsible for developing contracting policies and procedures, and communicating and implementing those policies and procedures throughout the FDIC. DOA’s primary vehicle for fulfilling that responsibility is the Acquisition Policy Manual (APM). The APM establishes policies and procedures and uniform standards for contracting for goods or services at the best value for the FDIC and was revised in May 2004.

The FDIC’s contracting program employs a team approach for contract administration. The contracting officer (CO) is responsible for contract administration, which includes oversight management. Overseeing the technical performance requirements of the contract is primarily the responsibility of the oversight manager (OM) assigned by the program office. The CO and OM jointly perform contract administration.^{[ 5 ]} The contract team is empowered to make decisions within their area of responsibility, and exercise personal initiative and sound business judgment in providing goods or services at the "best value" to meet a program office's needs.

The APM does not distinguish between the policies and procedures for consulting service contracts and non-consulting service contracts. All contracts go through similar processes, but different parts of the process receive varying degrees of emphasis depending on contract complexity and price. Contracts with estimated expenditures less than $100,000 that are classified by the CO as having a non-complex nature (i.e., a single deliverable, short period of performance) follow a more simplified procurement process in which contracting procedures and documents are abbreviated. In contrast, contracts for the acquisition of complex goods or services, or goods or services with a total estimated dollar amount of $100,000 or greater, follow the FDIC’s formal procurement process, as defined in the APM. Enhanced controls are built into the formal procurement process to ensure fair competition and evaluation of offeror proposals and a higher level of oversight.

ASB has also issued interim policy guidance^{[ 6 ]} that requires written acquisition plans for all procurements $100,000 or greater. The acquisition plan: (1) identifies all technical, contracting, fiscal, and business management factors that govern the particular acquisition; (2) provides an overall strategy for accomplishing and managing an acquisition; and (3) drives the business decisions to best support fulfilling the customer’s requirement. The level of detail and formality for the acquisition plan depends on the dollar threshold and complexity of the acquisition. ASB provided a streamlined template for all procurements from $100,000 to $1,000,000, and a more detailed template for procurements greater than $1,000,000. The inset below shows acquisition plan approval levels:

	APPROVING OFFICIAL(S)		DELEGATED AUTHORITY
	Contracting Officer, ASB		$1,000,000 and less
	Assistant Director, ASB		Greater than $1,000,000 and less than $5,000,000
	Associate Director, ASB		$5,000,000 and above

Source: Interim Acquisition Policy #2004-9, dated August 31, 2004.

EVALUATION RESULTS

The Extent of Consulting Contracts Used by the FDIC

From January 1996 through March 2004, the FDIC awarded 213 consulting service contracts valued at $123 million, which represents 5 percent of the value of all FDIC contracts. Table 2 presents a summary of total contracts awarded and those that we determined were consulting contracts.

Table 2: Total Purchase Orders and Consulting Contracts

	UNIVERSE		NUMBER OF CONTRACTS		TOTAL PURCHASE ORDER BASE AMOUNT (IN MILLIONS)
	Total Purchase Orders a		7,243		$2,640
	Consulting Service Contracts b		213		$123
	Percent of Total		3%		5%

Source: OIG Analysis of the FDIC Contracting Activity.
^a Per the FDIC Purchase Order System (POS). Data represents the universe of active purchase orders (those contracts that have not been purged from the system due to inactivity for more than 2 years) from January 1, 1996 through March 22, 2004. POS is a sub-module of the FDIC’s Financial Information Management System.
^b Data also includes 13 credit card transactions totaling $40,428.

The FDIC generally used consulting service contracts for the purposes as shown in Figure 1. We determined that the FDIC used consulting services to provide special knowledge and skills that were not otherwise available within the FDIC, and provided temporary or intermittent services consistent with justified uses of consulting contracts in government. Slightly more than half of the total consulting contract dollars were used for financial advisory and asset disposition services. Examples of general advisory services included electronic banking research, diversity consulting, and a disbursement advisory contract.

[ D ]

FDIC Division/Office Use of Consulting Contracts

As Table 3 shows, of the 213 consulting service contracts identified, DRR used $44 million for financial advisory services and data analysis of financial institutions that were in danger of failing, and those that had failed and were going through the resolution process. DIRM used almost $16 million for information technology research and special studies.

