OIG-00A-03 - Review of the Basis for the Structure of NRC's CISSCO Program
Contents
- Report Synopsis
- Introduction
- Results of Audit
- Management Actions
- Conclusions
- Recommendations
- Appendix I: Objectives, Scope, and Methodology
- Appendix II: Abbreviations And Acronyms
- Appendix III: Agency Response to Draft Report
- Appendix IV: NRC Organization Chart
- Appendix VI: Office of the Inspector General Products
Report Synopsis
The Comprehensive Information Systems Support Consolidation (CISSCO) program is the Nuclear Regulatory Commission's (NRC) primary information technology systems and related operations support vehicle. CISSCO consists of a single contractor, using several subcontractors, to provide a wide-range of information technology services.
In 1995, the General Services Administration's Federal Systems Integration and Management Center (GSA/FEDSIM) established the FEDSIM 9600 multiple award contract(1) (MAC), under which it issued task order contracts to eight qualified information technology vendors. In 1996, NRC contracted with GSA/FEDSIM to procure and manage a contractor for CISSCO work through its FEDSIM 9600 MAC. Subsequently, GSA/FEDSIM competed a single task order, for all CISSCO work, among the contractors in the FEDSIM 9600 MAC. In August 1996, GSA/FEDSIM, with NRC's concurrence, selected Computer Sciences Corporation (CSC) as the prime contractor for meeting the needs of CISSCO. The task order with CSC is for one Base year, with four Option years. The third Option year was exercised in August 1999. The initial projected cost of the full 5-year contract was $46.5 million and, as of March 2000, NRC had expended approximately $37.7 million on work under CISSCO.
Over the past two years, the Office of the Inspector General conducted several
reviews of CISSCO and reported on potential improvements that the Agency should
make to lessen the risks associated with the program.(2)
Subsequently, we initiated a review of the basis for the structure of the CISSCO
program, with specific focus on whether the use of the MAC and the use of a
task assignment control (TAC) package(3) to define
work to that contractor are in accordance with regulations. We also reviewed
whether justification to use a single contractor under a MAC was required. This
report also addresses a previously identified concern -- the Agency's lack of
assurance of the reasonableness of costs for work performed under CISSCO (OIG-99A-13
).
We found that, in accordance with regulations, NRC obtained the benefit of a streamlined procurement by issuing the single CISSCO task order through the FEDSIM 9600 MAC. We also found that the Federal Acquisition Regulation (FAR) does not require a justification to use a single contractor at the task order level of procurement. However, by issuing a single task order, NRC did not take full advantage of a MAC, particularly the ease of competing multiple task orders and the additional cost controls provided by such competition. We determined that the task order placed with CSC does not fully comply with FAR or NRC's management directives. Because the task order is too broadly-stated, it does not provide the specificity required for the Agency to obligate funds at the task order level. Instead, the Agency incorrectly obligates funds at the TAC level.
We attribute these weaknesses to the lack of involvement of the Agency's contracting, legal, and financial components in the development of the CISSCO task order. In our opinion, had the appropriate officials within the Agency reviewed the task order, these weaknesses would have been identified and corrected prior to execution of the task order. A task order issued in compliance with the requirements of FAR and NRC's own requirements would have ensured that the Agency could appropriately fund work at the task order level. We also believe that had the Agency issued multiple task orders, it would have been provided with sufficient assurance of the reasonableness of CISSCO costs.
Finally, we believe that NRC's policy of delegating senior managers the authority to enter the Agency into substantial agreements without the involvement of its contracting, legal, and financial components puts the Agency at increased risk of violating contractual, legal, and financial requirements. This report makes two recommendations to improve Agency procurement activities.
Introduction
The Comprehensive Information Systems Support Consolidation (CISSCO) program is the Nuclear Regulatory Commission's (NRC) primary information technology systems and related operations support vehicle. Over the past two years, the Office of the Inspector General (OIG) conducted several reviews of CISSCO and reported on potential improvements that the Agency could make to lessen the risks associated with the program.(4) During these reviews, issues surfaced related to the structure of the CISSCO program, specifically the use of a single contractor under a multiple award contract (MAC)(5) and the use of a task assignment control (TAC) package(6) to define work to that contractor. To that end, we initiated a review of the basis for the structure of the CISSCO program.
