FDIC's Contract Oversight Management of the Infrastructure Services Contract
March 2008
Report No. AUD-08-008
Federal Deposit
Insurance Corporation
The objectives of the audit were to assess (1) the FDIC’s contract oversight management of Systems Research Applications International, Inc. (SRA), and its subcontractors, including subcontractor selection and performance; and (2) support for payments made by the FDIC for information technology (IT) goods and services provided by SRA and its subcontractors.
In June 2004, the FDIC’s Board of Directors approved expenditure authority totaling $357 million to procure IT infrastructure services through the General Services Administration’s (GSA) Federal Systems Integrations and Management (FEDSIM) Center. In September 2004, FEDSIM awarded a task order (the Infrastructure Services Contract – (ISC)) to SRA under the Millennia Government-wide Acquisition Contract program.
FEDSIM acts as the contracting officer with overall responsibility for contract management, while the FDIC’s Division of Information Technology (DIT) provides critical advice to GSA regarding the performance of SRA and its subcontractors. The Division of Administration (DOA) provides personnel security services and advice to help ensure that the FDIC’s contracting and security interests are protected.
As a result of the ISC, DIT was able to eliminate 36 individual IT infrastructure contracts.
|
The FDIC implemented a framework of controls designed to ensure effective contract oversight management of SRA and its subcontractors. A number of these controls are based on government and industry-recommended practices. Additionally, SRA selected subcontractors consistent with the Federal Acquisition Regulation and the terms and conditions of the ISC and Millennia contract. However, the FDIC can strengthen its oversight management of SRA in some control areas. Management attention in the control areas of ISC oversight roles and responsibilities, acquisition policies, award fee determinations, contractor and subcontractor integrity and fitness, and contractor and subcontractor invoice reviews will strengthen ISC governance and promote transparency and communication throughout the ISC program.
We engaged the Defense Contract Audit Agency (DCAA) to audit selected invoices submitted by SRA and two of its subcontractors. DCAA found that, except for a minor amount of labor and applied indirect costs that did not meet the labor qualifications of the contract, the costs for IT goods and services invoiced under the ISC were allowable, allocable, and reasonable. The minor questioned costs have been forwarded to DIT for appropriate action through GSA.
| Recommendations and Management Response |
We recommended that the Director, DIT, strengthen ISC contract oversight roles and responsibilities and the award fee determination process by:
- segregating ISC Program Manager duties, as appropriate;
- updating Technical Monitor and Subject Matter Expert roles and responsibilities, where appropriate;
- updating the Award Fee Determination Plan in key areas, including clarifying the criteria used to assess SRA’s performance under the ISC and having the Technical Monitors vote on each award fee determination; and
- coordinating with Technical Monitors and Subject Matter Experts to determine whether certain Service Level Agreements need to be revised in order to achieve more optimal contractor performance outcomes.
With regard to acquisition policies, we recommended that the Director, DOA:
- address performance-based acquisitions in the FDIC’s Acquisition Policy Manual;
- work with the Corporate University to develop performance-based contract management training;
- document DOA’s internal control of conducting periodic on-site inspections of procurement files to review contractor procurement practices; and
- clarify DOA’s role in connection with ISC procurement actions
The FDIC’s comments on a draft of the report agreed with our recommendations.
|
|
|
|
|
| DATE: | March 27, 2008 |
| |
| MEMORANDUM TO: | Michael E. Bartell, Chief Information Officer and |
| Director, Division of Information Technology |
| |
| Arleas Upton Kea, Director |
| Division of Administration |
| |
| FROM: | Russell A. Rau [Electronically produced version; original signed by Russell A. Rau] |
| Assistant Inspector General for Audits |
| |
| SUBJECT: | FDIC's Contract Oversight Management of the Infrastructure Services Contract
(Report No. AUD-08-008) |
| |
The subject final report is provided for your information and use. Please refer to the Executive Summary, included in the report, for the overall audit results. Our evaluation of your response is incorporated into the body of the report. Your comments on a draft of this report were responsive to the recommendations. Sufficient action has been taken to close recommendation 6. The remaining recommendations will remain open for reporting purposes until we have determined that agreed-to corrective actions have been completed and are responsive.