Table 3: Number of Consulting Contracts and Amounts Spent by Division or Office

	FDIC DIVISION OR OFFICEa		NUMBER OF CONSULTING CONTRACTS		AMOUNTS EXPENDED THROUGH MARCH 2004
	Division of Resolutions and Receiverships (DRR)		36		$44,292,619b
	Division of Information Resources Management (DIRM)		78		$15,619,533
	Division of Administration (DOA)		42		$4,642,069
	Division of Supervision and Consumer Protection (DSC)		7		$3,155,088
	Division of Insurance and Research (DIR)		29		$2,650,615
	Division of Finance (DOF)		15		$1,017,413
	Office of Public Affairs (OPA)		1		$706,198
	Office of Diversity and Economic Opportunity (ODEO)		3		$263,646
	Office of Enterprise Risk Management (OERM)		2		$92,900
	Totalc		213		$72,440,081

Source: OIG Analysis of FDIC Contract Activity.
^a During our review, various FDIC reorganizations resulted in name changes for the program offices. This table reflects the current name, and may include contracts that were awarded by the predecessor program office.
^b Includes payments for non-consulting services, such as training and asset disposition. Contracts were not always structured to identify consulting versus non-consulting services. Therefore, the entire contract amount is presented.
^c The OIG also used consulting contracts. However, to maintain independence, we did not audit our own contracts.

Average Contract Cost

Figure 2 shows the average cost of consulting contracts by FDIC program office. As the figure indicates, consulting contract values average over $100,000, which would generally require the use of the FDIC’s formal procurement process, as required by the APM.

[ D ]

Repeated Use of Contractors

We analyzed the universe of consulting service contracts to determine the extent to which the FDIC used the same consulting contractors and to identify potential conflicts of interest in repeated use of the same contractors. We found no distinct patterns of repeated use of the same consulting contractors. The FDIC used 130 different vendors for the 213 consulting contracts in the universe. Of those 130 vendors, only 32 vendors had been used more than once.

Justification, Planning, and Management of Consulting Contracts

The official contract files did not always contain evidence that contracts were properly justified, planned, or managed for a sample of consulting contracts that we reviewed. Our sample consisted of 34 consulting contracts totaling $40,689,577, or 33 percent of the value of all identified consulting service contracts in our universe. The results of our review follow.

Adequacy of Justification for Consulting Contracts

The FDIC did not always adequately justify its use of noncompetitive procurement methods to obtain consultants. Of the 34 sampled contracts, 17 were noncompetitively awarded. Of the 17 noncompetitively awarded contracts, we found that justifications were not prepared and/or documented in the official contract file for 10 contracts, as required by the APM. Additionally, for one contract, we concluded that the continued extension of the period of performance may no longer be justified. Contracting and program officials did not always follow established policies and procedures by maintaining appropriate documentation in the file to support noncompetitive procurements. As a result, DOA has a reduced level of assurance that the consulting contracts were subject to fair and open competition and decisions to noncompetitively award contracts were appropriately justified and authorized.

During the acquisition planning process, many decisions are made that are critical to the successful outcome of the contract. The FDIC’s divisions and offices (program offices) are responsible for identifying requirements, establishing a schedule, obtaining funding, and developing an overall approach to the procurement action. In conjunction with the program office, the CO selects the most suitable contract type and the best pricing arrangements to satisfy the requirement and create the best value solution for the FDIC. Also, during acquisition planning, the program office prepares a Requirements Package and submits it to ASB for contract initiation. The CO is required to review the Requirements Package for completeness and clarity. The Requirements Package is to be retained in the official contract file by ASB and includes, among other key documents:

• a complete Procurement Requisition form with appropriate expenditure authority and budget approval, and cost estimate;
• a complete SOW, including the period of performance (with options);
• the minimum qualifications a firm must have to be considered for award;
• documentation of market research if conducted; and
• a Justification for Noncompetitive Procurement memorandum (JNCP), if applicable.

According to the APM, although it is the FDIC’s policy to procure goods or services through competition, instances arise when a noncompetitive procurement^{[ 7 ]} is justified. In these instances, and when the value of the noncompetitive procurement is greater than $5,000, the program office must provide a JNCP. Before preparing the JNCP, the program office, with the CO, should conduct market research^{[ 8 ]} in order to identify possible sources for the goods or services required. Table 4 shows APM guidance for preparing JNCPs.

Table 4: APM Guidance for the Use of JNCPs

JNCPs Are Authorized When:

The need for the goods or services is of such an unusual and compelling urgency that delay would adversely affect the Corporation. After adequate investigation, only one firm is identified that can meet the specific needs, (e.g., highly specialized services demanding the expertise of an individual or firm with unusual capabilities). There is only one firm that provides the required goods or services that meet specific FDIC requirements. An existing contractor offers the benefits of historical expertise or systems compatibility, which other contractors could not provide as cost-effectively or as timely.

JNCPs Must Include:

a description of the goods or services required to meet the FDIC’s needs (including estimated value); rationale for the use of noncompetitive procurement; demonstration that the proposed contractor meets the FDIC’s needs; any patent rights, copyrights, or other proprietary information, which may preclude a competitive procurement; results of market research; and documentation that the anticipated price to the FDIC will be fair and reasonable.