The objectives of this review were to determine whether: (1) the use of the
MAC is in accordance with regulations, (2) the use of TACs is in accordance
with regulations, and (3) justification for the use of a single contractor was
required. This report also addresses a previously identified concern regarding
the Agency's lack of assurance regarding the reasonableness of costs for work
performed under CISSCO (OIG-99A-13
).
Appendix I contains additional information about our objectives, scope, and
methodology.
Background
Prior to the Federal Acquisition Streamlining Act of 1994 (FASA), agencies used large, single award, indefinite-delivery/indefinite-quantity contracts to avoid procurement delays and potential legal challenges associated with multiple award contracts. Congress enacted FASA to codify the use of multiple award task order and delivery order contracts and established a preference for the use of multiple award contracts.
In 1994, NRC's Office of the Chief Information Officer (OCIO)(7) began to integrate numerous agency computer systems efforts into the CISSCO program. The CISSCO strategy includes the use of a single contractor, using several subcontractors, to provide a wide-range of information technology services. In 1995, NRC entered into a Basic Agreement(8) with the General Services Administration's Federal Systems Integration and Management Center (GSA/FEDSIM) to develop a requirements analysis, alternatives analysis, and acquisition plan for the services required to implement CISSCO. Also in 1995, GSA/FEDSIM established a multiple award contract, the FEDSIM 9600 MAC, under which it issued task order contracts to eight qualified information technology vendors. In 1996, NRC contracted with GSA/FEDSIM to procure and manage a contractor for CISSCO work through its FEDSIM 9600 MAC. Subsequently, GSA/FEDSIM competed a single task order, for all CISSCO work, among the contractors in the FEDSIM 9600 MAC. In August 1996, GSA/FEDSIM, with NRC's concurrence, selected Computer Sciences Corporation (CSC) as the prime contractor for meeting the needs of CISSCO. Work performed by subcontractors under CSC is not competed.
Therefore, there are two agreements connected to CISSCO: (1) the Interagency Agreement (IAA) with GSA/FEDSIM, which includes contracting office responsibilities and the ongoing monitoring of CSC, and (2) GSA/FEDSIM's task order with CSC. The task order with CSC, which GSA/FEDSIM placed on NRC's behalf, is a cost-reimbursable arrangement with limited firm-fixed price work. The task order is for one Base year, with four Option years. The third Option year was exercised in August 1999. The initial projected cost of the full 5-year contract was $46.5 million. As of March 2000, NRC has expended approximately $37.7 million on work under CISSCO.
In our report (OIG-99A-13 ), we determined that the Agency has not provided sufficient assurance of the reasonableness of costs for work performed under CISSCO. We attributed this weakness to the structure of the CISSCO program and will discuss this issue further in this report.
Results of Audit
We found that, in accordance with regulations, NRC obtained the benefit of a streamlined procurement by issuing the CISSCO task order through the FEDSIM 9600 MAC. Secondly, regarding Objective 3, we found that the Federal Acquisition Regulation (FAR) does not require a justification to use a single contractor at the task order level of procurement. However, by issuing a single task order, NRC lost some of the advantages of using a MAC, particularly the ease of competing multiple task orders and the additional cost controls provided by such competition. We also found that the statement of work (SOW) in GSA/FEDSIM's single task order with CSC is too broad. Therefore, we believe that the work to be done should have resulted in the issuance of multiple task orders under the FEDSIM 9600 MAC.
Finally, we determined that obligating funds for CISSCO work at the TAC level is not in accordance with regulations. In addition, we are concerned about the lack of involvement of the Agency's contracting, legal, and financial components in the development of the CISSCO task order.
CISSCO Task Order Does Not Comply with Regulations
In the CISSCO arrangement, GSA/FEDSIM issued, on NRC's behalf, one large, broadly-stated task order for all CISSCO work. Although FAR states that task orders must contain a specific statement of work, we found that the task order with CSC does not meet the specificity required by FAR, or NRC's management directives. We also determined that FAR offers no alternative, aside from task orders, for obtaining specifically identified services from the contractor under a task order contract. However, NRC established the use of a TAC system to define the specific work requirements to CSC. In addition, in 1997, the Agency determined that the level of specificity required for financial obligations for CISSCO work did not occur at the task order level, but at the TAC level.(9)
Accordingly, NRC began to incorrectly obligate funds for CISSCO work at the TAC level.
In our opinion, in order to consider the issue of FAR requirements for task orders, two areas must be examined: (1) content requirements, and (2) funding requirements. The two are intertwined. That is, in order to legally provide funding for a task order, the task order must meet certain content requirements.