This report contains information that may be proprietary. Accordingly, we request that you safeguard this report to the fullest extent possible and make no disclosures of this report, or information therefrom, outside the FDIC without prior permission of the Inspector General. We will redact proprietary information prior to releasing the final report publicly.
If you have questions concerning the report, please contact me at (703) 562-6350 or Mark F. Mulholland, Director, Corporate Management and Security Audits, at
(703) 562-6316. We appreciate the courtesies extended to the audit staff.
Attachment
| cc: |
Rack D. Campbell, DIT |
|
James H. Angel, Jr., OERM |
|
Daniel H. Bendler, D |
|
|
| BACKGROUND |
| AUDIT OBJECTIVES AND APPROACH |
| OVERALL RESULTS |
| ROLES AND RESPONSIBILITIES |
| PROCUREMENT MANAGEMENT |
| ACQUISITION POLICIES |
| AWARD FEE DETERMINATIONS |
| CONTRACTOR INTEGRITY AND FITNESS |
| RECOMMENDATIONS |
| CORPORATION COMMENTS AND OIG EVALUATION |
| APPENDICES |
1. OBJECTIVE, SCOPE, AND METHODOLOGY |
2. CORPORATION COMMENTS |
3. MANAGEMENT RESPONSE TO RECOMMENDATIONS |
| TABLES |
ISC Facts at a Glance |
| FIGURES |
1. Annual Corporate IT Expenditures |
2. Ceiling Amounts for Key Components of the ISC |
3. FDIC Assessments of SRA’s Performance |
4. ISC Governance Structure |
|
|
Background
|
In June 2004, the FDIC’s Board of Directors approved expenditure authority totaling $357 million to procure information technology (IT) infrastructure services through the General Services Administration’s (GSA) Federal Systems Integration and Management (FEDSIM) Center.
In September 2004, FEDSIM awarded a task order (the Infrastructure Services Contract—ISC) to Systems Research Applications International, Inc. (SRA), under the Millennia Government-wide Acquisition Contract program.
|
|
ISC Facts at a Glance |
| Contract Type |
Cost Plus Award Fee (Performance-based) |
| Ceiling Price |
$341,766,035 |
| Term |
5 years (1 base year, plus four 1-year option periods) |
| Period of Performance |
September 21, 2004 – September 20, 2009 |
| Sponsoring Division |
Division of Information Technology (DIT) |
| Prime Contractor |
SRA |
| Key Subcontractors |
[Material Redacted] |
| Contractor Staff |
Approximately 205 |
|
IT infrastructure services procured through the ISC include (among other things):
- Mainframe Data Center Operations
- Local Area Network Management
- Hardware and Software Procurements
- Help Desk Operations
- Telecommunications Support
- Equipment and Software Maintenance
- Disaster Recovery Operations
- Security Operations
- Wireless Communications
- Desktop and Server Engineering
- IT Asset Management
|
|
The portion of DIT’s expenditures pertaining to the ISC increased during the initial years of the contract. This occurred as SRA assumed increasing responsibility for the FDIC’s IT infrastructure. As a result of the ISC, DIT was able to eliminate 36 individual IT infrastructure contracts.
 [ D ]
According to financial information provided by DIT, the FDIC had expended $191,401,707 of the ISC’s $341,766,035 ceiling amount as of December 31, 2007.
 [ D ]
The FDIC’s assessments of SRA’s performance under the ISC have been favorable.
As of October 2007, the FDIC had awarded [Material Redacted] fees available at that date
under the ISC.
Figure 3
[Material Redacted]
|
 [ D ]
Audit Objectives and Approach
- The objectives of the audit were to assess:
- the FDIC's contract oversight management of SRA and its subcontractors, including subcontractor selection
and performance, and
- support for payments made by the FDIC for IT goods
and services provided by SRA and its subcontractors.
- To accomplish our objectives, we:
- interviewed officials from FDIC, SRA, and the GSA’s FEDSIM Center;
- analyzed relevant reports, documents, and policies and procedures; and
- observed key meetings related to the ISC.
- We engaged the Defense Contract Audit Agency (DCAA) to audit
selected invoices submitted by SRA and two of its subcontractors
( [Material Redacted] ).
- Key criteria used in the audit included relevant regulations, FDIC policies and procedures, the ISC (and its deliverable products), and
government and industry-recommended practices.