JNCP Expenditure Delegations of Authority:

Level of Authority Division Directors/ Office Directors/Inspector General Chief Operating Officer and Chief Financial Officer jointly Chairperson Board of Directors Dollar Limits $5,000 up to $50,000 Up to $250,000 Up to $250,000 Over $250,000

Source: APM.

At the time of our review, all requests for noncompetitive contracts required approval prior to soliciting the selected offeror. According to the APM, the CO would send the request to the Competition Advocate Program for review.^{[ 9 ]} The CO could reject a request for noncompetitive approval if the CO believed that a competitive procurement could be awarded within the required time frame.

In December 2004, the FDIC Board of Directors rescinded expenditure authority delegations for competitive and non-competitive contracting actions including those delegations listed in Table 4. In response, ASB issued interim policy guidance^{[ 10 ]} establishing delegations of authority for non-competitive contracting actions, as shown in Table 5.

	ASB Approving Official		Program Office Approving Official		JNCP Approval Authority
	Contracting Officer		Project Manager		Greater than $5,000		Less than $100,000
	Assistant Director		Branch Chief/Assistant Director		Greater than $100,000		Less than $1,000,000
	Associate Director		Division Director		$1,000,000 and above

Source: ASB.

An ASB representative indicated that this interim policy was intended to enhance the controls over the process for approving JNCPs by requiring thresholds for approval within ASB and the program office.

Justifications for Noncompetitive Procurements

Our review of 34 sampled contracts showed that 17 contracts were awarded using the noncompetitive procurement process. However, for 10 of the 17 noncompetitively awarded contracts, there were no required JNCPs in the official contract file, and we could not obtain copies of the JNCPs from the program office. Although the APM requires that JNCPs be approved and documented in the official contract file for all contracts over $5,000, the APM procedures were not followed in all cases. Without evidence of an approved JNCP, there is reduced assurance that the best possible sources for the services were procured at the most reasonable prices, and there is an increased risk of potential conflict of interest problems. Table 6 shows the summary of contracts without JNCPs.

Table 6: Sampled Contracts with Missing JNCPs

	CONTRACT DESCRIPTION		CONTRACT AMOUNT		AMOUNT EXPENDED
	Survey		$ 6,545		$ 6,545
	Business Continuity Services		279,950		279,950
	Facilitation Services		13,000		11,567
	Facilitation Services		13,800		8,406
	Survey		100,000		99,910
	Business Continuity Services		81,840		40,920
	IT Special Studies		100,000		35,295
	IT Special Studies		100,000		51,780
	IT Program Assessment		103,692		103,692
	IT Special Studies		116,372		116,372
	Total – 10 contracts		$915,199		$754,437

Source: OIG Analysis of Sampled Contracts.

DOA issued interim policy guidance in August 2004 that requires acquisition plans for all procurements and written acquisition plans for procurements $100,000 or greater. The acquisition plan must include, among other key documents, the approved JNCP (when applicable) and must define the basis on which the source selection will be made. As discussed earlier, the CO approves acquisition plans for procurements $1,000,000 or less.

Contract Extension May No Longer Be Justified

The FDIC’s contract for its diversity advisor was modified in March 2004, to extend the period of performance through March 2005. However, the diversity advisor has been unable to perform any coaching or mentoring services under the contract since December 2003 due to an extended illness. According to the Director of the FDIC’s diversity program, it is in the best interest of the FDIC to continue the contract with this diversity advisor. However, in the event the diversity advisor can no longer perform under the contract, then it would be appropriate to terminate the contract and reevaluate the need for another diversity advisor.

To support the FDIC’s diversity program, in May 1999, the ODEO requested the services of a diversity advisor for 6 months. Required services were broadly defined to include providing input on diversity initiatives and conducting research to provide data regarding the achievement of a diverse workforce. The contract was noncompetitively awarded and according to the JNCP, the advisor was selected based on a review of market information of leading diversity advisors.^{[ 11 ]}

Our analysis of the currently active ODEO contract showed that the diversity advisor held 3 group meetings and 48 individual meetings with a total of 18 FDIC executives from April 2002 through December 2003. However, as of October 2004, the diversity advisor had not met with any executives in 2004 and no further action has been taken or payments made on this contract.

We determined that the market for diversity consultants includes similar services available at hourly rates substantially lower than the hourly and/or daily rate charged by the FDIC’s current diversity advisor. Further, there may be merit associated with awarding a contract to a new diversity advisor, such as adding a new perspective to the FDIC’s diversity program, and providing an opportunity to achieve cost savings. However, the Director, ODEO, who is responsible for the FDIC’s diversity program, feels strongly that this advisor’s knowledge of the Corporation and the relationships that he has developed with the Corporation’s executives whom he has coached and mentored over the years, justifies the continued use of this advisor. However, the Director, ODEO, did acknowledge that if the advisor can no longer continue to provide his services to the FDIC, then continuation of the contract should be reevaluated.