Task Order Content
FAR prescribes policies and procedures for making awards of indefinite-delivery contracts and establishes a preference scheme for making multiple awards of indefinite-quantity contracts.(10) These contracts may be used to acquire information technology requirements that are not satisfied under GSA's Federal Supply Schedule program. FAR states that any supplies or services to be furnished under a task order contract, such as those issued under the FEDSIM 9600 MAC, must be purchased by issuing individual task orders. FAR further states that these individual task orders must clearly describe all services to be performed or supplies to be delivered by providing specific information, e.g., item number and description, quantity, period of performance, and unit price or estimated cost or fee. According to FAR, the contracting officer (i.e., GSA/FEDSIM) must ensure that orders meet the specificity required and are within the scope, period, and maximum value of the task order contract.
In accordance with FAR, NRC's Management Directive (MD) 11.1, NRC Acquisition of Supplies and Services, states that the SOW describes the tasks to be performed, the items or equipment to be developed, NRC's criteria for determining that its requirements have been met and the technical and management data to be delivered. MD 11.1 further indicates that the specific objectives, as well as broader program objectives, should be concisely but clearly stated. Each task to be performed by the contractor should be consistent with these objectives. In addition, other Agency guidance on Interagency Agreements with the Department of Energy suggests that a task order SOW should include, among other things, a complete description of the work required, the estimated level of effort, and the task order period of performance.
The task order with CSC states that the contractor will provide the products and services to operate, maintain, and enhance NRC's application systems, as well as design future systems development projects. It also states that Firm Fixed Price requirements will be issued at task order award for those work elements that are described and defined at a sufficient level of detail to permit a reasonable understanding of the work effort involved. However, the task order further states, for example, that it is not possible to provide the same level of detail for future systems development projects whose requirements are not known very far in advance. The task order continues that, even when known, detailed information about the requirements of new projects is not sufficient to develop a solid task order description.
The task order with CSC is divided into eight task areas. For the majority of the work, there are five major task areas plus subtasks. We found that the descriptions of the tasks and the subtasks provide insufficient detail to accomplish work. In fact, the task order indicates that individual tasks will be initiated or performed by issuance of TACs as each specific piece of work is defined. As previously stated, each CISSCO TAC package is comprised of an Independent Government Cost Estimate, SOW, request for work estimate, and a proposal from CSC containing proposed costs and schedules. As of January 24, 2000, 290 TACs had been issued under this task order to provide the specific information necessary for CSC to conduct the work.
We specifically note that the language under Task Area 4, Applications Software Total Life-Cycle Management, states that the contractor is responsible for, among other things, system design, development and integration, software maintenance and enhancement, and systems deployment. However, no systems to be designed and developed are identified or described. OCIO's position has been, and continues to be, that the task order contains sufficient information to meet specificity requirements. In our opinion, the fact that 200 TAC packages have been needed in Task Area 4 alone is evidence that the task order was not sufficiently specific.
And, although we found that the task order with CSC does not provide all of the elements of a FAR-defined task order, a number of the required elements do appear in NRC's TACs. We compared the requirements of a FAR order to NRC's TAC forms and found that the NRC-defined TAC, and its associated forms, provide much of the specific information required by FAR of task orders. In our opinion, TACs, as used by NRC, give the task order the appearance of an ID/IQ task order which is not allowed under FAR.
Task Order Funding
Prior to changes resulting from FASA, FAR stated specifically that "funds for other than the stated minimum quantity are obligated by each delivery order [same as task order], not by the contract itself." This language related to the use of individual task order contracts, such as GSA/FEDSIM's task order contract with CSC. Although this specific language was deleted in the October 1995 FASA revision to FAR, there have been no substantial changes in FAR criteria for the use of indefinite-quantity contracts. The revision to FAR does not provide for an obligation of funds at other than the task order level.
NRC's MD 4.2, Administrative Control of Funds, states that "an obligation of funds is an action that creates a liability or definite promise on the part of the Government to make a payment at some later time." With regard to funding work under task order contracts, MD 4.2 states that the initial recognition of an obligation normally occurs when the order (e.g., purchase order, task order) is placed or the contract is executed. Furthermore, MD 11.1 states that obligations are made at the task order level. However, in 1997, after initial funding for CISSCO was placed, the Office of the Chief Financial Officer (OCFO) raised concerns about obligating funds at the task order level for CISSCO. OCFO's position was that the level of detail and specificity of the task order was insufficient to support valid obligations and that sufficient specificity existed only after a TAC was fully developed and approved by NRC. Subsequently, OCFO modified the CISSCO funding procedures and began to obligate funds at the TAC level for all CISSCO work. OCIO disagreed with OCFO and maintained that the task order contained the specifics necessary to obligate funds at the task order level. However, as previously stated, OIG provided a legal opinion in a previous report which concurred with OCFO's determination.