- We performed our audit work from October through December 2007 in accordance with generally accepted government auditing standards.
- Details on our objectives, scope, and methodology are in Appendix 1.
Overall Results
- The FDIC implemented a framework of controls designed to ensure effective contract oversight management of SRA and its subcontractors. However, the FDIC can strengthen its oversight management of SRA in some control areas.
- DCAA found that, except for a minor amount of labor and applied indirect costs that did not meet the labor qualifications of the contract, costs for IT goods and services invoiced under the ISC were allowable, allocable, and reasonable. The minor questioned costs have been forwarded to DIT for appropriate action through GSA.
- The FDIC has implemented several contract oversight management controls that are based on government and industry-recommended practices. Such controls include:
- A Program Manager, Technical Monitors, and Subject Matter Experts who monitor work and assess performance
- A comprehensive award fee determination process that evaluates contractor and subcontractor performance
- A DIT Procurement Management Board that reviews budgets and procurement actions for items procured through the ISC
- Regularly scheduled reports and meetings with SRA
- A formal process that assesses risks associated with contract service providers, such as SRA
- SRA selected subcontractors consistent with the Federal Acquisition Regulation and the terms and conditions of
the ISC.
- The FDIC can strengthen its contract oversight management of SRA in the following control areas:
- ISC Oversight Roles and Responsibilities
- Acquisition Policies
- Award Fee Determination Process
- Contractor and Subcontractor Integrity and Fitness
- Review of Contractor and Subcontractor Invoices
- Management attention to these areas will strengthen ISC governance and promote transparency and communication (throughout the ISC program).
- Notably, corrective action is ongoing in a number of areas.
Roles and Responsibilities
![select [D] link to get text representation of image](08-008/Image2.jpg) [ D ]
![select [D] link to get text representation of image](08-008/Image3.jpg) [ D ]
![select [D] link to get text representation of image](08-008/Image4.jpg) [ D ]
Procurement Management
![select [D] link to get text representation of image](08-008/Image5.jpg) [ D ]
Acquisition Policies
![select [D] link to get text representation of image](08-008/Image6.jpg) [ D ]
Award Fee Determinations
![select [D] link to get text representation of image](08-008/Image7.jpg) [ D ]
Contractor Integrity and Fitness
![select [D] link to get text representation of image](08-008/Image8.jpg) [ D ]
Recommendations
With regard to ISC oversight roles and responsibilities, we recommend that the Director, DIT:
- Segregate the duties of the ISC Program Manager position, where appropriate, when DIT completes ongoing efforts to hire an
Infrastructure Project Manager and Service Delivery Manager in the Infrastructure Services Branch.
- Update the FDIC’s memorandum to FEDSIM regarding Technical Monitor and Subject Matter Expert duties and responsibilities to
reflect current practices, and incorporate these duties and responsibilities into a formal DIT policy.
With regard to the Award Fee Determination Process, we recommend that the Director, DIT, in coordination with FEDSIM:
- Update the Award Fee Determination Plan to reflect current practices, including clarifying criteria used to assess SRA’s performance under the ISC and requiring Technical Monitors to vote on each award fee evaluation, and appoint a Secretariat to maintain the Award Fee Determination Plan and related documentation.
- Coordinate with the Technical Monitors and Subject Matter Experts to determine whether certain SLAs need to be revised in order to achieve more optimal contractor performance outcomes.
With regard to acquisition policies, we recommend that the Director, DOA:
- Address performance-based acquisitions in the FDIC’s Acquisition Policy Manual.
- Work with the Corporate University to develop performance-based contract management training.
- Document DOA’s internal control of conducting periodic on-site inspections of procurement files to review contractor procurement
practices.
- Clarify DOA’s role in connection with ISC procurement actions.
Corporation Comments and OIG Evaluation
On March 19, 2008, the CIO and Director, DIT, and the Director, DOA, provided a written response to a draft of this report. The Corporation’s response is in Appendix 2. Management concurred with our recommendations and provided planned, ongoing, and completed corrective action. A summary of management’s response to each recommendation is in Appendix 3.