Recommendation:

(1) We recommend that the Director, DOA, reevaluate the continuation of the diversity consultant contract.

Adequacy of Acquisition Planning and Management for Consulting Contracts

For 18 of the 34 sampled contracts, we verified that work requirements were clearly established and deliverables or outputs needed from the contract were sufficiently defined. Further, we saw evidence in program office files and obtained testimonial evidence from oversight managers, who have the responsibility to ensure that the contract’s technical performance requirements are met, that the FDIC received the required services on schedule at the requisite quality and price specified. We concluded that these 18 contracts were adequately planned and managed. However, for the remaining 16 contracts in our sample, the SOWs were either not prepared, were missing from the official contract file, or contained vague requirements. We also identified deficiencies in oversight management for 6 of those 16 contracts. As a result, we could not always determine whether the FDIC had clearly defined the work requirements and communicated them to the contractor, or whether the FDIC received what it needed when it was needed.

Acquisition planning and contract management is essential for ensuring that the FDIC’s needs are met in the most efficient, effective, economical, and timely manner. Effective acquisition planning and management includes ensuring that requirements are clearly defined and properly funded and that adequate competition is achieved. Further, effective acquisition planning and management ensures that the contractor delivers the required goods or performs the work according to the delivery schedule and prices stated in the contract. If the contract has not been adequately planned, it may be difficult for the oversight team to obtain good results. Because the nature of consulting contracts is generally to provide "brain power," as opposed to a more tangible output, clearly defining the work requirements becomes even more important so that the contractor’s performance can be measured.

At the FDIC, all contract actions require a clear SOW. The SOW is the portion of a contract that describes the actual work to be done by the contractor and is the key to successful oversight management. SOWs are developed by the program office during the acquisition planning phase. The APM provides the following guidelines for developing the SOW:

FDIC’s Guidelines for Developing a SOW A thorough understanding of the required goods or services and expected results is critical for a well-developed SOW. Items to be considered and conveyed through the SOW include:     a. nature of the services,     b. qualifications necessary to perform the work,     c. deliverables and the scheduled milestones for their delivery, and     d. standards by which the contractor's performance will be measured.

Source: APM.

The FDIC does not require a format for the SOW content. However, the APM states that SOWs should be comprehensive and include clearly defined work requirements that address all the elements necessary for successful performance by the contractor. We consider the SOW to be a key control over the FDIC’s procurement process. If the contract does not specify the FDIC’s needs, there is an inherent risk that those needs may not be met by the contractor.

Planning Problem Areas The following problem areas generally are the results of poor planning, inadequate contractor selection procedures, and not fully understanding and enforcing the contract terms: less competition; increased prices; use of an hourly rate when a more economical total contract price would have been appropriate; selection of the wrong method, or less economical contract type; lack of creditable contractor staff and creditable findings or statements from the contractor; lack of confidence in the contractors’ staff; contractor submissions of frequent requests for cost increases; and contractor failure to meet time frames.

Source: PCIE, Advisory and Assistance Services, A Practical Guide.

Acquisition Planning

The APM establishes policy and procedures for the FDIC’s acquisition planning process and requires documentation of this process in the contract file. We found that the APM was not always followed. DOA contracting officials stated that with the newly implemented changes to the APM, and through issuance of interim policy guidance, they see evidence of improvements in the documentation for newly awarded contracts. Nevertheless, because the official contract file lacked documentation, and/or the SOW contained vaguely described work requirements, we could not always determine the adequacy or appropriateness of the planning for these contracts. Table 7 shows the summary of contracts without documented or clearly defined SOWs.

Table 7: Sampled Contracts with Missing or Vague SOWs

	CATEGORY		CONTRACT DESCRIPTION		PURCHASE ORDER AMOUNT		AMOUNT EXPENDED
	Missing SOWs:		Facilitation Services		$ 13,000		$ 11,567
			Facilitation Services		$ 13,800		$ 8,406
			Facilitation Services		$ 81,840		$ 40,920
			Information Technology (IT) Special Studies		$ 100,000		$ 35,295
			IT Special Studies		$ 100,000		$ 51,780
			IT Special Studies		$ 116,372		$ 116,372
			Service Costing (Benchmarking)		$ 2,015,600		$ 1,311,037
			Subtotal - 7		$ 2,440,612		$ 1,575,377
	Vague SOWs:		Business Continuity Services		$ 279,950		$ 279,950
			Financial Advisory Services		$ 327,000		$ 317,144
			IT Special Studies		$ 200,000		$ 115,831
			Financial Advisory Services		$ 200,000		$ 200,000
			E-banking Advisory Services		$10,987,553		$ 6,311,733
			Diversity Consulting		$ 170,000		$ 50,656
			Diversity Consulting		$ 222,500		$ 212,990
			Diversity Consulting		$ 50,000		$ 37,154
			Survey Services		$ 288,000		$ 183,387
			Subtotal - 9		$12,725,003		$ 7,708,845
			Grand Total - 16		$15,165,615		$ 9,284,222
	Percent of Sample				37%		38%

Source: OIG Analysis of Sampled Contracts.