We reviewed three other Federal multiple award contracts available at the Department of Transportation, the Department of Justice, and the Defense Information Systems Agency to determine the point at which funds are obligated when a task order is issued. We found that all three vehicles require the obligation of funds at the task order level in accordance with FAR.
In addition, we reviewed a solicitation package from another Federal agency which used Work Orders to request additional activities under a task order. We contacted the appropriate contracting official to determine whether funds are obligated at the Work Order level. According to the contracting official, the agency's OIG determined that funding at the Work Order level was inappropriate and that funds must be obligated at the task order level. As a result, the agency removed Work Orders from subsequent solicitations.
Absence of Agency Expert Reviews
MD 11.1 states that the development of an SOW is a joint responsibility of the requiring office and the Office of Administration's Division of Contracts and Property Management (DCPM/ADM).(11) MD 11.1 further indicates that great care should be exercised by all who participate in preparing and reviewing the SOW to ensure that it uses language that clearly states the exact intent of the NRC.
In addition, the Code of Federal Regulations, Title 10, Chapter I, Part 1, Section 1.23(e),(12) and MD 9.7, Office of the General Counsel, require NRC's Office of the General Counsel (OGC) to "prepare or concur" in all Interagency Agreements. Both further state that OGC will prepare or concur in all contractual documents, delegations of authority, orders, licenses, and other legal documents. (In contrast, MD 11.1 provides for OGC review only "as requested by the contracting officer." This contradiction in guidance is addressed in the Management Actions section of this report.)
By engaging GSA/FEDSIM for contract management of the CISSCO task order, the Agency excluded its in-house contracting and legal experts. Although NRC/OGC participated in the decision to acquire CISSCO through an Interagency Agreement, it did not participate in the drafting of, and did not concur in, the agreement and did not review the task order. NRC relied on GSA/OGC's representations that they would be responsible for the legal aspects of the task order issued on NRC's behalf with CSC. As a result, GSA/FEDSIM not only prepared the acquisition documents, but also had the responsibility to determine the legal acceptability of those documents from a contractual perspective.
In addition, the Agency has elected to delegate the authority for the establishment and administration of Interagency Agreements to certain Office Directors and Regional Administrators or their appointees. Yet, as opposed to commercial Agency contracts, there are no requirements for the involvement of Agency contracting officials on IAAs. In fact, we found that DCPM/ADM's and NRC/OGC's involvement with CISSCO ceased prior to the development and execution of the two CISSCO agreements. As a result, there was no internal expert review of either the SOW for the task order with CSC, or of the Interagency Agreement with GSA/FEDSIM.
Prior to CISSCO's implementation, a senior DCPM/ADM official expressed a concern that GSA/FEDSIM's entrepreneurial nature might have influenced their statements to Agency executives. Of specific concern were GSA/FEDSIM's responses to NRC's questions related to the risk of the proposed CISSCO strategy and whether the acquisition strategy would fully comply with Federal regulations. In fact, despite GSA/FEDSIM's assurances to the contrary, ADM contended that the proposed approach was not consistent with FASA and the Information Technology Management Reform Act of 1996. ADM also cautioned OCIO that its intention to obtain a single contractor was ill-advised and would result in increased cost and performance risks to the Agency.
Recently, a senior executive from the Office of the Executive Director for Operations, who was involved in the early strategy meetings, agreed with the previous statements and added that GSA/FEDSIM heavily marketed the use of their MAC and their management abilities at a sales presentation to NRC executives. However, at the time, ADM continued to question whether such a broadly-stated task order could be effectively managed, especially through a third party and with the exclusion of NRC's contracting office. We believe that there may be merit to ADM's concern that GSA's desire to market its products and services might influence representations to its potential customers.(13)
We discussed the lack of specificity in the task order SOW, and NRC's subsequent use of TACs for funding, with the senior contracting official at GSA/FEDSIM who worked with NRC in developing the CISSCO task order. He agreed, in retrospect, that the SOW was not sufficiently specific. He added that NRC should not be obligating funds at the TAC level because doing so essentially creates an indefinite-quantity/indefinite-delivery task order which FAR does not allow. He pointed out that the National Aeronautics and Space Administration (NASA) recently submitted a proposed action to GSA/FEDSIM in which the funding would occur at a level equivalent to NRC's TACs. GSA/FEDSIM informed NASA that the funding could not occur at that level.