Sufficient action has been taken to close recommendation 6. The remaining recommendations are resolved but will remain open until we determine that the agreed-to corrective actions have been completed and are responsive.
|
|
APPENDIX 1
OBJECTIVE, SCOPE, AND METHODOLOGY
Objectives and Scope
The objectives of the audit were to assess (1) the FDIC’s contract oversight management of SRA and its subcontractors, including subcontractor selection and performance and (2) support for payments made by the FDIC for IT goods and services provided by SRA and its subcontractors. We conducted this performance audit from October through December 2007 in accordance with generally accepted government auditing standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
The scope of our audit focused on assessing the FDIC’s management controls that were designed to ensure effective contract oversight management of SRA and its subcontractors. Our audit did not assess contract administration services provided by the GSA. With respect to payments made by the FDIC for IT goods and services, we engaged DCAA to perform appropriate audit procedures to determine whether such payments were adequately supported consistent with the terms and conditions of the ISC and the Millennia contract. DCAA conducted its work in accordance with GAGAS.
Methodology
To achieve our objectives, we:
- Interviewed DIT and DOA representatives regarding their roles and
responsibilities for the ISC and the controls the FDIC had in place to help ensure
effective contract oversight management of SRA and its subcontractors. We also
interviewed SRA management officials to obtain their perspective on the FDIC’s
oversight management practices with respect to the ISC. Further, we met with
contracting officials at GSA’s FEDSIM Center to obtain an understanding of their
role in the ISC program.
- Analyzed relevant reports and contract-specific documents, such as SRA status reports and award fee determination reports.
- Observed key ISC-related meetings, including meetings of the DIT Procurement Management Board and the Award Fee Determination Board.
- Selected a non-statistical sample* of 40 subcontractor employees to determine whether required background investigations, confidentiality agreements, and preexit clearance forms had been completed consistent with FDIC policy. We selected the sample from the same four invoices reviewed by DCAA. We included SRA and subcontractor employees that were in the FDIC Virginia Square location and various field offices.
- Selected a non-statistical sample of six SRA subcontractors to determine whether integrity and fitness certifications had been completed as prescribed by FDIC policy. We selected the sample from the same four invoices reviewed by DCAA.
- Considered FDIC and DIT-specific policies related to contract oversight management and IT procurement, including:
- The FDIC’s Acquisition Policy Manual, including the Letter of Oversight
Manager Confirmation and Letter of Technical Monitor Confirmation.
- Circular 1610.2, Security Policy and Procedures for FDIC Contractors and Subcontractors, dated August 1, 2003.
- DIT Policy No. 05-002, Procuring IT Assets, dated May 25, 2005.
- DIT Internal Policy Memorandum, Receiving of IT Assets Policy, dated February 12, 2003.
- DIT Memorandum to GSA, Technical Monitor and Subject Matter Expert Designations, Duties, and Responsibilities, dated October 2, 2007.
- Considered federal regulations, policies, and recommended practices pertaining to interagency and performance-based contracting. Such criteria included applicable sections of the Federal Acquisition Regulation (FAR), guidance published by the Office of Federal Procurement Policy, and reports issued by the Government Accountability Office.
- Engaged DCAA to determine whether charges for IT goods and services contained in selected invoices submitted under the ISC were adequately supported consistent with the terms and conditions of the ISC and Millennia contract. Specifically, DCAA assessed whether charges for IT goods and services provided by SRA and two of its subcontractors were supported with adequate, original documentation consistent with the terms and conditions of the ISC and Millennia contract. DCAA’s audit procedures included, for example, examining timesheets to verify that the hours billed were actually worked and reviewing qualifications, experience, and education for a sample of contractor and subcontractor employees to ensure the employees satisfied the minimum requirements of the ISC and Millennia contract.
The FDIC OIG selected the following four ISC invoices for DCAA’s detailed review.
| Invoice Number |
Period of Performance |
Amount |
| 600231193 |
December 1-31, 2006 |
$ 7,739,724.44 |
| 600240511 |
January 1-31, 2007 |
$11,601,627.29 |
| 600278697 |
May 1-31, 2007 |
$ 4,448,444.71 |
| 600294828 |
June 1-30, 2007 |
$ 7,646,601.36 |
Internal Control
We assessed key FDIC internal controls related to the oversight management of the ISC, including:
- Relevant FDIC and DIT policies, procedures, guidance, and training.