Of these 16 contracts, further analysis showed that modifications to increase contract price were made to 7 contracts as shown in Table 8.

Table 8: Modifications to Contracts with Missing or Vague SOWs

	CONTRACT DESCRIPTION		AMOUNT OF INCREASE		PERCENT OF ORIGINAL CONTRACT TOTAL
	Business Continuity Services		$230,000		460%
	Diversity Consulting		$137,500		162%
	Financial Advisory Services		$177,000		118%
	IT Special Studies		$ 50,000		100%
	IT Special Studies		$ 30,000		43%
	Service-Costing (Benchmarking)[ 12 ]		$982,000		95%
	Survey Services		$209,956		269%
	AVERAGE		$259,494		178%

Source: OIG Analysis of Sampled Contracts.

About $9 million, or over one-third of the expended costs of the sampled contracts, were not supported by clear SOWs. Although the APM requires the CO to review the Requirements Package for completeness or clarity, the CO reviews did not always result in clear, well-defined SOWs. As a result, the FDIC did not always communicate a thorough understanding of the required goods or services and expected results to consultants. We were unable to confirm whether the lack of clear SOWs directly contributed to the need for contract modifications. However, we verified that for the 7 contracts, modifications were made that, on average, almost doubled the original contract prices.

The OIG recently issued its report entitled, Acquisition Planning and Execution Strategy,^{[ 13 ]} in which recommendations were made to improve the acquisition planning process. These contract awards were made prior to the issuance of the revised APM as well as the subsequent interim policy guidance, and efforts are underway to improve the FDIC’s acquisition planning process. Therefore, we are making no further recommendations at this time.

Oversight Management

As discussed earlier, it is difficult for the oversight manager to obtain good results from a contract that was inadequately planned. Effective oversight management involves overseeing the technical performance requirements of the contract and is primarily the responsibility of the program office. Although it was difficult to determine the adequacy of oversight management for all 16 contracts listed in Table 7, we concluded that 6 contracts had specific deficiencies, as summarized in Table 9.

Table 9: Contracts with Specific Oversight Management Deficiencies

	CONTRACT DESCRIPTION		REASON		CONTRACT AMOUNT		AMOUNT EXPENDED
	Service Costing –(Benchmarking)		Unable to reconcile total contract amount per the FDIC’s purchase order system to task orders because of a lack of documentation.		$2,015,600		$1,311,037
	Business Continuity Services		Contract price increased and the period of performance was extended but the scope of work did not change from the original SOW.		$279,950		$279,950
	Business Continuity Services		Did not ensure all work requirements were completed and deliverables were received.		$81,840		$40,920
	IT Special Services		Unable to determine the contract requirements (no SOW), the quality of oversight management, or whether the FDIC received what it expected from the contractor.		$100,000		$51,780
	IT Special Services		Unable to determine the contract requirements (no SOW), the quality of oversight management, or whether the FDIC received what it expected from the contractor.		$100,000		$35,295
	Facilitation Services		Incorrect GSA hourly rate was authorized.		$13,000		$11,567
			Total Findings – 6 contracts		$2,590,390		$1,730,549
			Percent of Sampled Contract Dollars		6%		7%

Source: OIG Analysis of Sampled Contracts.

We discuss these six contracts more fully below.

Service Costing (Benchmarking) Contract: The service costing (benchmarking) contract is an active contract with important work yet to be completed to assist the FDIC in implementing its service costing methodology. Specific work is assigned to the consultant through the use of individual task orders. However, the total contract price, according to the executed copies of the task orders found in the official contract file as well as in the OM’s contract file, is not the same as the total contract price reported in the FDIC’s purchase order system (POS). In fact, the dollar total of the task orders found in the files exceeds the amount reported in the POS by $384,620, which raises concern that the contract price may have exceeded the authorized expenditure authority level for this contract. However, due to the lack of documentation, we could not confirm that this was the case. Table 10 shows the unreconciled difference for the contract.