NRC Lacks Assurance of Reasonable Costs
As previously stated, we reported (in OIG-99A-13 ) that the absence of competition for CISSCO work, and of other independent cost assurances, resulted in weak cost controls. We attributed these weaknesses to the structure of the CISSCO program, especially the use of a single task order to perform all CISSCO work and the absence of certain risk mitigators, e.g., the use of independent verification and validation. As a result, we concluded that the Agency has not provided sufficient assurance of the reasonableness of costs for work performed under CISSCO. Senior CISSCO program officials disagreed with our assessment and stated their confidence that CSC costs are reasonable based on personal experience.
When NRC decided to approve OCIO's single-contractor acquisition strategy, ADM issued an additional warning that using a single integration contractor could work, provided any subtasks (TACs) were competed to ensure that regulatory competition requirements were met. In fact, GSA/FEDSIM told us that the work defined in the TACs could have been competed among the other contractors of the MAC [as task orders]. However, only the single task order to CSC to perform all CISSCO work was competed and issued. We believe that the Agency could have provided sufficient assurance of the reasonableness of CISSCO costs by competing, and issuing, multiple task orders for CISSCO work.
Finally, we note that, on a time and materials basis, NRC must pay CSC for costs associated with preparing proposal estimates for each TAC. Agency guidance states that the average cost to NRC for each proposal is $2,000 and, as of January 24, 2000, 290 TACs had been issued. We believe these costs could have been avoided had multiple task orders been competed and issued.
Management Actions
The Agency has formed an interoffice working group, under the leadership of OCIO, to develop the follow-on contract vehicle to CISSCO. The current CISSCO task order expires in August 2001. Representatives from OCFO and ADM are participating in this effort. Working group members anticipate that multiple task orders will be competed and issued for the CISSCO follow-on work.
Also, as we stated earlier, there is a contradiction between the requirements in MD 11.1, which governs NRC's acquisition activities, and those in 10 CFR Section 1.23 and MD 9.7, which govern OGC activities, as they pertain to OGC involvement in Agency contracting actions. In response to this OIG observation, OGC plans to review the issue and take appropriate action.
Finally, as reported in OIG-99A-13 , ADM formed a task group to develop Management Directive 11.8, NRC Procedures for Placement and Monitoring of Work With Other Federal Agencies, State and Local Governments, and Foreign Organizations. MD 11.8 will address, among other things, the award and administration of NRC's Interagency Agreements. This guidance is also expected to address the required level of involvement of the Agency's contracting, legal, and financial experts on IAAs.
Conclusions
We found that, in accordance with regulations, NRC obtained the benefit of a streamlined procurement by issuing the single CISSCO task order through the FEDSIM 9600 MAC. Yet, by issuing a single task order, NRC did not take full advantage of a MAC, particularly the ease of competing multiple task orders and the additional control over costs provided by such competition. We also found that a justification to use a single contractor was not required at the task order level of procurement. In contrast, we found that the task order placed with CSC, by GSA/FEDSIM on NRC's behalf, does not comply with FAR or NRC's management directives because it is too broadly-stated. As a result, the task order does not meet the specificity requirements which would enable the Agency to obligate funds at the appropriate task order level. Instead, the Agency incorrectly obligates funds at the TAC level.
FAR is clear in requiring that specific details of supplies or services be provided in task orders. Further, FAR makes no provision for an alternate method, aside from orders, to obtain the identified services from the contractor, or to provide the specificity of deliverables, under an indefinite-quantity (or task order) contract. It follows that task orders must, in turn, bind the Agency to pay for, and the contractor to deliver, those specific services and/or supplies. Therefore, by default, task orders will be the point at which obligations are to be incurred (other than the previously identified task order contract minimums).