- The roles and responsibilities of key ISC stakeholders, including the ISC Oversight Committee, Program Manager, Technical Monitors, and Subject Matter Experts.
- The ISC governance structure.
- The ISC award fee determination process.
In addition, DCAA performed appropriate tests of contractor internal controls for the purpose of planning and conducting its audit work.
Reliance on Computer-processed Data. Our audit objective did not require that we separately assess the reliability of computer-processed data to support our significant findings, conclusions, and recommendations. Additionally, in performing this audit, we did not consider it necessary to evaluate the effectiveness of information systems controls in order to obtain sufficient, appropriate evidence.
Performance Measurement. We determined that DIT’s performance measures under the Government Performance and Results Act were not significant to our audit objectives.
Compliance with Laws and Regulations
The following regulations were relevant to our audit objectives:
- 12 Code of Federal Regulations (C.F.R.) Part 366, Minimum Standards of Integrity and Fitness for an FDIC Contractor – establishes the minimum standards of integrity and fitness that contractors, subcontractors, and employees of contractors and subcontractors must meet if they perform any service or function on the FDIC’s behalf. Part 366 implements sections 12(f)(3) and (4) of the Federal Deposit Insurance Act (12 United States Code sections 1822(f)(3) and (4)) regarding contractor conflicts of interest and disapproval.
- FAR Subchapter G, Contract Management – establishes uniform policies and procedures for contract management by all executive agencies, including contract management, subcontracting, and quality assurance. We used the FAR as criteria because the ISC is a task order awarded under the FEDSIM’s Millennia contract, which is based on the FAR.
We assessed the risk of fraud related to the audit objectives in the course of evaluating
audit evidence.
Prior Coverage
We considered the following reports previously issued by the FDIC OIG in planning and conducting our work:
- Evaluation Report No. EM-08-002, Information Technology Procurement
Integrity and Governance, dated March 4, 2008.
- Evaluation Report No. EM-07-003, Follow-up Work Related to FDIC’s Contract
Assessment Report, dated May 30, 2007.
- Audit Report No. 07-004, Interagency Agreement with the General Services
Administration for the Infrastructure Services Contract, dated
January 10, 2007.
- Evaluation Report No. 06-026, FDIC’s Contract Administration, dated
September 29, 2006.
|
|
APPENDIX 2
CORPORATION COMMENTS
| |
| DATE: | March 19, 2008 |
| |
| TO: | Russell A. Rau |
| Assistant Inspector General for Audits |
| |
| FROM: | Arleas Upton Kea [Electronically produced version; original signed by Arleas Upton Kea] |
| Director, Division of Administration |
| |
| FROM: | Michael E. Bartell [Electronically produced version; original signed by Michael E. Bartell] |
| Chief Information Officer and |
| Director, Division of Information Technology |
| |
| SUBJECT: | Management Response to the Draft OIG Audit Report Entitled:
Audit of the FDIC’s Contract Oversight Management of the Infrastructure Services Contract (Assignment No. 2007-036) |
| |
This is in response to the subject Draft Office of Inspector General (OIG) Audit Report, issued February 28, 2008. In its report, the OIG made eight recommendations.
We appreciate that the OIG noted that the FDIC has implemented a framework of controls to ensure effective oversight of the Systems Research Applications International, Inc. (SRA) contract and its subcontractors. However, we recognize that additional steps could be taken to enhance these controls. This response outlines our planned corrective actions for each of the recommendations cited in the OIG’s Report.
MANAGEMENT DECISION
Finding: Infrastructure Services Contract (ISC) Oversight Roles and Responsibilities
Recommendation 1: That the Director, Division of Information Technology (DIT) segregate the duties of the ISC Program Manager position, where appropriate, when DIT completes ongoing efforts to hire an Infrastructure Project Manager and Service Delivery Manager in the Infrastructure Services Branch.
Management Response 1: DIT concurs with this recommendation.
Corrective Action: A selection for the Infrastructure Project and Service Delivery Manager has been made and an offer has been made to the individual. The process is now in salary negotiation. Once on-board, the ISC Program Manager will work with the individual to delegate some program management responsibilities.