Table 10: Unreconciled Difference – Service Costing (Benchmarking) Contract

	PER CONTRACT FILE DOCUMENTATION						PER POS		UNRECONCILED DIFFERENCE
	Task Order (TO) Number		Contract Amount		Explanation
	1		$233,200
	2		$-0-		Extends period of performance
	3		$305,400
	Modification 1 to TO3		$545,000
	4		$45,000
	5		$135,000
	6		$138,800
	7		$-0-		Not found in contract file
	8		$21,500
	9		$192,830
	Modification 1 to TO9		$2,390
	10		$590,600
	Modification 1 to TO10		$-0-		Extends period of performance
	Modification 2 to TO10		$290,500		Extends period of performance
	Modification 3 to TO10		$-0-		Not found in contract file
	Modification 4 to TO10		$-0-		Extends period of performance
	11		$-0-		Not found in contract file
	Total		$$2,400,220				$2,015,600		$384,620

Source: OIG Analysis.

As shown in the table, two task orders (7 and 11) and one modification (modification 3 to task order 10) were missing from the contract file. The CO or OM could not provide us with the required documentation. As a result, we could not verify the total contract price, or determine the contract terms, including the work requirements and/or specified price for the missing task orders and modification. One CO explained that the poor condition of the official contract file was caused by changes in the CO a number of times due to reorganizations and new assignments of responsibility within ASB. Although ASB has been aware of the condition of this contract file since February 2004, the total contract price has not yet been reconciled and complete documentation is not maintained in the file. We concluded that more attention needs to be given to the service costing (benchmarking) contract, and we are recommending that ASB conduct a complete contract review to ensure the contract file contains complete documentation and the total contract price is accurately reflected in the POS, and the contractor has met the cost, schedule, and deliverable requirements.

Business Continuity Contracts: DOA hired two different consultants, at varying times, to provide business continuity services for the FDIC. We determined that these contracts were not well-managed. The first contract was initially awarded for $49,950 with the period of performance of April 2001 through July 2001. The purpose of this contract was to validate the content and effectiveness of the FDIC’s business continuity plan. The contract was modified several times to increase the contract price to 460 percent of the initial contract amount (as shown in Table 8) and to extend the period of performance through December 2001. According to a program official familiar with this contract, the scope of services did not change from the initial contract, but more time and money was needed for the contractor to complete the work. As discussed above under the section entitled, Acquisition Planning, the SOW did not require specific deliverables, milestone schedules, or delivery due dates. In this case, the oversight manager did not hold the contractor accountable for completing the required services within the period of performance and the contract terms.

The FDIC hired a second consultant to provide business continuity plan assessment services in September 2003. We could not find a SOW in the official contract file that had been prepared by the FDIC. Instead, we found that the SOW was prepared by the consultant. We did not always see evidence that the FDIC received the expected level of effort as indicated by the consultant’s proposal of work. For example, the consultant’s proposal indicated that the following work would be completed:

"...shall review the FDIC’s Division of Information Resource Management (DIRM) documentation that summarizes the 38 FDIC identified mission-critical application systems and services, their priorities, impact, linkage, and integration with the FDIC Business Continuity Plan will also be provided and reviewed."

We did not see any evidence in the contract file or results from this review in the consultant’s assessment report. We concluded the oversight manager did not hold the contractor accountable for the required work under the contract.

Information Technology (IT) Special Studies Contracts: DIRM hires consultants to perform special studies for IT-related projects. We identified two such contracts, with the same consultant for back-to-back time periods, where we could not determine the adequacy of oversight management because of the lack of documentation to support the work that was requested and received. Each contract was priced at $100,000 for a total of $200,000 and the amount expended on these contracts totaled $35,295 and $51,780, respectively, for a total of $87,075.

The official contract file did not contain SOWs for either of these two contracts. Therefore, we could not identify what services DIRM requested from the consultant. Oversight management records were not available for our review for either of the contracts. Neither the CO nor the OM for one of the contracts are currently employed by the FDIC and there were no other DIRM officials identified as having any knowledge regarding the specifics of that contract. Therefore, we could not review any records or other indications that deliverables were received or services were provided by the consultant for that contract.

For the second contract, the OM produced a report, dated January 2002, on the topic of "Contingency Planning Analysis" but because there was no SOW, we could not verify how or when these services were requested, whether this deliverable was a product from this specific contract, how much these services cost the FDIC, and if there were other services performed under the contract which helped account for expended funds.

In discussing our specific concerns, a DIRM representative conceded that DIRM should improve the way it standardizes its process for obtaining and improving the quantity and quality of requirements content for these kinds of smaller services but with something much less stringent than full SOWs and full contract packages. We concluded that for both of these contracts, neither DIRM nor the CO complied with the APM, and thus the controls that are built into the FDIC’s procurement process were circumvented as a result.

Facilitation Services Contract: We determined that the consultant overcharged the FDIC by using the incorrect GSA hourly rate for facilitation services. The rate actually paid was $29/hour higher than stated on the appropriate GSA schedule contract. However, this contract is over 4 years old, the OM no longer works at the FDIC, and the amount of the overcharge would have cost the FDIC a maximum of approximately $1,400. Therefore, we are not recommending further action. Nevertheless, the error indicates inadequate management on the part of the program office responsible for monitoring the expenditure of funds.