We believe that a liability has been created and funds must be obligated appropriately when the Agency places a task order via an Interagency Agreement. However, because the task order placed with CSC by GSA/FEDSIM on NRC's behalf is too broadly-stated, it does not meet the specificity requirements which would enable the Agency to obligate funds at the appropriate task order level. Instead, the Agency obligates funds at the TAC level which does not comply with regulations. In our opinion, GSA/FEDSIM contracting officials should not have executed the task order as written and, in addition, should have advised the Agency of the potential problems associated with funding at the TAC level. We also believe that prior to modifying the CISSCO funding procedures to obligate funds at the TAC level, OCFO should have carefully considered both its own and regulatory requirements related to funding task orders.
The exclusion of DCPM/ADM and NRC/OGC in the preparation and review of the
task order issued on NRC's behalf resulted in the Agency not receiving the benefit
of expert, internal contracting and legal review prior to its execution. In
addition, in a previous OIG report (OIG/98A-18
),
we concluded that better coordination and agreement between another office,
OCFO, and OCIO in the development stages of CISSCO could have prevented funding
weaknesses in the CISSCO program. We continue to believe that constructive discussions
could have resulted in an agreement between OCFO and OCIO on the amount of specificity
required to obligate funds at an appropriate level.
In our opinion, had the appropriate officials within the Agency reviewed the task order, the weaknesses we have discussed might have been identified and corrected prior to execution of the task order. A task order issued in compliance with the requirements of FAR and NRC's own requirements would have ensured that the Agency could appropriately fund work at the task order level.
We also believe that had the Agency issued multiple task orders, it would have provided sufficient assurance of the reasonableness of CISSCO costs since FAR requires that individual task orders be competed among the MAC vendors (with limited exceptions). In addition, contractors' costs to prepare proposals to compete for task orders are not billed to customers under a MAC. As a result, the Agency should realize a cost savings over the current arrangement where NRC pays CSC, on a time and materials basis, for the cost of the proposal for each TAC.
Finally, we believe that NRC's policy of delegating senior managers the authority to enter the Agency into substantial agreements in the absence of DCPM/ADM and/or OGC review, and without OCFO involvement, puts the Agency at increased risk of violating legal, financial, and contractual requirements.
Recommendations
In order for the Agency to conduct effective and efficient procurement actions, while complying with Federal and Agency procurement requirements, we recommend that:
-
The EDO, CFO, CIO, and General Counsel work together to establish criteria which would ensure that appropriate NRC officials and internal expertise are involved in procurement actions. This criteria must be consistently cited in the applicable Agency guidance (e.g., MD 9.7, MD 11.1, and MD 11.8).
-
The CFO revise procedures to ensure that future procurement actions, including the follow-on to CISSCO, are funded at the appropriate level.
We note that, because the Agency must fund work at the task order level, changes will be required in task order content for any follow-on vehicle(s) to CISSCO. We would emphasize that the CFO will need to carefully consider how OCFO will retain effective control over funding and ensure reliable and complete accounting records.
OIG Comments on the Agency's Response
On May 22, 2000, the Deputy Executive Director for Management Services, the Chief Financial Officer, and the Acting Chief Information Officer responded to our draft report. They agreed with our recommendations and provided time frames for the actions they plan to take. We believe that these actions will address the intent of our recommendations. The Agency's response is included as Appendix III of this report.
Appendix I: Objectives, Scope, and Methodology
This review encompassed the structure of the Nuclear Regulatory Commission's
(NRC) Comprehensive Information Systems Support Consolidation (CISSCO) program.
Our objectives were to determine whether: (1) the use of the General Services
Administration's (GSA) Federal Systems Integration and Management Center (FEDSIM)
9600 multiple award contract (MAC) is in accordance with regulations, (2) the
use of the task assignment control (TAC) package is in accordance with regulations,
and (3) justification for the use of a single contractor was required. We also
addressed a previously identified concern regarding the Agency's lack of assurance
regarding the reasonableness of costs for work performed under CISSCO (OIG-99A-13
).
To accomplish our objectives, we reviewed applicable sections of the Federal Acquisition Regulation, pertinent legislative acts, and NRC management directives related to our objectives. We spoke with NRC officials, including personnel from the Office of the Executive Director for Operations, the Office of Administration's Division of Contracts and Property Management, the Office of the Chief Information Officer, the Office of the Chief Financial Officer, and the Office of the General Counsel. In addition, we held discussions with CISSCO program officials from NRC and GSA/FEDSIM, personnel from GSA's Office of the Inspector General (OIG), a contracting official at the Department of Education, and a member of the OIG staff at the Agency for International Development.