Completion Date: May 30, 2008
|
|
Recommendation 2: That the Director, DIT update the FDIC’s memorandum to Federal Systems Integrations and Management (FEDSIM) regarding Technical Monitor and Subject Matter Expert duties and responsibilities to reflect current practices, and incorporate these duties and responsibilities into a formal DIT policy.
Management Response 2: DIT concurs with this recommendation.
Corrective Action: A draft policy updating and defining the oversight roles has been completed and has been distributed for review and comment.
Completion Date: April 30, 2008
Finding: Award Fee Determination
Recommendation 3: That the Director, DIT update the Award Fee Determination Plan to reflect current practices, including clarifying criteria used to assess SRA’s performance under the ISC and requiring each Technical Monitor to vote on each award fee determination, and appoint a Secretariat to maintain the Award Fee Determination Plan and related documentation.
Management Response 3: DIT concurs with this recommendation.
Corrective Action: A draft update of the Award Fee Determination Plan has been completed, including designation of all Technical Monitors as voting members of the Award Fee Evaluation Board (AFEB). In addition, the Secretariat and Recorder positions have been established and assigned. The changes will be included in the next contract modification to be effective beginning with the next Award Fee Period.
Completion Date: April 30, 2008
Recommendation 4: That the Director, DIT coordinate with the Technical Monitors and Subject Matter Experts to determine whether certain service level agreements (SLAs) need to be revised in order to achieve more optimal contractor performance outcomes.
Management Response 4: DIT concurs with this recommendation.
Corrective Action: The Service Level Manager has met with the FDIC ISC Program Manager including all the Technical Monitors and Subject Matter Experts, the FEDSIM Program Manager and the Deputy CIO, Infrastructure to perform a review of the SLAs. Suggestions for modifications and/or additional SLAs have been drafted and presented to the vendor for review. Once that review has been completed a reconciliation of the recommendations will be conducted and a presentation for final updates will be submitted. Once final recommendations have received concurrence the changes will be submitted to FEDSIM for contract modification.
Completion Date: April 30, 2008
|
|
| * |
|
Finding: Acquisition Policies
Recommendation 5: That the Director, DOA, address performance-based acquisitions in the FDIC’s Acquisition Policy Manual.
Management Response 5: DOA concurs with this recommendation.
Corrective Action: DOA recognizes the importance of the successful use of performance-based acquisitions in fulfilling FDIC requirements. As such, the topic has been addressed in the revised APM and associated Procedures, Guidance and Information document. OIG will have the opportunity to review this information during the Directives Review process. Publication is expected by May 30, 2008.
Completion Date: May 30, 2008
Recommendation 6: That the Director, DOA work with the Corporate University to develop performance-based contract management training.
Management Response 6: DOA concurs with this recommendation.
Corrective Action: DOA recognizes the importance of the successful award and management of performance-based contracts for FDIC requirements. DOA also recognizes that the foundation of a successful performance-based contract is the work statement. Therefore, ASB, in conjunction with Corporate University, is sponsoring the Statement of Work Preparation Training Course. Ten sessions of this course will be held in 2008, with the first class held February 20-21, 2008 (See attached). Registration for the training is available through the Corporate University Learning Server. This course, designed for anyone involved in the procurement process, addresses the process of writing standard and performance-based statements of work. The course presents detailed specifications and formats for each type of statement of work and identifies when to use each. It also describes the characteristics of effective statements of work, statements of objectives, and performance based statements of work. Further, Corporate University, in conjunction with DIT, presented two (2) Performance-Based Workshops in 2007, and has one more scheduled for June 16-17, 2008. This course focuses on the best practices and tools associated with contract monitoring, assessing contractor performance, receiving, accepting, and closing IT-related service contracts and is intended for DIT OMs, TMs, Task Order Oversight Managers (TOOMs), and Subject Matter Experts (SMEs) in DIT who work with or manage IT-related service contracts. The two classes provide the necessary training for successful performance-based contracting. DOA considers this action closed.
Completion Date: March 17, 2008
Recommendation 7: That the Director, DOA documents DOA’s internal control of conducting periodic on-site inspections of procurement files to review contractor procurement practices.