Recommendation:

(2) We recommend that the Director, DOA, require the CO for the service costing (benchmarking) contract to complete a full contract review, including a reconciliation of the contract price and all individual task orders awarded under this contract to the POS.

Benefits Achieved

We determined that the FDIC derived some benefit from nearly all of the sampled contracts that we reviewed. We were able to verify the receipt of benefits resulting from the contract for 18 of the 34 sampled contracts that had clearly defined work requirements. However, for the remaining 16 contracts where SOWs were missing or contained vague work requirements, only testimonial evidence provided by the program office was available rather than contract file documentation to verify that deliverables, or other outputs, resulted in benefits to the FDIC. Program officials asserted that 13 of the 16 resulted in benefits to the FDIC. For the two IT special studies contracts and portions of the service costing (benchmarking) contract, file documentation was not sufficient for us to identify that the consultants delivered the services that were needed or requested by the FDIC.

As discussed earlier, SOWs are required for all FDIC contracts, and each SOW should be clear, concise, accurate, complete, and written in a manner that permits the FDIC to measure the contractor’s achievement of the contract requirements. Therefore, it is important that the FDIC structures contracts through an adequate planning process, and adequately manages them to ensure that expected benefits are achieved. Table 11 shows further analysis of the 34 sampled contracts with contract values and amounts spent of approximately $41 million and $24 million, respectively.

Table 11: Analysis of Benefits

	NUMBER OF CONTRACTS		RESULTS OF ANALYSIS		CONTRACT AMOUNT		AMOUNT SPENT
	18		Benefits independently verified by OIG.		$25,523,962		$14,956,554
	13		Although there was not a clear SOW in the contract file, testimonial evidence supported the FDIC’s receipt of benefits.		$12,950,015		$7,886,110
	1		Because of incomplete documentation in the contract file, benefits for a portion of the contract were unidentifiable and the portion of the contract amount for these unidentifiable benefits is unquantifiable.		$2,015,600		$1,311,037
	2		Could not determine if benefits were received by the FDIC due to a lack of documentation in the contract file.		$200,000		$87,085

Source: OIG Analysis of Sampled Contracts.

Enhanced Controls are Warranted

The FDIC APM does not distinguish between the policies and procedures in place over consulting and non-consulting service contracts. As discussed earlier, consulting contracts present risks to the FDIC because they may closely relate to functions that should be performed by FDIC management and because of the potential for conflict of interest situations. Although nothing came to our attention that caused us to suspect abuse, consulting contracts are sensitive in nature and the dollar amount of these contracts can often fall below the dollar threshold requiring a written acquisition plan. We concluded that management controls could be strengthened to protect the FDIC from these risks.

Recommendation:

(3) We recommend that the Director, DOA, revise the APM to raise awareness of the risks associated with consulting contracts and enhance controls to ensure that the FDIC is protected from the improper use of consultants.

CORPORATION COMMENTS AND OIG EVALUATION

On January 13, 2005, the Director, DOA, provided a written response to the draft report, which is presented in its entirety in Appendix II of this report. Appendix III presents a summary of the FDIC’s responses to our recommendations.

DOA partially concurred with Recommendation 1. DOA responded that it had discussed the diversity consultant contract with ODEO and learned that the diversity advisor planned to return to the FDIC to perform additional coaching/mentoring services under the contract. DOA decided that the contract will remain in place through the March 2005 expiration date. If for any reason the consultant is unable to perform duties required in the contract, DOA will re-open this condition.

DOA concurred with Recommendation 2. DOA instructed the contracting officer to perform a full contract review to include a reconciliation of the contract price with all individual task orders executed under the contract. DOA expects to complete this review by February 28, 2005.

DOA partially concurred with Recommendation 3. Although DOA agreed that there are potential risks with consulting contracts, DOA does not believe that these risks are significantly greater than other service type contracts to warrant revision to the APM. However, DOA has agreed to provide training and other formal written reminders to acquisition personnel regarding consulting service contracts. In addition, ASB reported that it had already begun working with the FDIC Contract Legal Unit to strengthen conflict of interest provisions associated with consulting contracts. Completed action is expected by March 31, 2005.

The actions taken and planned by management are responsive to the recommendations. The recommendations are resolved but will remain undispositioned and open until we have determined that agreed-to corrective actions have been completed and are effective.

OBJECTIVE, SCOPE, AND METHODOLOGY

Our overall objective was to evaluate the use of, and benefits derived from, consulting services at the FDIC. In fulfilling the objective, we determined:

• the extent to which the Corporation utilizes consulting services;
  
• whether consulting services contracts are effectively justified, planned, and managed; and
  
• whether benefits were achieved from consulting services.