We examined the Interagency Agreement with GSA/FEDSIM and the task order, let on NRC's behalf, between GSA/FEDSIM and the Computer Sciences Corporation. We also examined data from the CISSCO TAC System that is used to track work under CISSCO.
We evaluated the management controls related to the development of the structure of the CISSCO program and conducted our audit from December 1999 through February 2000 in accordance with generally accepted Government auditing standards.
Appendix II: Abbreviations And Acronyms
| ADM | Office of Administration |
| CIO | Chief Information Officer |
| CISSCO | Comprehensive Information Systems Support Consolidation Program |
| CSC | Computer Sciences Corporation |
| DCPM | Division of Contracts and Property Management |
| EDO | Executive Director for Operations |
| FAR | Federal Acquisition Regulation |
| FASA | Federal Acquisition Streamlining Act of 1994 |
| FEDSIM | Federal Systems Integration and Management Center |
| GSA | General Services Administration |
| IAA | Interagency Agreement |
| ID/IQ | Indefinite-delivery/Indefinite-quantity contract |
| MAC | Multiple Award Contract |
| MD | Management Directive |
| NASA | National Aeronautics and Space Administration |
| NRC | Nuclear Regulatory Commission |
| OCFO | Office of the Chief Financial Officer |
| OCIO | Office of the Chief Information Officer |
| OGC | Office of the General Counsel |
| OIG | Office of the Inspector General |
| SOW | Statement of Work |
| TAC | Task Assignment Control |
Appendix III: Agency Response to Draft Report
| MEMORANDUM TO: | William D. McDowell Acting Assistant Inspector General for Audits |
| FROM: | Patricia G. Norry Jesse L. Funches Stuart Reiter |
| SUBJECT: | Draft Audit Report -- Review of the Basis for the Structure of Nrc's Cissco Program |
This responds to your April 21, 2000, memorandum transmitting the subject audit report. Our responses to your recommendations are provided below. OGC has reviewed the responses to both recommendations and has no legal objection.
Recommendation 1
The EDO, CFO, CIO and General Counsel work together to establish criteria which would ensure that appropriate NRC officials and internal expertise are involved in procurement actions. This criteria must be consistently cited in applicable Agency guidance (e.g., MD 9.7, MD 11.1 and MD 11.8).
Response
Agree. In August 1999, acting in response to a request from the CFO, the Deputy Executive Director for Management Services established a working group comprised of representatives from OCFO, OCIO, ADM/DCPM, and the program offices to develop appropriate guidance in consultation with OGC for award and administration of interagency agreements which involve obligation and expenditure of Agency funds for goods and services. ADM/DCPM plans to issue a draft Management Directive (MD) 11.8 for office comments in June. The Directive will include appropriate procedures to ensure ADM/DCPM involvement in these procurement actions. We will also review and revise MDs 9.1 and 9.7 where appropriate to ensure consistency with this guidance. We expect to issue the final MD 11.8 and any necessary revisions to MDs 9.1 and 9.7 by September 30, 2000.
Recommendation 2
The CFO revise procedures to ensure that future procurement actions, including the follow-on to CISSCO, are funded at the appropriate level.
Response
Agree. OCFO, working with ADM, will ensure that the new Management Directive 11.8 contains the appropriate guidance concerning task orders and task order contracts. In addition, OCFO, working with OCIO and ADM, will ensure that task orders are defined at the appropriate level in the follow-on to the CISSCO contract.
The OCIO and other NRC offices that are delegated authority to award interagency agreements or place orders under government-wide contracts should follow the FAR requirements. We agree that the sections of the CISSCO agreement treated by the OCIO as "task orders" do not provide sufficient detail to accomplish work and are not the appropriate funding level. The designated "tasks" in the current agreement are, in fact, administrative categories that broadly describe areas of contract needs. Only the TACs under the current CISSCO agreement sufficiently define specific work to meet the requirements for obligating funds.
Appendix IV: NRC Organization Chart
Appendix VI: Office of the Inspector General Products
Investigative
1. INVESTIGATIVE REPORT - WHITE COVER
An Investigative Report documents pertinent facts of a case and describes available evidence relevant to allegations against individuals, including aspects of an allegation not substantiated. Investigative reports do not recommend disciplinary action against individual employees. Investigative reports are sensitive documents and contain information subject to the Privacy Act restrictions. Reports are given to officials and managers who have a need to know in order to properly determine whether administrative action is warranted. The agency is expected to advise the OIG within 90 days of receiving the investigative report as to what disciplinary or other action has been taken in response to investigative report findings.