Management Response 7: DOA concurs with this recommendation.
|
| * This attachment is not included in the report. |
|
| * |
|
Corrective Action: GSA has a quality control function as part of their responsibility to oversee the SRA contract. The GSA Contracting Officer Representative will periodically, but no less than every three months, review procurement actions under the ISC to ensure that all applicable procurement rules have been adhered to and the procurement action represents the best value to the government. While FDIC has no privity of contract with SRA, GSA is willing to accept and accommodate our interest in accompanying them on these reviews. GSA will issue a modification to the SRA task order documenting the review process in the SRA Quality Assurance Surveillance Plan by May 31, 2008.
Completion Date: May 31, 2008
Recommendation 8: That the Director, DOA clarify DOA’s role in connection with ISC procurement actions.
Management Response 8: DOA concurs with this recommendation.
Corrective Action: DOA does not approve procurement actions processed through the ISC. However, DOA will review all actions valued at one million dollars or above, to assist in determining the appropriate procurement strategy. This process will be documented in a memo issued jointly by DOA and DIT prior to May 31, 2008.
Completion Date: May 31, 2008
If you have any questions regarding this response, the points of contact are: for DOA, contact William Gately at (703) 562-2118; and for DIT, contact Rack Campbell at (703) 516-1422.
| cc: | Glen Bjorklund, DOA |
| Michael J. Rubino, DOA |
| Elizabeth Walker, DOA |
| James H. Angel, Jr., OERM |
| Russell Pittman, DIT |
| Rack Campbell, DIT |
| William J. Gately, Jr., DOA |
|
| * Subsequent to our receipt of the Corporation’s official comments, GSA’s Contracting Officer
Representative (COR) provided a clarification to this sentence on April 10, 2008. Specifically, the COR
commented that the SRA operates under an approved purchasing system, and as such, is required to adhere
to applicable procurement regulations and ensure the best value for the government. The COR has neither
the authority nor the responsibility for SRA’s adherence to procurement regulations. |
|
APPENDIX 3
MANAGEMENT RESPONSE TO RECOMMENDATIONS
This table presents the management response on the recommendations in our report and the status of the recommendations as of the date of report issuance.
| 1 |
The ISC Program Manager will work with the Infrastructure Project Manager and Service Delivery Manager (once on board)
to delegate some program management responsibilities. |
May 30, 2008 |
$0 |
Yes |
Open |
| 2 |
DIT will finalize a draft policy that updates and defines the oversight roles of the Technical Monitors and Subject Matter
Experts.
|
April 30, 2008 |
$0 |
Yes |
Open |
| 3 |
DIT has drafted an update to the Award Fee Determination Plan that designates all Technical Monitors as voting members. In addition, a Secretariat and Recorder have been assigned. These changes will be included in the next contract modification. (Also, see actions taken in response to
recommendation 4.)
|
April 30, 2008 |
$0 |
Yes |
Open |
| 4 |
DIT, in coordination with FEDSIM, has reviewed the SLAs and presented proposed modifications to SRA. Once final recommendations have received concurrence from all parties, the changes will be submitted to FEDSIM for contract modification.
|
April 30, 2008 |
$0 |
Yes |
Open |
| 5 |
DOA has addressed performance-based acquisitions in a revised draft of the APM and associated procedures and guidance. |
May 30, 2008 |
$0 |
Yes |
Open |
| 6 |
DOA, in conjunction with the Corporate University, is sponsoring performancebased contract management and statement
of work training in 2008. |
March 17, 2008 |
$0 |
Yes |
Closed |
| 7 |
DOA will accompany GSA on its periodic reviews of SRA procurement actions. GSA will issue a contract modification documenting the review process in the SRA Quality Assurance Surveillance Plan. |
May 31, 2008 |
$0 |
Yes |
Open |
| 8 |
DOA will document its process for reviewing ISC procurement actions in a memorandum to be issued jointly by DOA
and DIT. |
May 31, 2008 |
$0 |
Yes |
Open |
| a Resolved – |
(1) Management concurs with the recommendation, and the planned corrective action is
consistent with the recommendation. |
|
(2) Management does not concur with the recommendation, but planned alternative action is
acceptable to the OIG.
|
|
(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0)
amount. Monetary benefits are considered resolved as long as management provides an
amount.
|
b Once the OIG determines that the agreed-upon corrective actions have been completed and are effective, the recommendation can be closed.
|
|