To determine the extent to which the Corporation utilizes consulting services, we performed the following work:

• Reviewed the DOA Acquisition Policy Manual for policies and procedures that are in place to control the contracting activities for the FDIC.
• Defined the term "consulting contracts" for the purpose of this evaluation, and obtained concurrence from ASB officials on the definition used. In developing our definition, we considered excerpts from the following sources:
  • Office of Management and Budget, Circular No. A-11.
  • General Services Administration, Federal Supply Schedule 874, Management, Organizational, and Business Improvement Services.
  • Government Accountability Office Report No. GAO/NSIAD-00-183R, Selected DOD Consulting Services.
  • American Institute of Certified Public Accountants Web site, March 2004.
• Obtained a universe of contracts from the DOA Purchase Order System (POS) for the period January 1, 1996 through March 22, 2004. From the universe, identified those contracts that were for consulting services. Verified the reasonable completeness and accuracy of this list with the FDIC program office for which the services were procured. Selected a judgmental sample of 34 consulting contracts for detailed review. The total amount of the contracts equaled $40,689,577. The total amount expended was $24,240,776.

To determine whether consulting contracts were effectively justified, planned, and managed, we reviewed the DOA official contract files, OM files, and any deliverables that were required as part of the contract to determine the need for the services. We reviewed the SOW to determine if the required services and expected results were clearly written, and whether the SOW included the following:

• nature of the services,
• qualifications necessary to perform the work,
• deliverables and the scheduled milestones for their delivery, and
• standards by which the contractor’s performance would be measured.

• Interviewed the OM, or if the OM was no longer an FDIC employee, an FDIC official who possessed knowledge regarding the benefits that were received as a result of the consulting service contract.
  
  
• In specific cases, we reviewed Dunn and Bradstreet records to identify potentially inappropriate relationships that may have existed between the FDIC and the vendor. None were identified.

To determine if the FDIC achieved benefits as a result of the contract, we reviewed the contract deliverables, and interviewed the OM (or designee) about the expectations of the contract, and how the results derived from the contract were used by the FDIC. In some cases, we were unable to corroborate testimonial evidence due to a lack of contract file documentation.

Prior Audit Coverage

The OIG has a program of contractor reviews and audits that includes pre-award reviews of the FDIC’s compliance with its contract evaluation and award process, pre-award reviews of contractor proposals or internal control systems, contractor billing audits, and contract close-out audits. While not specifically noted in the resulting reports, we have often observed during these reviews that contract file documentation needed improvement. In addition, in our previously referenced report on the FDIC’s acquisition planning and execution strategy (Report No. 04-043, dated September 29, 2004), we found that documentation dealing with the scope of work to be performed, deliverables, and other requirements was not always adequate. Finally, in our report entitled, Records Management and Storage (Report No. 04-045, dated September 30, 2004), we noted that the FDIC was unable to locate the contract file for the contractor that performs that function.

We conducted our evaluation from March through September 2004 in accordance with generally accepted government auditing standards.

APPENDIX II

CORPORATION COMMENTS

[ D ]

[ D ]

MANAGEMENT RESPONSES TO THE RECOMMENDATIONS

This table presents the management responses on the recommendations in our report and the status of the recommendations as of the date of report issuance.

	Rec. Number		Corrective Action: Taken or Planned/Status		Expected Completion Date		Monetary Benefits		Resolved: [ a ] Yes or No		Dispositioned: [ b ] Yes or No		Open or Closed [ c ]
	1		DOA discussed the diversity contract with ODEO management and determined that the diversity advisor had recovered from his illness and would resume services outlined in the contract. The contract will remain in place through the March 2005 expiration date. If for any reason, the consultant is unable to perform duties required in the contract, DOA will re-open the condition.		March 31, 2005		$0		Yes		No		Open
	2		DOA instructed the cognizant contracting officer to perform a full contract review to include a reconciliation of the contract price with all individual task orders executed under the contract.		February 28, 2005		$0		Yes		No		Open
	3		DOA will raise awareness of the unique nature of consulting contracts via training and other formal written reminders to acquisition personnel. In addition, ASB had already begun to work with the FDIC Contract Legal Unit to strengthen conflict of interest provisions associated with consulting contracts.		March 31, 2005		$0		Yes		No		Open

a Resolved –	(1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.
	(2) Management does not concur with the recommendation, but planned alternative action is acceptable to the OIG.
	(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

^b Dispositioned – The agreed-upon corrective action must be implemented, determined to be effective, and the actual amounts of monetary benefits achieved through implementation identified. The OIG is responsible for determining whether the documentation provided by management is adequate to disposition the recommendation.

^c Once the OIG dispositions the recommendation, it can then be closed.

	Search | Accessibility | Privacy | Information Quality | Contact Us | Site Map | Home