2. EVENT INQUIRY - GREEN COVER
The Event Inquiry is an investigative product that documents the examination of events or agency actions that do not focus specifically on individual misconduct. These reports identify institutional weaknesses that led to or allowed a problem to occur. The agency is requested to advise the OIG of managerial initiatives taken in response to issues identified in these reports but tracking its recommendations is not required.
3. MANAGEMENT IMPLICATIONS REPORT (MIR) - MEMORANDUM
MIRs provide a "ROOT CAUSE" analysis sufficient for managers to facilitate correction
of problems and to avoid similar issues in the future. Agency tracking of recommendations
is not required.
Audit
4. AUDIT REPORT - BLUE COVER
An Audit Report is the documentation of the review, recommendations, and findings resulting from an objective assessment of a program, function, or activity. Audits follow a defined procedure that allows for agency review and comment on draft audit reports. The audit results are also reported in the OIG's "Semiannual Report" to the Congress. Tracking of audit report recommendations and agency response is required.
5. SPECIAL EVALUATION REPORT - BURGUNDY COVER
A Special Evaluation Report documents the results of short-term, limited assessments.
It provides an initial, quick response to a question or issue, and data to determine
whether an in-depth independent audit should be planned. Agency tracking of
recommendations is not required.
Regulatory
6. REGULATORY COMMENTARY - BROWN COVER
Regulatory Commentary is the review of existing and proposed legislation, regulations, and policies so as to assist the agency in preventing and detecting fraud, waste, and abuse in programs and operations. Commentaries cite the IG Act as authority for the review, state the specific law, regulation or policy examined, pertinent background information considered and identifies OIG concerns, observations, and objections. Significant observations regarding action or inaction by the agency are reported in the OIG Semiannual Report to Congress. Each report indicates whether a response is required.
1. Multiple Award Contracts: the Federal Acquisition Streamlining Act of 1994 permits agencies to award identical contracts to a number of firms for the delivery of goods and services under task or delivery orders. Agencies then conduct limited competitions for individual orders among the firms holding these contracts. These competitions are generally not subject to protest.
2. We issued two related reports: OIG/98A-18
,
Controls Over Funding for CISSCO Need Improvement, dated May 11, 1999,
and OIG-99A-13
,
Review of NRC's Controls Over Work Performed Under CISSCO, dated March
14, 2000.
3. A TAC package involves a number of documents, including an Independent Government Cost Estimate, a Statement of Work, and a Work Estimate proposal from the contractor. TACs are issued on an as-needed basis to define specific work requirements to the contractor and to obtain funding for each task.
4. We issued two related reports: OIG/98A-18
,
Controls Over Funding for CISSCO Need Improvement, dated May 11, 1999,
and OIG-99A-13
,
Review of NRC's Controls Over Work Performed Under CISSCO, dated March
14, 2000.
5. Multiple Award Contracts: the Federal Acquisition Streamlining Act of 1994 permits agencies to award identical contracts to a number of firms for the delivery of goods and services under task or delivery orders. Agencies then conduct limited competitions for individual orders among the firms holding these contracts. These competitions are generally not subject to protest.
6. A TAC package involves a number of documents, including an Independent Government Cost Estimate, a Statement of Work, and a Work Estimate proposal from the contractor. TACs are issued on an as-needed basis to define specific work requirements to the contractor and to obtain funding for each task.
7. The former Office of Information Resources Management was incorporated into OCIO in 1997.
8. For the purposes of the CISSCO program, the term Basic Agreement is synonymous with Interagency Agreement.
9. In our report titled, OIG/98A-18
,
Controls Over Funding for CISSCO Need Improvement, we provided an OIG
legal opinion that only information in TACs provided the level of specificity
required to create and record a valid obligation.
10. An indefinite-quantity/indefinite-delivery (ID/IQ) contract is used when exact times and/or exact quantities of future deliveries are not known at the time of contract award.
11. Formerly the Division of Contracts (DC).
12. Title 10, Energy, Chapter I, Nuclear Regulatory Commission, Part 1, Statement of Organization and General Information, Section 1.23, Office of the General Counsel.
13. A February 21, 2000, Federal Times article, "GSA Revs Up to Grab More Bucks From IT Services," states that GSA is looking to capture a larger share of the estimated $33.5 billion government IT services business by increasing its sales force in fiscal 2001.
